VirtualBox

source: vbox/trunk/src/VBox/Runtime/generic/memsafer-generic.cpp@ 72056

Last change on this file since 72056 was 69111, checked in by vboxsync, 7 years ago

(C) year

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 7.7 KB
Line 
1/* $Id: memsafer-generic.cpp 69111 2017-10-17 14:26:02Z vboxsync $ */
2/** @file
3 * IPRT - Memory Allocate for Sensitive Data, generic heap-based implementation.
4 */
5
6/*
7 * Copyright (C) 2006-2017 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*********************************************************************************************************************************
29* Header Files *
30*********************************************************************************************************************************/
31#include "internal/iprt.h"
32#include <iprt/memsafer.h>
33
34#include <iprt/assert.h>
35#include <iprt/string.h>
36
37
38/*********************************************************************************************************************************
39* Defined Constants And Macros *
40*********************************************************************************************************************************/
41/** Allocation size alignment. */
42#define RTMEMSAFER_ALIGN 16
43/** Padding after the block to avoid small overruns. */
44#define RTMEMSAFER_PAD_BEFORE 96
45/** Padding after the block to avoid small underruns. */
46#define RTMEMSAFER_PAD_AFTER 32
47
48
49/*********************************************************************************************************************************
50* Global Variables *
51*********************************************************************************************************************************/
52/** XOR scrabler value.
53 * @todo determine this at runtime */
54#if ARCH_BITS == 32
55static uintptr_t g_uScramblerXor = UINT32_C(0x867af88d);
56#elif ARCH_BITS == 64
57static uintptr_t g_uScramblerXor = UINT64_C(0xed95ecc99416d312);
58#else
59# error "Bad ARCH_BITS value"
60#endif
61
62
63
64RTDECL(int) RTMemSaferScramble(void *pv, size_t cb)
65{
66
67 AssertMsg(*(size_t *)((char *)pv - RTMEMSAFER_PAD_BEFORE) == cb,
68 ("*pvStart=%#zx cb=%#zx\n", *(size_t *)((char *)pv- RTMEMSAFER_PAD_BEFORE), cb));
69
70 /* Note! This isn't supposed to be safe, just less obvious. */
71 uintptr_t *pu = (uintptr_t *)pv;
72 cb = RT_ALIGN_Z(cb, RTMEMSAFER_ALIGN);
73 while (cb > 0)
74 {
75 *pu ^= g_uScramblerXor;
76 pu++;
77 cb -= sizeof(*pu);
78 }
79
80 return VINF_SUCCESS;
81}
82RT_EXPORT_SYMBOL(RTMemSaferScramble);
83
84
85RTDECL(int) RTMemSaferUnscramble(void *pv, size_t cb)
86{
87 AssertMsg(*(size_t *)((char *)pv - RTMEMSAFER_PAD_BEFORE) == cb,
88 ("*pvStart=%#zx cb=%#zx\n", *(size_t *)((char *)pv - RTMEMSAFER_PAD_BEFORE), cb));
89
90 /* Note! This isn't supposed to be safe, just less obvious. */
91 uintptr_t *pu = (uintptr_t *)pv;
92 cb = RT_ALIGN_Z(cb, RTMEMSAFER_ALIGN);
93 while (cb > 0)
94 {
95 *pu ^= g_uScramblerXor;
96 pu++;
97 cb -= sizeof(*pu);
98 }
99
100 return VINF_SUCCESS;
101}
102RT_EXPORT_SYMBOL(RTMemSaferUnscramble);
103
104
105RTDECL(int) RTMemSaferAllocZExTag(void **ppvNew, size_t cb, uint32_t fFlags, const char *pszTag) RT_NO_THROW_DEF
106{
107 AssertPtrReturn(ppvNew, VERR_INVALID_PARAMETER);
108 *ppvNew = NULL;
109 AssertReturn(cb, VERR_INVALID_PARAMETER);
110 RT_NOREF_PV(pszTag);
111
112 /*
113 * We support none of the hard requirements passed thru flags.
114 */
115 if (fFlags == 0)
116 {
117 /*
118 * Don't request zeroed memory. We want random heap garbage in the
119 * padding zones, nothing that makes our allocations easier to find.
120 */
121 size_t cbUser = RT_ALIGN_Z(cb, RTMEMSAFER_ALIGN);
122 void *pvNew = RTMemAlloc(cbUser + RTMEMSAFER_PAD_BEFORE + RTMEMSAFER_PAD_AFTER);
123 if (pvNew)
124 {
125#ifdef RT_STRICT /* For checking input in string builds. */
126 memset(pvNew, 0xad, RTMEMSAFER_PAD_BEFORE);
127 memset((char *)pvNew + RTMEMSAFER_PAD_BEFORE + cb, 0xda, RTMEMSAFER_PAD_AFTER + (cbUser - cb));
128 *(size_t *)pvNew = cb;
129#endif
130
131 void *pvUser = (char *)pvNew + RTMEMSAFER_PAD_BEFORE;
132 *ppvNew = pvUser;
133
134 /* You don't use this API for performance, so we always clean memory. */
135 RT_BZERO(pvUser, cb);
136
137 return VINF_SUCCESS;
138 }
139 return VERR_NO_MEMORY;
140 }
141 AssertReturn(!(fFlags & ~RTMEMSAFER_F_VALID_MASK), VERR_INVALID_FLAGS);
142 return VWRN_UNABLE_TO_SATISFY_REQUIREMENTS;
143}
144RT_EXPORT_SYMBOL(RTMemSaferAllocZExTag);
145
146
147RTDECL(void) RTMemSaferFree(void *pv, size_t cb) RT_NO_THROW_DEF
148{
149 if (pv)
150 {
151 Assert(cb);
152 void *pvStart = (char *)pv - RTMEMSAFER_PAD_BEFORE;
153 AssertMsg(*(size_t *)pvStart == cb, ("*pvStart=%#zx cb=%#zx\n", *(size_t *)pvStart, cb));
154 RTMemWipeThoroughly(pv, RT_ALIGN_Z(cb, RTMEMSAFER_ALIGN), 3);
155 RTMemFree(pvStart);
156 }
157 else
158 Assert(cb == 0);
159}
160RT_EXPORT_SYMBOL(RTMemSaferFree);
161
162
163RTDECL(int) RTMemSaferReallocZExTag(size_t cbOld, void *pvOld, size_t cbNew, void **ppvNew, uint32_t fFlags, const char *pszTag) RT_NO_THROW_DEF
164{
165 /*
166 * We cannot let the heap move us around because we will be failing in our
167 * duty to clean things up. So, allocate a new block, copy over the old
168 * content, and free the old one.
169 */
170 int rc;
171 /* Real realloc. */
172 if (cbNew && cbOld)
173 {
174 AssertPtr(pvOld);
175 AssertMsg(*(size_t *)((char *)pvOld - RTMEMSAFER_PAD_BEFORE) == cbOld,
176 ("*pvStart=%#zx cbOld=%#zx\n", *(size_t *)((char *)pvOld - RTMEMSAFER_PAD_BEFORE), cbOld));
177
178 /*
179 * We support none of the hard requirements passed thru flags.
180 */
181 void *pvNew;
182 rc = RTMemSaferAllocZExTag(&pvNew, cbNew, fFlags, pszTag);
183 if (RT_SUCCESS(rc))
184 {
185 memcpy(pvNew, pvOld, RT_MIN(cbNew, cbOld));
186 RTMemSaferFree(pvOld, cbOld);
187 *ppvNew = pvNew;
188 }
189 }
190 /* First allocation. */
191 else if (!cbOld)
192 {
193 Assert(pvOld == NULL);
194 rc = RTMemSaferAllocZExTag(ppvNew, cbNew, fFlags, pszTag);
195 }
196 /* Free operation*/
197 else
198 {
199 RTMemSaferFree(pvOld, cbOld);
200 rc = VINF_SUCCESS;
201 }
202 return rc;
203}
204RT_EXPORT_SYMBOL(RTMemSaferReallocZExTag);
205
206
207RTDECL(void *) RTMemSaferAllocZTag(size_t cb, const char *pszTag) RT_NO_THROW_DEF
208{
209 void *pvNew = NULL;
210 int rc = RTMemSaferAllocZExTag(&pvNew, cb, 0 /*fFlags*/, pszTag);
211 if (RT_SUCCESS(rc))
212 return pvNew;
213 return NULL;
214}
215RT_EXPORT_SYMBOL(RTMemSaferAllocZTag);
216
217
218RTDECL(void *) RTMemSaferReallocZTag(size_t cbOld, void *pvOld, size_t cbNew, const char *pszTag) RT_NO_THROW_DEF
219{
220 void *pvNew = NULL;
221 int rc = RTMemSaferReallocZExTag(cbOld, pvOld, cbNew, &pvNew, 0 /*fFlags*/, pszTag);
222 if (RT_SUCCESS(rc))
223 return pvNew;
224 return NULL;
225}
226RT_EXPORT_SYMBOL(RTMemSaferReallocZTag);
227
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette