1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <stdlib.h>
18 #include <string.h>
19 #include <sys/mman.h>
20
21 #include <gtest/gtest.h>
22 #include "buffer_tests.h"
23 #include "utils.h"
24
25 // For the comparison buffer tests, the maximum length to test for the
26 // miscompare checks.
27 #define MISCMP_MAX_LENGTH 512
28
29 #define FENCEPOST_LENGTH 8
30
31 static int g_single_aligns[][2] = {
32 // Both buffers at same alignment.
33 { 1, 0 },
34 { 2, 0 },
35 { 4, 0 },
36 { 8, 0 },
37 { 16, 0 },
38 { 32, 0 },
39 { 64, 0 },
40 { 128, 0 },
41
42 // General unaligned cases.
43 { 4, 1 },
44 { 4, 2 },
45 { 4, 3 },
46
47 { 8, 1 },
48 { 8, 2 },
49 { 8, 3 },
50 { 8, 4 },
51 { 8, 5 },
52 { 8, 6 },
53 { 8, 7 },
54
55 { 128, 1 },
56 { 128, 4 },
57 { 128, 8 },
58 { 128, 12 },
59 { 128, 16 },
60 };
61
62 static const size_t g_single_aligns_len = sizeof(g_single_aligns)/sizeof(int[2]);
63
64 // Set of multiple buffer alignment combinations to be used for string/memory
65 // testing routines.
66 static int g_double_aligns[][4] = {
67 // Both buffers at same alignment.
68 { 1, 0, 1, 0 },
69 { 2, 0, 2, 0 },
70 { 4, 0, 4, 0 },
71 { 8, 0, 8, 0 },
72 { 16, 0, 16, 0 },
73 { 32, 0, 32, 0 },
74 { 64, 0, 64, 0 },
75 { 128, 0, 128, 0 },
76
77 // Different word alignments between buffers.
78 { 8, 0, 4, 0 },
79 { 4, 0, 8, 0 },
80 { 16, 0, 4, 0 },
81 { 4, 0, 16, 0 },
82
83 // General unaligned cases.
84 { 4, 0, 4, 1 },
85 { 4, 0, 4, 2 },
86 { 4, 0, 4, 3 },
87
88 { 4, 1, 4, 0 },
89 { 4, 1, 4, 1 },
90 { 4, 1, 4, 2 },
91 { 4, 1, 4, 3 },
92
93 { 4, 2, 4, 0 },
94 { 4, 2, 4, 1 },
95 { 4, 2, 4, 2 },
96 { 4, 2, 4, 3 },
97
98 { 4, 3, 4, 0 },
99 { 4, 3, 4, 1 },
100 { 4, 3, 4, 2 },
101 { 4, 3, 4, 3 },
102
103 { 8, 0, 8, 1 },
104 { 8, 0, 8, 2 },
105 { 8, 0, 8, 3 },
106 { 8, 0, 8, 4 },
107 { 8, 0, 8, 5 },
108 { 8, 0, 8, 6 },
109 { 8, 0, 8, 7 },
110
111 { 8, 1, 8, 0 },
112 { 8, 1, 8, 1 },
113 { 8, 1, 8, 2 },
114 { 8, 1, 8, 3 },
115 { 8, 1, 8, 4 },
116 { 8, 1, 8, 5 },
117 { 8, 1, 8, 6 },
118 { 8, 1, 8, 7 },
119
120 { 8, 2, 8, 0 },
121 { 8, 2, 8, 1 },
122 { 8, 2, 8, 2 },
123 { 8, 2, 8, 3 },
124 { 8, 2, 8, 4 },
125 { 8, 2, 8, 5 },
126 { 8, 2, 8, 6 },
127 { 8, 2, 8, 7 },
128
129 { 8, 3, 8, 0 },
130 { 8, 3, 8, 1 },
131 { 8, 3, 8, 2 },
132 { 8, 3, 8, 3 },
133 { 8, 3, 8, 4 },
134 { 8, 3, 8, 5 },
135 { 8, 3, 8, 6 },
136 { 8, 3, 8, 7 },
137
138 { 8, 4, 8, 0 },
139 { 8, 4, 8, 1 },
140 { 8, 4, 8, 2 },
141 { 8, 4, 8, 3 },
142 { 8, 4, 8, 4 },
143 { 8, 4, 8, 5 },
144 { 8, 4, 8, 6 },
145 { 8, 4, 8, 7 },
146
147 { 8, 5, 8, 0 },
148 { 8, 5, 8, 1 },
149 { 8, 5, 8, 2 },
150 { 8, 5, 8, 3 },
151 { 8, 5, 8, 4 },
152 { 8, 5, 8, 5 },
153 { 8, 5, 8, 6 },
154 { 8, 5, 8, 7 },
155
156 { 8, 6, 8, 0 },
157 { 8, 6, 8, 1 },
158 { 8, 6, 8, 2 },
159 { 8, 6, 8, 3 },
160 { 8, 6, 8, 4 },
161 { 8, 6, 8, 5 },
162 { 8, 6, 8, 6 },
163 { 8, 6, 8, 7 },
164
165 { 8, 7, 8, 0 },
166 { 8, 7, 8, 1 },
167 { 8, 7, 8, 2 },
168 { 8, 7, 8, 3 },
169 { 8, 7, 8, 4 },
170 { 8, 7, 8, 5 },
171 { 8, 7, 8, 6 },
172 { 8, 7, 8, 7 },
173
174 { 128, 1, 128, 4 },
175 { 128, 1, 128, 8 },
176 { 128, 1, 128, 12 },
177 { 128, 1, 128, 16 },
178 { 128, 4, 128, 1 },
179 { 128, 8, 128, 1 },
180 { 128, 12, 128, 1 },
181 { 128, 16, 128, 1 },
182 };
183
184 static const size_t g_double_aligns_len = sizeof(g_double_aligns)/sizeof(int[4]);
185
SetIncrement(size_t len)186 static size_t SetIncrement(size_t len) {
187 if (len >= 4096) {
188 return 1024;
189 } else if (len >= 1024) {
190 return 256;
191 }
192 return 1;
193 }
194
195 // Return a pointer into the current buffer with the specified alignment.
GetAlignedPtr(void * orig_ptr,int alignment,int or_mask)196 static void *GetAlignedPtr(void *orig_ptr, int alignment, int or_mask) {
197 uint64_t ptr = reinterpret_cast<uint64_t>(orig_ptr);
198 if (alignment > 0) {
199 // When setting the alignment, set it to exactly the alignment chosen.
200 // The pointer returned will be guaranteed not to be aligned to anything
201 // more than that.
202 ptr += alignment - (ptr & (alignment - 1));
203 ptr |= alignment | or_mask;
204 }
205
206 return reinterpret_cast<void*>(ptr);
207 }
208
SetFencepost(uint8_t * buffer)209 static void SetFencepost(uint8_t *buffer) {
210 for (int i = 0; i < FENCEPOST_LENGTH; i += 2) {
211 buffer[i] = 0xde;
212 buffer[i+1] = 0xad;
213 }
214 }
215
VerifyFencepost(uint8_t * buffer)216 static void VerifyFencepost(uint8_t *buffer) {
217 for (int i = 0; i < FENCEPOST_LENGTH; i += 2) {
218 if (buffer[i] != 0xde || buffer[i+1] != 0xad) {
219 uint8_t expected_value;
220 if (buffer[i] == 0xde) {
221 i++;
222 expected_value = 0xad;
223 } else {
224 expected_value = 0xde;
225 }
226 ASSERT_EQ(expected_value, buffer[i]);
227 }
228 }
229 }
230
231 // Malloc can return a tagged pointer, which is not accepted in mm system calls like mprotect
232 // in the preliminary version of the syscall tagging support in the current Pixel 2 kernel.
233 // Note: the final version of the kernel patchset may relax this requirement.
MprotectHeap(void * addr,size_t len,int prot)234 static int MprotectHeap(void* addr, size_t len, int prot) {
235 return mprotect(untag_address(addr), len, prot);
236 }
237
RunSingleBufferAlignTest(size_t max_test_size,void (* test_func)(uint8_t *,size_t),size_t (* set_incr)(size_t))238 void RunSingleBufferAlignTest(
239 size_t max_test_size, void (*test_func)(uint8_t*, size_t),
240 size_t (*set_incr)(size_t)) {
241 if (!set_incr) {
242 set_incr = SetIncrement;
243 }
244
245 // Allocate one large buffer with lots of extra space so that we can
246 // guarantee that the all possible alignments will fit.
247 uint8_t *buf = new uint8_t[3*max_test_size];
248
249 uint8_t *buf_align;
250 for (size_t i = 0; i < g_single_aligns_len; i++) {
251 size_t incr = 1;
252 for (size_t len = 0; len <= max_test_size; len += incr) {
253 incr = set_incr(len);
254
255 buf_align = reinterpret_cast<uint8_t*>(GetAlignedPtr(
256 buf+FENCEPOST_LENGTH, g_single_aligns[i][0], g_single_aligns[i][1]));
257
258 SetFencepost(&buf_align[-FENCEPOST_LENGTH]);
259 SetFencepost(&buf_align[len]);
260
261 test_func(buf_align, len);
262
263 VerifyFencepost(&buf_align[-FENCEPOST_LENGTH]);
264 VerifyFencepost(&buf_align[len]);
265 }
266 }
267 delete[] buf;
268 }
269
RunSrcDstBufferAlignTest(size_t max_test_size,void (* test_func)(uint8_t *,uint8_t *,size_t),size_t (* set_incr)(size_t))270 void RunSrcDstBufferAlignTest(
271 size_t max_test_size, void (*test_func)(uint8_t*, uint8_t*, size_t),
272 size_t (*set_incr)(size_t)) {
273 if (!set_incr) {
274 set_incr = SetIncrement;
275 }
276
277 // Allocate two large buffers for all of the testing.
278 uint8_t* src = new uint8_t[3*max_test_size];
279 uint8_t* dst = new uint8_t[3*max_test_size];
280
281 uint8_t* src_align;
282 uint8_t* dst_align;
283 for (size_t i = 0; i < g_double_aligns_len; i++) {
284 size_t incr = 1;
285 for (size_t len = 0; len <= max_test_size; len += incr) {
286 incr = set_incr(len);
287
288 src_align =
289 reinterpret_cast<uint8_t*>(GetAlignedPtr(
290 src+FENCEPOST_LENGTH, g_double_aligns[i][0], g_double_aligns[i][1]));
291 dst_align =
292 reinterpret_cast<uint8_t*>(GetAlignedPtr(
293 dst+FENCEPOST_LENGTH, g_double_aligns[i][2], g_double_aligns[i][3]));
294 SetFencepost(&dst_align[-FENCEPOST_LENGTH]);
295 SetFencepost(&dst_align[len]);
296
297 test_func(src_align, dst_align, len);
298
299 VerifyFencepost(&dst_align[-FENCEPOST_LENGTH]);
300 VerifyFencepost(&dst_align[len]);
301 }
302 }
303 delete[] src;
304 delete[] dst;
305 }
306
RunCmpBufferAlignTest(size_t max_test_size,void (* test_cmp_func)(uint8_t *,uint8_t *,size_t),void (* test_miscmp_func)(uint8_t *,uint8_t *,size_t,size_t),size_t (* set_incr)(size_t))307 void RunCmpBufferAlignTest(
308 size_t max_test_size, void (*test_cmp_func)(uint8_t*, uint8_t*, size_t),
309 void (*test_miscmp_func)(uint8_t*, uint8_t*, size_t, size_t),
310 size_t (*set_incr)(size_t)) {
311 if (!set_incr) {
312 set_incr = SetIncrement;
313 }
314
315 // Allocate two large buffers for all of the testing.
316 uint8_t* buf1 = new uint8_t[3*max_test_size];
317 uint8_t* buf2 = new uint8_t[3*max_test_size];
318
319 uint8_t* buf1_align;
320 uint8_t* buf2_align;
321 for (size_t i = 0; i < g_double_aligns_len; i++) {
322 size_t incr = 1;
323 for (size_t len = 0; len <= max_test_size; len += incr) {
324 incr = set_incr(len);
325
326 buf1_align =
327 reinterpret_cast<uint8_t*>(GetAlignedPtr(
328 buf1, g_double_aligns[i][0], g_double_aligns[i][1]));
329 buf2_align =
330 reinterpret_cast<uint8_t*>(GetAlignedPtr(
331 buf2, g_double_aligns[i][2], g_double_aligns[i][3]));
332
333 // Check by putting all zeroes after both buffers.
334 memset(buf1_align+len, 0, 32);
335 memset(buf2_align+len, 0, 32);
336 test_cmp_func(buf1_align, buf2_align, len);
337
338 // Check by putting different values after both buffers.
339 for (size_t j = 0; j < 32; j++) {
340 buf1_align[len+j] = j;
341 buf2_align[len+j] = j+1;
342 }
343 test_cmp_func(buf1_align, buf2_align, len);
344
345 if (len > 0) {
346 // Change the lengths of the buffers and verify that there are
347 // miscompares.
348 for (size_t len2 = len+1; len2 < len+32; len2++) {
349 test_miscmp_func(buf1_align, buf2_align, len, len2);
350 test_miscmp_func(buf1_align, buf2_align, len2, len);
351 }
352 }
353 }
354 }
355 delete[] buf1;
356 delete[] buf2;
357 }
358
RunSingleBufferOverreadTest(void (* test_func)(uint8_t *,size_t))359 void RunSingleBufferOverreadTest(void (*test_func)(uint8_t*, size_t)) {
360 // In order to verify that functions are not reading past the end of the
361 // src, create data that ends exactly at an unreadable memory boundary.
362 size_t pagesize = static_cast<size_t>(sysconf(_SC_PAGE_SIZE));
363 uint8_t* memory;
364 ASSERT_TRUE(posix_memalign(reinterpret_cast<void**>(&memory), pagesize,
365 2*pagesize) == 0);
366 memset(memory, 0x23, 2*pagesize);
367
368 // Make the second page unreadable and unwritable.
369 ASSERT_TRUE(MprotectHeap(&memory[pagesize], pagesize, PROT_NONE) == 0);
370
371 for (size_t i = 0; i < pagesize; i++) {
372 uint8_t* buf = &memory[pagesize-i];
373
374 test_func(buf, i);
375 }
376 ASSERT_TRUE(MprotectHeap(&memory[pagesize], pagesize, PROT_READ | PROT_WRITE) == 0);
377 free(memory);
378 }
379
RunSrcDstBufferOverreadTest(void (* test_func)(uint8_t *,uint8_t *,size_t))380 void RunSrcDstBufferOverreadTest(void (*test_func)(uint8_t*, uint8_t*, size_t)) {
381 // In order to verify that functions are not reading past the end of the
382 // src, create data that ends exactly at an unreadable memory boundary.
383 size_t pagesize = static_cast<size_t>(sysconf(_SC_PAGE_SIZE));
384 uint8_t* memory;
385 ASSERT_TRUE(posix_memalign(reinterpret_cast<void**>(&memory), pagesize,
386 2*pagesize) == 0);
387 memset(memory, 0x23, 2*pagesize);
388
389 // Make the second page unreadable and unwritable.
390 ASSERT_TRUE(MprotectHeap(&memory[pagesize], pagesize, PROT_NONE) == 0);
391
392 uint8_t* dst_buffer = new uint8_t[2*pagesize];
393 // Change the dst alignment as we change the source.
394 for (size_t i = 0; i < 16; i++) {
395 uint8_t* dst = &dst_buffer[i];
396 for (size_t j = 0; j < pagesize; j++) {
397 uint8_t* src = &memory[pagesize-j];
398
399 test_func(src, dst, j);
400 }
401 }
402 ASSERT_TRUE(MprotectHeap(&memory[pagesize], pagesize, PROT_READ | PROT_WRITE) == 0);
403 free(memory);
404 delete[] dst_buffer;
405 }
406
RunCmpBufferOverreadTest(void (* test_cmp_func)(uint8_t *,uint8_t *,size_t),void (* test_miscmp_func)(uint8_t *,uint8_t *,size_t,size_t))407 void RunCmpBufferOverreadTest(
408 void (*test_cmp_func)(uint8_t*, uint8_t*, size_t),
409 void (*test_miscmp_func)(uint8_t*, uint8_t*, size_t, size_t)) {
410 // In order to verify that functions are not reading past the end of either
411 // of the bufs, create both buffers that end exactly at an unreadable memory
412 // boundary.
413 size_t pagesize = static_cast<size_t>(sysconf(_SC_PAGE_SIZE));
414 uint8_t* memory1;
415 ASSERT_TRUE(posix_memalign(reinterpret_cast<void**>(&memory1), pagesize,
416 2*pagesize) == 0);
417 memset(memory1, 0x23, 2*pagesize);
418
419 // Make the second page unreadable and unwritable.
420 ASSERT_TRUE(MprotectHeap(&memory1[pagesize], pagesize, PROT_NONE) == 0);
421
422 uint8_t* memory2;
423 ASSERT_TRUE(posix_memalign(reinterpret_cast<void**>(&memory2), pagesize,
424 2*pagesize) == 0);
425 memset(memory2, 0x23, 2*pagesize);
426
427 // Make the second page unreadable and unwritable.
428 ASSERT_TRUE(MprotectHeap(&memory2[pagesize], pagesize, PROT_NONE) == 0);
429
430 for (size_t i = 0; i < pagesize; i++) {
431 uint8_t* buf1 = &memory1[pagesize-i];
432 uint8_t* buf2 = &memory2[pagesize-i];
433
434 test_cmp_func(buf1, buf2, i);
435 }
436
437 // Don't cycle through pagesize, MISCMP_MAX_LENGTH bytes should be good.
438 size_t miscmp_len;
439 if (pagesize > MISCMP_MAX_LENGTH) {
440 miscmp_len = MISCMP_MAX_LENGTH;
441 } else {
442 miscmp_len = pagesize;
443 }
444 for (size_t i = 1; i < miscmp_len; i++) {
445 uint8_t* buf1 = &memory1[pagesize-i];
446 for (size_t j = 1; j < miscmp_len; j++) {
447 if (j == i)
448 continue;
449
450 uint8_t* buf2 = &memory2[pagesize-j];
451
452 test_miscmp_func(buf1, buf2, i, j);
453 }
454 }
455
456 ASSERT_TRUE(MprotectHeap(&memory1[pagesize], pagesize, PROT_READ | PROT_WRITE) == 0);
457 ASSERT_TRUE(MprotectHeap(&memory2[pagesize], pagesize, PROT_READ | PROT_WRITE) == 0);
458 free(memory1);
459 free(memory2);
460 }
461