diff options
Diffstat (limited to 'libportseal')
| -rw-r--r-- | libportseal/Makefile | 12 | ||||
| -rw-r--r-- | libportseal/jhash.h | 256 | ||||
| -rw-r--r-- | libportseal/portseal.c | 271 | ||||
| -rw-r--r-- | libportseal/portseal.h | 73 |
4 files changed, 612 insertions, 0 deletions
diff --git a/libportseal/Makefile b/libportseal/Makefile new file mode 100644 index 0000000..2e2cc5e --- /dev/null +++ b/libportseal/Makefile @@ -0,0 +1,12 @@ +USE_PKG = liburcu liburcu-cds liburcu-mb + +CFLAGS = -std=gnu99 -Wall -ggdb \ + $(foreach lib,$(USE_PKG),$(shell pkg-config --cflags $(lib))) +LDFLAGS = -rdynamic -ldl \ + -L. -lportseal \ + $(foreach lib,$(USE_PKG),$(shell pkg-config --libs $(lib))) + +all: libportseal.so + +libportseal.so: portseal.o + gcc -shared -o "$@" "$<" diff --git a/libportseal/jhash.h b/libportseal/jhash.h new file mode 100644 index 0000000..673989d --- /dev/null +++ b/libportseal/jhash.h @@ -0,0 +1,256 @@ +#ifndef _JHASH_H +#define _JHASH_H + +/* + * jhash.h + * + * Example hash function. + * + * Copyright 2009-2012 - Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca> + * + * THIS MATERIAL IS PROVIDED AS IS, WITH ABSOLUTELY NO WARRANTY EXPRESSED + * OR IMPLIED. ANY USE IS AT YOUR OWN RISK. + * + * Permission is hereby granted to use or copy this program for any + * purpose, provided the above notices are retained on all copies. + * Permission to modify the code and to distribute modified code is + * granted, provided the above notices are retained, and a notice that + * the code was modified is included with the above copyright notice. + */ + +/* + * Hash function + * Source: http://burtleburtle.net/bob/c/lookup3.c + * Originally Public Domain + */ + +#define rot(x, k) (((x) << (k)) | ((x) >> (32 - (k)))) + +#define mix(a, b, c) \ +do { \ + a -= c; a ^= rot(c, 4); c += b; \ + b -= a; b ^= rot(a, 6); a += c; \ + c -= b; c ^= rot(b, 8); b += a; \ + a -= c; a ^= rot(c, 16); c += b; \ + b -= a; b ^= rot(a, 19); a += c; \ + c -= b; c ^= rot(b, 4); b += a; \ +} while (0) + +#define final(a, b, c) \ +{ \ + c ^= b; c -= rot(b, 14); \ + a ^= c; a -= rot(c, 11); \ + b ^= a; b -= rot(a, 25); \ + c ^= b; c -= rot(b, 16); \ + a ^= c; a -= rot(c, 4); \ + b ^= a; b -= rot(a, 14); \ + c ^= b; c -= rot(b, 24); \ +} + +#if (BYTE_ORDER == LITTLE_ENDIAN) +#define HASH_LITTLE_ENDIAN 1 +#else +#define HASH_LITTLE_ENDIAN 0 +#endif + +/* + * + * hashlittle() -- hash a variable-length key into a 32-bit value + * k : the key (the unaligned variable-length array of bytes) + * length : the length of the key, counting by bytes + * initval : can be any 4-byte value + * Returns a 32-bit value. Every bit of the key affects every bit of + * the return value. Two keys differing by one or two bits will have + * totally different hash values. + * + * The best hash table sizes are powers of 2. There is no need to do + * mod a prime (mod is sooo slow!). If you need less than 32 bits, + * use a bitmask. For example, if you need only 10 bits, do + * h = (h & hashmask(10)); + * In which case, the hash table should have hashsize(10) elements. + * + * If you are hashing n strings (uint8_t **)k, do it like this: + * for (i = 0, h = 0; i < n; ++i) h = hashlittle(k[i], len[i], h); + * + * By Bob Jenkins, 2006. bob_jenkins@burtleburtle.net. You may use this + * code any way you wish, private, educational, or commercial. It's free. + * + * Use for hash table lookup, or anything where one collision in 2^^32 is + * acceptable. Do NOT use for cryptographic purposes. + */ +static +uint32_t hashlittle(const void *key, size_t length, uint32_t initval) +{ + uint32_t a, b, c; /* internal state */ + union { + const void *ptr; + size_t i; + } u; + + /* Set up the internal state */ + a = b = c = 0xdeadbeef + ((uint32_t)length) + initval; + + u.ptr = key; + if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) { + const uint32_t *k = (const uint32_t *) key; /* read 32-bit chunks */ + + /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */ + while (length > 12) { + a += k[0]; + b += k[1]; + c += k[2]; + mix(a, b, c); + length -= 12; + k += 3; + } + + /*----------------------------- handle the last (probably partial) block */ + /* + * "k[2]&0xffffff" actually reads beyond the end of the string, but + * then masks off the part it's not allowed to read. Because the + * string is aligned, the masked-off tail is in the same word as the + * rest of the string. Every machine with memory protection I've seen + * does it on word boundaries, so is OK with this. But VALGRIND will + * still catch it and complain. The masking trick does make the hash + * noticably faster for short strings (like English words). + */ +#ifndef VALGRIND + + switch (length) { + case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; + case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break; + case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break; + case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break; + case 8 : b+=k[1]; a+=k[0]; break; + case 7 : b+=k[1]&0xffffff; a+=k[0]; break; + case 6 : b+=k[1]&0xffff; a+=k[0]; break; + case 5 : b+=k[1]&0xff; a+=k[0]; break; + case 4 : a+=k[0]; break; + case 3 : a+=k[0]&0xffffff; break; + case 2 : a+=k[0]&0xffff; break; + case 1 : a+=k[0]&0xff; break; + case 0 : return c; /* zero length strings require no mixing */ + } + +#else /* make valgrind happy */ + { + const uint8_t *k8; + + k8 = (const uint8_t *) k; + switch (length) { + case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; + case 11: c+=((uint32_t) k8[10])<<16; /* fall through */ + case 10: c+=((uint32_t) k8[9])<<8; /* fall through */ + case 9 : c+=k8[8]; /* fall through */ + case 8 : b+=k[1]; a+=k[0]; break; + case 7 : b+=((uint32_t) k8[6])<<16; /* fall through */ + case 6 : b+=((uint32_t) k8[5])<<8; /* fall through */ + case 5 : b+=k8[4]; /* fall through */ + case 4 : a+=k[0]; break; + case 3 : a+=((uint32_t) k8[2])<<16; /* fall through */ + case 2 : a+=((uint32_t) k8[1])<<8; /* fall through */ + case 1 : a+=k8[0]; break; + case 0 : return c; + } + } +#endif /* !valgrind */ + + } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) { + const uint16_t *k = (const uint16_t *) key; /* read 16-bit chunks */ + const uint8_t *k8; + + /*--------------- all but last block: aligned reads and different mixing */ + while (length > 12) + { + a += k[0] + (((uint32_t) k[1])<<16); + b += k[2] + (((uint32_t) k[3])<<16); + c += k[4] + (((uint32_t) k[5])<<16); + mix(a, b, c); + length -= 12; + k += 6; + } + + /*----------------------------- handle the last (probably partial) block */ + k8 = (const uint8_t *) k; + switch(length) + { + case 12: c+=k[4]+(((uint32_t) k[5])<<16); + b+=k[2]+(((uint32_t) k[3])<<16); + a+=k[0]+(((uint32_t) k[1])<<16); + break; + case 11: c+=((uint32_t) k8[10])<<16; /* fall through */ + case 10: c+=k[4]; + b+=k[2]+(((uint32_t) k[3])<<16); + a+=k[0]+(((uint32_t) k[1])<<16); + break; + case 9 : c+=k8[8]; /* fall through */ + case 8 : b+=k[2]+(((uint32_t) k[3])<<16); + a+=k[0]+(((uint32_t) k[1])<<16); + break; + case 7 : b+=((uint32_t) k8[6])<<16; /* fall through */ + case 6 : b+=k[2]; + a+=k[0]+(((uint32_t) k[1])<<16); + break; + case 5 : b+=k8[4]; /* fall through */ + case 4 : a+=k[0]+(((uint32_t) k[1])<<16); + break; + case 3 : a+=((uint32_t) k8[2])<<16; /* fall through */ + case 2 : a+=k[0]; + break; + case 1 : a+=k8[0]; + break; + case 0 : return c; /* zero length requires no mixing */ + } + + } else { /* need to read the key one byte at a time */ + const uint8_t *k = (const uint8_t *)key; + + /*--------------- all but the last block: affect some 32 bits of (a, b, c) */ + while (length > 12) { + a += k[0]; + a += ((uint32_t) k[1])<<8; + a += ((uint32_t) k[2])<<16; + a += ((uint32_t) k[3])<<24; + b += k[4]; + b += ((uint32_t) k[5])<<8; + b += ((uint32_t) k[6])<<16; + b += ((uint32_t) k[7])<<24; + c += k[8]; + c += ((uint32_t) k[9])<<8; + c += ((uint32_t) k[10])<<16; + c += ((uint32_t) k[11])<<24; + mix(a,b,c); + length -= 12; + k += 12; + } + + /*-------------------------------- last block: affect all 32 bits of (c) */ + switch (length) { /* all the case statements fall through */ + case 12: c+=((uint32_t) k[11])<<24; + case 11: c+=((uint32_t) k[10])<<16; + case 10: c+=((uint32_t) k[9])<<8; + case 9 : c+=k[8]; + case 8 : b+=((uint32_t) k[7])<<24; + case 7 : b+=((uint32_t) k[6])<<16; + case 6 : b+=((uint32_t) k[5])<<8; + case 5 : b+=k[4]; + case 4 : a+=((uint32_t) k[3])<<24; + case 3 : a+=((uint32_t) k[2])<<16; + case 2 : a+=((uint32_t) k[1])<<8; + case 1 : a+=k[0]; + break; + case 0 : return c; + } + } + + final(a, b, c); + return c; +} + +static inline +uint32_t jhash(const void *key, size_t length, uint32_t seed) +{ + return hashlittle(key, length, seed); +} + +#endif /* _JHASH_H */ diff --git a/libportseal/portseal.c b/libportseal/portseal.c new file mode 100644 index 0000000..f9523c6 --- /dev/null +++ b/libportseal/portseal.c @@ -0,0 +1,271 @@ +#define _GNU_SOURCE +#include <dlfcn.h> +#include <errno.h> +#include <error.h> +#include <execinfo.h> +#include <fcntl.h> +#include <hurd.h> +#include <mach.h> +#include <malloc.h> +#include <stdint.h> +#include <stdio.h> +#include <time.h> + +#include <urcu.h> /* RCU flavor */ +#include <urcu/rcuhlist.h> /* RCU hlist */ +#include <urcu/rculfhash.h> /* RCU Lock-free hash table */ +#include <urcu/compiler.h> /* For CAA_ARRAY_SIZE */ +#include "jhash.h" /* Example hash function */ + +#include "portseal.h" + +#if 0 +# define TRACE(X...) error(0, 0, X) +#else +# define TRACE(X...) +#endif + +#define PORTSEAL_PORTS_SIZE 1000 +int ports[PORTSEAL_PORTS_SIZE]; + +struct object { + struct cds_lfht_node node; /* Chaining in hash table */ + struct rcu_head rcu_head; /* For call_rcu() */ + struct cds_hlist_head ports; + unsigned long addr; + size_t size; +}; + +struct port { + mach_port_t *p; + struct cds_hlist_node node; /* Linked-list chaining */ +}; + +static uint32_t portseal_seed; +static struct cds_lfht *portseal_object_hash; +static int portseal_is_initialized; + +/* Reference counting. */ +void +portseal_increment (mach_port_t p) +{ + if (! MACH_PORT_VALID (p)) + return; + + if (p >= PORTSEAL_PORTS_SIZE) + { + TRACE ("port name %d >= PORTSEAL_PORTS_SIZE", (int) p); + return; + } + + TRACE ("portseal_increment (%d)", (int) p); + __atomic_add_fetch (&ports[p], 1, __ATOMIC_RELAXED); +} + +static char *mach_port_right_str[] = + { + "send", + "receive", + "send-once", + "port-set", + "dead-name", + }; + +static void +portseal_dec (mach_port_t p) +{ + if (! MACH_PORT_VALID (p)) + return; + + if (p >= PORTSEAL_PORTS_SIZE) + { + TRACE ("port name %d >= PORTSEAL_PORTS_SIZE", (int) p); + return; + } + + int c = __atomic_sub_fetch (&ports[p], 1, __ATOMIC_RELAXED); + TRACE ("portseal_decrement (%d) to %d", (int) p, c); + if (c > 0) + return; + + /* check hurd ports */ + for (int i = 0; i < INIT_PORT_MAX; i++) + if (HURD_PORT_USE (&_hurd_ports[i], port == p)) + /* the libc has a reference, it's fine */ + return; + + error_t err = 0; + mach_port_urefs_t refs; + mach_port_right_t typ; + + for (typ = MACH_PORT_RIGHT_SEND; + typ < MACH_PORT_RIGHT_NUMBER; + typ++) + { + err = mach_port_get_refs (mach_task_self (), + p, + typ, + &refs); + if (err) + goto out; + if (refs) + goto leak; + } + + out: + if (err && err != KERN_INVALID_NAME) + error (0, err, "error in portseal_check_leak"); + return; + + leak: + error (0, 0, "leaked %s right %d", mach_port_right_str[typ], (int) p); + void *array[20]; + size_t size; + size = backtrace (array, 20); + backtrace_symbols_fd (&array[2], size - 2, 2); +} + +/* Used as cleanup function when variables with storage class auto, + i.e. variables residing on the stack. */ +void +portseal_decrement_p (mach_port_t *p) +{ + portseal_dec (*p); +} + +void +portseal_decrement (mach_port_t p) +{ + portseal_dec (p); +} + +/* Used to wrap port assignments. */ +mach_port_t +portseal_set_port (mach_port_t *p, mach_port_t new) +{ + portseal_dec (*p); + + if (! MACH_PORT_VALID (new)) + goto out; + + portseal_increment (new); + + struct object *o = NULL, *node; + struct cds_lfht_iter iter; + rcu_read_lock(); + cds_lfht_for_each_entry (portseal_object_hash, &iter, node, node) + if ((unsigned long) node->addr <= (unsigned long) p + && (unsigned long) p < (unsigned long) node->addr + node->size) + { + o = node; + break; + } + rcu_read_unlock(); + + if (o != NULL) { + TRACE ("set port in object %p", (void *) o->addr); + struct port *port = malloc (sizeof *port); + if (port) { + port->p = p; + cds_hlist_add_head_rcu (&port->node, &o->ports); + } + } + + out: + return new; +} + +/* Memory management. */ +void * +portseal_malloc (size_t size) +{ + struct object *o; + posix_memalign ((void **) &o, 8, size + sizeof (struct object)); + if (! o) + return NULL; + + void *p = o + sizeof (struct object); + + cds_lfht_node_init (&o->node); + CDS_INIT_HLIST_HEAD (&o->ports); + o->addr = (unsigned long) p; + o->size = size; + unsigned long hash = jhash (&p, sizeof p, portseal_seed); + rcu_read_lock (); + cds_lfht_add (portseal_object_hash, hash, &o->node); + rcu_read_unlock (); + + return p; +} + +static void +free_object (struct rcu_head *head) +{ + struct object *node = caa_container_of (head, struct object, rcu_head); + TRACE ("free_object(%p)", node); + free (node); +} + +static int +match (struct cds_lfht_node *ht_node, const void *_key) +{ + struct object *o = + caa_container_of(ht_node, struct object, node); + const unsigned long *key = _key; + + return *key == o->addr; +} + +void +portseal_free (void *p) +{ + TRACE ("free(%p)", p); + + unsigned long hash = jhash (&p, sizeof p, portseal_seed); + rcu_read_lock (); + struct cds_lfht_iter iter; + cds_lfht_lookup (portseal_object_hash, hash, match, &p, &iter); + struct cds_lfht_node *ht_node = cds_lfht_iter_get_node (&iter); + if (ht_node) + { + if (! cds_lfht_del (portseal_object_hash, ht_node)) + { + struct object *del_node = + caa_container_of (ht_node, + struct object, node); + + struct port *port; + struct cds_hlist_node *pos; + cds_hlist_for_each_entry (port, pos, &del_node->ports, node) { + portseal_decrement (*port->p); + *port->p = MACH_PORT_NULL; + free (port); + } + + call_rcu (&del_node->rcu_head, free_object); + } + } + rcu_read_unlock (); +} + +/* Initialization and teardown. */ + +static void __attribute__ ((constructor)) +portseal_init () +{ + portseal_object_hash = cds_lfht_new(1, 1, 0, + CDS_LFHT_AUTO_RESIZE | CDS_LFHT_ACCOUNTING, + NULL); + if (! portseal_object_hash) + error (1, errno, "Error allocating hash table"); + + portseal_seed = (uint32_t) time (NULL); + rcu_register_thread (); + + portseal_is_initialized = 1; +} + +static void __attribute__ ((destructor)) +portseal_destroy () { + rcu_unregister_thread (); +} diff --git a/libportseal/portseal.h b/libportseal/portseal.h new file mode 100644 index 0000000..5ad06b0 --- /dev/null +++ b/libportseal/portseal.h @@ -0,0 +1,73 @@ +#ifndef __PORTSEAL__ +#define __PORTSEAL__ + +#define _GNU_SOURCE +#include <mach.h> +#include <stddef.h> + +extern int ports[]; + +void *portseal_malloc (size_t) __attribute__ ((malloc)); +void portseal_free (void *); + +mach_port_t portseal_set_port (mach_port_t *, mach_port_t); +void portseal_decrement (mach_port_t); +void portseal_decrement_p (mach_port_t*); +void portseal_increment (mach_port_t); + +#define PORTSEAL_CLEANUP(T, I, V) \ + __attribute__ ((cleanup (portseal_decrement_p))) T I = V +#define PORTSEAL_CLEANUP_I(T, I, V, E) \ + __attribute__ ((cleanup (portseal_decrement_p))) T I = V; \ + portseal_set_port (&I, E) + +#define PORTSEAL_WRAP(F, P) \ + ({ \ + mach_port_t *_p = (P); \ + mach_port_t _old = *_p; \ + (F); \ + mach_port_t _new = *_p; \ + if (_old != _new) \ + { \ + portseal_decrement (_old); \ + portseal_increment (_new); \ + } \ + }) + +#define GCC_VERSION (__GNUC__ * 10000 \ + + __GNUC_MINOR__ * 100 \ + + __GNUC_PATCHLEVEL__) + +/* Test for GCC >= 34.9 */ +#if GCC_VERSION >= 40900 +/* use __auto_type */ +#define PORTSEAL_WRAP_R(F, P) \ + ({ \ + mach_port_t *_p = (P); \ + mach_port_t _old = *_p; \ + __auto_type _result = (F); \ + mach_port_t _new = *_p; \ + if (_old != _new) \ + { \ + portseal_decrement (_old); \ + portseal_increment (_new); \ + } \ + _result; \ + }) +#else +#define PORTSEAL_WRAP_R(F, P) \ + ({ \ + mach_port_t *_p = (P); \ + mach_port_t _old = *_p; \ + typeof (F) _result = (F); \ + mach_port_t _new = *_p; \ + if (_old != _new) \ + { \ + portseal_decrement (_old); \ + portseal_increment (_new); \ + } \ + _result; \ + }) +#endif + +#endif /* __PORTSEAL__ */ |