base/security_unittest.cc - Issue 12093035: TCMalloc: support userland ASLR on Linux

Side by Side Diff: base/security_unittest.cc

Issue 12093035: TCMalloc: support userland ASLR on Linux (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fix buggy ASSERT(). Ohhh, do I miss CHECK(). Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

	5 #include <fcntl.h>

5 #include <stdio.h>	6 #include <stdio.h>

6 #include <stdlib.h>	7 #include <stdlib.h>

7 #include <string.h>	8 #include <string.h>

	9 #include <sys/stat.h>

	10 #include <sys/types.h>

8	11

9 #include <algorithm>	12 #include <algorithm>

10 #include <limits>	13 #include <limits>

11	14

	15 #include "base/file_util.h"

12 #include "base/logging.h"	16 #include "base/logging.h"

13 #include "base/memory/scoped_ptr.h"	17 #include "base/memory/scoped_ptr.h"

14 #include "testing/gtest/include/gtest/gtest.h"	18 #include "testing/gtest/include/gtest/gtest.h"

15	19

	20 using file_util::ScopedFD;

16 using std::nothrow;	21 using std::nothrow;

17	22

18 namespace {	23 namespace {

19	24

20 // Check that we can not allocate a memory range that cannot be indexed	25 // Check that we can not allocate a memory range that cannot be indexed

21 // via an int. This is used to mitigate vulnerabilities in libraries that use	26 // via an int. This is used to mitigate vulnerabilities in libraries that use

22 // int instead of size_t.	27 // int instead of size_t.

23 // See crbug.com/169327.	28 // See crbug.com/169327.

24	29

25 // - NO_TCMALLOC because we only patched tcmalloc	30 // - NO_TCMALLOC because we only patched tcmalloc

(...skipping 67 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
93 }	98 }

94 }	99 }

95	100

96 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsNewArray)) {	101 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsNewArray)) {

97 if (!IsTcMallocBypassed()) {	102 if (!IsTcMallocBypassed()) {

98 scoped_ptr<char[]> ptr(new (nothrow) char[kTooBigAllocSize]);	103 scoped_ptr<char[]> ptr(new (nothrow) char[kTooBigAllocSize]);

99 ASSERT_TRUE(ptr == NULL);	104 ASSERT_TRUE(ptr == NULL);

100 }	105 }

101 }	106 }

102	107

	108 #if (defined(OS_LINUX) \|\| defined(OS_CHROMEOS)) && defined(__x86_64__)

	109 // Useful for debugging.

	110 void PrintProcSelfMaps() {

	111 int fd = open("/proc/self/maps", O_RDONLY);

	112 ScopedFD fd_closer(&fd);

	113 ASSERT_GE(fd, 0);

	114 char buffer[1<<13];

	115 int ret;

	116 ret = read(fd, buffer, sizeof(buffer) - 1);
	Marius 2013/01/29 07:41:27 where's the close()? where's the close()? jln (very slow on Chromium) 2013/01/29 07:48:15 I added a ScopedFD instead. Show quoted text On 2013/01/29 07:41:27, Marius wrote: > where's the close()? I added a ScopedFD instead.
	117 ASSERT_GT(ret, 0);

	118 buffer[ret - 1] = 0;

	119 fprintf(stdout, "%s\n", buffer);

	120 }

	121

	122 // Check if TCMalloc uses an underlying random memory allocator.

	123 TEST(SecurityTest, ALLOC_TEST(RandomMemoryAllocations)) {

	124 if (IsTcMallocBypassed())

	125 return;

	126 // Two successive calls to mmap() have roughly one chance out of 2^6 to be

	127 // detected as having the same order. With 32 allocations, we see ~16 that

	128 // trigger a call to mmap, so the chances of this test flaking is roughly

	129 // 2^-(6*15), i.e. virtually impossible.

	130 const int kAllocNumber = 32;

	131 bool is_contiguous = true;

	132 // Make kAllocNumber successive allocations of growing size and compare the

	133 // successive pointers to detect adjacent mappings. We grow the size because

	134 // TCMalloc can sometimes over-allocate.

	135 scoped_ptr<char, base::FreeDeleter> ptr[kAllocNumber];

	136 for (int i = 0; i < kAllocNumber; ++i) {

	137 // Grow the Malloc size slightly sub-exponentially.

	138 const size_t kMallocSize = 1 << (12 + (i>>1));

	139 ptr[i].reset(static_cast<char*>(malloc(kMallocSize)));

	140 ASSERT_TRUE(ptr[i] != NULL);

	141 if (i > 0) {

	142 // Without mmap randomization, the two high order nibbles

	143 // of a 47 bits userland address address will be identical.

	144 const uintptr_t kHighOrderMask = 0xff0000000000ULL;

	145 bool pointer_have_same_high_order =

	146 (reinterpret_cast<size_t>(ptr[i].get()) & kHighOrderMask) ==

	147 (reinterpret_cast<size_t>(ptr[i - 1].get()) & kHighOrderMask);

	148 if (!pointer_have_same_high_order) {

	149 // PrintProcSelfMaps();

	150 is_contiguous = false;

	151 break;

	152 }

	153 }

	154 }

	155 ASSERT_FALSE(is_contiguous);

	156 }

	157

	158 #endif // (defined(OS_LINUX) \|\| defined(OS_CHROMEOS)) && defined(__x86_64__)

	159

103 } // namespace	160 } // namespace

OLD	NEW

« no previous file with comments | « no previous file | third_party/tcmalloc/chromium/src/system-alloc.cc » ('j') | third_party/tcmalloc/chromium/src/system-alloc.cc » ('J')