1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <gtest/gtest.h>
18 
19 #if defined(__BIONIC__)
20 
21 #include <sys/mman.h>
22 
23 #include "platform/bionic/android_unsafe_frame_pointer_chase.h"
24 
25 // Prevent tail calls inside recurse.
nop(size_t val)26 __attribute__((weak, noinline)) size_t nop(size_t val) {
27   return val;
28 }
29 
30 // Call android_unsafe_frame_pointer_chase inside count recurse stack frames.
recurse(int count,uintptr_t * buf,size_t num_entries)31 __attribute__((weak, noinline)) int recurse(int count, uintptr_t* buf, size_t num_entries) {
32   if (count != 0) return nop(recurse(count - 1, buf, num_entries));
33   return nop(android_unsafe_frame_pointer_chase(buf, num_entries));
34 }
35 
36 static constexpr size_t kNumFrames = 32;
37 
CheckFrames(uintptr_t * frames,size_t num_frames)38 static bool CheckFrames(uintptr_t* frames, size_t num_frames) {
39   // We expect one recurse frame calling android_unsafe_frame_pointer_chase, followed by kNumFrames identical
40   // recurse frames calling themselves, followed by at least one frame (the first caller of
41   // recurse).
42   if (num_frames < kNumFrames + 2) {
43     printf("num_frames (0x%zu) < kNumFrames + 2", num_frames);
44     return false;
45   }
46 
47   if (frames[0] == frames[1]) {
48     printf("frames[0] == frames[1] (0x%zx)", frames[0]);
49     return false;
50   }
51 
52   for (size_t i = 2; i <= kNumFrames; ++i) {
53     if (frames[i] != frames[1]) {
54       printf("frames[i] (0x%zx) != frames[1] (0x%zx)", frames[i], frames[1]);
55       return false;
56     }
57   }
58 
59   if (frames[kNumFrames] == frames[kNumFrames + 1]) {
60     printf("frames[kNumFrames] == frames[kNumFrames + 1] (0x%zx)", frames[kNumFrames]);
61     return false;
62   }
63 
64   return true;
65 }
66 
TEST(android_unsafe_frame_pointer_chase,main_thread)67 TEST(android_unsafe_frame_pointer_chase, main_thread) {
68   size_t size = recurse(kNumFrames, 0, 0);
69 
70   uintptr_t frames[kNumFrames + 2];
71   size_t size2 = recurse(kNumFrames, frames, kNumFrames + 2);
72   EXPECT_EQ(size2, size);
73 
74   EXPECT_TRUE(CheckFrames(frames, size));
75 }
76 
tester_func()77 static const char* tester_func() {
78   size_t size = recurse(kNumFrames, 0, 0);
79 
80   uintptr_t frames[kNumFrames + 2];
81   size_t size2 = recurse(kNumFrames, frames, kNumFrames + 2);
82   if (size2 != size) {
83     return "size2 != size";
84   }
85 
86   if (!CheckFrames(frames, size)) {
87     return "CheckFrames failed";
88   }
89   return nullptr;
90 }
91 
BacktraceThread(void *)92 static void* BacktraceThread(void*) {
93   return (void*)tester_func();
94 }
95 
TEST(android_unsafe_frame_pointer_chase,pthread)96 TEST(android_unsafe_frame_pointer_chase, pthread) {
97   pthread_t t;
98   ASSERT_EQ(0, pthread_create(&t, nullptr, BacktraceThread, nullptr));
99   void* retval;
100   ASSERT_EQ(0, pthread_join(t, &retval));
101   EXPECT_EQ(nullptr, reinterpret_cast<char*>(retval));
102 }
103 
104 static bool g_handler_called;
105 static const char* g_handler_tester_result;
106 
BacktraceHandler(int)107 static void BacktraceHandler(int) {
108   g_handler_called = true;
109   g_handler_tester_result = tester_func();
110 }
111 
112 static constexpr size_t kStackSize = 16384;
113 
SignalBacktraceThread(void * sp)114 static void* SignalBacktraceThread(void* sp) {
115   stack_t ss;
116   ss.ss_sp = sp;
117   ss.ss_flags = 0;
118   ss.ss_size = kStackSize;
119   sigaltstack(&ss, nullptr);
120 
121   struct sigaction s = {};
122   s.sa_handler = BacktraceHandler;
123   s.sa_flags = SA_ONSTACK;
124   sigaction(SIGRTMIN, &s, nullptr);
125 
126   raise(SIGRTMIN);
127   return nullptr;
128 }
129 
TEST(android_unsafe_frame_pointer_chase,sigaltstack)130 TEST(android_unsafe_frame_pointer_chase, sigaltstack) {
131   // Create threads where the alternate stack appears both after and before the regular stack, and
132   // call android_unsafe_frame_pointer_chase from a signal handler. Without handling for the
133   // alternate signal stack, this would cause false negatives or potential false positives in the
134   // android_unsafe_frame_pointer_chase function.
135   void* stacks =
136       mmap(nullptr, kStackSize * 2, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, -1, 0);
137 
138   for (unsigned i = 0; i != 2; ++i) {
139     pthread_t t;
140     pthread_attr_t attr;
141     ASSERT_EQ(0, pthread_attr_init(&attr));
142     ASSERT_EQ(0, pthread_attr_setstack(&attr, reinterpret_cast<char*>(stacks) + kStackSize * i,
143                                        kStackSize));
144 
145     ASSERT_EQ(0, pthread_create(&t, &attr, SignalBacktraceThread,
146                                 reinterpret_cast<char*>(stacks) + kStackSize * (1 - i)));
147     void* retval;
148     ASSERT_EQ(0, pthread_join(t, &retval));
149 
150     EXPECT_TRUE(g_handler_called);
151     EXPECT_EQ(nullptr, g_handler_tester_result);
152     g_handler_called = false;
153   }
154 
155   munmap(stacks, kStackSize * 2);
156 }
157 
158 #endif // __BIONIC__
159