PageRenderTime 42ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/rpython/rlib/_stacklet_shadowstack.py

https://bitbucket.org/pypy/pypy/
Python | 184 lines | 139 code | 24 blank | 21 comment | 10 complexity | a23486f6b77b3a44501aced76f555719 MD5 | raw file
Possible License(s): AGPL-3.0, BSD-3-Clause, Apache-2.0 
    

  1. from rpython.rlib import _rffi_stacklet as _c
    2. 

  2. from rpython.rlib.debug import ll_assert
    3. 

  3. from rpython.rlib import rgc
    4. 

  4. from rpython.rtyper.annlowlevel import llhelper, MixLevelHelperAnnotator
    5. 

  5. from rpython.rtyper.lltypesystem import lltype, llmemory, rffi
    6. 

  6. from rpython.rtyper.lltypesystem.lloperation import llop
    7. 

  7. from rpython.annotator import model as annmodel
    8. 

  8. from rpython.rtyper.llannotation import lltype_to_annotation
    9. 

  9. 

  10. 

  11. #
    12. 

  12. # A GC wrapper around the C stacklet handles, with additionally a
    13. 

  13. # copy of the shadowstack (for all stacklets different than the main)
    14. 

  14. #
    15. 

  15. STACKLET = lltype.GcStruct('Stacklet',
    16. 

  16.                            ('s_handle', _c.handle),
    17. 

  17.                            ('s_sscopy', llmemory.Address),
    18. 

  18.                            rtti=True)
    19. 

  19. STACKLET_PTR = lltype.Ptr(STACKLET)
    20. 

  20. NULL_STACKLET = lltype.nullptr(STACKLET)
    21. 

  21. 

  22. 

  23. def complete_destrptr(gctransformer):
    24. 

  24.     translator = gctransformer.translator
    25. 

  25.     mixlevelannotator = MixLevelHelperAnnotator(translator.rtyper)
    26. 

  26.     args_s = [lltype_to_annotation(STACKLET_PTR)]
    27. 

  27.     s_result = annmodel.s_None
    28. 

  28.     destrptr = mixlevelannotator.delayedfunction(stacklet_destructor,
    29. 

  29.                                                  args_s, s_result)
    30. 

  30.     mixlevelannotator.finish()
    31. 

  31.     lltype.attachRuntimeTypeInfo(STACKLET, destrptr=destrptr)
    32. 

  32. 

  33. # Note: it's important that this is a light finalizer, otherwise
    34. 

  34. # the GC will call it but still expect the object to stay around for
    35. 

  35. # a while---and it can't stay around, because s_sscopy points to
    36. 

  36. # freed nonsense and customtrace() will crash
    37. 

  37. @rgc.must_be_light_finalizer
    38. 

  38. def stacklet_destructor(stacklet):
    39. 

  39.     sscopy = stacklet.s_sscopy
    40. 

  40.     if sscopy:
    41. 

  41.         llmemory.raw_free(sscopy)
    42. 

  42.     h = stacklet.s_handle
    43. 

  43.     if h:
    44. 

  44.         _c.destroy(h)
    45. 

  45. 

  46. 

  47. SIZEADDR = llmemory.sizeof(llmemory.Address)
    48. 

  48. 

  49. def customtrace(gc, obj, callback, arg):
    50. 

  50.     stacklet = llmemory.cast_adr_to_ptr(obj, STACKLET_PTR)
    51. 

  51.     sscopy = stacklet.s_sscopy
    52. 

  52.     if sscopy:
    53. 

  53.         length_bytes = sscopy.signed[0]
    54. 

  54.         while length_bytes > 0:
    55. 

  55.             addr = sscopy + length_bytes
    56. 

  56.             gc._trace_callback(callback, arg, addr)
    57. 

  57.             length_bytes -= SIZEADDR
    58. 

  58. lambda_customtrace = lambda: customtrace
    59. 

  59. 

  60. def sscopy_detach_shadow_stack():
    61. 

  61.     base = llop.gc_adr_of_root_stack_base(llmemory.Address).address[0]
    62. 

  62.     top = llop.gc_adr_of_root_stack_top(llmemory.Address).address[0]
    63. 

  63.     length_bytes = top - base
    64. 

  64.     result = llmemory.raw_malloc(SIZEADDR + length_bytes)
    65. 

  65.     if result:
    66. 

  66.         result.signed[0] = length_bytes
    67. 

  67.         llmemory.raw_memcopy(base, result + SIZEADDR, length_bytes)
    68. 

  68.         llop.gc_adr_of_root_stack_top(llmemory.Address).address[0] = base
    69. 

  69.     return result
    70. 

  70. 

  71. def sscopy_attach_shadow_stack(sscopy):
    72. 

  72.     base = llop.gc_adr_of_root_stack_base(llmemory.Address).address[0]
    73. 

  73.     ll_assert(llop.gc_adr_of_root_stack_top(llmemory.Address).address[0]==base,
    74. 

  74.               "attach_shadow_stack: ss is not empty?")
    75. 

  75.     length_bytes = sscopy.signed[0]
    76. 

  76.     llmemory.raw_memcopy(sscopy + SIZEADDR, base, length_bytes)
    77. 

  77.     llop.gc_adr_of_root_stack_top(llmemory.Address).address[0] = (
    78. 

  78.         base + length_bytes)
    79. 

  79.     llmemory.raw_free(sscopy)
    80. 

  80. 

  81. def alloc_stacklet():
    82. 

  82.     new_stacklet = lltype.malloc(STACKLET)
    83. 

  83.     new_stacklet.s_handle = _c.null_handle
    84. 

  84.     new_stacklet.s_sscopy = llmemory.NULL
    85. 

  85.     return new_stacklet
    86. 

  86. 

  87. def attach_handle_on_stacklet(stacklet, h):
    88. 

  88.     ll_assert(stacklet.s_handle == _c.null_handle, "attach stacklet 1: garbage")
    89. 

  89.     ll_assert(stacklet.s_sscopy == llmemory.NULL,  "attach stacklet 2: garbage")
    90. 

  90.     if not h:
    91. 

  91.         raise MemoryError
    92. 

  92.     elif _c.is_empty_handle(h):
    93. 

  93.         ll_assert(gcrootfinder.sscopy == llmemory.NULL,
    94. 

  94.                   "empty_handle but sscopy != NULL")
    95. 

  95.         return NULL_STACKLET
    96. 

  96.     else:
    97. 

  97.         # This is a return that gave us a real handle.  Store it.
    98. 

  98.         stacklet.s_handle = h
    99. 

  99.         stacklet.s_sscopy = gcrootfinder.sscopy
    100. 

  100.         ll_assert(gcrootfinder.sscopy != llmemory.NULL,
    101. 

  101.                   "!empty_handle but sscopy == NULL")
    102. 

  102.         gcrootfinder.sscopy = llmemory.NULL
    103. 

  103.         llop.gc_writebarrier(lltype.Void, llmemory.cast_ptr_to_adr(stacklet))
    104. 

  104.         return stacklet
    105. 

  105. 

  106. def consume_stacklet(stacklet):
    107. 

  107.     h = stacklet.s_handle
    108. 

  108.     ll_assert(bool(h), "consume_stacklet: null handle")
    109. 

  109.     stacklet.s_handle = _c.null_handle
    110. 

  110.     stacklet.s_sscopy = llmemory.NULL
    111. 

  111.     return h
    112. 

  112. 

  113. def _new_callback(h, arg):
    114. 

  114.     # There is a fresh stacklet object waiting on the gcrootfinder,
    115. 

  115.     # so populate it with data that represents the parent suspended
    116. 

  116.     # stacklet and detach the stacklet object from gcrootfinder.
    117. 

  117.     stacklet = gcrootfinder.fresh_stacklet
    118. 

  118.     gcrootfinder.fresh_stacklet = NULL_STACKLET
    119. 

  119.     ll_assert(stacklet != NULL_STACKLET, "_new_callback: NULL #1")
    120. 

  120.     stacklet = attach_handle_on_stacklet(stacklet, h)
    121. 

  121.     ll_assert(stacklet != NULL_STACKLET, "_new_callback: NULL #2")
    122. 

  122.     #
    123. 

  123.     # Call the main function provided by the (RPython) user.
    124. 

  124.     stacklet = gcrootfinder.runfn(stacklet, arg)
    125. 

  125.     #
    126. 

  126.     # Here, 'stacklet' points to the target stacklet to which we want
    127. 

  127.     # to jump to next.  Read the 'handle' and forget about the
    128. 

  128.     # stacklet object.
    129. 

  129.     gcrootfinder.sscopy = llmemory.NULL
    130. 

  130.     return consume_stacklet(stacklet)
    131. 

  131. 

  132. def _new(thread_handle, arg):
    133. 

  133.     # No shadowstack manipulation here (no usage of gc references)
    134. 

  134.     sscopy = sscopy_detach_shadow_stack()
    135. 

  135.     gcrootfinder.sscopy = sscopy
    136. 

  136.     if not sscopy:
    137. 

  137.         return _c.null_handle
    138. 

  138.     h = _c.new(thread_handle, llhelper(_c.run_fn, _new_callback), arg)
    139. 

  139.     sscopy_attach_shadow_stack(sscopy)
    140. 

  140.     return h
    141. 

  141. _new._dont_inline_ = True
    142. 

  142. 

  143. def _switch(h):
    144. 

  144.     # No shadowstack manipulation here (no usage of gc references)
    145. 

  145.     sscopy = sscopy_detach_shadow_stack()
    146. 

  146.     gcrootfinder.sscopy = sscopy
    147. 

  147.     if not sscopy:
    148. 

  148.         return _c.null_handle
    149. 

  149.     h = _c.switch(h)
    150. 

  150.     sscopy_attach_shadow_stack(sscopy)
    151. 

  151.     return h
    152. 

  152. _switch._dont_inline_ = True
    153. 

  153. 

  154. 

  155. class StackletGcRootFinder(object):
    156. 

  156.     fresh_stacklet = NULL_STACKLET
    157. 

  157. 

  158.     @staticmethod
    159. 

  159.     def new(thrd, callback, arg):
    160. 

  160.         rgc.register_custom_trace_hook(STACKLET, lambda_customtrace)
    161. 

  161.         result_stacklet = alloc_stacklet()
    162. 

  162.         gcrootfinder.fresh_stacklet = alloc_stacklet()
    163. 

  163.         gcrootfinder.runfn = callback
    164. 

  164.         thread_handle = thrd._thrd
    165. 

  165.         h = _new(thread_handle, arg)
    166. 

  166.         return attach_handle_on_stacklet(result_stacklet, h)
    167. 

  167. 

  168.     @staticmethod
    169. 

  169.     def switch(stacklet):
    170. 

  170.         # 'stacklet' has a handle to target, i.e. where to switch to
    171. 

  171.         h = consume_stacklet(stacklet)
    172. 

  172.         h = _switch(h)
    173. 

  173.         return attach_handle_on_stacklet(stacklet, h)
    174. 

  174. 

  175.     @staticmethod
    176. 

  176.     def is_empty_handle(stacklet):
    177. 

  177.         return not stacklet
    178. 

  178. 

  179.     @staticmethod
    180. 

  180.     def get_null_handle():
    181. 

  181.         return NULL_STACKLET
    182. 

  182. 

  183. 

  184. gcrootfinder = StackletGcRootFinder()
    185. 

  185.