This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/scudo/
-
scudo/
-
scudo_allocator.cpp
-
scudo_tls.h
-
scudo_utils.h
-
scudo_utils.cpp

Differential D34517

[scudo] PRNG makeover
AbandonedPublic

Authored by cryptoad on Jun 22 2017, 9:54 AM.

Download Raw Diff

Details

Reviewers

alekseyshl
kcc

Summary

This follows the addition of GetRandom with D34412. We remove our
/dev/urandom code and use the new function. Additionally, change the PRNG for
a slightly faster version. One of the issues with the old code is that we have
64 full bits of randomness per next, using only 8 of those for the Salt and
discarding the rest. So we add a cached u64 in the PRNG that can serve up to
8 u8 before having to call the next function again.

Diff Detail

Build Status

Buildable 7493
Build 7493: arc lint + arc unit

Event Timeline

cryptoad created this revision.Jun 22 2017, 9:54 AM

Abandoning for now, this seems to have a non negligible performance impact.
I will revisit this when things settle on other fronts.

Revision Contents

Path

Size

lib/

scudo/

18 lines

2 lines

47 lines

36 lines

Diff 103594

lib/scudo/scudo_allocator.cpp

Show First 20 Lines • Show All 259 Lines • ▼ Show 20 Lines	AllocatorCache getAllocatorCache(ScudoThreadContext ThreadContext) {
return &ThreadContext->Cache;		return &ThreadContext->Cache;
}		}

ScudoQuarantineCache getQuarantineCache(ScudoThreadContext ThreadContext) {		ScudoQuarantineCache getQuarantineCache(ScudoThreadContext ThreadContext) {
return reinterpret_cast<		return reinterpret_cast<
ScudoQuarantineCache *>(ThreadContext->QuarantineCachePlaceHolder);		ScudoQuarantineCache *>(ThreadContext->QuarantineCachePlaceHolder);
}		}

Xorshift128Plus getPrng(ScudoThreadContext ThreadContext) {		ScudoPrng getPrng(ScudoThreadContext ThreadContext) {
return &ThreadContext->Prng;		return &ThreadContext->Prng;
}		}

struct ScudoAllocator {		struct ScudoAllocator {
static const uptr MaxAllowedMallocSize =		static const uptr MaxAllowedMallocSize =
FIRST_32_SECOND_64(2UL << 30, 1ULL << 40);		FIRST_32_SECOND_64(2UL << 30, 1ULL << 40);

typedef ReturnNullOrDieOnFailure FailureHandler;		typedef ReturnNullOrDieOnFailure FailureHandler;

ScudoBackendAllocator BackendAllocator;		ScudoBackendAllocator BackendAllocator;
ScudoQuarantine AllocatorQuarantine;		ScudoQuarantine AllocatorQuarantine;

// The fallback caches are used when the thread local caches have been		// The fallback caches are used when the thread local caches have been
// 'detroyed' on thread tear-down. They are protected by a Mutex as they can		// 'detroyed' on thread tear-down. They are protected by a Mutex as they can
// be accessed by different threads.		// be accessed by different threads.
StaticSpinMutex FallbackMutex;		StaticSpinMutex FallbackMutex;
AllocatorCache FallbackAllocatorCache;		AllocatorCache FallbackAllocatorCache;
ScudoQuarantineCache FallbackQuarantineCache;		ScudoQuarantineCache FallbackQuarantineCache;
Xorshift128Plus FallbackPrng;		ScudoPrng FallbackPrng;

bool DeallocationTypeMismatch;		bool DeallocationTypeMismatch;
bool ZeroContents;		bool ZeroContents;
bool DeleteSizeMismatch;		bool DeleteSizeMismatch;

explicit ScudoAllocator(LinkerInitialized)		explicit ScudoAllocator(LinkerInitialized)
: AllocatorQuarantine(LINKER_INITIALIZED),		: AllocatorQuarantine(LINKER_INITIALIZED),
FallbackQuarantineCache(LINKER_INITIALIZED) {}		FallbackQuarantineCache(LINKER_INITIALIZED) {}
Show All 33 Lines	void init(const AllocatorOptions &Options) {
DeleteSizeMismatch = Options.DeleteSizeMismatch;		DeleteSizeMismatch = Options.DeleteSizeMismatch;
ZeroContents = Options.ZeroContents;		ZeroContents = Options.ZeroContents;
SetAllocatorMayReturnNull(Options.MayReturnNull);		SetAllocatorMayReturnNull(Options.MayReturnNull);
BackendAllocator.Init(Options.ReleaseToOSIntervalMs);		BackendAllocator.Init(Options.ReleaseToOSIntervalMs);
AllocatorQuarantine.Init(		AllocatorQuarantine.Init(
static_cast<uptr>(Options.QuarantineSizeMb) << 20,		static_cast<uptr>(Options.QuarantineSizeMb) << 20,
static_cast<uptr>(Options.ThreadLocalQuarantineSizeKb) << 10);		static_cast<uptr>(Options.ThreadLocalQuarantineSizeKb) << 10);
BackendAllocator.InitCache(&FallbackAllocatorCache);		BackendAllocator.InitCache(&FallbackAllocatorCache);
FallbackPrng.initFromURandom();		FallbackPrng.init();
Cookie = FallbackPrng.getNext();		Cookie = FallbackPrng.getU64();
}		}

// Helper function that checks for a valid Scudo chunk. nullptr isn't.		// Helper function that checks for a valid Scudo chunk. nullptr isn't.
bool isValidPointer(const void *UserPtr) {		bool isValidPointer(const void *UserPtr) {
initThreadMaybe();		initThreadMaybe();
if (!UserPtr)		if (!UserPtr)
return false;		return false;
uptr UserBeg = reinterpret_cast<uptr>(UserPtr);		uptr UserBeg = reinterpret_cast<uptr>(UserPtr);
Show All 25 Lines	if (AlignedSize >= MaxAllowedMallocSize)
return FailureHandler::OnBadRequest();		return FailureHandler::OnBadRequest();

// Primary and Secondary backed allocations have a different treatment. We		// Primary and Secondary backed allocations have a different treatment. We
// deal with alignment requirements of Primary serviced allocations here,		// deal with alignment requirements of Primary serviced allocations here,
// but the Secondary will take care of its own alignment needs.		// but the Secondary will take care of its own alignment needs.
bool FromPrimary = PrimaryAllocator::CanAllocate(AlignedSize, MinAlignment);		bool FromPrimary = PrimaryAllocator::CanAllocate(AlignedSize, MinAlignment);

void *Ptr;		void *Ptr;
uptr Salt;		u8 Salt;
uptr AllocationSize = FromPrimary ? AlignedSize : NeededSize;		uptr AllocationSize = FromPrimary ? AlignedSize : NeededSize;
uptr AllocationAlignment = FromPrimary ? MinAlignment : Alignment;		uptr AllocationAlignment = FromPrimary ? MinAlignment : Alignment;
ScudoThreadContext *ThreadContext = getThreadContextAndLock();		ScudoThreadContext *ThreadContext = getThreadContextAndLock();
if (LIKELY(ThreadContext)) {		if (LIKELY(ThreadContext)) {
Salt = getPrng(ThreadContext)->getNext();		Salt = getPrng(ThreadContext)->getU8();
Ptr = BackendAllocator.Allocate(getAllocatorCache(ThreadContext),		Ptr = BackendAllocator.Allocate(getAllocatorCache(ThreadContext),
AllocationSize, AllocationAlignment,		AllocationSize, AllocationAlignment,
FromPrimary);		FromPrimary);
ThreadContext->unlock();		ThreadContext->unlock();
} else {		} else {
SpinMutexLock l(&FallbackMutex);		SpinMutexLock l(&FallbackMutex);
Salt = FallbackPrng.getNext();		Salt = FallbackPrng.getU8();
Ptr = BackendAllocator.Allocate(&FallbackAllocatorCache, AllocationSize,		Ptr = BackendAllocator.Allocate(&FallbackAllocatorCache, AllocationSize,
AllocationAlignment, FromPrimary);		AllocationAlignment, FromPrimary);
}		}
if (!Ptr)		if (!Ptr)
return FailureHandler::OnOOM();		return FailureHandler::OnOOM();

// If requested, we will zero out the entire contents of the returned chunk.		// If requested, we will zero out the entire contents of the returned chunk.
if ((ForceZeroContents \|\| ZeroContents) && FromPrimary)		if ((ForceZeroContents \|\| ZeroContents) && FromPrimary)
Show All 22 Lines	if (FromPrimary) {
// The secondary fits the allocations to a page, so the amount of unused		// The secondary fits the allocations to a page, so the amount of unused
// bytes is the difference between the end of the user allocation and the		// bytes is the difference between the end of the user allocation and the
// next page boundary.		// next page boundary.
uptr PageSize = GetPageSizeCached();		uptr PageSize = GetPageSizeCached();
uptr TrailingBytes = (UserBeg + Size) & (PageSize - 1);		uptr TrailingBytes = (UserBeg + Size) & (PageSize - 1);
if (TrailingBytes)		if (TrailingBytes)
Header.SizeOrUnusedBytes = PageSize - TrailingBytes;		Header.SizeOrUnusedBytes = PageSize - TrailingBytes;
}		}
Header.Salt = static_cast<u8>(Salt);		Header.Salt = Salt;
getScudoChunk(UserBeg)->storeHeader(&Header);		getScudoChunk(UserBeg)->storeHeader(&Header);
void UserPtr = reinterpret_cast<void >(UserBeg);		void UserPtr = reinterpret_cast<void >(UserBeg);
// if (&__sanitizer_malloc_hook) __sanitizer_malloc_hook(UserPtr, Size);		// if (&__sanitizer_malloc_hook) __sanitizer_malloc_hook(UserPtr, Size);
return UserPtr;		return UserPtr;
}		}

// Place a chunk in the quarantine. In the event of a zero-sized quarantine,		// Place a chunk in the quarantine. In the event of a zero-sized quarantine,
// we directly deallocate the chunk, otherwise the flow would lead to the		// we directly deallocate the chunk, otherwise the flow would lead to the
▲ Show 20 Lines • Show All 172 Lines • ▼ Show 20 Lines
}		}

static void initScudoInternal(const AllocatorOptions &Options) {		static void initScudoInternal(const AllocatorOptions &Options) {
Instance.init(Options);		Instance.init(Options);
}		}

void ScudoThreadContext::init() {		void ScudoThreadContext::init() {
getBackendAllocator().InitCache(&Cache);		getBackendAllocator().InitCache(&Cache);
Prng.initFromURandom();		Prng.init();
memset(QuarantineCachePlaceHolder, 0, sizeof(QuarantineCachePlaceHolder));		memset(QuarantineCachePlaceHolder, 0, sizeof(QuarantineCachePlaceHolder));
}		}

void ScudoThreadContext::commitBack() {		void ScudoThreadContext::commitBack() {
Instance.commitBack(this);		Instance.commitBack(this);
}		}

void *scudoMalloc(uptr Size, AllocType Type) {		void *scudoMalloc(uptr Size, AllocType Type) {
▲ Show 20 Lines • Show All 93 Lines • Show Last 20 Lines

lib/scudo/scudo_tls.h

	Show All 24 Lines
	namespace __scudo {			namespace __scudo {

	// Platform specific base thread context definitions.			// Platform specific base thread context definitions.
	#include "scudo_tls_context_android.inc"			#include "scudo_tls_context_android.inc"
	#include "scudo_tls_context_linux.inc"			#include "scudo_tls_context_linux.inc"

	struct ALIGNED(64) ScudoThreadContext : public ScudoThreadContextPlatform {			struct ALIGNED(64) ScudoThreadContext : public ScudoThreadContextPlatform {
	AllocatorCache Cache;			AllocatorCache Cache;
	Xorshift128Plus Prng;			ScudoPrng Prng;
	uptr QuarantineCachePlaceHolder[4];			uptr QuarantineCachePlaceHolder[4];
	void init();			void init();
	void commitBack();			void commitBack();
	};			};

	void initThread();			void initThread();

	// Platform specific dastpath functions definitions.			// Platform specific dastpath functions definitions.
	#include "scudo_tls_android.inc"			#include "scudo_tls_android.inc"
	#include "scudo_tls_linux.inc"			#include "scudo_tls_linux.inc"

	} // namespace __scudo			} // namespace __scudo

	#endif // SCUDO_TLS_H_			#endif // SCUDO_TLS_H_

lib/scudo/scudo_utils.h

	Show All 28 Lines
	}			}

	void NORETURN dieWithMessage(const char *Format, ...);			void NORETURN dieWithMessage(const char *Format, ...);

	enum CPUFeature {			enum CPUFeature {
	CRC32CPUFeature = 0,			CRC32CPUFeature = 0,
	MaxCPUFeature,			MaxCPUFeature,
	};			};

	bool testCPUFeature(CPUFeature feature);			bool testCPUFeature(CPUFeature feature);

	// Tiny PRNG based on https://en.wikipedia.org/wiki/Xorshift#xorshift.2B			static INLINE u64 rotl(const u64 X, int K) {
	// The state (128 bits) will be stored in thread local storage.			return (X << K) \| (X >> (64 - K));
	struct Xorshift128Plus {			}

				// XoRoShiRo128+ PRNG (http://xoroshiro.di.unimi.it/).
				struct XoRoShiRo128Plus {
	public:			public:
	void initFromURandom();			void init() {
	u64 getNext() {			CHECK(GetRandom(reinterpret_cast<void *>(State), sizeof(State)));
	u64 x = State[0];			fillCache();
	const u64 y = State[1];			}
	State[0] = y;			u8 getU8() {
	x ^= x << 23;			if (UNLIKELY(CachedBytesAvailable == 0))
	State[1] = x ^ y ^ (x >> 17) ^ (y >> 26);			fillCache();
	return State[1] + y;			const u8 Result = static_cast<u8>(CachedBytes & 0xff);
				CachedBytes >>= 8;
				CachedBytesAvailable--;
				return Result;
	}			}
				u64 getU64() { return next(); }
	private:			private:
				u8 CachedBytesAvailable;
				u64 CachedBytes;
	u64 State[2];			u64 State[2];
				u64 next() {
				const u64 S0 = State[0];
				u64 S1 = State[1];
				const u64 Result = S0 + S1;
				S1 ^= S0;
				State[0] = rotl(S0, 55) ^ S1 ^ (S1 << 14);
				State[1] = rotl(S1, 36);
				return Result;
				}
				void fillCache() {
				CachedBytes = next();
				CachedBytesAvailable = sizeof(CachedBytes);
				}
	};			};

				typedef XoRoShiRo128Plus ScudoPrng;

	} // namespace __scudo			} // namespace __scudo

	#endif // SCUDO_UTILS_H_			#endif // SCUDO_UTILS_H_

lib/scudo/scudo_utils.cpp

Show First 20 Lines • Show All 117 Lines • ▼ Show 20 Lines	bool testCPUFeature(CPUFeature Feature) {
return false;		return false;
}		}
#else		#else
bool testCPUFeature(CPUFeature Feature) {		bool testCPUFeature(CPUFeature Feature) {
return false;		return false;
}		}
#endif // defined(__x86_64__) \|\| defined(__i386__)		#endif // defined(__x86_64__) \|\| defined(__i386__)

// readRetry will attempt to read Count bytes from the Fd specified, and if
// interrupted will retry to read additional bytes to reach Count.
static ssize_t readRetry(int Fd, u8 *Buffer, size_t Count) {
ssize_t AmountRead = 0;
while (static_cast<size_t>(AmountRead) < Count) {
ssize_t Result = read(Fd, Buffer + AmountRead, Count - AmountRead);
if (Result > 0)
AmountRead += Result;
else if (!Result)
break;
else if (errno != EINTR) {
AmountRead = -1;
break;
}
}
return AmountRead;
}

static void fillRandom(u8 *Data, ssize_t Size) {
int Fd = open("/dev/urandom", O_RDONLY);
if (Fd < 0) {
dieWithMessage("ERROR: failed to open /dev/urandom.\n");
}
bool Success = readRetry(Fd, Data, Size) == Size;
close(Fd);
if (!Success) {
dieWithMessage("ERROR: failed to read enough data from /dev/urandom.\n");
}
}

// Seeds the xorshift state with /dev/urandom.
// TODO(kostyak): investigate using getrandom() if available.
void Xorshift128Plus::initFromURandom() {
fillRandom(reinterpret_cast<u8 *>(State), sizeof(State));
}

} // namespace __scudo		} // namespace __scudo