diff options
| author | Peter Collingbourne <pcc@google.com> | 2020-09-11 15:05:17 -0700 |
|---|---|---|
| committer | Peter Collingbourne <pcc@google.com> | 2020-10-08 14:02:36 -0700 |
| commit | 5d3aa86cd1fe2e8b1920003b14b9a0c91153b111 (patch) | |
| tree | e17b86fb2a85a913c20d5f91405ef524e7c0c1c8 /tests/malloc_test.cpp | |
| parent | 4edf74ab1ae2da4bda80d19f4c014e983c74903d (diff) | |
Add an API for per-process disabling memory initialization.
Introduce an android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) API call
that may be used to disable zero- or pattern-init on non-MTE hardware,
or memory tagging on MTE hardware. The intent is that this function
may be called at any time, including when there are multiple threads
running.
Disabling zero- or pattern-init is quite trivial, we just need to set
a global variable to 0 via a Scudo API call (although there will be
some separate work required on the Scudo side to make this operation
thread-safe).
It is a bit more tricky to disable MTE across a process, because
the kernel does not provide an API for disabling tag checking in all
threads in a process, only per-thread. We need to send a signal to each
of the process's threads with a handler that issues the required prctl
call, and lock thread creation for the duration of the API call to
avoid races between thread enumeration and calls to pthread_create().
Bug: 135772972
Change-Id: I81ece86ace916eb6b435ab516cd431ec4b48a3bf
Diffstat (limited to 'tests/malloc_test.cpp')
| -rw-r--r-- | tests/malloc_test.cpp | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/tests/malloc_test.cpp b/tests/malloc_test.cpp index d692cf95c..4ea6d2b37 100644 --- a/tests/malloc_test.cpp +++ b/tests/malloc_test.cpp @@ -20,6 +20,7 @@ #include <limits.h> #include <malloc.h> #include <pthread.h> +#include <semaphore.h> #include <signal.h> #include <stdint.h> #include <stdio.h> @@ -45,6 +46,7 @@ #include "SignalUtils.h" #include "platform/bionic/malloc.h" +#include "platform/bionic/mte.h" #include "platform/bionic/mte_kernel.h" #include "platform/bionic/reserved_signals.h" #include "private/bionic_config.h" @@ -1259,3 +1261,39 @@ TEST(android_mallopt, set_allocation_limit_multiple_threads) { GTEST_SKIP() << "bionic extension"; #endif } + +TEST(android_mallopt, disable_memory_mitigations) { +#if defined(__BIONIC__) + if (!mte_supported()) { + GTEST_SKIP() << "This function can only be tested with MTE"; + } + +#ifdef ANDROID_EXPERIMENTAL_MTE + sem_t sem; + ASSERT_EQ(0, sem_init(&sem, 0, 0)); + + pthread_t thread; + ASSERT_EQ(0, pthread_create( + &thread, nullptr, + [](void* ptr) -> void* { + auto* sem = reinterpret_cast<sem_t*>(ptr); + sem_wait(sem); + return reinterpret_cast<void*>(prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0)); + }, + &sem)); + + ASSERT_TRUE(android_mallopt(M_DISABLE_MEMORY_MITIGATIONS, nullptr, 0)); + ASSERT_EQ(0, sem_post(&sem)); + + int my_tagged_addr_ctrl = prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0); + ASSERT_EQ(PR_MTE_TCF_NONE, my_tagged_addr_ctrl & PR_MTE_TCF_MASK); + + void* retval; + ASSERT_EQ(0, pthread_join(thread, &retval)); + int thread_tagged_addr_ctrl = reinterpret_cast<uintptr_t>(retval); + ASSERT_EQ(my_tagged_addr_ctrl, thread_tagged_addr_ctrl); +#endif +#else + GTEST_SKIP() << "bionic extension"; +#endif +} |