Reland^2 "[MTE] remap stacks with PROT_MTE when requested by dlopened library"
Also enable stack MTE if main binary links in a library that needs it.
Otherwise the following is possible:
1. a binary doesn't require stack MTE, but links in libraries that use
stg on the stack
2. that binary later dlopens a library that requires stack MTE, and our
logic in dlopen remaps the stacks with MTE
3. the libraries from step 1 now have tagged pointers with missing tags
in memory, so things go wrong
This reverts commit f53e91cc810be2a36377f3b7765f50c89f1f0046.
Reason for revert: Fixed problem detected in b/324568991
Test: atest memtag_stack_dlopen_test with MTE enabled
Test: check crash is gone on fullmte build
Change-Id: I4a93f6814a19683c3ea5fe1e6d455df5459d31e1
diff --git a/tests/libs/Android.bp b/tests/libs/Android.bp
index 039d1e1..06ee132 100644
--- a/tests/libs/Android.bp
+++ b/tests/libs/Android.bp
@@ -234,6 +234,61 @@
}
// -----------------------------------------------------------------------------
+// Libraries and binaries used by memtag_stack_dlopen_test tests
+// -----------------------------------------------------------------------------
+cc_test_library {
+ name: "libtest_simple_memtag_stack",
+ sanitize: {
+ memtag_stack: true,
+ },
+ srcs: ["dlopen_testlib_simple.cpp"],
+}
+
+cc_test_library {
+ name: "libtest_depends_on_simple_memtag_stack",
+ sanitize: {
+ memtag_stack: false,
+ },
+ shared_libs: [
+ "libtest_simple_memtag_stack",
+ ],
+ srcs: ["dlopen_testlib_depends_on_simple.cpp"],
+}
+
+cc_binary {
+ name: "testbinary_is_stack_mte_after_dlopen",
+ sanitize: {
+ memtag_stack: false,
+ memtag_heap: true,
+ },
+ srcs: ["testbinary_is_stack_mte_after_dlopen.cpp"],
+}
+
+cc_binary {
+ name: "testbinary_depends_on_simple_memtag_stack",
+ sanitize: {
+ memtag_stack: false,
+ memtag_heap: true,
+ },
+ shared_libs: [
+ "libtest_simple_memtag_stack",
+ ],
+ srcs: ["testbinary_is_stack_mte.cpp"],
+}
+
+cc_binary {
+ name: "testbinary_depends_on_depends_on_simple_memtag_stack",
+ sanitize: {
+ memtag_stack: false,
+ memtag_heap: true,
+ },
+ shared_libs: [
+ "libtest_depends_on_simple_memtag_stack",
+ ],
+ srcs: ["testbinary_is_stack_mte.cpp"],
+}
+
+// -----------------------------------------------------------------------------
// Libraries used by hwasan_test
// -----------------------------------------------------------------------------
cc_test_library {
diff --git a/tests/libs/dlopen_testlib_depends_on_simple.cpp b/tests/libs/dlopen_testlib_depends_on_simple.cpp
new file mode 100644
index 0000000..9e130d4
--- /dev/null
+++ b/tests/libs/dlopen_testlib_depends_on_simple.cpp
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+
+extern "C" bool dlopen_testlib_simple_func();
+
+extern "C" bool dlopen_testlib_call_simple_func() {
+ return dlopen_testlib_simple_func();
+}
diff --git a/tests/libs/testbinary_is_stack_mte.cpp b/tests/libs/testbinary_is_stack_mte.cpp
new file mode 100644
index 0000000..8dde83c
--- /dev/null
+++ b/tests/libs/testbinary_is_stack_mte.cpp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "../mte_utils.h"
+#include "CHECK.h"
+
+#if defined(__BIONIC__) && defined(__aarch64__)
+
+extern "C" int main(int, char**) {
+ int ret = is_stack_mte_on() ? 0 : 1;
+ printf("RAN\n");
+ return ret;
+}
+
+#else
+
+extern "C" int main(int, char**) {
+ printf("RAN\n");
+ return 1;
+}
+#endif
diff --git a/tests/libs/testbinary_is_stack_mte_after_dlopen.cpp b/tests/libs/testbinary_is_stack_mte_after_dlopen.cpp
new file mode 100644
index 0000000..c5e6868
--- /dev/null
+++ b/tests/libs/testbinary_is_stack_mte_after_dlopen.cpp
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <condition_variable>
+#include <thread>
+
+#include <dlfcn.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "../mte_utils.h"
+#include "CHECK.h"
+
+#if defined(__BIONIC__) && defined(__aarch64__)
+
+enum State { kInit, kThreadStarted, kStackRemapped };
+
+// We can't use pthread_getattr_np because that uses the rlimit rather than the actual mapping
+// bounds.
+static void find_main_stack_limits(uintptr_t* low, uintptr_t* high) {
+ uintptr_t startstack = reinterpret_cast<uintptr_t>(__builtin_frame_address(0));
+
+ // Hunt for the region that contains that address.
+ FILE* fp = fopen("/proc/self/maps", "re");
+ if (fp == nullptr) {
+ abort();
+ }
+ char line[BUFSIZ];
+ while (fgets(line, sizeof(line), fp) != nullptr) {
+ uintptr_t lo, hi;
+ if (sscanf(line, "%" SCNxPTR "-%" SCNxPTR, &lo, &hi) == 2) {
+ if (lo <= startstack && startstack <= hi) {
+ *low = lo;
+ *high = hi;
+ fclose(fp);
+ return;
+ }
+ }
+ }
+ abort();
+}
+
+template <typename Fn>
+unsigned int fault_new_stack_page(uintptr_t low, Fn f) {
+ uintptr_t new_low;
+ uintptr_t new_high;
+ volatile char buf[4096];
+ buf[4095] = 1;
+ find_main_stack_limits(&new_low, &new_high);
+ if (new_low < low) {
+ f();
+ return new_high;
+ }
+ // Useless, but should defeat TCO.
+ return new_low + fault_new_stack_page(low, f);
+}
+extern "C" int main(int argc, char** argv) {
+ if (argc < 2) {
+ return 1;
+ }
+ const char* path = argv[1];
+ CHECK(access(path, F_OK) == 0); // Verify test setup.
+ CHECK(!is_stack_mte_on());
+ std::mutex m;
+ std::condition_variable cv;
+ State state = kInit;
+
+ bool is_early_thread_mte_on = false;
+ std::thread early_th([&] {
+ {
+ std::lock_guard lk(m);
+ state = kThreadStarted;
+ }
+ cv.notify_one();
+ {
+ std::unique_lock lk(m);
+ cv.wait(lk, [&] { return state == kStackRemapped; });
+ }
+ is_early_thread_mte_on = is_stack_mte_on();
+ });
+ {
+ std::unique_lock lk(m);
+ cv.wait(lk, [&] { return state == kThreadStarted; });
+ }
+ void* handle = dlopen(path, RTLD_NOW);
+ {
+ std::lock_guard lk(m);
+ state = kStackRemapped;
+ }
+ cv.notify_one();
+ CHECK(handle != nullptr);
+ CHECK(is_stack_mte_on());
+
+ bool new_stack_page_mte_on = false;
+ uintptr_t low;
+ uintptr_t high;
+ find_main_stack_limits(&low, &high);
+ fault_new_stack_page(low, [&] { new_stack_page_mte_on = is_stack_mte_on(); });
+ CHECK(new_stack_page_mte_on);
+
+ bool is_late_thread_mte_on = false;
+ std::thread late_th([&] { is_late_thread_mte_on = is_stack_mte_on(); });
+ late_th.join();
+ early_th.join();
+ CHECK(is_late_thread_mte_on);
+ CHECK(is_early_thread_mte_on);
+ printf("RAN\n");
+ return 0;
+}
+
+#else
+extern "C" int main(int, char**) {
+ return 1;
+}
+#endif