1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8 * A poison value that can be used to fill a memory space with
9 * an address that leads to a safe crash when dereferenced.
12 #include "mozilla/Poison.h"
14 #include "mozilla/Assertions.h"
17 #elif !defined(__OS2__)
19 # include <sys/mman.h>
22 # define MAP_ANON MAP_ANONYMOUS
24 # error "Don't know how to get anonymous memory"
30 uintptr_t gMozillaPoisonValue
;
31 uintptr_t gMozillaPoisonBase
;
32 uintptr_t gMozillaPoisonSize
;
35 // Freed memory is filled with a poison value, which we arrange to
36 // form a pointer either to an always-unmapped region of the address
37 // space, or to a page that has been reserved and rendered
38 // inaccessible via OS primitives. See tests/TestPoisonArea.cpp for
39 // extensive discussion of the requirements for this page. The code
40 // from here to 'class FreeList' needs to be kept in sync with that
45 ReserveRegion(uintptr_t region
, uintptr_t size
)
47 return VirtualAlloc((void *)region
, size
, MEM_RESERVE
, PAGE_NOACCESS
);
51 ReleaseRegion(void *region
, uintptr_t size
)
53 VirtualFree(region
, size
, MEM_RELEASE
);
57 ProbeRegion(uintptr_t region
, uintptr_t size
)
60 GetSystemInfo(&sinfo
);
61 if (region
>= (uintptr_t)sinfo
.lpMaximumApplicationAddress
&&
62 region
+ size
>= (uintptr_t)sinfo
.lpMaximumApplicationAddress
) {
70 GetDesiredRegionSize()
73 GetSystemInfo(&sinfo
);
74 return sinfo
.dwAllocationGranularity
;
77 #define RESERVE_FAILED 0
79 #elif defined(__OS2__)
81 ReserveRegion(uintptr_t region
, uintptr_t size
)
83 // OS/2 doesn't support allocation at an arbitrary address,
84 // so return an address that is known to be invalid.
85 return (void*)0xFFFD0000;
89 ReleaseRegion(void *region
, uintptr_t size
)
95 ProbeRegion(uintptr_t region
, uintptr_t size
)
97 // There's no reliable way to probe an address in the system
98 // arena other than by touching it and seeing if a trap occurs.
103 GetDesiredRegionSize()
105 // Page size is fixed at 4k.
109 #define RESERVE_FAILED 0
114 ReserveRegion(uintptr_t region
, uintptr_t size
)
116 return mmap(reinterpret_cast<void*>(region
), size
, PROT_NONE
, MAP_PRIVATE
|MAP_ANON
, -1, 0);
120 ReleaseRegion(void *region
, uintptr_t size
)
122 munmap(region
, size
);
126 ProbeRegion(uintptr_t region
, uintptr_t size
)
128 if (madvise(reinterpret_cast<void*>(region
), size
, MADV_NORMAL
)) {
136 GetDesiredRegionSize()
138 return sysconf(_SC_PAGESIZE
);
141 #define RESERVE_FAILED MAP_FAILED
143 #endif // system dependencies
145 static_assert(sizeof(uintptr_t) == 4 || sizeof(uintptr_t) == 8, "");
146 static_assert(sizeof(uintptr_t) == sizeof(void *), "");
149 ReservePoisonArea(uintptr_t rgnsize
)
151 if (sizeof(uintptr_t) == 8) {
152 // Use the hardware-inaccessible region.
153 // We have to avoid 64-bit constants and shifts by 32 bits, since this
154 // code is compiled in 32-bit mode, although it is never executed there.
156 (((uintptr_t(0x7FFFFFFFu
) << 31) << 1 | uintptr_t(0xF0DEAFFFu
))
160 // First see if we can allocate the preferred poison address from the OS.
161 uintptr_t candidate
= (0xF0DEAFFF & ~(rgnsize
-1));
162 void *result
= ReserveRegion(candidate
, rgnsize
);
163 if (result
== (void *)candidate
) {
164 // success - inaccessible page allocated
168 // That didn't work, so see if the preferred address is within a range
169 // of permanently inacessible memory.
170 if (ProbeRegion(candidate
, rgnsize
)) {
171 // success - selected page cannot be usable memory
172 if (result
!= RESERVE_FAILED
)
173 ReleaseRegion(result
, rgnsize
);
177 // The preferred address is already in use. Did the OS give us a
178 // consolation prize?
179 if (result
!= RESERVE_FAILED
) {
180 return uintptr_t(result
);
183 // It didn't, so try to allocate again, without any constraint on
185 result
= ReserveRegion(0, rgnsize
);
186 if (result
!= RESERVE_FAILED
) {
187 return uintptr_t(result
);
190 // no usable poison region identified
199 gMozillaPoisonSize
= GetDesiredRegionSize();
200 gMozillaPoisonBase
= ReservePoisonArea(gMozillaPoisonSize
);
202 if (gMozillaPoisonSize
== 0) // can't happen
205 gMozillaPoisonValue
= gMozillaPoisonBase
+ gMozillaPoisonSize
/2 - 1;