1 | /* Linux host-specific hook definitions. |
2 | Copyright (C) 2004-2024 Free Software Foundation, Inc. |
3 | |
4 | This file is part of GCC. |
5 | |
6 | GCC is free software; you can redistribute it and/or modify it |
7 | under the terms of the GNU General Public License as published |
8 | by the Free Software Foundation; either version 3, or (at your |
9 | option) any later version. |
10 | |
11 | GCC is distributed in the hope that it will be useful, but WITHOUT |
12 | ANY WARRANTY; without even the implied warranty of MERCHANTABILITY |
13 | or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public |
14 | License for more details. |
15 | |
16 | You should have received a copy of the GNU General Public License |
17 | along with GCC; see the file COPYING3. If not see |
18 | <http://www.gnu.org/licenses/>. */ |
19 | |
20 | #include "config.h" |
21 | #include "system.h" |
22 | #include "coretypes.h" |
23 | #include "hosthooks.h" |
24 | #include "hosthooks-def.h" |
25 | |
26 | |
27 | /* Linux has a feature called exec-shield-randomize that perturbs the |
28 | address of non-fixed mapped segments by a (relatively) small amount. |
29 | The feature is intended to make it harder to attack the system with |
30 | buffer overflow attacks, since every invocation of a program will |
31 | have its libraries and data segments at slightly different addresses. |
32 | |
33 | This feature causes us problems with PCH because it makes it that |
34 | much harder to acquire a stable location at which to map our PCH |
35 | data file. |
36 | |
37 | [ The feature causes other points of non-determinism within the |
38 | compiler as well, so we'd *really* like to be able to have the |
39 | driver disable exec-shield-randomize for the process group, but |
40 | that isn't possible at present. ] |
41 | |
42 | We're going to try several things: |
43 | |
44 | * Select an architecture specific address as "likely" and see |
45 | if that's free. For our 64-bit hosts, we can easily choose |
46 | an address in Never Never Land. |
47 | |
48 | * If exec-shield-randomize is disabled, then just use the |
49 | address chosen by mmap in step one. |
50 | |
51 | * If exec-shield-randomize is enabled, then temporarily allocate |
52 | 32M of memory as a buffer, then allocate PCH memory, then |
53 | free the buffer. The theory here is that the perturbation is |
54 | no more than 16M, and so by allocating our buffer larger than |
55 | that we make it considerably more likely that the address will |
56 | be free when we want to load the data back. |
57 | */ |
58 | |
59 | #undef HOST_HOOKS_GT_PCH_GET_ADDRESS |
60 | #define HOST_HOOKS_GT_PCH_GET_ADDRESS linux_gt_pch_get_address |
61 | |
62 | #undef HOST_HOOKS_GT_PCH_USE_ADDRESS |
63 | #define HOST_HOOKS_GT_PCH_USE_ADDRESS linux_gt_pch_use_address |
64 | |
65 | /* For various ports, try to guess a fixed spot in the vm space |
66 | that's probably free. */ |
67 | #if defined(__alpha) |
68 | # define TRY_EMPTY_VM_SPACE 0x10000000000 |
69 | #elif defined(__ia64) |
70 | # define TRY_EMPTY_VM_SPACE 0x2000000100000000 |
71 | #elif defined(__x86_64) && defined(__LP64__) |
72 | # define TRY_EMPTY_VM_SPACE 0x1000000000 |
73 | #elif defined(__x86_64) |
74 | # define TRY_EMPTY_VM_SPACE 0x60000000 |
75 | #elif defined(__i386) |
76 | # define TRY_EMPTY_VM_SPACE 0x60000000 |
77 | #elif defined(__powerpc__) |
78 | # define TRY_EMPTY_VM_SPACE 0x60000000 |
79 | #elif defined(__s390x__) |
80 | # define TRY_EMPTY_VM_SPACE 0x8000000000 |
81 | #elif defined(__s390__) |
82 | # define TRY_EMPTY_VM_SPACE 0x60000000 |
83 | #elif defined(__sparc__) && defined(__LP64__) |
84 | # define TRY_EMPTY_VM_SPACE 0x8000000000 |
85 | #elif defined(__sparc__) |
86 | # define TRY_EMPTY_VM_SPACE 0x60000000 |
87 | #elif defined(__mc68000__) |
88 | # define TRY_EMPTY_VM_SPACE 0x40000000 |
89 | #elif defined(__aarch64__) && defined(__ILP32__) |
90 | # define TRY_EMPTY_VM_SPACE 0x60000000 |
91 | #elif defined(__aarch64__) |
92 | # define TRY_EMPTY_VM_SPACE 0x1000000000 |
93 | #elif defined(__ARM_EABI__) |
94 | # define TRY_EMPTY_VM_SPACE 0x60000000 |
95 | #elif defined(__mips__) && defined(__LP64__) |
96 | # define TRY_EMPTY_VM_SPACE 0x8000000000 |
97 | #elif defined(__mips__) |
98 | # define TRY_EMPTY_VM_SPACE 0x60000000 |
99 | #elif defined(__riscv) && defined (__LP64__) |
100 | # define TRY_EMPTY_VM_SPACE 0x1000000000 |
101 | #elif defined(__loongarch__) && defined(__LP64__) |
102 | # define TRY_EMPTY_VM_SPACE 0x1000000000 |
103 | #else |
104 | # define TRY_EMPTY_VM_SPACE 0 |
105 | #endif |
106 | |
107 | /* Determine a location where we might be able to reliably allocate SIZE |
108 | bytes. FD is the PCH file, though we should return with the file |
109 | unmapped. */ |
110 | |
111 | static void * |
112 | linux_gt_pch_get_address (size_t size, int fd) |
113 | { |
114 | size_t buffer_size = 32 * 1024 * 1024; |
115 | void *addr, *buffer; |
116 | FILE *f; |
117 | bool randomize_on; |
118 | |
119 | addr = mmap (addr: (void *)TRY_EMPTY_VM_SPACE, len: size, PROT_READ | PROT_WRITE, |
120 | MAP_PRIVATE, fd: fd, offset: 0); |
121 | |
122 | /* If we failed the map, that means there's *no* free space. */ |
123 | if (addr == (void *) MAP_FAILED) |
124 | return NULL; |
125 | /* Unmap the area before returning. */ |
126 | munmap (addr: addr, len: size); |
127 | |
128 | /* If we got the exact area we requested, then that's great. */ |
129 | if (TRY_EMPTY_VM_SPACE && addr == (void *) TRY_EMPTY_VM_SPACE) |
130 | return addr; |
131 | |
132 | /* If we didn't, then we need to look to see if virtual address |
133 | randomization is on. That is recorded in |
134 | kernel.randomize_va_space. An older implementation used |
135 | kernel.exec-shield-randomize. */ |
136 | f = fopen (filename: "/proc/sys/kernel/randomize_va_space" , modes: "r" ); |
137 | if (f == NULL) |
138 | f = fopen (filename: "/proc/sys/kernel/exec-shield-randomize" , modes: "r" ); |
139 | randomize_on = false; |
140 | if (f != NULL) |
141 | { |
142 | char buf[100]; |
143 | size_t c; |
144 | |
145 | c = fread (ptr: buf, size: 1, n: sizeof buf - 1, stream: f); |
146 | if (c > 0) |
147 | { |
148 | buf[c] = '\0'; |
149 | randomize_on = (atoi (nptr: buf) > 0); |
150 | } |
151 | fclose (stream: f); |
152 | } |
153 | |
154 | /* If it isn't, then accept the address that mmap selected as fine. */ |
155 | if (!randomize_on) |
156 | return addr; |
157 | |
158 | /* Otherwise, we need to try again with buffer space. */ |
159 | buffer = mmap (addr: 0, len: buffer_size, PROT_NONE, MAP_PRIVATE | MAP_ANON, fd: -1, offset: 0); |
160 | addr = mmap (addr: 0, len: size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd: fd, offset: 0); |
161 | if (buffer != (void *) MAP_FAILED) |
162 | munmap (addr: buffer, len: buffer_size); |
163 | if (addr == (void *) MAP_FAILED) |
164 | return NULL; |
165 | munmap (addr: addr, len: size); |
166 | |
167 | return addr; |
168 | } |
169 | |
170 | /* Map SIZE bytes of FD+OFFSET at BASE. Return 1 if we succeeded at |
171 | mapping the data at BASE, -1 if we couldn't. |
172 | |
173 | It's not possibly to reliably mmap a file using MAP_PRIVATE to |
174 | a specific START address on either hpux or linux. First we see |
175 | if mmap with MAP_PRIVATE works. If it does, we are off to the |
176 | races. If it doesn't, we try an anonymous private mmap since the |
177 | kernel is more likely to honor the BASE address in anonymous maps. |
178 | We then copy the data to the anonymous private map. This assumes |
179 | of course that we don't need to change the data in the PCH file |
180 | after it is created. |
181 | |
182 | This approach obviously causes a performance penalty but there is |
183 | little else we can do given the current PCH implementation. */ |
184 | |
185 | static int |
186 | linux_gt_pch_use_address (void *&base, size_t size, int fd, size_t offset) |
187 | { |
188 | void *addr; |
189 | |
190 | /* We're called with size == 0 if we're not planning to load a PCH |
191 | file at all. This allows the hook to free any static space that |
192 | we might have allocated at link time. */ |
193 | if (size == 0) |
194 | return -1; |
195 | |
196 | /* Try to map the file with MAP_PRIVATE. */ |
197 | addr = mmap (addr: base, len: size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd: fd, offset: offset); |
198 | |
199 | if (addr == base) |
200 | return 1; |
201 | |
202 | if (addr != (void *) MAP_FAILED) |
203 | munmap (addr: addr, len: size); |
204 | |
205 | /* Try to make an anonymous private mmap at the desired location. */ |
206 | addr = mmap (addr: base, len: size, PROT_READ | PROT_WRITE, |
207 | MAP_PRIVATE | MAP_ANONYMOUS, fd: -1, offset: 0); |
208 | |
209 | if (addr == (void *) MAP_FAILED) |
210 | return -1; |
211 | |
212 | if (lseek (fd: fd, offset: offset, SEEK_SET) == (off_t)-1) |
213 | return -1; |
214 | |
215 | base = addr; |
216 | |
217 | while (size) |
218 | { |
219 | ssize_t nbytes; |
220 | |
221 | nbytes = read (fd: fd, buf: addr, MIN (size, (size_t)-1 >> 1)); |
222 | if (nbytes <= 0) |
223 | return -1; |
224 | addr = (char *) addr + nbytes; |
225 | size -= nbytes; |
226 | } |
227 | |
228 | return 1; |
229 | } |
230 | |
231 | |
232 | const struct host_hooks host_hooks = HOST_HOOKS_INITIALIZER; |
233 | |