memsafer-generic.cpp revision e03a55af8cb44f6715ff885bd16f4057d260d26b
/* $Id$ */
/** @file
* IPRT - Memory Allocate for Sensitive Data, generic heap-based implementation.
*/
/*
* Copyright (C) 2006-2014 Oracle Corporation
*
* This file is part of VirtualBox Open Source Edition (OSE), as
* available from http://www.virtualbox.org. This file is free software;
* General Public License (GPL) as published by the Free Software
* Foundation, in version 2 as it comes in the "COPYING" file of the
* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
*
* The contents of this file may alternatively be used under the terms
* of the Common Development and Distribution License Version 1.0
* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
* VirtualBox OSE distribution, in which case the provisions of the
* CDDL are applicable instead of those of the GPL.
*
* You may elect to license modified versions of this file under the
* terms and conditions of either the GPL or the CDDL or both.
*/
/*******************************************************************************
* Header Files *
*******************************************************************************/
#include <iprt/memsafer.h>
#endif /* IN_SUP_R3 */
/*******************************************************************************
* Defined Constants And Macros *
*******************************************************************************/
/** Allocation size alignment. */
#define RTMEMSAFER_ALIGN 16
/** Padding after the block to avoid small overruns. */
#define RTMEMSAFER_PAD_BEFORE 96
/** Padding after the block to avoid small underruns. */
#define RTMEMSAFER_PAD_AFTER 32
/*******************************************************************************
* Structures and Typedefs *
*******************************************************************************/
/**
* Supported allocation methods.
*/
typedef enum RTMEMSAFERALLOCMETHOD
{
/** Invalid method. */
/** RTMem{Alloc|Free} methods, least secure!. */
/** Support library. */
/** 32bit hack. */
RTMEMSAFERALLOCMETHOD_32BIT_HACK = 0x7fffffff
/** Pointer to a allocation method enum. */
typedef RTMEMSAFERALLOCMETHOD *PRTMEMSAFERALLOCMETHOD;
/**
* Memory header for safer memory allocations.
*
* @note: There is no magic value used deliberately to make identifying this structure
* as hard as possible.
*/
typedef struct RTMEMSAFERHDR
{
/** Flags passed to this allocation - used for freeing and reallocation. */
/** Allocation method used. */
/** Amount of bytes allocated. */
/** Pointer to a safer memory header. */
typedef RTMEMSAFERHDR *PRTMEMSAFERHDR;
/** Make sure we are staying in the padding area. */
/*******************************************************************************
* Global Variables *
*******************************************************************************/
/** XOR scrambler value.
* @todo determine this at runtime */
#if ARCH_BITS == 32
#else
# error "Bad ARCH_BITS value"
#endif
/**
* Support (SUPR3) based allocator.
*
* @returns VBox status code.
* @retval VERR_NOT_SUPPORTED if this allocation method is not supported in this
* version of the library.
* @param ppvNew Where to store the pointer to the new buffer on success.
* @param cb Amount of bytes to allocate.
*
* @note: The allocation will have an extra page allocated before and after the
* user area with all access rights removed to prevent heartbleed like
* attacks.
*/
{
/*
* Allocate locked memory from the support library.
*
*/
if (RT_SUCCESS(rc))
{
/* Change the memory protection of the pages guarding the allocation. */
if (RT_SUCCESS(rc))
{
rc = SUPR3PageProtect(pvNew, NIL_RTR0PTR, PAGE_SIZE + (uint32_t)cbUser, PAGE_SIZE, RTMEM_PROT_NONE);
if (RT_SUCCESS(rc))
{
return VINF_SUCCESS;
}
}
}
return rc;
#else
return VERR_NOT_SUPPORTED;
#endif
}
/**
* Free method for memory allocated using the Support (SUPR3) based allocator.
*
* @returns nothing.
* @param pv Pointer to the memory to free.
* @param cb Amount of bytes allocated.
*/
{
#else
AssertMsgFailed(("SUPR3 allocated memory but freeing is not supported, messed up\n"));
#endif
}
{
/* Note! This isn't supposed to be safe, just less obvious. */
while (cb > 0)
{
*pu ^= g_uScramblerXor;
pu++;
}
return VINF_SUCCESS;
}
{
/* Note! This isn't supposed to be safe, just less obvious. */
while (cb > 0)
{
*pu ^= g_uScramblerXor;
pu++;
}
return VINF_SUCCESS;
}
RTDECL(int) RTMemSaferAllocZExTag(void **ppvNew, size_t cb, uint32_t fFlags, const char *pszTag) RT_NO_THROW
{
/*
* Don't request zeroed memory. We want random heap garbage in the
* padding zones, nothing that makes our allocations easier to find.
*/
if ( RT_FAILURE(rc)
{
/* Pageable memory allowed. */
}
if (pvNew)
{
#ifdef RT_STRICT /* For checking input in strict builds. */
#endif
/* You don't use this API for performance, so we always clean memory. */
return VINF_SUCCESS;
}
return rc;
}
{
if (pv)
{
switch (pHdr->enmAllocMethod)
{
break;
break;
default:
AssertMsgFailed(("Invalid allocation method, corrupted header\n"));
}
}
else
}
RTDECL(int) RTMemSaferReallocZExTag(size_t cbOld, void *pvOld, size_t cbNew, void **ppvNew, uint32_t fFlags, const char *pszTag) RT_NO_THROW
{
/*
* We cannot let the heap move us around because we will be failing in our
* duty to clean things up. So, allocate a new block, copy over the old
* content, and free the old one.
*/
int rc;
/* Real realloc. */
{
void *pvNew;
if (RT_SUCCESS(rc))
{
}
}
/* First allocation. */
else if (!cbOld)
{
}
/* Free operation*/
else
{
rc = VINF_SUCCESS;
}
return rc;
}
{
if (RT_SUCCESS(rc))
return pvNew;
return NULL;
}
RTDECL(void *) RTMemSaferReallocZTag(size_t cbOld, void *pvOld, size_t cbNew, const char *pszTag) RT_NO_THROW
{
int rc = RTMemSaferReallocZExTag(cbOld, pvOld, cbNew, &pvNew, RTMEMSAFER_ALLOC_EX_FLAGS_DEFAULT, pszTag);
if (RT_SUCCESS(rc))
return pvNew;
return NULL;
}