diff options
author | Jack Lloyd <[email protected]> | 2019-01-22 11:26:32 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2019-01-22 11:26:32 -0500 |
commit | 1ceb364265be6c90ee38a1e7f5f95f14cdcf8b49 (patch) | |
tree | 9ff76ff888e52d11fe91948f66d2623f31f988cb | |
parent | 293a2b902037d4afdeddce080df9d965fa7f1116 (diff) |
Make the Memory_Pool MMU operations a compile time option
Previously the calls were commented out as this has a substantial
performance impact. Allow enabling them via a build.h toggle, and
enable it by default when debug asserts are turned on.
-rw-r--r-- | src/build-data/buildh.in | 14 | ||||
-rw-r--r-- | src/lib/utils/mem_pool/mem_pool.cpp | 20 |
2 files changed, 30 insertions, 4 deletions
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 6cf73200e..91be93b1c 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -127,6 +127,20 @@ #define BOTAN_MLOCK_ALLOCATOR_MAX_LOCKED_KB 512 /* +* If BOTAN_MEM_POOL_USE_MMU_PROTECTIONS is defined, the Memory_Pool +* class used for mlock'ed memory will use OS calls to set page +* permissions so as to prohibit access to pages on the free list, then +* enable read/write access when the page is set to be used. This will +* turn (some) use after free bugs into a crash. +* +* The additional syscalls have a substantial performance impact, which +* is why this option is not enabled by default. +*/ +#if defined(BOTAN_HAS_VALGRIND) || defined(BOTAN_ENABLE_DEBUG_ASSERTS) + #define BOTAN_MEM_POOL_USE_MMU_PROTECTIONS +#endif + +/* * If enabled uses memset via volatile function pointer to zero memory, * otherwise does a byte at a time write via a volatile pointer. */ diff --git a/src/lib/utils/mem_pool/mem_pool.cpp b/src/lib/utils/mem_pool/mem_pool.cpp index cd49c1e33..1cae5f299 100644 --- a/src/lib/utils/mem_pool/mem_pool.cpp +++ b/src/lib/utils/mem_pool/mem_pool.cpp @@ -5,10 +5,13 @@ */ #include <botan/internal/mem_pool.h> -#include <botan/internal/os_utils.h> #include <botan/mem_ops.h> #include <algorithm> +#if defined(BOTAN_MEM_POOL_USE_MMU_PROTECTIONS) + #include <botan/internal/os_utils.h> +#endif + namespace Botan { /* @@ -281,7 +284,9 @@ Memory_Pool::Memory_Pool(const std::vector<void*>& pages, size_t page_size) : m_max_page_ptr = std::max(p, m_max_page_ptr); clear_bytes(pages[i], m_page_size); - //OS::page_prohibit_access(pages[i]); +#if defined(BOTAN_MEM_POOL_USE_MMU_PROTECTIONS) + OS::page_prohibit_access(pages[i]); +#endif m_free_pages.push_back(static_cast<uint8_t*>(pages[i])); } @@ -294,10 +299,12 @@ Memory_Pool::Memory_Pool(const std::vector<void*>& pages, size_t page_size) : Memory_Pool::~Memory_Pool() { +#if defined(BOTAN_MEM_POOL_USE_MMU_PROTECTIONS) for(size_t i = 0; i != m_free_pages.size(); ++i) { - //OS::page_allow_access(m_free_pages[i]); + OS::page_allow_access(m_free_pages[i]); } +#endif } void* Memory_Pool::allocate(size_t n) @@ -332,7 +339,9 @@ void* Memory_Pool::allocate(size_t n) { uint8_t* ptr = m_free_pages[0]; m_free_pages.pop_front(); - //OS::page_allow_access(ptr); +#if defined(BOTAN_MEM_POOL_USE_MMU_PROTECTIONS) + OS::page_allow_access(ptr); +#endif buckets.push_front(Bucket(ptr, m_page_size, n_bucket)); void* p = buckets[0].alloc(); BOTAN_ASSERT_NOMSG(p != nullptr); @@ -366,6 +375,9 @@ bool Memory_Pool::deallocate(void* p, size_t len) noexcept { if(bucket.empty()) { +#if defined(BOTAN_MEM_POOL_USE_MMU_PROTECTIONS) + OS::page_prohibit_access(bucket.ptr()); +#endif m_free_pages.push_back(bucket.ptr()); if(i != buckets.size() - 1) |