Skip to content

Commit

Permalink
runtime: print pkey of target memory range for forbidden operations
Browse files Browse the repository at this point in the history
  • Loading branch information
fw-immunant committed Feb 2, 2024
1 parent 721496b commit afaf2da
Show file tree
Hide file tree
Showing 4 changed files with 52 additions and 0 deletions.
22 changes: 22 additions & 0 deletions runtime/memory-map/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -337,6 +337,28 @@ pub extern "C" fn memory_map_region_get_prot(map: &MemoryMap, needle: Range) ->
/** memory_map_region_get_prot found no or multiple protections in the given range */
pub const PROT_INDETERMINATE: u32 = 0xFFFFFFFFu32;

const PKEY_MULTIPLE: u8 = 255;
const PKEY_NONE: u8 = 254;

/// return the pkey (0-15) that covers the given range, or PKEY_MULTIPLE or
/// PKEY_NONE if the entire range is not protected by exactly one pkey
#[no_mangle]
pub extern "C" fn memory_map_region_get_owner_pkey(map: &MemoryMap, needle: Range) -> u8 {
let mut pkey = None;
let same = map.all_overlapping_regions(needle, |region| match pkey {
None => {
pkey = Some(region.state.owner_pkey);
true
}
Some(pkey) => region.state.owner_pkey == pkey,
});
if same {
pkey.unwrap_or(PKEY_NONE) // all same (return pkey) or no pkey
} else {
PKEY_MULTIPLE // multiple pkeys
}
}

#[no_mangle]
pub extern "C" fn memory_map_unmap_region(map: &mut MemoryMap, needle: Range) -> bool {
map.split_out_region(needle).is_some()
Expand Down
2 changes: 2 additions & 0 deletions runtime/memory_map.h
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ bool memory_map_all_overlapping_regions_mprotected(const struct memory_map *map,

uint32_t memory_map_region_get_prot(const struct memory_map *map, struct range needle);

uint8_t memory_map_region_get_owner_pkey(const struct memory_map *map, struct range needle);

bool memory_map_unmap_region(struct memory_map *map, struct range needle);

bool memory_map_add_region(struct memory_map *map,
Expand Down
24 changes: 24 additions & 0 deletions runtime/mmap_event.h
Original file line number Diff line number Diff line change
Expand Up @@ -78,4 +78,28 @@ static const char *event_name(enum mmap_event event) {
return event_names[event];
}

static inline const struct range *event_target_range(enum mmap_event event, const union event_info *info) {
switch (event) {
case EVENT_MMAP:
return &info->mmap.range;
case EVENT_MUNMAP:
return &info->munmap.range;
case EVENT_MREMAP:
return &info->mremap.old_range;
case EVENT_MADVISE:
return &info->madvise.range;
case EVENT_MPROTECT:
return &info->mprotect.range;
case EVENT_PKEY_MPROTECT:
return &info->pkey_mprotect.range;
case EVENT_CLONE:
return NULL;
case EVENT_EXEC:
return NULL;
case EVENT_NONE:
return NULL;
break;
}
}

enum mmap_event event_from_syscall(uint64_t rax);
4 changes: 4 additions & 0 deletions runtime/track_memory_map.c
Original file line number Diff line number Diff line change
Expand Up @@ -839,6 +839,10 @@ bool track_memory_map(pid_t pid, int *exit_status_out, enum trace_mode mode) {
} else if (!is_op_permitted(map, event, &event_info)) {
fprintf(stderr, "forbidden operation requested: ");
print_event(event, &event_info);
const struct range *range = event_target_range(event, &event_info);
if (range != NULL) {
printf("region pkey: %d\n", memory_map_region_get_owner_pkey(map, *range));
}
return_syscall_eperm(waited_pid);
if (ptrace(continue_request, waited_pid, 0, 0) < 0) {
perror("could not PTRACE_SYSCALL");
Expand Down

0 comments on commit afaf2da

Please sign in to comment.