1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <errno.h> 20 #include <string.h> 21 #include <sys/cdefs.h> 22 #include <sys/mman.h> 23 #include <sys/user.h> 24 25 #include <async_safe/log.h> 26 27 #include "platform/bionic/macros.h" 28 29 template <typename T> 30 union WriteProtectedContents { 31 T value; 32 char padding[PAGE_SIZE]; 33 34 WriteProtectedContents() = default; 35 BIONIC_DISALLOW_COPY_AND_ASSIGN(WriteProtectedContents); 36 } __attribute__((aligned(PAGE_SIZE))); 37 38 // Write protected wrapper class that aligns its contents to a page boundary, 39 // and sets the memory protection to be non-writable, except when being modified 40 // explicitly. 41 template <typename T> 42 class WriteProtected { 43 static_assert(sizeof(T) < PAGE_SIZE, 44 "WriteProtected only supports contents up to PAGE_SIZE"); 45 static_assert(__is_pod(T), "WriteProtected only supports POD contents"); 46 47 WriteProtectedContents<T> contents; 48 set_protection(int prot)49 int set_protection(int prot) { 50 auto addr = &contents; 51 #if __has_feature(hwaddress_sanitizer) 52 // The mprotect system call does not currently untag pointers, so do it 53 // ourselves. 54 addr = untag_address(addr); 55 #endif 56 return mprotect(reinterpret_cast<void*>(addr), PAGE_SIZE, prot); 57 } 58 59 public: 60 WriteProtected() = default; 61 BIONIC_DISALLOW_COPY_AND_ASSIGN(WriteProtected); 62 initialize()63 void initialize() { 64 // Not strictly necessary, but this will hopefully segfault if we initialize 65 // multiple times by accident. 66 memset(&contents, 0, sizeof(contents)); 67 68 if (set_protection(PROT_READ)) { 69 async_safe_fatal("failed to make WriteProtected nonwritable in initialize"); 70 } 71 } 72 73 const T* operator->() { 74 return &contents.value; 75 } 76 77 const T& operator*() { 78 return contents.value; 79 } 80 81 template <typename Mutator> mutate(Mutator mutator)82 void mutate(Mutator mutator) { 83 if (set_protection(PROT_READ | PROT_WRITE) != 0) { 84 async_safe_fatal("failed to make WriteProtected writable in mutate: %s", 85 strerror(errno)); 86 } 87 mutator(&contents.value); 88 if (set_protection(PROT_READ) != 0) { 89 async_safe_fatal("failed to make WriteProtected nonwritable in mutate: %s", 90 strerror(errno)); 91 } 92 } 93 }; 94