stack_protector_test.cpp revision 7fd803cdfa873c01138dcbd614ec92418169b1c2
1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/*
18 * Contributed by: Intel Corporation
19 */
20
21#include <gtest/gtest.h>
22
23#include <pthread.h>
24#include <stdint.h>
25#include <stdio.h>
26#include <sys/syscall.h>
27#include <unistd.h>
28#include <set>
29
30#ifdef __GLIBC__
31
32// glibc doesn't expose gettid(2).
33pid_t gettid() { return syscall(__NR_gettid); }
34
35#endif
36
37#ifdef __i386__
38
39// For x86, bionic and glibc have per-thread stack guard values (all identical).
40
41static uint32_t GetGuardFromTls() {
42  uint32_t guard;
43  asm ("mov %%gs:0x14, %0": "=d" (guard));
44  return guard;
45}
46
47struct stack_protector_checker {
48  std::set<pid_t> tids;
49  std::set<uint32_t> guards;
50
51  void Check() {
52    pid_t tid = gettid();
53    uint32_t guard = GetGuardFromTls();
54
55    printf("[thread %d] %%gs:0x14 = 0x%08x\n", tid, guard);
56
57    // Duplicate tid. gettid(2) bug? Seeing this would be very upsetting.
58    ASSERT_TRUE(tids.find(tid) == tids.end());
59
60    // Uninitialized guard. Our bug. Note this is potentially flaky; we _could_ get
61    // four random zero bytes, but it should be vanishingly unlikely.
62    ASSERT_NE(guard, 0U);
63
64    tids.insert(tid);
65    guards.insert(guard);
66  }
67};
68
69static void* ThreadGuardHelper(void* arg) {
70  stack_protector_checker* checker = reinterpret_cast<stack_protector_checker*>(arg);
71  checker->Check();
72  return NULL;
73}
74
75TEST(stack_protector, same_guard_per_thread) {
76  stack_protector_checker checker;
77  size_t thread_count = 10;
78  for (size_t i = 0; i < thread_count; ++i) {
79    pthread_t t;
80    ASSERT_EQ(0, pthread_create(&t, NULL, ThreadGuardHelper, &checker));
81    void* result;
82    ASSERT_EQ(0, pthread_join(t, &result));
83    ASSERT_EQ(NULL, result);
84  }
85  ASSERT_EQ(thread_count, checker.tids.size());
86
87  // bionic and glibc use the same guard for every thread.
88  ASSERT_EQ(1U, checker.guards.size());
89}
90
91#endif
92
93#if defined(__BIONIC__) || defined(__arm__) || defined(__mips__)
94
95// For ARM and MIPS, glibc has a global stack check guard value.
96
97// Bionic has the global for x86 too, to support binaries that can run on
98// Android releases that didn't implement the TLS guard value.
99
100extern "C" uintptr_t __stack_chk_guard;
101
102TEST(stack_protector, global_guard) {
103  ASSERT_NE(0, gettid());
104  ASSERT_NE(0U, __stack_chk_guard);
105}
106
107/*
108 * When this function returns, the stack canary will be inconsistent
109 * with the previous value, which will generate a call to __stack_chk_fail(),
110 * eventually resulting in a SIGABRT.
111 *
112 * This must be marked with "__attribute__ ((noinline))", to ensure the
113 * compiler generates the proper stack guards around this function.
114 */
115__attribute__ ((noinline))
116static void do_modify_stack_chk_guard() {
117  __stack_chk_guard = 0x12345678;
118}
119
120TEST(stack_protector_DeathTest, modify_stack_protector) {
121  ::testing::FLAGS_gtest_death_test_style = "threadsafe";
122  ASSERT_EXIT(do_modify_stack_chk_guard(), testing::KilledBySignal(SIGSEGV), "");
123}
124
125#endif
126