• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2024 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "gtest/gtest.h"
18 
19 #include <fcntl.h>  // open
20 #include <sys/mman.h>
21 #include <unistd.h>  // close, sysconf(_SC_PAGESIZE)
22 
23 #include <cinttypes>
24 #include <cstdint>
25 #include <cstdio>
26 #include <functional>
27 #include <memory>
28 
29 namespace {
30 
31 const size_t kPageSize = sysconf(_SC_PAGESIZE);
32 constexpr bool kExactMapping = true;
33 
34 template <bool kIsExactMapping = false>
IsExecutable(void * ptr,size_t size)35 bool IsExecutable(void* ptr, size_t size) {
36   uintptr_t addr = reinterpret_cast<uintptr_t>(ptr);
37   std::unique_ptr<FILE, decltype(&fclose)> fp(fopen("/proc/self/maps", "re"), fclose);
38   if (fp == nullptr) {
39     ADD_FAILURE() << "Cannot open /proc/self/maps";
40     return false;
41   }
42 
43   char line[BUFSIZ];
44   while (fgets(line, sizeof(line), fp.get()) != nullptr) {
45     uintptr_t start;
46     uintptr_t end;
47     char prot[5];  // sizeof("rwxp")
48     if (sscanf(line, "%" SCNxPTR "-%" SCNxPTR " %4s", &start, &end, prot) == 3) {
49       bool is_match;
50       if constexpr (kIsExactMapping) {
51         is_match = (addr == start);
52         if (is_match) {
53           EXPECT_EQ(start + size, end);
54         }
55       } else {
56         is_match = (addr >= start) && (addr < end);
57         if (is_match) {
58           EXPECT_LE(addr + size, end);
59         }
60       }
61       if (is_match) {
62         return prot[2] == 'x';
63       }
64     }
65   }
66   ADD_FAILURE() << "Didn't find range " << ptr << "-" << reinterpret_cast<void*>(addr + size)
67                 << " in /proc/self/maps";
68   return false;
69 }
70 
71 template <typename FuncType>
72 class ScopeExit {
73  public:
ScopeExit(FuncType f)74   explicit ScopeExit(FuncType f) : func_(f) {}
~ScopeExit()75   ~ScopeExit() { func_(); }
76 
77  private:
78   FuncType func_;
79 };
80 
TEST(ProcSelfMaps,ExecutableFromMmap)81 TEST(ProcSelfMaps, ExecutableFromMmap) {
82   uint8_t* mapping = reinterpret_cast<uint8_t*>(
83       mmap(0, 3 * kPageSize, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0));
84   ASSERT_NE(mapping, nullptr);
85   auto mapping_cleanup = ScopeExit([mapping]() { EXPECT_EQ(0, munmap(mapping, 3 * kPageSize)); });
86 
87   ASSERT_FALSE(IsExecutable(mapping, 3 * kPageSize));
88 
89   void* exec_mapping = mmap(mapping + kPageSize,
90                             kPageSize,
91                             PROT_READ | PROT_EXEC,
92                             MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS,
93                             -1,
94                             0);
95   ASSERT_NE(exec_mapping, nullptr);
96 
97   ASSERT_FALSE(IsExecutable(mapping, kPageSize));
98   // Surrounding mappings can be merged with adjacent mappings. But this one must match exactly.
99   ASSERT_TRUE(IsExecutable<kExactMapping>(mapping + kPageSize, kPageSize));
100   ASSERT_FALSE(IsExecutable(mapping + 2 * kPageSize, kPageSize));
101 }
102 
TEST(ProcSelfMaps,ExecutableFromMprotect)103 TEST(ProcSelfMaps, ExecutableFromMprotect) {
104   uint8_t* mapping = reinterpret_cast<uint8_t*>(
105       mmap(0, 3 * kPageSize, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0));
106   ASSERT_NE(mapping, nullptr);
107   auto mapping_cleanup = ScopeExit([mapping]() { EXPECT_EQ(0, munmap(mapping, 3 * kPageSize)); });
108 
109   ASSERT_FALSE(IsExecutable(mapping, 3 * kPageSize));
110 
111   ASSERT_EQ(mprotect(mapping + kPageSize, kPageSize, PROT_READ | PROT_EXEC), 0);
112 
113   ASSERT_FALSE(IsExecutable(mapping, kPageSize));
114   // Surrounding mappings can be merged with adjacent mappings. But this one must match exactly.
115   ASSERT_TRUE(IsExecutable<kExactMapping>(mapping + kPageSize, kPageSize));
116   ASSERT_FALSE(IsExecutable(mapping + 2 * kPageSize, kPageSize));
117 }
118 
TEST(ProcSelfMaps,ExecutableFromFileBackedMmap)119 TEST(ProcSelfMaps, ExecutableFromFileBackedMmap) {
120   int fd = open("/dev/zero", O_RDONLY);
121   auto fd_cleanup = ScopeExit([fd]() { close(fd); });
122   uint8_t* mapping =
123       reinterpret_cast<uint8_t*>(mmap(0, 3 * kPageSize, PROT_READ, MAP_PRIVATE, fd, 0));
124   ASSERT_NE(mapping, nullptr);
125   auto mapping_cleanup = ScopeExit([mapping]() { EXPECT_EQ(0, munmap(mapping, 3 * kPageSize)); });
126 
127   ASSERT_FALSE(IsExecutable(mapping, 3 * kPageSize));
128 
129   ASSERT_EQ(0, mprotect(mapping + kPageSize, kPageSize, PROT_READ | PROT_EXEC));
130 
131   // File-backed mappings shouldn't merge with the adjacent mappings and must match exactly.
132   ASSERT_FALSE(IsExecutable<kExactMapping>(mapping, kPageSize));
133   ASSERT_TRUE(IsExecutable<kExactMapping>(mapping + kPageSize, kPageSize));
134   ASSERT_FALSE(IsExecutable<kExactMapping>(mapping + 2 * kPageSize, kPageSize));
135 }
136 
137 }  // namespace
138