-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This is fairly simple given the machinery already present: we just need to make sure the arguments are suitably alloca-tainted or non-tainted, then call dt_cg_alloca_access_check on the alloca pointer to bounds check it, and dt_cg_alloca_ptr to turn it into a real map_value pointer. Since we validate the destination address completely ourselves, if the underlying probe_read call fails we can even tell that it's a problem with the source pointer, and report the failing address appropriately. Signed-off-by: Nick Alcock <nick.alcock@oracle.com> Signed-off-by: Kris Van Hees <kris.van.hees@oracle.com> Reviewed-by: Kris Van Hees <kris.van.hees@oracle.com>
- Loading branch information
1 parent
020c85f
commit e05eb1d
Showing
31 changed files
with
419 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
test/unittest/funcs/alloca/err.alloca-bcopy-before-beyond.d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
/* | ||
* Oracle Linux DTrace. | ||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. | ||
* Licensed under the Universal Permissive License v 1.0 as shown at | ||
* http://oss.oracle.com/licenses/upl. | ||
*/ | ||
|
||
/* | ||
* ASSERTION: bcopies overlapping the whole of alloca()ed memory fail. | ||
* | ||
* SECTION: Actions and Subroutines/alloca() | ||
*/ | ||
|
||
#pragma D option quiet | ||
|
||
BEGIN | ||
{ | ||
a = "0"; | ||
s = (char *)alloca(15); | ||
bcopy(a, s-1, 17); | ||
exit(0); | ||
} | ||
|
||
ERROR | ||
{ | ||
exit(1); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
|
||
-- @@stderr -- | ||
dtrace: error on enabled probe ID 3 (ID 1: dtrace:::BEGIN): invalid address ({ptr}) in action #1 at BPF pc NNN |
27 changes: 27 additions & 0 deletions
27
test/unittest/funcs/alloca/err.alloca-bcopy-before-bottom.d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
/* | ||
* Oracle Linux DTrace. | ||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. | ||
* Licensed under the Universal Permissive License v 1.0 as shown at | ||
* http://oss.oracle.com/licenses/upl. | ||
*/ | ||
|
||
/* | ||
* ASSERTION: bcopies to before the bottom of alloca()ed memory fail. | ||
* | ||
* SECTION: Actions and Subroutines/alloca() | ||
*/ | ||
|
||
#pragma D option quiet | ||
|
||
BEGIN | ||
{ | ||
a = "0"; | ||
s = (char *)alloca(15); | ||
bcopy(a, s-1, 1); | ||
exit(0); | ||
} | ||
|
||
ERROR | ||
{ | ||
exit(1); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
|
||
-- @@stderr -- | ||
dtrace: error on enabled probe ID 3 (ID 1: dtrace:::BEGIN): invalid address ({ptr}) in action #1 at BPF pc NNN |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
/* | ||
* Oracle Linux DTrace. | ||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. | ||
* Licensed under the Universal Permissive License v 1.0 as shown at | ||
* http://oss.oracle.com/licenses/upl. | ||
*/ | ||
|
||
/* | ||
* ASSERTION: bcopies to past the end of alloca()ed memory fail. | ||
* | ||
* SECTION: Actions and Subroutines/alloca() | ||
*/ | ||
|
||
#pragma D option quiet | ||
|
||
BEGIN | ||
{ | ||
a = "01"; | ||
s = (char *)alloca(16); | ||
bcopy(a, &s[16], 1); | ||
exit(0); | ||
} | ||
|
||
ERROR | ||
{ | ||
exit(1); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
|
||
-- @@stderr -- | ||
dtrace: error on enabled probe ID 3 (ID 1: dtrace:::BEGIN): invalid address ({ptr}) in action #1 at BPF pc NNN |
27 changes: 27 additions & 0 deletions
27
test/unittest/funcs/alloca/err.alloca-bcopy-crossing-bottom.d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
/* | ||
* Oracle Linux DTrace. | ||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. | ||
* Licensed under the Universal Permissive License v 1.0 as shown at | ||
* http://oss.oracle.com/licenses/upl. | ||
*/ | ||
|
||
/* | ||
* ASSERTION: bcopies to across the bottom of alloca()ed memory fail. | ||
* | ||
* SECTION: Actions and Subroutines/alloca() | ||
*/ | ||
|
||
#pragma D option quiet | ||
|
||
BEGIN | ||
{ | ||
a = "01"; | ||
s = (char *)alloca(15); | ||
bcopy(a, s-1, 2); | ||
exit(0); | ||
} | ||
|
||
ERROR | ||
{ | ||
exit(1); | ||
} |
3 changes: 3 additions & 0 deletions
3
test/unittest/funcs/alloca/err.alloca-bcopy-crossing-bottom.r
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
|
||
-- @@stderr -- | ||
dtrace: error on enabled probe ID 3 (ID 1: dtrace:::BEGIN): invalid address ({ptr}) in action #1 at BPF pc NNN |
27 changes: 27 additions & 0 deletions
27
test/unittest/funcs/alloca/err.alloca-bcopy-crossing-top.d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
/* | ||
* Oracle Linux DTrace. | ||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. | ||
* Licensed under the Universal Permissive License v 1.0 as shown at | ||
* http://oss.oracle.com/licenses/upl. | ||
*/ | ||
|
||
/* | ||
* ASSERTION: bcopies to across the end of alloca()ed memory fail. | ||
* | ||
* SECTION: Actions and Subroutines/alloca() | ||
*/ | ||
|
||
#pragma D option quiet | ||
|
||
BEGIN | ||
{ | ||
a = "01"; | ||
s = (char *)alloca(16); | ||
bcopy(a, &s[15], 2); | ||
exit(0); | ||
} | ||
|
||
ERROR | ||
{ | ||
exit(1); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
|
||
-- @@stderr -- | ||
dtrace: error on enabled probe ID 3 (ID 1: dtrace:::BEGIN): invalid size ({ptr}) in action #1 at BPF pc NNN |
36 changes: 36 additions & 0 deletions
36
test/unittest/funcs/alloca/err.alloca-scratch-exceeding-bcopy.d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
/* | ||
* Oracle Linux DTrace. | ||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. | ||
* Licensed under the Universal Permissive License v 1.0 as shown at | ||
* http://oss.oracle.com/licenses/upl. | ||
*/ | ||
|
||
/* | ||
* ASSERTION: Exceeding the size of alloca()ed memory with a bcopy is an error. | ||
* | ||
* SECTION: Actions and Subroutines/alloca() | ||
*/ | ||
|
||
/* | ||
* Intentionally use an unaligned size, to make sure that errors are still | ||
* emitted when accessing beyond the last byte when the size is not a | ||
* multiple of the max type size. | ||
*/ | ||
|
||
#pragma D option quiet | ||
#pragma D option scratchsize=9 | ||
|
||
string a; | ||
|
||
BEGIN | ||
{ | ||
a = "0123456789abcdefgh"; | ||
s = (char *)alloca(9); | ||
bcopy(a, s, 17); | ||
exit((s[0] == '0' && s[16] == 'g') ? 0 : 1); | ||
} | ||
|
||
ERROR | ||
{ | ||
exit(1); | ||
} |
3 changes: 3 additions & 0 deletions
3
test/unittest/funcs/alloca/err.alloca-scratch-exceeding-bcopy.r
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
|
||
-- @@stderr -- | ||
dtrace: error on enabled probe ID 3 (ID 1: dtrace:::BEGIN): invalid size ({ptr}) in action #1 at BPF pc NNN |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
/* | ||
* Oracle Linux DTrace. | ||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. | ||
* Licensed under the Universal Permissive License v 1.0 as shown at | ||
* http://oss.oracle.com/licenses/upl. | ||
*/ | ||
|
||
/* | ||
* ASSERTION: bcopies to the last byte of alloca()ed memory succeed. | ||
* | ||
* SECTION: Actions and Subroutines/alloca() | ||
*/ | ||
|
||
#pragma D option quiet | ||
|
||
BEGIN | ||
{ | ||
a = "0"; | ||
s = (char *)alloca(15); | ||
bcopy(a, &s[14], 1); | ||
printf("%c\n", s[14]); | ||
exit(0); | ||
} | ||
|
||
ERROR | ||
{ | ||
exit(1); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
0 | ||
|
31 changes: 31 additions & 0 deletions
31
test/unittest/funcs/alloca/tst.alloca-scratch-filling-bcopy.d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
/* | ||
* Oracle Linux DTrace. | ||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. | ||
* Licensed under the Universal Permissive License v 1.0 as shown at | ||
* http://oss.oracle.com/licenses/upl. | ||
*/ | ||
|
||
/* | ||
* ASSERTION: It is possible to store and load structures that fill up | ||
* alloca()ed memory. | ||
* | ||
* SECTION: Actions and Subroutines/alloca() | ||
*/ | ||
|
||
#pragma D option quiet | ||
#pragma D option scratchsize=8 | ||
|
||
string a; | ||
|
||
BEGIN | ||
{ | ||
a = "01234567"; | ||
s = (char *)alloca(8); | ||
bcopy(a, s, 8); | ||
exit((s[0] == '0' && s[7] == '7') ? 0 : 1); | ||
} | ||
|
||
ERROR | ||
{ | ||
exit(1); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
-- @@stderr -- | ||
dtrace: failed to compile script test/unittest/funcs/err.badbcopy.d: line 26: bcopy( ) argument #1 is incompatible with prototype: | ||
prototype: non-alloca pointer | ||
argument: alloca pointer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
|
||
-- @@stderr -- | ||
dtrace: error on enabled probe ID 3 (ID 1: dtrace:::BEGIN): invalid address ({ptr}) in action #1 at BPF pc NNN |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
-- @@stderr -- | ||
dtrace: failed to compile script test/unittest/funcs/err.badbcopy2.d: line 25: bcopy( ) argument #2 is incompatible with prototype: | ||
prototype: alloca pointer | ||
argument: non-alloca pointer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
-- @@stderr -- | ||
dtrace: failed to compile script test/unittest/funcs/err.badbcopy3.d: line 22: bcopy( ) argument #2 is incompatible with prototype: | ||
prototype: alloca pointer | ||
argument: non-alloca pointer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
|
||
-- @@stderr -- | ||
dtrace: error on enabled probe ID 1 (ID 1: dtrace:::BEGIN): invalid address ({ptr}) in action #2 at DIF offset 52 | ||
dtrace: error on enabled probe ID 3 (ID 1: dtrace:::BEGIN): invalid address ({ptr}) in action #1 at BPF pc NNN |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
|
||
-- @@stderr -- | ||
dtrace: error on enabled probe ID 1 (ID 1: dtrace:::BEGIN): invalid address ({ptr}) in action #2 at DIF offset 40 | ||
dtrace: error on enabled probe ID 3 (ID 1: dtrace:::BEGIN): invalid address ({ptr}) in action #1 at BPF pc NNN |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.