OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "wtf/allocator/AddressSpaceRandomization.h" | |
6 | |
7 #include "wtf/SpinLock.h" | |
8 #include "wtf/allocator/PageAllocator.h" | |
9 | |
10 #if OS(WIN) | |
11 #include <windows.h> | |
12 #else | |
13 #include <sys/time.h> | |
14 #include <unistd.h> | |
15 #endif | |
16 | |
17 namespace WTF { | |
18 | |
19 namespace { | |
20 | |
21 // This is the same PRNG as used by tcmalloc for mapping address randomness; | |
22 // see http://burtleburtle.net/bob/rand/smallprng.html | |
23 struct ranctx { | |
24 SpinLock lock; | |
25 bool initialized; | |
26 uint32_t a; | |
27 uint32_t b; | |
28 uint32_t c; | |
29 uint32_t d; | |
30 }; | |
31 | |
32 #define rot(x, k) (((x) << (k)) | ((x) >> (32 - (k)))) | |
33 | |
34 uint32_t ranvalInternal(ranctx* x) { | |
35 uint32_t e = x->a - rot(x->b, 27); | |
36 x->a = x->b ^ rot(x->c, 17); | |
37 x->b = x->c + x->d; | |
38 x->c = x->d + e; | |
39 x->d = e + x->a; | |
40 return x->d; | |
41 } | |
42 | |
43 #undef rot | |
44 | |
45 uint32_t ranval(ranctx* x) { | |
46 SpinLock::Guard guard(x->lock); | |
47 if (UNLIKELY(!x->initialized)) { | |
48 x->initialized = true; | |
49 char c; | |
50 uint32_t seed = static_cast<uint32_t>(reinterpret_cast<uintptr_t>(&c)); | |
51 uint32_t pid; | |
52 uint32_t usec; | |
53 #if OS(WIN) | |
54 pid = GetCurrentProcessId(); | |
55 SYSTEMTIME st; | |
56 GetSystemTime(&st); | |
57 usec = static_cast<uint32_t>(st.wMilliseconds * 1000); | |
58 #else | |
59 pid = static_cast<uint32_t>(getpid()); | |
60 struct timeval tv; | |
61 gettimeofday(&tv, 0); | |
62 usec = static_cast<uint32_t>(tv.tv_usec); | |
63 #endif | |
64 seed ^= pid; | |
65 seed ^= usec; | |
66 x->a = 0xf1ea5eed; | |
67 x->b = x->c = x->d = seed; | |
68 for (int i = 0; i < 20; ++i) { | |
69 (void)ranvalInternal(x); | |
70 } | |
71 } | |
72 uint32_t ret = ranvalInternal(x); | |
73 return ret; | |
74 } | |
75 | |
76 static struct ranctx s_ranctx; | |
77 | |
78 } // namespace | |
79 | |
80 // Calculates a random preferred mapping address. In calculating an | |
81 // address, we balance good ASLR against not fragmenting the address | |
82 // space too badly. | |
83 void* getRandomPageBase() { | |
84 uintptr_t random; | |
85 random = static_cast<uintptr_t>(ranval(&s_ranctx)); | |
86 #if CPU(X86_64) | |
87 random <<= 32UL; | |
88 random |= static_cast<uintptr_t>(ranval(&s_ranctx)); | |
89 // This address mask gives a low liklihood of address space collisions. | |
90 // We handle the situation gracefully if there is a collision. | |
91 #if OS(WIN) | |
92 // 64-bit Windows has a bizarrely small 8TB user address space. | |
93 // Allocates in the 1-5TB region. | |
94 // TODO(cevans): I think Win 8.1 has 47-bits like Linux. | |
95 random &= 0x3ffffffffffUL; | |
96 random += 0x10000000000UL; | |
97 #elif defined(MEMORY_TOOL_REPLACES_ALLOCATOR) | |
98 // This range is copied from the TSan source, but works for all tools. | |
99 random &= 0x007fffffffffUL; | |
100 random += 0x7e8000000000UL; | |
101 #else | |
102 // Linux and OS X support the full 47-bit user space of x64 processors. | |
103 random &= 0x3fffffffffffUL; | |
104 #endif | |
105 #elif CPU(ARM64) | |
106 // ARM64 on Linux has 39-bit user space. | |
107 random &= 0x3fffffffffUL; | |
108 random += 0x1000000000UL; | |
109 #else // !CPU(X86_64) && !CPU(ARM64) | |
110 #if OS(WIN) | |
111 // On win32 host systems the randomization plus huge alignment causes | |
112 // excessive fragmentation. Plus most of these systems lack ASLR, so the | |
113 // randomization isn't buying anything. In that case we just skip it. | |
114 // TODO(jschuh): Just dump the randomization when HE-ASLR is present. | |
115 static BOOL isWow64 = -1; | |
116 if (isWow64 == -1 && !IsWow64Process(GetCurrentProcess(), &isWow64)) | |
117 isWow64 = FALSE; | |
118 if (!isWow64) | |
119 return nullptr; | |
120 #endif // OS(WIN) | |
121 // This is a good range on Windows, Linux and Mac. | |
122 // Allocates in the 0.5-1.5GB region. | |
123 random &= 0x3fffffff; | |
124 random += 0x20000000; | |
125 #endif // CPU(X86_64) | |
126 random &= kPageAllocationGranularityBaseMask; | |
127 return reinterpret_cast<void*>(random); | |
128 } | |
129 | |
130 } // namespace WTF | |
OLD | NEW |