1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/src/share/vm/memory/guardedMemory.hpp Thu Aug 14 15:16:07 2014 +0200 1.3 @@ -0,0 +1,326 @@ 1.4 +/* 1.5 + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. 1.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 1.7 + * 1.8 + * This code is free software; you can redistribute it and/or modify it 1.9 + * under the terms of the GNU General Public License version 2 only, as 1.10 + * published by the Free Software Foundation. 1.11 + * 1.12 + * This code is distributed in the hope that it will be useful, but WITHOUT 1.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1.15 + * version 2 for more details (a copy is included in the LICENSE file that 1.16 + * accompanied this code). 1.17 + * 1.18 + * You should have received a copy of the GNU General Public License version 1.19 + * 2 along with this work; if not, write to the Free Software Foundation, 1.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 1.21 + * 1.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 1.23 + * or visit www.oracle.com if you need additional information or have any 1.24 + * questions. 1.25 + * 1.26 + */ 1.27 + 1.28 +#ifndef SHARE_VM_MEMORY_GUARDED_MEMORY_HPP 1.29 +#define SHARE_VM_MEMORY_GUARDED_MEMORY_HPP 1.30 + 1.31 +#include "memory/allocation.hpp" 1.32 +#include "utilities/globalDefinitions.hpp" 1.33 + 1.34 +/** 1.35 + * Guarded memory for detecting buffer overrun. 1.36 + * 1.37 + * Allows allocations to be wrapped with padded bytes of a known byte pattern, 1.38 + * that is a "guard". Guard patterns may be verified to detect buffer overruns. 1.39 + * 1.40 + * Primarily used by "debug malloc" and "checked JNI". 1.41 + * 1.42 + * Memory layout: 1.43 + * 1.44 + * |Offset | Content | Description | 1.45 + * |------------------------------------------------------------ 1.46 + * |base_addr | 0xABABABABABABABAB | Head guard | 1.47 + * |+16 | <size_t:user_size> | User data size | 1.48 + * |+sizeof(uintptr_t) | <tag> | Tag word | 1.49 + * |+sizeof(void*) | 0xF1 <user_data> ( | User data | 1.50 + * |+user_size | 0xABABABABABABABAB | Tail guard | 1.51 + * ------------------------------------------------------------- 1.52 + * 1.53 + * Where: 1.54 + * - guard padding uses "badResourceValue" (0xAB) 1.55 + * - tag word is general purpose 1.56 + * - user data 1.57 + * -- initially padded with "uninitBlockPad" (0xF1), 1.58 + * -- to "freeBlockPad" (0xBA), when freed 1.59 + * 1.60 + * Usage: 1.61 + * 1.62 + * * Allocations: one may wrap allocations with guard memory: 1.63 + * <code> 1.64 + * Thing* alloc_thing() { 1.65 + * void* mem = user_alloc_fn(GuardedMemory::get_total_size(sizeof(thing))); 1.66 + * GuardedMemory guarded(mem, sizeof(thing)); 1.67 + * return (Thing*) guarded.get_user_ptr(); 1.68 + * } 1.69 + * </code> 1.70 + * * Verify: memory guards are still in tact 1.71 + * <code> 1.72 + * bool verify_thing(Thing* thing) { 1.73 + * GuardedMemory guarded((void*)thing); 1.74 + * return guarded.verify_guards(); 1.75 + * } 1.76 + * </code> 1.77 + * * Free: one may mark bytes as freed (further debugging support) 1.78 + * <code> 1.79 + * void free_thing(Thing* thing) { 1.80 + * GuardedMemory guarded((void*)thing); 1.81 + * assert(guarded.verify_guards(), "Corrupt thing"); 1.82 + * user_free_fn(guards.release_for_freeing(); 1.83 + * } 1.84 + * </code> 1.85 + */ 1.86 +class GuardedMemory : StackObj { // Wrapper on stack 1.87 + 1.88 + // Private inner classes for memory layout... 1.89 + 1.90 +protected: 1.91 + 1.92 + /** 1.93 + * Guard class for header and trailer known pattern to test for overwrites. 1.94 + */ 1.95 + class Guard { // Class for raw memory (no vtbl allowed) 1.96 + friend class GuardedMemory; 1.97 + protected: 1.98 + enum { 1.99 + GUARD_SIZE = 16 1.100 + }; 1.101 + 1.102 + u_char _guard[GUARD_SIZE]; 1.103 + 1.104 + public: 1.105 + 1.106 + void build() { 1.107 + u_char* c = _guard; // Possibly unaligned if tail guard 1.108 + u_char* end = c + GUARD_SIZE; 1.109 + while (c < end) { 1.110 + *c = badResourceValue; 1.111 + c++; 1.112 + } 1.113 + } 1.114 + 1.115 + bool verify() const { 1.116 + u_char* c = (u_char*) _guard; 1.117 + u_char* end = c + GUARD_SIZE; 1.118 + while (c < end) { 1.119 + if (*c != badResourceValue) { 1.120 + return false; 1.121 + } 1.122 + c++; 1.123 + } 1.124 + return true; 1.125 + } 1.126 + 1.127 + }; // GuardedMemory::Guard 1.128 + 1.129 + /** 1.130 + * Header guard and size 1.131 + */ 1.132 + class GuardHeader : Guard { 1.133 + friend class GuardedMemory; 1.134 + protected: 1.135 + // Take care in modifying fields here, will effect alignment 1.136 + // e.g. x86 ABI 16 byte stack alignment 1.137 + union { 1.138 + uintptr_t __unused_full_word1; 1.139 + size_t _user_size; 1.140 + }; 1.141 + void* _tag; 1.142 + public: 1.143 + void set_user_size(const size_t usz) { _user_size = usz; } 1.144 + size_t get_user_size() const { return _user_size; } 1.145 + 1.146 + void set_tag(const void* tag) { _tag = (void*) tag; } 1.147 + void* get_tag() const { return _tag; } 1.148 + 1.149 + }; // GuardedMemory::GuardHeader 1.150 + 1.151 + // Guarded Memory... 1.152 + 1.153 + protected: 1.154 + u_char* _base_addr; 1.155 + 1.156 + public: 1.157 + 1.158 + /** 1.159 + * Create new guarded memory. 1.160 + * 1.161 + * Wraps, starting at the given "base_ptr" with guards. Use "get_user_ptr()" 1.162 + * to return a pointer suitable for user data. 1.163 + * 1.164 + * @param base_ptr allocation wishing to be wrapped, must be at least "GuardedMemory::get_total_size()" bytes. 1.165 + * @param user_size the size of the user data to be wrapped. 1.166 + * @param tag optional general purpose tag. 1.167 + */ 1.168 + GuardedMemory(void* base_ptr, const size_t user_size, const void* tag = NULL) { 1.169 + wrap_with_guards(base_ptr, user_size, tag); 1.170 + } 1.171 + 1.172 + /** 1.173 + * Wrap existing guarded memory. 1.174 + * 1.175 + * To use this constructor, one must have created guarded memory with 1.176 + * "GuardedMemory(void*, size_t, void*)" (or indirectly via helper, e.g. "wrap_copy()"). 1.177 + * 1.178 + * @param user_p existing wrapped memory. 1.179 + */ 1.180 + GuardedMemory(void* userp) { 1.181 + u_char* user_ptr = (u_char*) userp; 1.182 + assert((uintptr_t)user_ptr > (sizeof(GuardHeader) + 0x1000), "Invalid pointer"); 1.183 + _base_addr = (user_ptr - sizeof(GuardHeader)); 1.184 + } 1.185 + 1.186 + /** 1.187 + * Create new guarded memory. 1.188 + * 1.189 + * Wraps, starting at the given "base_ptr" with guards. Allows reuse of stack allocated helper. 1.190 + * 1.191 + * @param base_ptr allocation wishing to be wrapped, must be at least "GuardedMemory::get_total_size()" bytes. 1.192 + * @param user_size the size of the user data to be wrapped. 1.193 + * @param tag optional general purpose tag. 1.194 + * 1.195 + * @return user data pointer (inner pointer to supplied "base_ptr"). 1.196 + */ 1.197 + void* wrap_with_guards(void* base_ptr, size_t user_size, const void* tag = NULL) { 1.198 + assert(base_ptr != NULL, "Attempt to wrap NULL with memory guard"); 1.199 + _base_addr = (u_char*)base_ptr; 1.200 + get_head_guard()->build(); 1.201 + get_head_guard()->set_user_size(user_size); 1.202 + get_tail_guard()->build(); 1.203 + set_tag(tag); 1.204 + set_user_bytes(uninitBlockPad); 1.205 + assert(verify_guards(), "Expected valid memory guards"); 1.206 + return get_user_ptr(); 1.207 + } 1.208 + 1.209 + /** 1.210 + * Verify head and tail guards. 1.211 + * 1.212 + * @return true if guards are intact, false would indicate a buffer overrun. 1.213 + */ 1.214 + bool verify_guards() const { 1.215 + if (_base_addr != NULL) { 1.216 + return (get_head_guard()->verify() && get_tail_guard()->verify()); 1.217 + } 1.218 + return false; 1.219 + } 1.220 + 1.221 + /** 1.222 + * Set the general purpose tag. 1.223 + * 1.224 + * @param tag general purpose tag. 1.225 + */ 1.226 + void set_tag(const void* tag) { get_head_guard()->set_tag(tag); } 1.227 + 1.228 + /** 1.229 + * Return the general purpose tag. 1.230 + * 1.231 + * @return the general purpose tag, defaults to NULL. 1.232 + */ 1.233 + void* get_tag() const { return get_head_guard()->get_tag(); } 1.234 + 1.235 + /** 1.236 + * Return the size of the user data. 1.237 + * 1.238 + * @return the size of the user data. 1.239 + */ 1.240 + size_t get_user_size() const { 1.241 + assert(_base_addr, "Not wrapping any memory"); 1.242 + return get_head_guard()->get_user_size(); 1.243 + } 1.244 + 1.245 + /** 1.246 + * Return the user data pointer. 1.247 + * 1.248 + * @return the user data pointer. 1.249 + */ 1.250 + u_char* get_user_ptr() const { 1.251 + assert(_base_addr, "Not wrapping any memory"); 1.252 + return _base_addr + sizeof(GuardHeader); 1.253 + } 1.254 + 1.255 + /** 1.256 + * Release the wrapped pointer for resource freeing. 1.257 + * 1.258 + * Pads the user data with "freeBlockPad", and dis-associates the helper. 1.259 + * 1.260 + * @return the original base pointer used to wrap the data. 1.261 + */ 1.262 + void* release_for_freeing() { 1.263 + set_user_bytes(freeBlockPad); 1.264 + return release(); 1.265 + } 1.266 + 1.267 + /** 1.268 + * Dis-associate the help from the original base address. 1.269 + * 1.270 + * @return the original base pointer used to wrap the data. 1.271 + */ 1.272 + void* release() { 1.273 + void* p = (void*) _base_addr; 1.274 + _base_addr = NULL; 1.275 + return p; 1.276 + } 1.277 + 1.278 + virtual void print_on(outputStream* st) const; 1.279 + 1.280 + protected: 1.281 + GuardHeader* get_head_guard() const { return (GuardHeader*) _base_addr; } 1.282 + Guard* get_tail_guard() const { return (Guard*) (get_user_ptr() + get_user_size()); }; 1.283 + void set_user_bytes(u_char ch) { 1.284 + memset(get_user_ptr(), ch, get_user_size()); 1.285 + } 1.286 + 1.287 +public: 1.288 + /** 1.289 + * Return the total size required for wrapping the given user size. 1.290 + * 1.291 + * @return the total size required for wrapping the given user size. 1.292 + */ 1.293 + static size_t get_total_size(size_t user_size) { 1.294 + size_t total_size = sizeof(GuardHeader) + user_size + sizeof(Guard); 1.295 + assert(total_size > user_size, "Unexpected wrap-around"); 1.296 + return total_size; 1.297 + } 1.298 + 1.299 + // Helper functions... 1.300 + 1.301 + /** 1.302 + * Wrap a copy of size "len" of "ptr". 1.303 + * 1.304 + * @param ptr the memory to be copied 1.305 + * @param len the length of the copy 1.306 + * @param tag optional general purpose tag (see GuardedMemory::get_tag()) 1.307 + * 1.308 + * @return guarded wrapped memory pointer to the user area, or NULL if OOM. 1.309 + */ 1.310 + static void* wrap_copy(const void* p, const size_t len, const void* tag = NULL); 1.311 + 1.312 + /** 1.313 + * Free wrapped copy. 1.314 + * 1.315 + * Frees memory copied with "wrap_copy()". 1.316 + * 1.317 + * @param p memory returned by "wrap_copy()". 1.318 + * 1.319 + * @return true if guards were verified as intact. false indicates a buffer overrun. 1.320 + */ 1.321 + static bool free_copy(void* p); 1.322 + 1.323 + // Testing... 1.324 +#ifndef PRODUCT 1.325 + static void test_guarded_memory(void); 1.326 +#endif 1.327 +}; // GuardedMemory 1.328 + 1.329 +#endif // SHARE_VM_MEMORY_GUARDED_MEMORY_HPP