From ffd8fae22ae51b6eda9bad6c4ee7173daba427b8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 10 Mar 2021 22:44:43 +0100 Subject: PFATAL for libdislocator --- utils/libdislocator/libdislocator.so.c | 41 ++++------------------------------ 1 file changed, 4 insertions(+), 37 deletions(-) (limited to 'utils/libdislocator/libdislocator.so.c') diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index c041fec6..b5f07c04 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -28,6 +28,7 @@ #include #include #include +#include "debug.h" #ifdef __APPLE__ #include @@ -95,39 +96,6 @@ typedef struct { #define SUPER_PAGE_SIZE 1 << 21 -/* Error / message handling: */ - -#define DEBUGF(_x...) \ - do { \ - \ - if (alloc_verbose) { \ - \ - if (++call_depth == 1) { \ - \ - fprintf(stderr, "[AFL] " _x); \ - fprintf(stderr, "\n"); \ - \ - } \ - call_depth--; \ - \ - } \ - \ - } while (0) - -#define FATAL(_x...) \ - do { \ - \ - if (++call_depth == 1) { \ - \ - fprintf(stderr, "*** [AFL] " _x); \ - fprintf(stderr, " ***\n"); \ - abort(); \ - \ - } \ - call_depth--; \ - \ - } while (0) - /* Macro to count the number of pages needed to store a buffer: */ #define PG_COUNT(_l) (((_l) + (PAGE_SIZE - 1)) / PAGE_SIZE) @@ -156,7 +124,6 @@ static u8 alloc_verbose, /* Additional debug messages */ #endif static __thread size_t total_mem; /* Currently allocated mem */ -static __thread u32 call_depth; /* To avoid recursion via fprintf() */ static u32 alloc_canary; /* This is the main alloc function. It allocates one page more than necessary, @@ -237,7 +204,7 @@ static void *__dislocator_alloc(size_t len) { if (ret == MAP_FAILED) { - if (hard_fail) FATAL("mmap() failed on alloc (OOM?)"); + if (hard_fail) PFATAL("mmap() failed on alloc (OOM?)"); DEBUGF("mmap() failed on alloc (OOM?)"); @@ -248,7 +215,7 @@ static void *__dislocator_alloc(size_t len) { /* Set PROT_NONE on the last page. */ if (mprotect(ret + PG_COUNT(rlen + 8) * PAGE_SIZE, PAGE_SIZE, PROT_NONE)) - FATAL("mprotect() failed when allocating memory"); + PFATAL("mprotect() failed when allocating memory"); /* Offset the return pointer so that it's right-aligned to the page boundary. */ @@ -362,7 +329,7 @@ void free(void *ptr) { ptr_ -= PAGE_SIZE * PG_COUNT(len + 8) - len - 8; if (mprotect(ptr_ - 8, PG_COUNT(len + 8) * PAGE_SIZE, PROT_NONE)) - FATAL("mprotect() failed when freeing memory"); + PFATAL("mprotect() failed when freeing memory"); ptr = ptr_; -- cgit 1.4.1 From 966eba50a6892a0c218cdc462ef4dec9dcd01863 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 10 Mar 2021 22:51:05 +0100 Subject: Revert "PFATAL for libdislocator" This reverts commit ffd8fae22ae51b6eda9bad6c4ee7173daba427b8. --- utils/libdislocator/libdislocator.so.c | 41 ++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) (limited to 'utils/libdislocator/libdislocator.so.c') diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index b5f07c04..c041fec6 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -28,7 +28,6 @@ #include #include #include -#include "debug.h" #ifdef __APPLE__ #include @@ -96,6 +95,39 @@ typedef struct { #define SUPER_PAGE_SIZE 1 << 21 +/* Error / message handling: */ + +#define DEBUGF(_x...) \ + do { \ + \ + if (alloc_verbose) { \ + \ + if (++call_depth == 1) { \ + \ + fprintf(stderr, "[AFL] " _x); \ + fprintf(stderr, "\n"); \ + \ + } \ + call_depth--; \ + \ + } \ + \ + } while (0) + +#define FATAL(_x...) \ + do { \ + \ + if (++call_depth == 1) { \ + \ + fprintf(stderr, "*** [AFL] " _x); \ + fprintf(stderr, " ***\n"); \ + abort(); \ + \ + } \ + call_depth--; \ + \ + } while (0) + /* Macro to count the number of pages needed to store a buffer: */ #define PG_COUNT(_l) (((_l) + (PAGE_SIZE - 1)) / PAGE_SIZE) @@ -124,6 +156,7 @@ static u8 alloc_verbose, /* Additional debug messages */ #endif static __thread size_t total_mem; /* Currently allocated mem */ +static __thread u32 call_depth; /* To avoid recursion via fprintf() */ static u32 alloc_canary; /* This is the main alloc function. It allocates one page more than necessary, @@ -204,7 +237,7 @@ static void *__dislocator_alloc(size_t len) { if (ret == MAP_FAILED) { - if (hard_fail) PFATAL("mmap() failed on alloc (OOM?)"); + if (hard_fail) FATAL("mmap() failed on alloc (OOM?)"); DEBUGF("mmap() failed on alloc (OOM?)"); @@ -215,7 +248,7 @@ static void *__dislocator_alloc(size_t len) { /* Set PROT_NONE on the last page. */ if (mprotect(ret + PG_COUNT(rlen + 8) * PAGE_SIZE, PAGE_SIZE, PROT_NONE)) - PFATAL("mprotect() failed when allocating memory"); + FATAL("mprotect() failed when allocating memory"); /* Offset the return pointer so that it's right-aligned to the page boundary. */ @@ -329,7 +362,7 @@ void free(void *ptr) { ptr_ -= PAGE_SIZE * PG_COUNT(len + 8) - len - 8; if (mprotect(ptr_ - 8, PG_COUNT(len + 8) * PAGE_SIZE, PROT_NONE)) - PFATAL("mprotect() failed when freeing memory"); + FATAL("mprotect() failed when freeing memory"); ptr = ptr_; -- cgit 1.4.1 From 14e1b0ffba4ba4f69e60879faf3c6a0d6ffe021f Mon Sep 17 00:00:00 2001 From: David Carlier Date: Fri, 19 Mar 2021 21:19:22 +0000 Subject: libdislocator freebsd 13 update to amke it works with vm.imply_prot_max set. --- utils/libdislocator/libdislocator.so.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'utils/libdislocator/libdislocator.so.c') diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index c041fec6..1b247c86 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -168,7 +168,7 @@ static void *__dislocator_alloc(size_t len) { u8 * ret, *base; size_t tlen; - int flags, fd, sp; + int flags, protflags, fd, sp; if (total_mem + len > max_mem || total_mem + len < total_mem) { @@ -191,8 +191,14 @@ static void *__dislocator_alloc(size_t len) { base = NULL; tlen = (1 + PG_COUNT(rlen + 8)) * PAGE_SIZE; + protflags = PROT_READ | PROT_WRITE; flags = MAP_PRIVATE | MAP_ANONYMOUS; fd = -1; +#if defined(PROT_MAX) + // apply when sysctl vm.imply_prot_max is set to 1 + // no-op otherwise + protflags |= PROT_MAX(PROT_READ | PROT_WRITE); +#endif #if defined(USEHUGEPAGE) sp = (rlen >= SUPER_PAGE_SIZE && !(rlen % SUPER_PAGE_SIZE)); @@ -215,7 +221,7 @@ static void *__dislocator_alloc(size_t len) { (void)sp; #endif - ret = (u8 *)mmap(base, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); + ret = (u8 *)mmap(base, tlen, protflags, flags, fd, 0); #if defined(USEHUGEPAGE) /* We try one more time with regular call */ if (ret == MAP_FAILED) { @@ -229,7 +235,7 @@ static void *__dislocator_alloc(size_t len) { #elif defined(__sun) flags &= -MAP_ALIGN; #endif - ret = (u8 *)mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); + ret = (u8 *)mmap(NULL, tlen, protflags, flags, fd, 0); } -- cgit 1.4.1