1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
|
/* Linux host-specific hook definitions.
Copyright (C) 2004-2014 Free Software Foundation, Inc.
This file is part of GCC.
GCC is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
by the Free Software Foundation; either version 3, or (at your
option) any later version.
GCC is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License
along with GCC; see the file COPYING3. If not see
<http://www.gnu.org/licenses/>. */
#include "config.h"
#include "system.h"
#include "coretypes.h"
#include "hosthooks.h"
#include "hosthooks-def.h"
/* Linux has a feature called exec-shield-randomize that perturbs the
address of non-fixed mapped segments by a (relatively) small amount.
The feature is intended to make it harder to attack the system with
buffer overflow attacks, since every invocation of a program will
have its libraries and data segments at slightly different addresses.
This feature causes us problems with PCH because it makes it that
much harder to acquire a stable location at which to map our PCH
data file.
[ The feature causes other points of non-determinism within the
compiler as well, so we'd *really* like to be able to have the
driver disable exec-shield-randomize for the process group, but
that isn't possible at present. ]
We're going to try several things:
* Select an architecture specific address as "likely" and see
if that's free. For our 64-bit hosts, we can easily choose
an address in Never Never Land.
* If exec-shield-randomize is disabled, then just use the
address chosen by mmap in step one.
* If exec-shield-randomize is enabled, then temporarily allocate
32M of memory as a buffer, then allocate PCH memory, then
free the buffer. The theory here is that the perturbation is
no more than 16M, and so by allocating our buffer larger than
that we make it considerably more likely that the address will
be free when we want to load the data back.
*/
#undef HOST_HOOKS_GT_PCH_GET_ADDRESS
#define HOST_HOOKS_GT_PCH_GET_ADDRESS linux_gt_pch_get_address
#undef HOST_HOOKS_GT_PCH_USE_ADDRESS
#define HOST_HOOKS_GT_PCH_USE_ADDRESS linux_gt_pch_use_address
/* For various ports, try to guess a fixed spot in the vm space
that's probably free. */
#if defined(__alpha)
# define TRY_EMPTY_VM_SPACE 0x10000000000
#elif defined(__ia64)
# define TRY_EMPTY_VM_SPACE 0x2000000100000000
#elif defined(__x86_64) && defined(__LP64__)
# define TRY_EMPTY_VM_SPACE 0x1000000000
#elif defined(__x86_64)
# define TRY_EMPTY_VM_SPACE 0x60000000
#elif defined(__i386)
# define TRY_EMPTY_VM_SPACE 0x60000000
#elif defined(__powerpc__)
# define TRY_EMPTY_VM_SPACE 0x60000000
#elif defined(__s390x__)
# define TRY_EMPTY_VM_SPACE 0x8000000000
#elif defined(__s390__)
# define TRY_EMPTY_VM_SPACE 0x60000000
#elif defined(__sparc__) && defined(__LP64__)
# define TRY_EMPTY_VM_SPACE 0x8000000000
#elif defined(__sparc__)
# define TRY_EMPTY_VM_SPACE 0x60000000
#elif defined(__mc68000__)
# define TRY_EMPTY_VM_SPACE 0x40000000
#elif defined(__aarch64__) && defined(__ILP32__)
# define TRY_EMPTY_VM_SPACE 0x60000000
#elif defined(__aarch64__)
# define TRY_EMPTY_VM_SPACE 0x1000000000
#elif defined(__ARM_EABI__)
# define TRY_EMPTY_VM_SPACE 0x60000000
#elif defined(__mips__) && defined(__LP64__)
# define TRY_EMPTY_VM_SPACE 0x8000000000
#elif defined(__mips__)
# define TRY_EMPTY_VM_SPACE 0x60000000
#else
# define TRY_EMPTY_VM_SPACE 0
#endif
/* Determine a location where we might be able to reliably allocate SIZE
bytes. FD is the PCH file, though we should return with the file
unmapped. */
static void *
linux_gt_pch_get_address (size_t size, int fd)
{
size_t buffer_size = 32 * 1024 * 1024;
void *addr, *buffer;
FILE *f;
bool randomize_on;
addr = mmap ((void *)TRY_EMPTY_VM_SPACE, size, PROT_READ | PROT_WRITE,
MAP_PRIVATE, fd, 0);
/* If we failed the map, that means there's *no* free space. */
if (addr == (void *) MAP_FAILED)
return NULL;
/* Unmap the area before returning. */
munmap (addr, size);
/* If we got the exact area we requested, then that's great. */
if (TRY_EMPTY_VM_SPACE && addr == (void *) TRY_EMPTY_VM_SPACE)
return addr;
/* If we didn't, then we need to look to see if virtual address
randomization is on. That is recorded in
kernel.randomize_va_space. An older implementation used
kernel.exec-shield-randomize. */
f = fopen ("/proc/sys/kernel/randomize_va_space", "r");
if (f == NULL)
f = fopen ("/proc/sys/kernel/exec-shield-randomize", "r");
randomize_on = false;
if (f != NULL)
{
char buf[100];
size_t c;
c = fread (buf, 1, sizeof buf - 1, f);
if (c > 0)
{
buf[c] = '\0';
randomize_on = (atoi (buf) > 0);
}
fclose (f);
}
/* If it isn't, then accept the address that mmap selected as fine. */
if (!randomize_on)
return addr;
/* Otherwise, we need to try again with buffer space. */
buffer = mmap (0, buffer_size, PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0);
addr = mmap (0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
if (buffer != (void *) MAP_FAILED)
munmap (buffer, buffer_size);
if (addr == (void *) MAP_FAILED)
return NULL;
munmap (addr, size);
return addr;
}
/* Map SIZE bytes of FD+OFFSET at BASE. Return 1 if we succeeded at
mapping the data at BASE, -1 if we couldn't.
It's not possibly to reliably mmap a file using MAP_PRIVATE to
a specific START address on either hpux or linux. First we see
if mmap with MAP_PRIVATE works. If it does, we are off to the
races. If it doesn't, we try an anonymous private mmap since the
kernel is more likely to honor the BASE address in anonymous maps.
We then copy the data to the anonymous private map. This assumes
of course that we don't need to change the data in the PCH file
after it is created.
This approach obviously causes a performance penalty but there is
little else we can do given the current PCH implementation. */
static int
linux_gt_pch_use_address (void *base, size_t size, int fd, size_t offset)
{
void *addr;
/* We're called with size == 0 if we're not planning to load a PCH
file at all. This allows the hook to free any static space that
we might have allocated at link time. */
if (size == 0)
return -1;
/* Try to map the file with MAP_PRIVATE. */
addr = mmap (base, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, offset);
if (addr == base)
return 1;
if (addr != (void *) MAP_FAILED)
munmap (addr, size);
/* Try to make an anonymous private mmap at the desired location. */
addr = mmap (base, size, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (addr != base)
{
if (addr != (void *) MAP_FAILED)
munmap (addr, size);
return -1;
}
if (lseek (fd, offset, SEEK_SET) == (off_t)-1)
return -1;
while (size)
{
ssize_t nbytes;
nbytes = read (fd, base, MIN (size, (size_t)-1 >> 1));
if (nbytes <= 0)
return -1;
base = (char *) base + nbytes;
size -= nbytes;
}
return 1;
}
const struct host_hooks host_hooks = HOST_HOOKS_INITIALIZER;
|