Reland^2 "[MTE] remap stacks with PROT_MTE when requested by dlopened library"
Also enable stack MTE if main binary links in a library that needs it.
Otherwise the following is possible:
1. a binary doesn't require stack MTE, but links in libraries that use
stg on the stack
2. that binary later dlopens a library that requires stack MTE, and our
logic in dlopen remaps the stacks with MTE
3. the libraries from step 1 now have tagged pointers with missing tags
in memory, so things go wrong
This reverts commit f53e91cc810be2a36377f3b7765f50c89f1f0046.
Reason for revert: Fixed problem detected in b/324568991
Test: atest memtag_stack_dlopen_test with MTE enabled
Test: check crash is gone on fullmte build
Change-Id: I4a93f6814a19683c3ea5fe1e6d455df5459d31e1
diff --git a/tests/Android.bp b/tests/Android.bp
index a62abab..78c2c10 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -1108,6 +1108,36 @@
}
cc_test {
+ name: "memtag_stack_dlopen_test",
+ enabled: false,
+ // This does not use bionic_tests_defaults because it is not supported on
+ // host.
+ arch: {
+ arm64: {
+ enabled: true,
+ },
+ },
+ sanitize: {
+ memtag_heap: true,
+ memtag_stack: false,
+ },
+ srcs: [
+ "memtag_stack_dlopen_test.cpp",
+ ],
+ shared_libs: [
+ "libbase",
+ ],
+ data_libs: ["libtest_simple_memtag_stack", "libtest_depends_on_simple_memtag_stack"],
+ data_bins: [
+ "testbinary_depends_on_simple_memtag_stack",
+ "testbinary_depends_on_depends_on_simple_memtag_stack",
+ "testbinary_is_stack_mte_after_dlopen"
+ ],
+ header_libs: ["bionic_libc_platform_headers"],
+ test_suites: ["device-tests"],
+}
+
+cc_test {
name: "bionic-stress-tests",
defaults: [
"bionic_tests_defaults",
diff --git a/tests/libs/Android.bp b/tests/libs/Android.bp
index 039d1e1..06ee132 100644
--- a/tests/libs/Android.bp
+++ b/tests/libs/Android.bp
@@ -234,6 +234,61 @@
}
// -----------------------------------------------------------------------------
+// Libraries and binaries used by memtag_stack_dlopen_test tests
+// -----------------------------------------------------------------------------
+cc_test_library {
+ name: "libtest_simple_memtag_stack",
+ sanitize: {
+ memtag_stack: true,
+ },
+ srcs: ["dlopen_testlib_simple.cpp"],
+}
+
+cc_test_library {
+ name: "libtest_depends_on_simple_memtag_stack",
+ sanitize: {
+ memtag_stack: false,
+ },
+ shared_libs: [
+ "libtest_simple_memtag_stack",
+ ],
+ srcs: ["dlopen_testlib_depends_on_simple.cpp"],
+}
+
+cc_binary {
+ name: "testbinary_is_stack_mte_after_dlopen",
+ sanitize: {
+ memtag_stack: false,
+ memtag_heap: true,
+ },
+ srcs: ["testbinary_is_stack_mte_after_dlopen.cpp"],
+}
+
+cc_binary {
+ name: "testbinary_depends_on_simple_memtag_stack",
+ sanitize: {
+ memtag_stack: false,
+ memtag_heap: true,
+ },
+ shared_libs: [
+ "libtest_simple_memtag_stack",
+ ],
+ srcs: ["testbinary_is_stack_mte.cpp"],
+}
+
+cc_binary {
+ name: "testbinary_depends_on_depends_on_simple_memtag_stack",
+ sanitize: {
+ memtag_stack: false,
+ memtag_heap: true,
+ },
+ shared_libs: [
+ "libtest_depends_on_simple_memtag_stack",
+ ],
+ srcs: ["testbinary_is_stack_mte.cpp"],
+}
+
+// -----------------------------------------------------------------------------
// Libraries used by hwasan_test
// -----------------------------------------------------------------------------
cc_test_library {
diff --git a/tests/libs/dlopen_testlib_depends_on_simple.cpp b/tests/libs/dlopen_testlib_depends_on_simple.cpp
new file mode 100644
index 0000000..9e130d4
--- /dev/null
+++ b/tests/libs/dlopen_testlib_depends_on_simple.cpp
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+
+extern "C" bool dlopen_testlib_simple_func();
+
+extern "C" bool dlopen_testlib_call_simple_func() {
+ return dlopen_testlib_simple_func();
+}
diff --git a/tests/libs/testbinary_is_stack_mte.cpp b/tests/libs/testbinary_is_stack_mte.cpp
new file mode 100644
index 0000000..8dde83c
--- /dev/null
+++ b/tests/libs/testbinary_is_stack_mte.cpp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "../mte_utils.h"
+#include "CHECK.h"
+
+#if defined(__BIONIC__) && defined(__aarch64__)
+
+extern "C" int main(int, char**) {
+ int ret = is_stack_mte_on() ? 0 : 1;
+ printf("RAN\n");
+ return ret;
+}
+
+#else
+
+extern "C" int main(int, char**) {
+ printf("RAN\n");
+ return 1;
+}
+#endif
diff --git a/tests/libs/testbinary_is_stack_mte_after_dlopen.cpp b/tests/libs/testbinary_is_stack_mte_after_dlopen.cpp
new file mode 100644
index 0000000..c5e6868
--- /dev/null
+++ b/tests/libs/testbinary_is_stack_mte_after_dlopen.cpp
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <condition_variable>
+#include <thread>
+
+#include <dlfcn.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "../mte_utils.h"
+#include "CHECK.h"
+
+#if defined(__BIONIC__) && defined(__aarch64__)
+
+enum State { kInit, kThreadStarted, kStackRemapped };
+
+// We can't use pthread_getattr_np because that uses the rlimit rather than the actual mapping
+// bounds.
+static void find_main_stack_limits(uintptr_t* low, uintptr_t* high) {
+ uintptr_t startstack = reinterpret_cast<uintptr_t>(__builtin_frame_address(0));
+
+ // Hunt for the region that contains that address.
+ FILE* fp = fopen("/proc/self/maps", "re");
+ if (fp == nullptr) {
+ abort();
+ }
+ char line[BUFSIZ];
+ while (fgets(line, sizeof(line), fp) != nullptr) {
+ uintptr_t lo, hi;
+ if (sscanf(line, "%" SCNxPTR "-%" SCNxPTR, &lo, &hi) == 2) {
+ if (lo <= startstack && startstack <= hi) {
+ *low = lo;
+ *high = hi;
+ fclose(fp);
+ return;
+ }
+ }
+ }
+ abort();
+}
+
+template <typename Fn>
+unsigned int fault_new_stack_page(uintptr_t low, Fn f) {
+ uintptr_t new_low;
+ uintptr_t new_high;
+ volatile char buf[4096];
+ buf[4095] = 1;
+ find_main_stack_limits(&new_low, &new_high);
+ if (new_low < low) {
+ f();
+ return new_high;
+ }
+ // Useless, but should defeat TCO.
+ return new_low + fault_new_stack_page(low, f);
+}
+extern "C" int main(int argc, char** argv) {
+ if (argc < 2) {
+ return 1;
+ }
+ const char* path = argv[1];
+ CHECK(access(path, F_OK) == 0); // Verify test setup.
+ CHECK(!is_stack_mte_on());
+ std::mutex m;
+ std::condition_variable cv;
+ State state = kInit;
+
+ bool is_early_thread_mte_on = false;
+ std::thread early_th([&] {
+ {
+ std::lock_guard lk(m);
+ state = kThreadStarted;
+ }
+ cv.notify_one();
+ {
+ std::unique_lock lk(m);
+ cv.wait(lk, [&] { return state == kStackRemapped; });
+ }
+ is_early_thread_mte_on = is_stack_mte_on();
+ });
+ {
+ std::unique_lock lk(m);
+ cv.wait(lk, [&] { return state == kThreadStarted; });
+ }
+ void* handle = dlopen(path, RTLD_NOW);
+ {
+ std::lock_guard lk(m);
+ state = kStackRemapped;
+ }
+ cv.notify_one();
+ CHECK(handle != nullptr);
+ CHECK(is_stack_mte_on());
+
+ bool new_stack_page_mte_on = false;
+ uintptr_t low;
+ uintptr_t high;
+ find_main_stack_limits(&low, &high);
+ fault_new_stack_page(low, [&] { new_stack_page_mte_on = is_stack_mte_on(); });
+ CHECK(new_stack_page_mte_on);
+
+ bool is_late_thread_mte_on = false;
+ std::thread late_th([&] { is_late_thread_mte_on = is_stack_mte_on(); });
+ late_th.join();
+ early_th.join();
+ CHECK(is_late_thread_mte_on);
+ CHECK(is_early_thread_mte_on);
+ printf("RAN\n");
+ return 0;
+}
+
+#else
+extern "C" int main(int, char**) {
+ return 1;
+}
+#endif
diff --git a/tests/memtag_stack_dlopen_test.cpp b/tests/memtag_stack_dlopen_test.cpp
new file mode 100644
index 0000000..68ddb81
--- /dev/null
+++ b/tests/memtag_stack_dlopen_test.cpp
@@ -0,0 +1,117 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <thread>
+
+#include <dlfcn.h>
+#include <stdlib.h>
+
+#include <gtest/gtest.h>
+
+#include <android-base/silent_death_test.h>
+#include <android-base/test_utils.h>
+#include "mte_utils.h"
+#include "utils.h"
+
+TEST(MemtagStackDlopenTest, DependentBinaryGetsMemtagStack) {
+#if defined(__BIONIC__) && defined(__aarch64__)
+ if (!running_with_mte()) GTEST_SKIP() << "Test requires MTE.";
+ if (is_stack_mte_on())
+ GTEST_SKIP() << "Stack MTE needs to be off for this test. Are you running fullmte?";
+
+ std::string path =
+ android::base::GetExecutableDirectory() + "/testbinary_depends_on_simple_memtag_stack";
+ ExecTestHelper eth;
+ std::string ld_library_path = "LD_LIBRARY_PATH=" + android::base::GetExecutableDirectory();
+ eth.SetArgs({path.c_str(), nullptr});
+ eth.SetEnv({ld_library_path.c_str(), nullptr});
+ eth.Run([&]() { execve(path.c_str(), eth.GetArgs(), eth.GetEnv()); }, 0, "RAN");
+#else
+ GTEST_SKIP() << "requires bionic arm64";
+#endif
+}
+
+TEST(MemtagStackDlopenTest, DependentBinaryGetsMemtagStack2) {
+#if defined(__BIONIC__) && defined(__aarch64__)
+ if (!running_with_mte()) GTEST_SKIP() << "Test requires MTE.";
+ if (is_stack_mte_on())
+ GTEST_SKIP() << "Stack MTE needs to be off for this test. Are you running fullmte?";
+
+ std::string path = android::base::GetExecutableDirectory() +
+ "/testbinary_depends_on_depends_on_simple_memtag_stack";
+ ExecTestHelper eth;
+ std::string ld_library_path = "LD_LIBRARY_PATH=" + android::base::GetExecutableDirectory();
+ eth.SetArgs({path.c_str(), nullptr});
+ eth.SetEnv({ld_library_path.c_str(), nullptr});
+ eth.Run([&]() { execve(path.c_str(), eth.GetArgs(), eth.GetEnv()); }, 0, "RAN");
+#else
+ GTEST_SKIP() << "requires bionic arm64";
+#endif
+}
+
+TEST(MemtagStackDlopenTest, DlopenRemapsStack) {
+#if defined(__BIONIC__) && defined(__aarch64__)
+ // If this test is failing, look at crash logcat for why the test binary died.
+ if (!running_with_mte()) GTEST_SKIP() << "Test requires MTE.";
+ if (is_stack_mte_on())
+ GTEST_SKIP() << "Stack MTE needs to be off for this test. Are you running fullmte?";
+
+ std::string path =
+ android::base::GetExecutableDirectory() + "/testbinary_is_stack_mte_after_dlopen";
+ std::string lib_path =
+ android::base::GetExecutableDirectory() + "/libtest_simple_memtag_stack.so";
+ ExecTestHelper eth;
+ std::string ld_library_path = "LD_LIBRARY_PATH=" + android::base::GetExecutableDirectory();
+ eth.SetArgs({path.c_str(), lib_path.c_str(), nullptr});
+ eth.SetEnv({ld_library_path.c_str(), nullptr});
+ eth.Run([&]() { execve(path.c_str(), eth.GetArgs(), eth.GetEnv()); }, 0, "RAN");
+#else
+ GTEST_SKIP() << "requires bionic arm64";
+#endif
+}
+
+TEST(MemtagStackDlopenTest, DlopenRemapsStack2) {
+#if defined(__BIONIC__) && defined(__aarch64__)
+ // If this test is failing, look at crash logcat for why the test binary died.
+ if (!running_with_mte()) GTEST_SKIP() << "Test requires MTE.";
+ if (is_stack_mte_on())
+ GTEST_SKIP() << "Stack MTE needs to be off for this test. Are you running fullmte?";
+
+ std::string path =
+ android::base::GetExecutableDirectory() + "/testbinary_is_stack_mte_after_dlopen";
+ std::string lib_path =
+ android::base::GetExecutableDirectory() + "/libtest_depends_on_simple_memtag_stack.so";
+ ExecTestHelper eth;
+ std::string ld_library_path = "LD_LIBRARY_PATH=" + android::base::GetExecutableDirectory();
+ eth.SetArgs({path.c_str(), lib_path.c_str(), nullptr});
+ eth.SetEnv({ld_library_path.c_str(), nullptr});
+ eth.Run([&]() { execve(path.c_str(), eth.GetArgs(), eth.GetEnv()); }, 0, "RAN");
+#else
+ GTEST_SKIP() << "requires bionic arm64";
+#endif
+}
diff --git a/tests/mte_utils.h b/tests/mte_utils.h
new file mode 100644
index 0000000..0f18442
--- /dev/null
+++ b/tests/mte_utils.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#if defined(__BIONIC__) && defined(__aarch64__)
+
+__attribute__((target("mte"))) static bool is_stack_mte_on() {
+ alignas(16) int x = 0;
+ void* p = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(&x) + (1UL << 57));
+ void* p_cpy = p;
+ __builtin_arm_stg(p);
+ p = __builtin_arm_ldg(p);
+ __builtin_arm_stg(&x);
+ return p == p_cpy;
+}
+
+#endif