[sanitizer] Initial implementation of a Hardened Allocator
Summary:
This is an initial implementation of a Hardened Allocator based on Sanitizer Common's CombinedAllocator.
It aims at mitigating heap based vulnerabilities by adding several features to the base allocator, while staying relatively fast.
The following were implemented:
- additional consistency checks on the allocation function parameters and on the heap chunks;
- use of checksum protected chunk header, to detect corruption;
- randomness to the allocator base;
- delayed freelist (quarantine), to mitigate use after free and overall determinism.
Additional mitigations are in the works.
Reviewers: eugenis, aizatsky, pcc, krasin, vitalybuka, glider, dvyukov, kcc
Subscribers: kubabrecka, filcab, llvm-commits
Differential Revision: http://reviews.llvm.org/D20084
llvm-svn: 271968
2016-06-07 09:20:26 +08:00
|
|
|
//===-- scudo_utils.h -------------------------------------------*- C++ -*-===//
|
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
///
|
|
|
|
/// Header for scudo_utils.cpp.
|
|
|
|
///
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#ifndef SCUDO_UTILS_H_
|
|
|
|
#define SCUDO_UTILS_H_
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
#include "sanitizer_common/sanitizer_common.h"
|
|
|
|
|
|
|
|
namespace __scudo {
|
|
|
|
|
|
|
|
template <class Dest, class Source>
|
|
|
|
inline Dest bit_cast(const Source& source) {
|
|
|
|
static_assert(sizeof(Dest) == sizeof(Source), "Sizes are not equal!");
|
|
|
|
Dest dest;
|
|
|
|
memcpy(&dest, &source, sizeof(dest));
|
|
|
|
return dest;
|
|
|
|
}
|
|
|
|
|
2016-08-03 07:23:13 +08:00
|
|
|
void NORETURN dieWithMessage(const char *Format, ...);
|
[sanitizer] Initial implementation of a Hardened Allocator
Summary:
This is an initial implementation of a Hardened Allocator based on Sanitizer Common's CombinedAllocator.
It aims at mitigating heap based vulnerabilities by adding several features to the base allocator, while staying relatively fast.
The following were implemented:
- additional consistency checks on the allocation function parameters and on the heap chunks;
- use of checksum protected chunk header, to detect corruption;
- randomness to the allocator base;
- delayed freelist (quarantine), to mitigate use after free and overall determinism.
Additional mitigations are in the works.
Reviewers: eugenis, aizatsky, pcc, krasin, vitalybuka, glider, dvyukov, kcc
Subscribers: kubabrecka, filcab, llvm-commits
Differential Revision: http://reviews.llvm.org/D20084
llvm-svn: 271968
2016-06-07 09:20:26 +08:00
|
|
|
|
|
|
|
enum CPUFeature {
|
|
|
|
SSE4_2 = 0,
|
|
|
|
ENUM_CPUFEATURE_MAX
|
|
|
|
};
|
|
|
|
bool testCPUFeature(CPUFeature feature);
|
|
|
|
|
|
|
|
// Tiny PRNG based on https://en.wikipedia.org/wiki/Xorshift#xorshift.2B
|
|
|
|
// The state (128 bits) will be stored in thread local storage.
|
|
|
|
struct Xorshift128Plus {
|
|
|
|
public:
|
|
|
|
Xorshift128Plus();
|
|
|
|
u64 Next() {
|
|
|
|
u64 x = State_0_;
|
|
|
|
const u64 y = State_1_;
|
|
|
|
State_0_ = y;
|
|
|
|
x ^= x << 23;
|
|
|
|
State_1_ = x ^ y ^ (x >> 17) ^ (y >> 26);
|
|
|
|
return State_1_ + y;
|
|
|
|
}
|
|
|
|
private:
|
|
|
|
u64 State_0_;
|
|
|
|
u64 State_1_;
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace __scudo
|
|
|
|
|
|
|
|
#endif // SCUDO_UTILS_H_
|