From e486af700c822704d24f50a875c0bb0bdda18052 Mon Sep 17 00:00:00 2001 From: Evan Brown Date: Mon, 24 Jun 2024 14:53:09 -0700 Subject: Add an internal API to get a poisoned pointer. The motivation is to make destroyed/moved-from objects cause crashes when they are accessed. PiperOrigin-RevId: 646229564 Change-Id: I68d9c189b542df0933af08f5ad63dc1f5764d856 --- CMake/AbseilDll.cmake | 2 + absl/base/BUILD.bazel | 34 +++++++++++++++++ absl/base/CMakeLists.txt | 29 ++++++++++++++ absl/base/internal/poison.cc | 79 +++++++++++++++++++++++++++++++++++++++ absl/base/internal/poison.h | 36 ++++++++++++++++++ absl/base/internal/poison_test.cc | 39 +++++++++++++++++++ 6 files changed, 219 insertions(+) create mode 100644 absl/base/internal/poison.cc create mode 100644 absl/base/internal/poison.h create mode 100644 absl/base/internal/poison_test.cc diff --git a/CMake/AbseilDll.cmake b/CMake/AbseilDll.cmake index 87904542..27f79b72 100644 --- a/CMake/AbseilDll.cmake +++ b/CMake/AbseilDll.cmake @@ -28,6 +28,8 @@ set(ABSL_INTERNAL_DLL_FILES "base/internal/low_level_scheduling.h" "base/internal/nullability_impl.h" "base/internal/per_thread_tls.h" + "base/internal/poison.cc" + "base/internal/poison.h" "base/prefetch.h" "base/internal/pretty_function.h" "base/internal/raw_logging.cc" diff --git a/absl/base/BUILD.bazel b/absl/base/BUILD.bazel index bc949452..cfa7eaf5 100644 --- a/absl/base/BUILD.bazel +++ b/absl/base/BUILD.bazel @@ -866,6 +866,40 @@ cc_test( ], ) +cc_library( + name = "poison", + srcs = [ + "internal/poison.cc", + ], + hdrs = ["internal/poison.h"], + copts = ABSL_DEFAULT_COPTS, + linkopts = ABSL_DEFAULT_LINKOPTS, + visibility = [ + "//absl:__subpackages__", + ], + deps = [ + ":config", + ":core_headers", + ], +) + +cc_test( + name = "poison_test", + size = "small", + timeout = "short", + srcs = [ + "internal/poison_test.cc", + ], + copts = ABSL_TEST_COPTS, + linkopts = ABSL_DEFAULT_LINKOPTS, + deps = [ + ":config", + ":poison", + "@com_google_googletest//:gtest", + "@com_google_googletest//:gtest_main", + ], +) + cc_test( name = "unique_small_name_test", size = "small", diff --git a/absl/base/CMakeLists.txt b/absl/base/CMakeLists.txt index e010efec..4423dace 100644 --- a/absl/base/CMakeLists.txt +++ b/absl/base/CMakeLists.txt @@ -739,3 +739,32 @@ absl_cc_test( absl::optional GTest::gtest_main ) + +absl_cc_library( + NAME + poison + SRCS + "internal/poison.cc" + HDRS + "internal/poison.h" + COPTS + ${ABSL_DEFAULT_COPTS} + LINKOPTS + ${ABSL_DEFAULT_LINKOPTS} + DEPS + absl::config + absl::core_headers +) + +absl_cc_test( + NAME + poison_test + SRCS + "internal/poison_test.cc" + COPTS + ${ABSL_TEST_COPTS} + DEPS + absl::config + absl::poison + GTest::gtest_main +) diff --git a/absl/base/internal/poison.cc b/absl/base/internal/poison.cc new file mode 100644 index 00000000..c6d8f8ee --- /dev/null +++ b/absl/base/internal/poison.cc @@ -0,0 +1,79 @@ +// Copyright 2024 The Abseil Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "absl/base/internal/poison.h" + +#include +#include // NOLINT - used in ifdef +#include + +#include "absl/base/attributes.h" +#include "absl/base/config.h" + +#if defined(ABSL_HAVE_ADDRESS_SANITIZER) +#include +#elif defined(ABSL_HAVE_MEMORY_SANITIZER) +#include +#elif defined(ABSL_HAVE_MMAP) && !defined(SGX_SIM) +#include +#elif defined(_MSC_VER) +#include +#endif + +namespace absl { +ABSL_NAMESPACE_BEGIN +namespace base_internal { +namespace { +constexpr size_t kPageSize = 1 << 12; +alignas(kPageSize) static char poison_page[kPageSize]; +} // namespace + +std::atomic poison_data = {&poison_page}; + +namespace { + +#if defined(ABSL_HAVE_ADDRESS_SANITIZER) +void PoisonBlock(void* data) { ASAN_POISON_MEMORY_REGION(data, kPageSize); } +#elif defined(ABSL_HAVE_MEMORY_SANITIZER) +void PoisonBlock(void* data) { __msan_poison(data, kPageSize); } +#elif defined(ABSL_HAVE_MMAP) +void PoisonBlock(void* data) { mprotect(data, kPageSize, PROT_NONE); } +#elif defined(_MSC_VER) +void PoisonBlock(void* data) { + DWORD old_mode = 0; + VirtualProtect(data, kPageSize, PAGE_NOACCESS, &old_mode); +} +#else +void PoisonBlock(void* data) { + // We can't make poisoned memory, so just use a likely bad pointer. + // Pointers are required to have high bits that are all zero or all one for + // certain 64-bit CPUs. This pointer value will hopefully cause a crash on + // dereference and also be clearly recognizable as invalid. + constexpr uint64_t kBadPtr = 0xBAD0BAD0BAD0BAD0; + poison_data = reinterpret_cast(static_cast(kBadPtr)); +} +#endif + +void* InitializePoisonedPointer() { + PoisonBlock(&poison_page); + return &poison_page; +} + +} // namespace + +ABSL_ATTRIBUTE_UNUSED void* force_initialize = InitializePoisonedPointer(); + +} // namespace base_internal +ABSL_NAMESPACE_END +} // namespace absl diff --git a/absl/base/internal/poison.h b/absl/base/internal/poison.h new file mode 100644 index 00000000..aac1506a --- /dev/null +++ b/absl/base/internal/poison.h @@ -0,0 +1,36 @@ +// Copyright 2024 The Abseil Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef ABSL_BASE_INTERNAL_POISON_H_ +#define ABSL_BASE_INTERNAL_POISON_H_ + +#include + +#include "absl/base/config.h" + +namespace absl { +ABSL_NAMESPACE_BEGIN +namespace base_internal { + +extern std::atomic poison_data; + +inline void* get_poisoned_pointer() { + return poison_data.load(std::memory_order_relaxed); +} + +} // namespace base_internal +ABSL_NAMESPACE_END +} // namespace absl + +#endif // ABSL_BASE_INTERNAL_POISON_H_ diff --git a/absl/base/internal/poison_test.cc b/absl/base/internal/poison_test.cc new file mode 100644 index 00000000..ee72c177 --- /dev/null +++ b/absl/base/internal/poison_test.cc @@ -0,0 +1,39 @@ +// Copyright 2024 The Abseil Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "absl/base/internal/poison.h" + +#include + +#include "gtest/gtest.h" +#include "absl/base/config.h" + +namespace absl { +ABSL_NAMESPACE_BEGIN +namespace base_internal { +namespace { + +TEST(PoisonTest, CrashesOnDereference) { +#ifdef __ANDROID__ + GTEST_SKIP() << "On Android, poisoned pointer dereference times out instead " + "of crashing."; +#endif + void* poisoned_ptr = get_poisoned_pointer(); + EXPECT_DEATH_IF_SUPPORTED(std::cout << *static_cast(poisoned_ptr), ""); +} + +} // namespace +} // namespace base_internal +ABSL_NAMESPACE_END +} // namespace absl -- cgit v1.2.3