dlopen.cpp source code [compiler-rt/test/cfi/cross-dso/icall/dlopen.cpp]

1	// RUN: %clangxx_cfi_dso -DSHARED_LIB %s -fPIC -shared -o %t1-so.so
2	// RUN: %clangxx_cfi_dso %s -o %t1
3	// RUN: %expect_crash %t1 2>&1 \| FileCheck --check-prefix=CFI %s
4	// RUN: %expect_crash %t1 cast 2>&1 \| FileCheck --check-prefix=CFI-CAST %s
5	// RUN: %expect_crash %t1 dlclose 2>&1 \| FileCheck --check-prefix=CFI %s
6
7	// RUN: %clangxx_cfi_dso -DB32 -DSHARED_LIB %s -fPIC -shared -o %t2-so.so
8	// RUN: %clangxx_cfi_dso -DB32 %s -o %t2
9	// RUN: %expect_crash %t2 2>&1 \| FileCheck --check-prefix=CFI %s
10	// RUN: %expect_crash %t2 cast 2>&1 \| FileCheck --check-prefix=CFI-CAST %s
11	// RUN: %expect_crash %t2 dlclose 2>&1 \| FileCheck --check-prefix=CFI %s
12
13	// RUN: %clangxx_cfi_dso -DB64 -DSHARED_LIB %s -fPIC -shared -o %t3-so.so
14	// RUN: %clangxx_cfi_dso -DB64 %s -o %t3
15	// RUN: %expect_crash %t3 2>&1 \| FileCheck --check-prefix=CFI %s
16	// RUN: %expect_crash %t3 cast 2>&1 \| FileCheck --check-prefix=CFI-CAST %s
17	// RUN: %expect_crash %t3 dlclose 2>&1 \| FileCheck --check-prefix=CFI %s
18
19	// RUN: %clangxx_cfi_dso -DBM -DSHARED_LIB %s -fPIC -shared -o %t4-so.so
20	// RUN: %clangxx_cfi_dso -DBM %s -o %t4
21	// RUN: %expect_crash %t4 2>&1 \| FileCheck --check-prefix=CFI %s
22	// RUN: %expect_crash %t4 cast 2>&1 \| FileCheck --check-prefix=CFI-CAST %s
23	// RUN: %expect_crash %t4 dlclose 2>&1 \| FileCheck --check-prefix=CFI %s
24
25	// RUN: %clangxx -g -DBM -DSHARED_LIB -DNOCFI %s -fPIC -shared -o %t5-so.so
26	// RUN: %clangxx -g -DBM -DNOCFI %s -ldl -o %t5
27	// RUN: %t5 2>&1 \| FileCheck --check-prefix=NCFI %s
28	// RUN: %t5 cast 2>&1 \| FileCheck --check-prefix=NCFI %s
29	// RUN: %t5 dlclose 2>&1 \| FileCheck --check-prefix=NCFI %s
30
31	// Test that calls to uninstrumented library are unchecked.
32	// RUN: %clangxx -DBM -DSHARED_LIB %s -fPIC -shared -o %t6-so.so
33	// RUN: %clangxx_cfi_dso -DBM %s -o %t6
34	// RUN: %t6 2>&1 \| FileCheck --check-prefix=NCFI %s
35	// RUN: %t6 cast 2>&1 \| FileCheck --check-prefix=NCFI %s
36
37	// Call-after-dlclose is checked on the caller side.
38	// RUN: %expect_crash %t6 dlclose 2>&1 \| FileCheck --check-prefix=CFI %s
39
40	// Tests calls into dlopen-ed library.
41	// REQUIRES: cxxabi
42
43	#include <assert.h>
44	#include <dlfcn.h>
45	#include <stdio.h>
46	#include <stdint.h>
47	#include <string.h>
48	#include <sys/mman.h>
49
50	#include <string>
51
52	struct A {
53	virtual void f();
54	};
55
56	// The page size of LoongArch is 16KiB, aligned to the memory page size.
57	#ifdef __loongarch__
58	# define PAGESIZE 16384
59	#else
60	# define PAGESIZE 4096
61	#endif
62
63	#ifdef SHARED_LIB
64
65	#include "../../utils.h"
66	struct B {
67	virtual void f();
68	};
69	void B::f() {}
70
71	extern "C" void *create_B() {
72	create_derivers<B>();
73	return (void )(new* B());
74	}
75
76	extern "C" __attribute__((aligned(PAGESIZE))) void do_nothing() {}
77
78	#else
79
80	void A::f() {}
81
82	static const int kCodeAlign = PAGESIZE;
83	static const int kCodeSize = `4096`;
84	static char saved_code[kCodeSize];
85	static char *real_start;
86
87	static void save_code(char *p) {
88	real_start = (char *)(((uintptr_t)p) & ~(kCodeAlign - `1`));
89	memcpy(dest: saved_code, src: real_start, n: kCodeSize);
90	}
91
92	static void restore_code() {
93	char *code =
94	(char *)mmap(addr: real_start, len: kCodeSize, PROT_READ \| PROT_WRITE \| PROT_EXEC,
95	MAP_PRIVATE \| MAP_ANONYMOUS \| MAP_FIXED, fd: `0`, offset: `0`);
96	assert(code == real_start);
97	memcpy(dest: code, src: saved_code, n: kCodeSize);
98	__builtin___clear_cache(code, code + kCodeSize);
99	}
100
101	int main(int argc, char *argv[]) {
102	const bool test_cast = argc > `1` && strcmp(s1: argv[`1`], s2: "cast") == `0`;
103	const bool test_dlclose = argc > `1` && strcmp(s1: argv[`1`], s2: "dlclose") == `0`;
104
105	std::string name = std::string (argv[`0`]) + "-so.so";
106	void *handle = dlopen(file: name.c_str(), RTLD_NOW);
107	assert(handle);
108	void (create_B)() = (void ()())dlsym(handle: handle, name: "create_B");
109	assert(create_B);
110
111	void *p = create_B();
112	A *a;
113
114	// CFI: =0=
115	// CFI-CAST: =0=
116	// NCFI: =0=
117	fprintf(stderr, format: "=0=\n");
118
119	if (test_cast) {
120	// Test cast. BOOM.
121	a = (A*)p;
122	} else {
123	// Invisible to CFI. Test virtual call later.
124	memcpy(dest: &a, src: &p, n: sizeof(a));
125	}
126
127	// CFI: =1=
128	// CFI-CAST-NOT: =1=
129	// NCFI: =1=
130	fprintf(stderr, format: "=1=\n");
131
132	if (test_dlclose) {
133	// Imitate an attacker sneaking in an executable page where a dlclose()d
134	// library was loaded. This needs to pass w/o CFI, so for the testing
135	// purpose, we just copy the bytes of a "void f() {}" function back and
136	// forth.
137	void (do_nothing)() = (void* (*)())dlsym(handle: handle, name: "do_nothing");
138	assert(do_nothing);
139	save_code(p: (char *)do_nothing);
140
141	int res = dlclose(handle: handle);
142	assert(res == `0`);
143
144	restore_code();
145
146	do_nothing(); // UB here
147	} else {
148	a->f(); // UB here
149	}
150
151	// CFI-NOT: =2=
152	// CFI-CAST-NOT: =2=
153	// NCFI: =2=
154	fprintf(stderr, format: "=2=\n");
155	}
156	#endif
157

source code of compiler-rt/test/cfi/cross-dso/icall/dlopen.cpp