// Copyright 2018 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef PARTITION_ALLOC_PAGE_ALLOCATOR_INTERNALS_POSIX_H_ #define PARTITION_ALLOC_PAGE_ALLOCATOR_INTERNALS_POSIX_H_ #include <sys/mman.h> #include <algorithm> #include <atomic> #include <cerrno> #include <cstdint> #include <cstring> #include "partition_alloc/build_config.h" #include "partition_alloc/buildflags.h" #include "partition_alloc/oom.h" #include "partition_alloc/page_allocator.h" #include "partition_alloc/page_allocator_constants.h" #include "partition_alloc/partition_alloc_base/notreached.h" #include "partition_alloc/partition_alloc_base/posix/eintr_wrapper.h" #include "partition_alloc/partition_alloc_check.h" #include "partition_alloc/thread_isolation/thread_isolation.h" #if PA_BUILDFLAG(IS_APPLE) #include "partition_alloc/partition_alloc_base/apple/foundation_util.h" #if PA_BUILDFLAG(IS_IOS) #include "partition_alloc/partition_alloc_base/ios/ios_util.h" #elif PA_BUILDFLAG(IS_MAC) #include "partition_alloc/partition_alloc_base/mac/mac_util.h" #else #error "Unknown platform" #endif #include "partition_alloc/partition_alloc_base/apple/scoped_cftyperef.h" #include <Availability.h> #include <Security/Security.h> #include <mach/mach.h> #endif #if PA_BUILDFLAG(IS_ANDROID) || PA_BUILDFLAG(IS_LINUX) #include <sys/prctl.h> #endif #if PA_BUILDFLAG(IS_LINUX) || PA_BUILDFLAG(IS_CHROMEOS) #include <sys/resource.h> #endif #ifndef MAP_ANONYMOUS #define MAP_ANONYMOUS … #endif #if PA_BUILDFLAG(IS_MAC) // SecTaskGetCodeSignStatus is marked as unavailable on macOS, although it’s // available on iOS and other Apple operating systems. It is, in fact, present // on the system since macOS 10.12. #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wavailability" uint32_t SecTaskGetCodeSignStatus(SecTaskRef task) API_AVAILABLE(macos(10.12)); #pragma clang diagnostic pop #endif // PA_BUILDFLAG(IS_MAC) namespace partition_alloc::internal { namespace { #if defined(LINUX_NAME_REGION) void NameRegion(void* start, size_t length, PageTag page_tag) { … } #endif // defined(LINUX_NAME_REGION) #if PA_BUILDFLAG(IS_MAC) // Tests whether the version of macOS supports the MAP_JIT flag and if the // current process is signed with the hardened runtime and the allow-jit // entitlement, returning whether MAP_JIT should be used to allocate regions // that will contain JIT-compiled executable code. bool UseMapJit() { // Until determining that the hardened runtime is enabled, early returns will // return true, so that MAP_JIT will be used. This is important on arm64, // which only allows pages to be simultaneously writable and executable when // in a region allocated with MAP_JIT, regardless of code signing options. On // arm64, an attempt to set a non-MAP_JIT page as simultaneously writable and // executable fails with EPERM. Although this is not enforced on x86_64, // MAP_JIT is harmless in that case. base::apple::ScopedCFTypeRef<SecTaskRef> task( SecTaskCreateFromSelf(kCFAllocatorDefault)); if (!task) { return true; } uint32_t flags = SecTaskGetCodeSignStatus(task); if (!(flags & kSecCodeSignatureRuntime)) { // The hardened runtime is not enabled. Note that kSecCodeSignatureRuntime // == CS_RUNTIME. return true; } // The hardened runtime is enabled. From this point on, early returns must // return false, indicating that MAP_JIT is not to be used. It’s an error // (EINVAL) to use MAP_JIT with the hardened runtime unless the JIT // entitlement is specified. base::apple::ScopedCFTypeRef<CFTypeRef> jit_entitlement( SecTaskCopyValueForEntitlement( task.get(), CFSTR("com.apple.security.cs.allow-jit"), nullptr)); if (!jit_entitlement) { return false; } return base::apple::CFCast<CFBooleanRef>(jit_entitlement.get()) == kCFBooleanTrue; } #elif PA_BUILDFLAG(IS_IOS) bool UseMapJit() { // Always enable MAP_JIT in simulator as it is supported unconditionally. #if TARGET_IPHONE_SIMULATOR return true; #else // TODO(crbug.com/40255826): Fill this out when the API it is // available. return false; #endif // TARGET_IPHONE_SIMULATOR } #endif // PA_BUILDFLAG(IS_IOS) } // namespace // |mmap| uses a nearby address if the hint address is blocked. constexpr bool kHintIsAdvisory = …; std::atomic<int32_t> s_allocPageErrorCode{ … }; int GetAccessFlags(PageAccessibilityConfiguration accessibility); uintptr_t SystemAllocPagesInternal(uintptr_t hint, size_t length, PageAccessibilityConfiguration accessibility, PageTag page_tag, int file_descriptor_for_shared_alloc) { … } bool TrySetSystemPagesAccessInternal( uintptr_t address, size_t length, PageAccessibilityConfiguration accessibility) { … } void SetSystemPagesAccessInternal( uintptr_t address, size_t length, PageAccessibilityConfiguration accessibility) { … } void FreePagesInternal(uintptr_t address, size_t length) { … } uintptr_t TrimMappingInternal(uintptr_t base_address, size_t base_length, size_t trim_length, PageAccessibilityConfiguration accessibility, size_t pre_slack, size_t post_slack) { … } void DecommitSystemPagesInternal( uintptr_t address, size_t length, PageAccessibilityDisposition accessibility_disposition) { … } bool DecommitAndZeroSystemPagesInternal(uintptr_t address, size_t length, PageTag page_tag) { … } void RecommitSystemPagesInternal( uintptr_t address, size_t length, PageAccessibilityConfiguration accessibility, PageAccessibilityDisposition accessibility_disposition) { … } bool TryRecommitSystemPagesInternal( uintptr_t address, size_t length, PageAccessibilityConfiguration accessibility, PageAccessibilityDisposition accessibility_disposition) { … } void DiscardSystemPagesInternal(uintptr_t address, size_t length) { … } } // namespace partition_alloc::internal #endif // PARTITION_ALLOC_PAGE_ALLOCATOR_INTERNALS_POSIX_H_
Codebase Browser
chromium