From 9567b6b5b9955960f0d60aa2569bd29d141c2b4b Mon Sep 17 00:00:00 2001 From: Khyber Sen Date: Sun, 2 Mar 2025 23:54:14 -0800 Subject: [PATCH] format: run `rg --files --type c --type cpp --glob '!external/' | xargs clang-format -i` A lot of files aren't formatted correctly, so whenever I edit files and format, it adds a lot of extra formatting fixes, which makes PRs much harder to review with all of this extraneous info. We should probably add this to CI/pre-commit hook, but this should be enough for now. This also adds `AllowShortBlocksOnASingleLine: Always` to `.clang-format`, as this is needed to keep LLVM `lit` tests still working. --- .clang-format | 1 + examples/video_player/include/video_decoder.h | 2 +- examples/video_player/video_player.c | 54 ++++- misc/test_runner/test_runner.c | 2 +- runtime/libia2/exit.c | 3 +- runtime/libia2/ia2.c | 162 ++++++++----- runtime/libia2/include/ia2.h | 19 +- runtime/libia2/include/ia2_internal.h | 146 ++++++------ runtime/libia2/include/permissive_mode.h | 4 +- ...him_default_dispatch_to_partition_alloc.cc | 213 +++++++++--------- runtime/partition-alloc/src/get_pkey.cc | 15 +- .../partition-alloc/src/shared_allocator.cc | 6 +- runtime/tracer/seccomp_filter.h | 10 +- tests/abi/abi.c | 6 +- tests/abi/include/abi.h | 4 +- tests/abi/main.c | 34 +-- tests/destructors/include/main/exported_fn.h | 2 +- tests/destructors/main.c | 40 ++-- tests/destructors/plugin.c | 25 +- tests/ffmpeg/main.c | 49 ++-- tests/global_fn_ptr/include/operations.h | 16 +- tests/global_fn_ptr/main.c | 16 +- tests/global_fn_ptr/operations.c | 12 +- tests/header_includes/impl.c | 10 +- tests/header_includes/include/liboption.h | 2 +- tests/header_includes/include/types.h | 4 +- tests/header_includes/liboption.c | 26 +-- tests/header_includes/main.c | 8 +- .../heap_two_keys/include/main/exported_fn.h | 2 +- tests/heap_two_keys/include/plugin/plugin.h | 2 +- tests/heap_two_keys/main.c | 60 +++-- tests/heap_two_keys/plugin.c | 5 +- tests/libusb/main.c | 82 ++++--- tests/macro_attr/functions.c | 16 +- tests/macro_attr/include/functions.h | 6 +- tests/macro_attr/main.c | 10 +- tests/minimal/main.c | 6 +- tests/minimal/minimal.c | 12 +- tests/minimal_no_criterion/main.c | 6 +- tests/minimal_no_criterion/minimal.c | 9 +- tests/mmap_loop/main.c | 5 +- tests/namespaces/main.cpp | 4 +- tests/namespaces/random.cpp | 12 +- tests/namespaces/random.hpp | 4 +- tests/permissive_mode/permissive_mode.c | 22 +- tests/read_config/builtin.c | 22 +- tests/read_config/include/core.h | 36 +-- tests/read_config/include/plugin.h | 4 +- tests/read_config/main.c | 2 - tests/recursion/dso.c | 2 +- tests/recursion/main.c | 2 - tests/rewrite_fn_ptr_eq/lib.c | 10 +- tests/rewrite_fn_ptr_eq/main.c | 151 ++++++------- tests/rewrite_macros/include/lib.h | 8 +- tests/rewrite_macros/lib.c | 18 +- tests/rewrite_macros/main.c | 42 ++-- tests/ro_sharing/main.c | 4 +- tests/ro_sharing/plugin.c | 2 +- tests/shared_data/access_shared.c | 15 +- tests/shared_data/main.c | 26 +-- tests/should_segfault/main.c | 16 +- tests/should_segfault/print_secret.c | 17 +- tests/sighandler/lib.c | 51 ++--- tests/sighandler/main.c | 52 ++--- tests/simple1/include/simple1.h | 9 +- tests/simple1/main.c | 1 - tests/static_addr_taken/include/static_fns.h | 2 +- tests/static_addr_taken/lib.c | 13 +- tests/static_addr_taken/main.c | 26 ++- tests/structs/main.c | 50 ++-- tests/threads/main.c | 3 +- tests/three_keys_minimal/include/lib.h | 145 ++++++------ tests/three_keys_minimal/lib_1.c | 6 +- tests/three_keys_minimal/lib_2.c | 6 +- tests/three_keys_minimal/main.c | 8 +- tests/tls_protected/library.c | 2 +- tests/tls_protected/main.c | 1 - .../trusted_direct/include/main/exported_fn.h | 2 +- tests/trusted_direct/main.c | 18 +- tests/trusted_direct/plugin.c | 13 +- tests/trusted_indirect/include/rand_op.h | 6 +- tests/trusted_indirect/main.c | 70 +++--- tests/trusted_indirect/rand_op.c | 52 ++--- .../include/main/exported_fn.h | 2 +- tests/two_keys_minimal/main.c | 32 ++- tests/two_keys_minimal/plugin.c | 23 +- .../include/main/exported_fn.h | 2 +- tests/two_shared_ranges/main.c | 32 ++- tests/two_shared_ranges/plugin.c | 24 +- tests/untrusted_indirect/foo.c | 33 ++- tests/untrusted_indirect/include/foo.h | 2 +- tests/untrusted_indirect/main.c | 45 ++-- tools/rewriter/GenCallAsm.cpp | 6 +- tools/rewriter/GenCallAsm.h | 3 +- tools/rewriter/SourceRewriter.cpp | 13 +- 95 files changed, 1172 insertions(+), 1112 deletions(-) diff --git a/.clang-format b/.clang-format index c212e29ad8..a5ade1b623 100644 --- a/.clang-format +++ b/.clang-format @@ -1,6 +1,7 @@ BasedOnStyle: LLVM ColumnLimit: 0 +AllowShortBlocksOnASingleLine: Always AlwaysBreakBeforeMultilineStrings: true BreakStringLiterals: false CommentPragmas: '^RUN: ' diff --git a/examples/video_player/include/video_decoder.h b/examples/video_player/include/video_decoder.h index 4df2633a95..64dc553b19 100644 --- a/examples/video_player/include/video_decoder.h +++ b/examples/video_player/include/video_decoder.h @@ -9,7 +9,7 @@ struct video_decoder; -typedef void (*video_decoder_frame_callback_t)(AVFrame*, void*); +typedef void (*video_decoder_frame_callback_t)(AVFrame *, void *); struct video_decoder *video_decoder_init(const char *file_data, size_t file_size); diff --git a/examples/video_player/video_player.c b/examples/video_player/video_player.c index c4e31654cd..186649b30c 100644 --- a/examples/video_player/video_player.c +++ b/examples/video_player/video_player.c @@ -34,14 +34,56 @@ static uint8_t *y_plane, *u_plane, *v_plane; /* The secrets */ static uint8_t KEY[32] = { - 0x45, 0x33, 0xCC, 0xB5, 0xEA, 0xB4, 0x10, 0xCC, - 0x03, 0x88, 0xA8, 0x3D, 0x5F, 0x93, 0x82, 0x09, - 0x19, 0xC5, 0x6F, 0xF3, 0x30, 0x7C, 0xF6, 0xF6, - 0x72, 0x42, 0x69, 0xF1, 0x9A, 0xE5, 0xE7, 0x0C, + 0x45, + 0x33, + 0xCC, + 0xB5, + 0xEA, + 0xB4, + 0x10, + 0xCC, + 0x03, + 0x88, + 0xA8, + 0x3D, + 0x5F, + 0x93, + 0x82, + 0x09, + 0x19, + 0xC5, + 0x6F, + 0xF3, + 0x30, + 0x7C, + 0xF6, + 0xF6, + 0x72, + 0x42, + 0x69, + 0xF1, + 0x9A, + 0xE5, + 0xE7, + 0x0C, }; static uint8_t IV[16] = { - 0xB9, 0x1D, 0x41, 0xF4, 0xEA, 0xBF, 0xB9, 0xE8, - 0x63, 0xC1, 0x6B, 0xAF, 0xE5, 0x14, 0x5C, 0x7E, + 0xB9, + 0x1D, + 0x41, + 0xF4, + 0xEA, + 0xBF, + 0xB9, + 0xE8, + 0x63, + 0xC1, + 0x6B, + 0xAF, + 0xE5, + 0x14, + 0x5C, + 0x7E, }; void init_sdl(void) { diff --git a/misc/test_runner/test_runner.c b/misc/test_runner/test_runner.c index 575c4bf8b1..9736c787f2 100644 --- a/misc/test_runner/test_runner.c +++ b/misc/test_runner/test_runner.c @@ -88,7 +88,7 @@ int main() { // Reverse tests, as the `__attribute__((constructor))` approach with a linked list makes them backwards. size_t i = 0; for (struct fake_criterion_test *test_info = fake_criterion_tests; test_info; test_info = test_info->next) { - i++; + i++; } const size_t num_tests = i; struct fake_criterion_test tests[num_tests]; diff --git a/runtime/libia2/exit.c b/runtime/libia2/exit.c index f8eb116ece..5b711085f6 100644 --- a/runtime/libia2/exit.c +++ b/runtime/libia2/exit.c @@ -1,8 +1,7 @@ #include "ia2.h" #include -__attribute__((used)) -static void call_libc_exit(int status) { +__attribute__((used)) static void call_libc_exit(int status) { void (*exit_ptr)(int) = dlsym(RTLD_NEXT, "exit"); if (!exit_ptr) { printf("Could not find exit(3) in the next DSO\n"); diff --git a/runtime/libia2/ia2.c b/runtime/libia2/ia2.c index 246811b79b..fec7d9c6fb 100644 --- a/runtime/libia2/ia2.c +++ b/runtime/libia2/ia2.c @@ -5,8 +5,8 @@ #include #include -#include "ia2_internal.h" #include "ia2.h" +#include "ia2_internal.h" #if defined(__x86_64__) @@ -84,67 +84,114 @@ size_t ia2_get_tag(void) __attribute__((alias("ia2_get_pkey"))); #elif defined(__aarch64__) size_t ia2_get_x18(void) { - size_t x18; - asm("mov %0, x18" : "=r"(x18)); - return x18 >> 56; + size_t x18; + asm("mov %0, x18" : "=r"(x18)); + return x18 >> 56; } size_t ia2_get_tag(void) __attribute__((alias("ia2_get_x18"))); // TODO: insert_tag could probably be cleaned up a bit, but I'm not sure if the // generated code could be simplified since addg encodes the tag as an imm field #define _addg(out_ptr, in_ptr, tag) \ - asm("addg %0, %1, #0, %2" : "=r"(out_ptr) : "r"(in_ptr), "i"(tag)); \ + asm("addg %0, %1, #0, %2" : "=r"(out_ptr) : "r"(in_ptr), "i"(tag)); #define insert_tag(ptr, tag) \ - ({ \ - uint64_t _res; \ - switch (tag) { \ - case 0: { _addg(_res, ptr, 0); break; } \ - case 1: { _addg(_res, ptr, 1); break; } \ - case 2: { _addg(_res, ptr, 2); break; } \ - case 3: { _addg(_res, ptr, 3); break; } \ - case 4: { _addg(_res, ptr, 4); break; } \ - case 5: { _addg(_res, ptr, 5); break; } \ - case 6: { _addg(_res, ptr, 6); break; } \ - case 7: { _addg(_res, ptr, 7); break; } \ - case 8: { _addg(_res, ptr, 8); break; } \ - case 9: { _addg(_res, ptr, 9); break; } \ - case 10: { _addg(_res, ptr, 10); break; } \ - case 11: { _addg(_res, ptr, 11); break; } \ - case 12: { _addg(_res, ptr, 12); break; } \ - case 13: { _addg(_res, ptr, 13); break; } \ - case 14: { _addg(_res, ptr, 14); break; } \ - case 15: { _addg(_res, ptr, 15); break; } \ - } \ - _res; \ - }) - + ({ \ + uint64_t _res; \ + switch (tag) { \ + case 0: { \ + _addg(_res, ptr, 0); \ + break; \ + } \ + case 1: { \ + _addg(_res, ptr, 1); \ + break; \ + } \ + case 2: { \ + _addg(_res, ptr, 2); \ + break; \ + } \ + case 3: { \ + _addg(_res, ptr, 3); \ + break; \ + } \ + case 4: { \ + _addg(_res, ptr, 4); \ + break; \ + } \ + case 5: { \ + _addg(_res, ptr, 5); \ + break; \ + } \ + case 6: { \ + _addg(_res, ptr, 6); \ + break; \ + } \ + case 7: { \ + _addg(_res, ptr, 7); \ + break; \ + } \ + case 8: { \ + _addg(_res, ptr, 8); \ + break; \ + } \ + case 9: { \ + _addg(_res, ptr, 9); \ + break; \ + } \ + case 10: { \ + _addg(_res, ptr, 10); \ + break; \ + } \ + case 11: { \ + _addg(_res, ptr, 11); \ + break; \ + } \ + case 12: { \ + _addg(_res, ptr, 12); \ + break; \ + } \ + case 13: { \ + _addg(_res, ptr, 13); \ + break; \ + } \ + case 14: { \ + _addg(_res, ptr, 14); \ + break; \ + } \ + case 15: { \ + _addg(_res, ptr, 15); \ + break; \ + } \ + } \ + _res; \ + }) #define set_tag(tagged_ptr) \ - asm volatile("st2g %0, [%0]" :: "r"(tagged_ptr) : "memory"); + asm volatile("st2g %0, [%0]" ::"r"(tagged_ptr) : "memory"); int ia2_mprotect_with_tag(void *addr, size_t len, int prot, int tag) { - int res = mprotect(addr, len, prot | PROT_MTE); - if (res != 0) { - /* Skip memory tagging if mprotect returned an error */ - printf("mprotect failed with %d\n", res); - return res; + int res = mprotect(addr, len, prot | PROT_MTE); + if (res != 0) { + /* Skip memory tagging if mprotect returned an error */ + printf("mprotect failed with %d\n", res); + return res; + } + /* Protect each page */ + assert((len % PAGE_SIZE) == 0); + for (int page = 0; page < len / PAGE_SIZE; page++) { + char *page_base = addr + page * PAGE_SIZE; + /* Assuming we're using st2g. stgm is undefined at EL0 so it's not an option */ + const int granule_sz = 32; + const int granules_per_page = PAGE_SIZE / 32; + /* Protect each granule in the page */ + for (int granule = 0; granule < granules_per_page; granule++) { + // TODO: It may be possible to simplify this to be more efficient using the addg imm offset + uint64_t tagged_ptr = insert_tag((uint64_t)page_base + (granule * granule_sz), tag); + set_tag(tagged_ptr); } - /* Protect each page */ - assert((len % PAGE_SIZE) == 0); - for(int page = 0; page < len / PAGE_SIZE; page++) { - char* page_base = addr + page * PAGE_SIZE; - /* Assuming we're using st2g. stgm is undefined at EL0 so it's not an option */ - const int granule_sz = 32; - const int granules_per_page = PAGE_SIZE / 32; - /* Protect each granule in the page */ - for (int granule = 0; granule < granules_per_page; granule++) { - // TODO: It may be possible to simplify this to be more efficient using the addg imm offset - uint64_t tagged_ptr = insert_tag((uint64_t)page_base + (granule * granule_sz), tag); - set_tag(tagged_ptr); - } - } - return 0; + } + return 0; } #endif @@ -314,9 +361,10 @@ int protect_tls_pages(struct dl_phdr_info *info, size_t size, void *data) { uint64_t after_untrusted_region_start = untrusted_stackptr_addr + 0x1000; uint64_t after_untrusted_region_len = end - after_untrusted_region_start; if (after_untrusted_region_len > 0) { - int mprotect_err = ia2_mprotect_with_tag((void *)after_untrusted_region_start, - after_untrusted_region_len, - PROT_READ | PROT_WRITE, search_args->pkey); + int mprotect_err = ia2_mprotect_with_tag( + (void *)after_untrusted_region_start, + after_untrusted_region_len, + PROT_READ | PROT_WRITE, search_args->pkey); if (mprotect_err != 0) { printf("ia2_mprotect_with_tag failed: %s\n", strerror(errno)); exit(-1); @@ -324,8 +372,9 @@ int protect_tls_pages(struct dl_phdr_info *info, size_t size, void *data) { } } else { int mprotect_err = - ia2_mprotect_with_tag((void *)start_round_down, len_round_up, - PROT_READ | PROT_WRITE, search_args->pkey); + ia2_mprotect_with_tag( + (void *)start_round_down, len_round_up, + PROT_READ | PROT_WRITE, search_args->pkey); if (mprotect_err != 0) { printf("ia2_mprotect_with_tag failed: %s\n", strerror(errno)); exit(-1); @@ -490,8 +539,9 @@ int protect_pages(struct dl_phdr_info *info, size_t size, void *data) { } // TODO: Inline ia2_mprotect_with_tag call and make sure the pkey is in a // register here so we can disallow calls to the libc function - int mprotect_err = ia2_mprotect_with_tag((void *)start, cur_end - start, - access_flags, (int)cur_pkey); + int mprotect_err = ia2_mprotect_with_tag( + (void *)start, cur_end - start, + access_flags, (int)cur_pkey); if (mprotect_err != 0) { printf("ia2_mprotect_with_tag failed: %s\n", strerror(errno)); exit(-1); diff --git a/runtime/libia2/include/ia2.h b/runtime/libia2/include/ia2.h index bc53eb5def..863dd1b672 100644 --- a/runtime/libia2/include/ia2.h +++ b/runtime/libia2/include/ia2.h @@ -26,8 +26,8 @@ /// Any functions declared between this macro and IA2_END_NO_WRAP will not be /// wrapped by the rewriter and any calls to these functions and function /// pointers will execute in the caller's compartment. -#define IA2_BEGIN_NO_WRAP \ - _Pragma( \ +#define IA2_BEGIN_NO_WRAP \ + _Pragma( \ "clang attribute push(__attribute__((annotate(\"ia2_skip_wrap\"))), apply_to = hasType(functionType))"); #define IA2_END_NO_WRAP _Pragma("clang attribute pop"); @@ -46,7 +46,7 @@ #define IA2_AS_PTR(opaque) opaque #define IA2_FN(func) func #define IA2_CALL(opaque, id, ...) opaque(__VA_ARGS__) -#define IA2_CAST(func, ty) (ty) (void *) func +#define IA2_CAST(func, ty) (ty)(void *) func #else #define IA2_DEFINE_WRAPPER(func) IA2_DEFINE_WRAPPER_##func #define IA2_SIGHANDLER(func) ia2_sighandler_##func @@ -59,8 +59,8 @@ /// /// Creates a new function with `ia2_sighandler_` prepended to the given /// function name which should be registered with sigaction(). -#define IA2_DEFINE_SIGACTION(function, pkey) \ - void ia2_sighandler_##function(int, siginfo_t *, void *); \ +#define IA2_DEFINE_SIGACTION(function, pkey) \ + void ia2_sighandler_##function(int, siginfo_t *, void *); \ _IA2_DEFINE_SIGNAL_HANDLER(function, pkey) /// Create a wrapped signal handler for `sa_handler` @@ -72,8 +72,8 @@ /// /// Creates a new function with `ia2_sighandler_` prepended to the given /// function name which should be registered with sigaction(). -#define IA2_DEFINE_SIGHANDLER(function, pkey) \ - void ia2_sighandler_##function(int); \ +#define IA2_DEFINE_SIGHANDLER(function, pkey) \ + void ia2_sighandler_##function(int); \ _IA2_DEFINE_SIGNAL_HANDLER(function, pkey) /// Initialize the IA2 runtime, must only be invoked once per in a process @@ -131,7 +131,7 @@ #define IA2_AS_PTR(opaque) (opaque).ptr /// Get an IA2 opaque function pointer for the wrapped version of `func` -#define IA2_FN(func) \ +#define IA2_FN(func) \ (typeof(__ia2_##func)) { (void *)&__ia2_##func } /// Call an IA2 opaque function pointer, which should be in target compartment @@ -144,7 +144,8 @@ /// parameter. Note that it is the user's responsibility to ensure that `ty` and /// the type of `IA2_FN(func)` are ABI-compatible since no extra type-checking is /// done. -#define IA2_CAST(func, ty) (ty) { (void *)IA2_FN_ADDR(func) } +#define IA2_CAST(func, ty) \ + (ty) { (void *)IA2_FN_ADDR(func) } #endif // !IA2_ENABLE /// Convert a compartment pkey to a PKRU register value diff --git a/runtime/libia2/include/ia2_internal.h b/runtime/libia2/include/ia2_internal.h index 43e27ef7c4..4cb6f3b6ac 100644 --- a/runtime/libia2/include/ia2_internal.h +++ b/runtime/libia2/include/ia2_internal.h @@ -34,8 +34,8 @@ struct dl_phdr_info; /* Supress unused warning */ #define __IA2_UNUSED __attribute__((__unused__)) -#define __IA2_CALL(opaque, id, pkey, ...) \ - ({ \ +#define __IA2_CALL(opaque, id, pkey, ...) \ + ({ \ ((IA2_TYPE_##id) & __ia2_indirect_callgate_##id##_pkey_##pkey)(opaque.ptr, ##__VA_ARGS__); \ }) #define _IA2_CALL(opaque, id, pkey, ...) __IA2_CALL(opaque, id, pkey, ##__VA_ARGS__) @@ -75,8 +75,8 @@ struct dl_phdr_info; #define REPEATB15(fn, basefn, ...) fn(15, ##__VA_ARGS__) REPEATB14(fn, basefn, ##__VA_ARGS__) /* clang-format on */ -/* - * REPEATB(n, fn, basefn, ...) +/* + * REPEATB(n, fn, basefn, ...) * REPEATB_REV(n, basefn, fn, ...) * * Macro to repeatedly apply a function or function-like macro `fn` a given @@ -198,7 +198,7 @@ asm(".macro movz_shifted_tag_x18 tag\n" #define PTRS_PER_PAGE (PAGE_SIZE / sizeof(void *)) #define IA2_MAX_THREADS (PTRS_PER_PAGE) -#define IA2_ROUND_DOWN(x, y) ((x) & ~((y)-1)) +#define IA2_ROUND_DOWN(x, y) ((x) & ~((y) - 1)) #if defined(__x86_64__) /* clang-format can't handle inline asm in macros */ @@ -254,53 +254,47 @@ asm(".macro movz_shifted_tag_x18 tag\n" /* clang-format on */ #elif defined(__aarch64__) #warning "ALLOCATE_COMPARTMENT_STACK_AND_SETUP_TLS does not do stackptr reinit checking" -#define ALLOCATE_COMPARTMENT_STACK_AND_SETUP_TLS(i) \ - { \ - __IA2_UNUSED extern __thread void *ia2_stackptr_##i; \ - \ - register void *stack asm("x0") = allocate_stack(i); \ - __asm__ volatile( \ - "movz_shifted_tag_x18 " #i "\n" \ - /* save old stack pointer */ \ - "mov x9, sp\n" \ - /* switch to newly allocated stack */ \ - "mov sp, %0\n" \ - /* push old stack pointer to new stack */ \ - "str x9, [sp], #-8\n" \ - /* initialize TLS */ \ - "bl init_tls_" #i "\n" \ - /* pop old stack pointer from new stack */ \ - "ldr x9, [sp, #8]!\n" \ - /* save pointer to new stack */ \ - "mov x10, sp\n" \ - /* switch to old stack */ \ - "mov sp, x9\n" \ - /* calculate location to save addr of newly allocated stack */ \ - "mrs x12, tpidr_el0\n" \ - "adrp x11, :gottprel:ia2_stackptr_" #i "\n" \ - "ldr x11, [x11, #:gottprel_lo12:ia2_stackptr_" #i "]\n" \ - "add x11, x11, x12\n" \ - "orr x11, x11, x18\n" \ - /* write newly allocated stack to ia2_stackptr_i */ \ - "str x10, [x11]\n" \ - : \ - : "r"(stack) \ - : "x9", "x10", "x11", "x12", "x19" \ - ); \ +#define ALLOCATE_COMPARTMENT_STACK_AND_SETUP_TLS(i) \ + { \ + __IA2_UNUSED extern __thread void *ia2_stackptr_##i; \ + \ + register void *stack asm("x0") = allocate_stack(i); \ + __asm__ volatile( \ + "movz_shifted_tag_x18 " #i \ + "\n" /* save old stack pointer */ \ + "mov x9, sp\n" /* switch to newly allocated stack */ \ + "mov sp, %0\n" /* push old stack pointer to new stack */ \ + "str x9, [sp], #-8\n" /* initialize TLS */ \ + "bl init_tls_" #i \ + "\n" /* pop old stack pointer from new stack */ \ + "ldr x9, [sp, #8]!\n" /* save pointer to new stack */ \ + "mov x10, sp\n" /* switch to old stack */ \ + "mov sp, x9\n" /* calculate location to save addr of newly allocated stack */ \ + "mrs x12, tpidr_el0\n" \ + "adrp x11, :gottprel:ia2_stackptr_" #i \ + "\n" \ + "ldr x11, [x11, #:gottprel_lo12:ia2_stackptr_" #i \ + "]\n" \ + "add x11, x11, x12\n" \ + "orr x11, x11, x18\n" /* write newly allocated stack to ia2_stackptr_i */ \ + "str x10, [x11]\n" \ + : \ + : "r"(stack) \ + : "x9", "x10", "x11", "x12", "x19"); \ } #endif #if defined(__x86_64__) -#define return_stackptr_if_compartment(compartment) \ - if (pkru == PKRU(compartment)) { \ - register void *out asm("rax"); \ - __asm__ volatile( \ - "mov %%fs:(0), %%rax\n" \ - "addq ia2_stackptr_" #compartment "@GOTTPOFF(%%rip), %%rax\n" \ - : "=a"(out) \ - : \ - :); \ - return out; \ +#define return_stackptr_if_compartment(compartment) \ + if (pkru == PKRU(compartment)) { \ + register void *out asm("rax"); \ + __asm__ volatile( \ + "mov %%fs:(0), %%rax\n" \ + "addq ia2_stackptr_" #compartment "@GOTTPOFF(%%rip), %%rax\n" \ + : "=a"(out) \ + : \ + :); \ + return out; \ } #elif defined(__aarch64__) #warning "libia2 does not implement return_stackptr_if_compartment yet" @@ -316,7 +310,7 @@ works as a reasonable signpost no-op. */ #define declare_init_tls_fn(n) __attribute__((visibility("default"))) void init_tls_##n(void); #define setup_destructors_for_compartment(n) \ - __attribute__((visibility("default"))) void ia2_setup_destructors_##n(void); \ + __attribute__((visibility("default"))) void ia2_setup_destructors_##n(void); \ ia2_setup_destructors_##n(); #if defined(__aarch64__) @@ -408,32 +402,32 @@ __attribute__((__noreturn__)) void ia2_reinit_stack_err(int i); #endif /* clang-format on */ -#define _IA2_INIT_RUNTIME(n) \ - __attribute__((visibility("default"))) int ia2_n_pkeys_to_alloc = n; \ - __attribute__((visibility("default"))) __thread void *ia2_stackptr_0[PAGE_SIZE / sizeof(void *)] \ - __attribute__((aligned(4096))); \ - \ - REPEATB(n, declare_init_tls_fn, nop_macro); \ - \ - /* Returns `&ia2_stackptr_N` given a pkru value for the Nth compartment. */ \ - __attribute__((visibility("default"))) void **ia2_stackptr_for_pkru(uint32_t pkru) { \ - REPEATB(n, return_stackptr_if_compartment, \ - return_stackptr_if_compartment); \ - return NULL; \ - } \ - \ - __attribute__((visibility("default"))) __attribute__((weak)) void init_stacks_and_setup_tls(void) { \ - verify_tls_padding(); \ +#define _IA2_INIT_RUNTIME(n) \ + __attribute__((visibility("default"))) int ia2_n_pkeys_to_alloc = n; \ + __attribute__((visibility("default"))) __thread void *ia2_stackptr_0[PAGE_SIZE / sizeof(void *)] \ + __attribute__((aligned(4096))); \ + \ + REPEATB(n, declare_init_tls_fn, nop_macro); \ + \ + /* Returns `&ia2_stackptr_N` given a pkru value for the Nth compartment. */ \ + __attribute__((visibility("default"))) void **ia2_stackptr_for_pkru(uint32_t pkru) { \ + REPEATB(n, return_stackptr_if_compartment, \ + return_stackptr_if_compartment); \ + return NULL; \ + } \ + \ + __attribute__((visibility("default"))) __attribute__((weak)) void init_stacks_and_setup_tls(void) { \ + verify_tls_padding(); \ COMPARTMENT_SAVE_AND_RESTORE(REPEATB(n, ALLOCATE_COMPARTMENT_STACK_AND_SETUP_TLS, nop_macro), n); \ - /* allocate an unprotected stack for the untrusted compartment */ \ - allocate_stack_0(); \ - } \ - \ - __attribute__((constructor)) static void ia2_init(void) { \ - /* Set up global resources. */ \ - ia2_set_up_tags(&ia2_n_pkeys_to_alloc); \ - /* Initialize stacks for the main thread/ */ \ - init_stacks_and_setup_tls(); \ - REPEATB##n(setup_destructors_for_compartment, nop_macro); \ - mark_init_finished(); \ + /* allocate an unprotected stack for the untrusted compartment */ \ + allocate_stack_0(); \ + } \ + \ + __attribute__((constructor)) static void ia2_init(void) { \ + /* Set up global resources. */ \ + ia2_set_up_tags(&ia2_n_pkeys_to_alloc); \ + /* Initialize stacks for the main thread/ */ \ + init_stacks_and_setup_tls(); \ + REPEATB##n(setup_destructors_for_compartment, nop_macro); \ + mark_init_finished(); \ } diff --git a/runtime/libia2/include/permissive_mode.h b/runtime/libia2/include/permissive_mode.h index fad90769c5..ca4c267323 100644 --- a/runtime/libia2/include/permissive_mode.h +++ b/runtime/libia2/include/permissive_mode.h @@ -23,7 +23,7 @@ * Section 13.1). */ #define XFEATURE_PKRU 9 -#define XFEATURE_MASK_PKRU (1 << XFEATURE_PKRU) +#define XFEATURE_MASK_PKRU (1 << XFEATURE_PKRU) /* * Offset of the XSAVE header in bytes from the XSAVE area base (Intel SDM @@ -353,7 +353,7 @@ void print_address(FILE *log, char *identifier, void *addr) { addr); } } else { - fprintf(log, "%s: %p, ", identifier, addr); + fprintf(log, "%s: %p, ", identifier, addr); } } diff --git a/runtime/partition-alloc/src/allocator_shim_default_dispatch_to_partition_alloc.cc b/runtime/partition-alloc/src/allocator_shim_default_dispatch_to_partition_alloc.cc index d1af45ff1e..d35336f206 100644 --- a/runtime/partition-alloc/src/allocator_shim_default_dispatch_to_partition_alloc.cc +++ b/runtime/partition-alloc/src/allocator_shim_default_dispatch_to_partition_alloc.cc @@ -40,8 +40,8 @@ using allocator_shim::AllocatorDispatch; namespace { class SimpleScopedSpinLocker { - public: - explicit SimpleScopedSpinLocker(std::atomic& lock) : lock_(lock) { +public: + explicit SimpleScopedSpinLocker(std::atomic &lock) : lock_(lock) { // Lock. Semantically equivalent to base::Lock::Acquire(). bool expected = false; // Weak CAS since we are in a retry loop, relaxed ordering for failure since @@ -56,8 +56,8 @@ class SimpleScopedSpinLocker { ~SimpleScopedSpinLocker() { lock_.store(false, std::memory_order_release); } - private: - std::atomic& lock_; +private: + std::atomic &lock_; }; // We can't use a "static local" or a base::LazyInstance, as: @@ -69,11 +69,11 @@ class SimpleScopedSpinLocker { // Nevertheless, this provides essentially the same thing. template class LeakySingleton { - public: +public: constexpr LeakySingleton() = default; - PA_ALWAYS_INLINE T* Get() { - auto* instance = instance_.load(std::memory_order_acquire); + PA_ALWAYS_INLINE T *Get() { + auto *instance = instance_.load(std::memory_order_acquire); if (PA_LIKELY(instance)) { return instance; } @@ -82,7 +82,7 @@ class LeakySingleton { } // Replaces the instance pointer with a new one. - void Replace(T* new_instance) { + void Replace(T *new_instance) { SimpleScopedSpinLocker scoped_lock{initialization_lock_}; // Modify under the lock to avoid race between |if (instance)| and @@ -90,10 +90,10 @@ class LeakySingleton { instance_.store(new_instance, std::memory_order_release); } - private: - T* GetSlowPath(); +private: + T *GetSlowPath(); - std::atomic instance_; + std::atomic instance_; // Before C++20, having an initializer here causes a "variable does not have a // constant initializer" error. In C++20, omitting it causes a similar error. // Presumably this is due to the C++20 changes to make atomic initialization @@ -109,7 +109,7 @@ class LeakySingleton { }; template -T* LeakySingleton::GetSlowPath() { +T *LeakySingleton::GetSlowPath() { // The instance has not been set, the proper way to proceed (correct // double-checked locking) is: // @@ -129,21 +129,21 @@ T* LeakySingleton::GetSlowPath() { // guarantees. SimpleScopedSpinLocker scoped_lock{initialization_lock_}; - T* instance = instance_.load(std::memory_order_relaxed); + T *instance = instance_.load(std::memory_order_relaxed); // Someone beat us. if (instance) { return instance; } - instance = Constructor::New(reinterpret_cast(instance_buffer_)); + instance = Constructor::New(reinterpret_cast(instance_buffer_)); instance_.store(instance, std::memory_order_release); return instance; } class MainPartitionConstructor { - public: - static partition_alloc::PartitionRoot* New(void* buffer) { +public: + static partition_alloc::PartitionRoot *New(void *buffer) { size_t pkey = ::ia2_get_pkey(); auto *new_root = new (buffer) partition_alloc::PartitionRoot(partition_alloc::PartitionOptions{ @@ -162,8 +162,8 @@ LeakySingleton g_root[partition_alloc::internal::kNumCompartments - 1] PA_CONSTINIT = {}; class SharedPartitionConstructor { - public: - static partition_alloc::PartitionRoot* New(void* buffer) { +public: + static partition_alloc::PartitionRoot *New(void *buffer) { auto *new_root = new (buffer) partition_alloc::PartitionRoot(partition_alloc::PartitionOptions{ .aligned_alloc = @@ -200,7 +200,7 @@ partition_alloc::PartitionRoot *SharedAllocator() { return g_shared_root.Get(); } -void* AllocateAlignedMemory(size_t alignment, size_t size) { +void *AllocateAlignedMemory(size_t alignment, size_t size) { // Memory returned by the regular allocator *always* respects |kAlignment|, // which is a power of two, and any valid alignment is also a power of two. So // we can directly fulfill these requests with the main allocator. @@ -232,48 +232,48 @@ void* AllocateAlignedMemory(size_t alignment, size_t size) { size); } -} // namespace +} // namespace namespace allocator_shim::internal { -void* PartitionMalloc(const AllocatorDispatch*, size_t size, void* context) { +void *PartitionMalloc(const AllocatorDispatch *, size_t size, void *context) { partition_alloc::ScopedDisallowAllocations guard{}; return Allocator()->AllocInline(size); } -void* PartitionMallocUnchecked(const AllocatorDispatch*, +void *PartitionMallocUnchecked(const AllocatorDispatch *, size_t size, - void* context) { + void *context) { partition_alloc::ScopedDisallowAllocations guard{}; return Allocator() - ->AllocInline(size); + ->AllocInline < partition_alloc::AllocFlags::kReturnNull | + partition_alloc::AllocFlags::kNoHooks > (size); } -void* PartitionCalloc(const AllocatorDispatch*, +void *PartitionCalloc(const AllocatorDispatch *, size_t n, size_t size, - void* context) { + void *context) { partition_alloc::ScopedDisallowAllocations guard{}; const size_t total = partition_alloc::internal::base::CheckMul(n, size).ValueOrDie(); return Allocator() - ->AllocInline(total); + ->AllocInline < partition_alloc::AllocFlags::kZeroFill | + partition_alloc::AllocFlags::kNoHooks > (total); } -void* PartitionMemalign(const AllocatorDispatch*, +void *PartitionMemalign(const AllocatorDispatch *, size_t alignment, size_t size, - void* context) { + void *context) { partition_alloc::ScopedDisallowAllocations guard{}; return AllocateAlignedMemory(alignment, size); } -void* PartitionAlignedAlloc(const AllocatorDispatch* dispatch, +void *PartitionAlignedAlloc(const AllocatorDispatch *dispatch, size_t size, size_t alignment, - void* context) { + void *context) { partition_alloc::ScopedDisallowAllocations guard{}; return AllocateAlignedMemory(alignment, size); } @@ -285,13 +285,13 @@ void* PartitionAlignedAlloc(const AllocatorDispatch* dispatch, // block. // TODO(tasak): Implement PartitionRoot::AlignedReallocWithFlags // and use it. -void* PartitionAlignedRealloc(const AllocatorDispatch* dispatch, - void* address, +void *PartitionAlignedRealloc(const AllocatorDispatch *dispatch, + void *address, size_t size, size_t alignment, - void* context) { + void *context) { partition_alloc::ScopedDisallowAllocations guard{}; - void* new_ptr = nullptr; + void *new_ptr = nullptr; if (size > 0) { new_ptr = AllocateAlignedMemory(alignment, size); } else { @@ -318,10 +318,10 @@ void* PartitionAlignedRealloc(const AllocatorDispatch* dispatch, return new_ptr; } -void* PartitionRealloc(const AllocatorDispatch*, - void* address, +void *PartitionRealloc(const AllocatorDispatch *, + void *address, size_t size, - void* context) { + void *context) { partition_alloc::ScopedDisallowAllocations guard{}; #if BUILDFLAG(IS_APPLE) if (PA_UNLIKELY(!partition_alloc::IsManagedByPartitionAlloc( @@ -332,7 +332,7 @@ void* PartitionRealloc(const AllocatorDispatch*, // dispatching so that it appropriately selects the right zone. return realloc(address, size); } -#endif // BUILDFLAG(IS_APPLE) +#endif // BUILDFLAG(IS_APPLE) return Allocator()->Realloc(address, size, ""); @@ -340,11 +340,11 @@ void* PartitionRealloc(const AllocatorDispatch*, #if BUILDFLAG(PA_IS_CAST_ANDROID) extern "C" { -void __real_free(void*); -} // extern "C" -#endif // BUILDFLAG(PA_IS_CAST_ANDROID) +void __real_free(void *); +} // extern "C" +#endif // BUILDFLAG(PA_IS_CAST_ANDROID) -void PartitionFree(const AllocatorDispatch*, void* object, void* context) { +void PartitionFree(const AllocatorDispatch *, void *object, void *context) { partition_alloc::ScopedDisallowAllocations guard{}; #if BUILDFLAG(IS_APPLE) // TODO(bartekn): Add MTE unmasking here (and below). @@ -356,7 +356,7 @@ void PartitionFree(const AllocatorDispatch*, void* object, void* context) { // dispatching so that it appropriately selects the right zone. return free(object); } -#endif // BUILDFLAG(IS_APPLE) +#endif // BUILDFLAG(IS_APPLE) // On Android Chromecast devices, there is at least one case where a system // malloc() pointer can be passed to PartitionAlloc's free(). If we don't own @@ -371,7 +371,7 @@ void PartitionFree(const AllocatorDispatch*, void* object, void* context) { // here. return __real_free(object); } -#endif // BUILDFLAG(PA_IS_CAST_ANDROID) +#endif // BUILDFLAG(PA_IS_CAST_ANDROID) partition_alloc::PartitionRoot::FreeInlineInUnknownRoot< partition_alloc::FreeFlags::kNoHooks>(object); @@ -384,22 +384,21 @@ void PartitionFree(const AllocatorDispatch*, void* object, void* context) { // // So we don't need to re-check that the pointer is owned in Free(), and we // can use the size. -void PartitionFreeDefiniteSize(const AllocatorDispatch*, - void* address, +void PartitionFreeDefiniteSize(const AllocatorDispatch *, + void *address, size_t size, - void* context) { + void *context) { partition_alloc::ScopedDisallowAllocations guard{}; // TODO(lizeb): Optimize PartitionAlloc to use the size information. This is // still useful though, as we avoid double-checking that the address is owned. partition_alloc::PartitionRoot::FreeInlineInUnknownRoot< partition_alloc::FreeFlags::kNoHooks>(address); } -#endif // BUILDFLAG(IS_APPLE) +#endif // BUILDFLAG(IS_APPLE) - -size_t PartitionGetSizeEstimate(const AllocatorDispatch*, - void* address, - void* context) { +size_t PartitionGetSizeEstimate(const AllocatorDispatch *, + void *address, + void *context) { // This is used to implement malloc_usable_size(3). Per its man page, "if ptr // is NULL, 0 is returned". if (!address) { @@ -414,7 +413,7 @@ size_t PartitionGetSizeEstimate(const AllocatorDispatch*, // belong to this malloc zone. return 0; } -#endif // BUILDFLAG(IS_APPLE) +#endif // BUILDFLAG(IS_APPLE) // TODO(lizeb): Returns incorrect values for aligned allocations. const size_t size = @@ -425,24 +424,24 @@ size_t PartitionGetSizeEstimate(const AllocatorDispatch*, // So, this function must not return zero so that the malloc zone dispatcher // finds the appropriate malloc zone. PA_DCHECK(size); -#endif // BUILDFLAG(IS_APPLE) +#endif // BUILDFLAG(IS_APPLE) return size; } #if BUILDFLAG(IS_APPLE) -bool PartitionClaimedAddress(const AllocatorDispatch*, - void* address, - void* context) { +bool PartitionClaimedAddress(const AllocatorDispatch *, + void *address, + void *context) { return partition_alloc::IsManagedByPartitionAlloc( reinterpret_cast(address)); } -#endif // BUILDFLAG(IS_APPLE) +#endif // BUILDFLAG(IS_APPLE) -unsigned PartitionBatchMalloc(const AllocatorDispatch*, +unsigned PartitionBatchMalloc(const AllocatorDispatch *, size_t size, - void** results, + void **results, unsigned num_requested, - void* context) { + void *context) { // No real batching: we could only acquire the lock once for instance, keep it // simple for now. for (unsigned i = 0; i < num_requested; i++) { @@ -454,10 +453,10 @@ unsigned PartitionBatchMalloc(const AllocatorDispatch*, return num_requested; } -void PartitionBatchFree(const AllocatorDispatch*, - void** to_be_freed, +void PartitionBatchFree(const AllocatorDispatch *, + void **to_be_freed, unsigned num_to_be_freed, - void* context) { + void *context) { // No real batching: we could only acquire the lock once for instance, keep it // simple for now. for (unsigned i = 0; i < num_to_be_freed; i++) { @@ -466,9 +465,9 @@ void PartitionBatchFree(const AllocatorDispatch*, } #if BUILDFLAG(IS_APPLE) -void PartitionTryFreeDefault(const AllocatorDispatch*, - void* address, - void* context) { +void PartitionTryFreeDefault(const AllocatorDispatch *, + void *address, + void *context) { partition_alloc::ScopedDisallowAllocations guard{}; if (PA_UNLIKELY(!partition_alloc::IsManagedByPartitionAlloc( @@ -481,7 +480,7 @@ void PartitionTryFreeDefault(const AllocatorDispatch*, partition_alloc::PartitionRoot::FreeInlineInUnknownRoot< partition_alloc::FreeFlags::kNoHooks>(address); } -#endif // BUILDFLAG(IS_APPLE) +#endif // BUILDFLAG(IS_APPLE) // static bool PartitionAllocMalloc::AllocatorConfigurationFinalized() { @@ -489,26 +488,26 @@ bool PartitionAllocMalloc::AllocatorConfigurationFinalized() { } // static -partition_alloc::PartitionRoot* PartitionAllocMalloc::Allocator() { +partition_alloc::PartitionRoot *PartitionAllocMalloc::Allocator() { return ::Allocator(); } // static -partition_alloc::PartitionRoot* PartitionAllocMalloc::OriginalAllocator() { +partition_alloc::PartitionRoot *PartitionAllocMalloc::OriginalAllocator() { return ::Allocator(); } // static -partition_alloc::PartitionRoot* PartitionAllocMalloc::AlignedAllocator() { +partition_alloc::PartitionRoot *PartitionAllocMalloc::AlignedAllocator() { return ::AlignedAllocator(); } // static -partition_alloc::PartitionRoot* PartitionAllocMalloc::SharedAllocator() { +partition_alloc::PartitionRoot *PartitionAllocMalloc::SharedAllocator() { return ::SharedAllocator(); } -} // namespace allocator_shim::internal +} // namespace allocator_shim::internal #if BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC) @@ -532,7 +531,7 @@ uint32_t GetMainPartitionRootExtrasSize() { return Allocator()->settings.extras_size; #else return 0; -#endif // PA_CONFIG(EXTRAS_REQUIRED) +#endif // PA_CONFIG(EXTRAS_REQUIRED) } #if BUILDFLAG(USE_STARSCAN) @@ -548,27 +547,27 @@ void EnablePCScan(partition_alloc::internal::PCScan::InitConfig config) { allocator_shim::NonScannableAllocator::Instance().NotifyPCScanEnabled(); allocator_shim::NonQuarantinableAllocator::Instance().NotifyPCScanEnabled(); } -#endif // BUILDFLAG(USE_STARSCAN) -} // namespace allocator_shim +#endif // BUILDFLAG(USE_STARSCAN) +} // namespace allocator_shim const AllocatorDispatch AllocatorDispatch::default_dispatch = { - &allocator_shim::internal::PartitionMalloc, // alloc_function + &allocator_shim::internal::PartitionMalloc, // alloc_function &allocator_shim::internal:: - PartitionMallocUnchecked, // alloc_unchecked_function + PartitionMallocUnchecked, // alloc_unchecked_function &allocator_shim::internal:: - PartitionCalloc, // alloc_zero_initialized_function - &allocator_shim::internal::PartitionMemalign, // alloc_aligned_function - &allocator_shim::internal::PartitionRealloc, // realloc_function - &allocator_shim::internal::PartitionFree, // free_function + PartitionCalloc, // alloc_zero_initialized_function + &allocator_shim::internal::PartitionMemalign, // alloc_aligned_function + &allocator_shim::internal::PartitionRealloc, // realloc_function + &allocator_shim::internal::PartitionFree, // free_function &allocator_shim::internal:: - PartitionGetSizeEstimate, // get_size_estimate_function + PartitionGetSizeEstimate, // get_size_estimate_function #if BUILDFLAG(IS_APPLE) - &allocator_shim::internal::PartitionClaimedAddress, // claimed_address + &allocator_shim::internal::PartitionClaimedAddress, // claimed_address #else - nullptr, // claimed_address + nullptr, // claimed_address #endif - &allocator_shim::internal::PartitionBatchMalloc, // batch_malloc_function - &allocator_shim::internal::PartitionBatchFree, // batch_free_function + &allocator_shim::internal::PartitionBatchMalloc, // batch_malloc_function + &allocator_shim::internal::PartitionBatchFree, // batch_free_function #if BUILDFLAG(IS_APPLE) // On Apple OSes, free_definite_size() is always called from free(), since // get_size_estimate() is used to determine whether an allocation belongs to @@ -578,15 +577,15 @@ const AllocatorDispatch AllocatorDispatch::default_dispatch = { // of free(). &allocator_shim::internal::PartitionTryFreeDefault, #else - nullptr, // free_definite_size_function - nullptr, // try_free_default_function + nullptr, // free_definite_size_function + nullptr, // try_free_default_function #endif &allocator_shim::internal:: - PartitionAlignedAlloc, // aligned_malloc_function + PartitionAlignedAlloc, // aligned_malloc_function &allocator_shim::internal:: - PartitionAlignedRealloc, // aligned_realloc_function - &allocator_shim::internal::PartitionFree, // aligned_free_function - nullptr, // next + PartitionAlignedRealloc, // aligned_realloc_function + &allocator_shim::internal::PartitionFree, // aligned_free_function + nullptr, // next }; // Intercept diagnostics symbols as well, even though they are not part of the @@ -604,7 +603,7 @@ SHIM_ALWAYS_EXPORT int mallopt(int cmd, int value) __THROW { return 0; } -#endif // !BUILDFLAG(IS_APPLE) && !BUILDFLAG(IS_ANDROID) +#endif // !BUILDFLAG(IS_APPLE) && !BUILDFLAG(IS_ANDROID) #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) SHIM_ALWAYS_EXPORT struct mallinfo mallinfo(void) __THROW { @@ -619,23 +618,23 @@ SHIM_ALWAYS_EXPORT struct mallinfo mallinfo(void) __THROW { } // Dump stats for nonscannable and nonquarantinable allocators. - auto& nonscannable_allocator = + auto &nonscannable_allocator = allocator_shim::NonScannableAllocator::Instance(); partition_alloc::SimplePartitionStatsDumper nonscannable_allocator_dumper; - if (auto* nonscannable_root = nonscannable_allocator.root()) { + if (auto *nonscannable_root = nonscannable_allocator.root()) { nonscannable_root->DumpStats("malloc", true, &nonscannable_allocator_dumper); } - auto& nonquarantinable_allocator = + auto &nonquarantinable_allocator = allocator_shim::NonQuarantinableAllocator::Instance(); partition_alloc::SimplePartitionStatsDumper nonquarantinable_allocator_dumper; - if (auto* nonquarantinable_root = nonquarantinable_allocator.root()) { + if (auto *nonquarantinable_root = nonquarantinable_allocator.root()) { nonquarantinable_root->DumpStats("malloc", true, &nonquarantinable_allocator_dumper); } struct mallinfo info = {0}; - info.arena = 0; // Memory *not* allocated with mmap(). + info.arena = 0; // Memory *not* allocated with mmap(). // Memory allocated with mmap(), aka virtual size. info.hblks = @@ -661,9 +660,9 @@ SHIM_ALWAYS_EXPORT struct mallinfo mallinfo(void) __THROW { return info; } -#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) +#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) -} // extern "C" +} // extern "C" #if BUILDFLAG(IS_APPLE) @@ -677,8 +676,8 @@ void InitializeDefaultAllocatorPartitionRoot() { std::ignore = Allocator(); } -} // namespace allocator_shim +} // namespace allocator_shim -#endif // BUILDFLAG(IS_APPLE) +#endif // BUILDFLAG(IS_APPLE) -#endif // BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC) +#endif // BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC) diff --git a/runtime/partition-alloc/src/get_pkey.cc b/runtime/partition-alloc/src/get_pkey.cc index 2aada8c5d4..33112171d8 100644 --- a/runtime/partition-alloc/src/get_pkey.cc +++ b/runtime/partition-alloc/src/get_pkey.cc @@ -6,14 +6,16 @@ #ifdef __x86_64__ __attribute__((__visibility__("hidden"))) -uint32_t ia2_get_pkru() { +uint32_t +ia2_get_pkru() { uint32_t pkru = 0; __asm__ volatile("rdpkru" : "=a"(pkru) : "a"(0), "d"(0), "c"(0)); return pkru; } __attribute__((__visibility__("hidden"))) -size_t ia2_get_pkey() { +size_t +ia2_get_pkey() { uint32_t pkru; __asm__("rdpkru" : "=a"(pkru) : "a"(0), "d"(0), "c"(0)); switch (pkru) { @@ -80,9 +82,10 @@ size_t ia2_get_pkey() { #ifdef __aarch64__ __attribute__((__visibility__("hidden"))) -size_t ia2_get_pkey() { - size_t x18; - asm("mov %0, x18" : "=r"(x18)); - return x18 >> 56; +size_t +ia2_get_pkey() { + size_t x18; + asm("mov %0, x18" : "=r"(x18)); + return x18 >> 56; } #endif diff --git a/runtime/partition-alloc/src/shared_allocator.cc b/runtime/partition-alloc/src/shared_allocator.cc index 0e4647c872..5969613dbe 100644 --- a/runtime/partition-alloc/src/shared_allocator.cc +++ b/runtime/partition-alloc/src/shared_allocator.cc @@ -27,8 +27,8 @@ SHIM_ALWAYS_EXPORT void *shared_calloc(size_t n, size_t size) __THROW { const size_t total = partition_alloc::internal::base::CheckMul(n, size).ValueOrDie(); return allocator_shim::internal::PartitionAllocMalloc::SharedAllocator() - ->AllocInline(total); + ->AllocInline < partition_alloc::AllocFlags::kZeroFill | + partition_alloc::AllocFlags::kNoHooks > (total); } SHIM_ALWAYS_EXPORT void *shared_memalign(size_t alignment, size_t size) __THROW { @@ -56,7 +56,7 @@ SHIM_ALWAYS_EXPORT void *shared_memalign(size_t alignment, size_t size) __THROW // TODO(bartekn): See if the compiler optimizes branches down the stack on // Mac, where PartitionPageSize() isn't constexpr. return allocator_shim::internal::PartitionAllocMalloc::SharedAllocator() - ->AllocInline(size); + ->AllocInline(size); } return allocator_shim::internal::PartitionAllocMalloc::SharedAllocator() diff --git a/runtime/tracer/seccomp_filter.h b/runtime/tracer/seccomp_filter.h index 27affd1cb0..7e62802d97 100644 --- a/runtime/tracer/seccomp_filter.h +++ b/runtime/tracer/seccomp_filter.h @@ -6,11 +6,11 @@ extern struct sock_fprog example_filter_prog; int configure_seccomp(const struct sock_fprog *prog); -#define prog_for_filter(filter_name) \ - { \ - .len = (unsigned short)(sizeof(filter_name) / \ - sizeof(filter_name[0])), \ - .filter = filter_name, \ +#define prog_for_filter(filter_name) \ + { \ + .len = (unsigned short)(sizeof(filter_name) / \ + sizeof(filter_name[0])), \ + .filter = filter_name, \ } // shorthand for an equality comparison jump of 0 (eq) or 1 (neq) followed by diff --git a/tests/abi/abi.c b/tests/abi/abi.c index 29f415e812..c8e383522f 100644 --- a/tests/abi/abi.c +++ b/tests/abi/abi.c @@ -13,13 +13,13 @@ void arg1(int x) { // LINKARGS: --wrap=foo void foo() { - cr_log_info("foo"); + cr_log_info("foo"); } // LINKARGS: --wrap=return_val int return_val() { - cr_log_info("return_val"); - return 1; + cr_log_info("return_val"); + return 1; } void arg2(int x, int y) { diff --git a/tests/abi/include/abi.h b/tests/abi/include/abi.h index 23ec850f87..f8a325df16 100644 --- a/tests/abi/include/abi.h +++ b/tests/abi/include/abi.h @@ -25,5 +25,5 @@ void arg_in_memory(struct in_memory im); struct in_memory ret_in_memory(int x); -typedef struct in_memory(*fn_ptr_ret_in_mem)(int); -typedef void(*fn_ptr_many_args)(int, int, int, int, int, int, int, int, int, int); \ No newline at end of file +typedef struct in_memory (*fn_ptr_ret_in_mem)(int); +typedef void (*fn_ptr_many_args)(int, int, int, int, int, int, int, int, int, int); diff --git a/tests/abi/main.c b/tests/abi/main.c index 038b4e5611..6bc3869b0d 100644 --- a/tests/abi/main.c +++ b/tests/abi/main.c @@ -4,32 +4,32 @@ RUN: sh -c 'if [ ! -s "minimal_call_gates_0.ld" ]; then echo "No link args as ex // Check that readelf shows exactly one executable segment -#include #include "abi.h" #include +#include INIT_RUNTIME(1); #define IA2_COMPARTMENT 1 #include Test(abi, main) { - cr_log_info("Calling foo"); - foo(); - arg1(1); - arg2(1, 2); - arg3(1, 1.0, 2); - many_args(1, 2, 3, 4, 5, 6, 7, 8, 9, 10); + cr_log_info("Calling foo"); + foo(); + arg1(1); + arg2(1, 2); + arg3(1, 1.0, 2); + many_args(1, 2, 3, 4, 5, 6, 7, 8, 9, 10); - struct in_memory im = {0}; - im.arr[0] = 1; - arg_in_memory(im); - im = ret_in_memory(2); - cr_assert(2 == im.arr[0]); - cr_assert(1 == return_val()); + struct in_memory im = {0}; + im.arr[0] = 1; + arg_in_memory(im); + im = ret_in_memory(2); + cr_assert(2 == im.arr[0]); + cr_assert(1 == return_val()); - fn_ptr_ret_in_mem fn = ret_in_memory; - im = fn(1); + fn_ptr_ret_in_mem fn = ret_in_memory; + im = fn(1); - fn_ptr_many_args fn2 = many_args; - fn2(1, 2, 3, 4, 5, 6, 7, 8, 9, 10); + fn_ptr_many_args fn2 = many_args; + fn2(1, 2, 3, 4, 5, 6, 7, 8, 9, 10); } diff --git a/tests/destructors/include/main/exported_fn.h b/tests/destructors/include/main/exported_fn.h index c0b933893d..ece5f5771b 100644 --- a/tests/destructors/include/main/exported_fn.h +++ b/tests/destructors/include/main/exported_fn.h @@ -1,6 +1,6 @@ #pragma once -#include #include +#include void print_message(void); diff --git a/tests/destructors/main.c b/tests/destructors/main.c index 9f99a5c713..c38878877c 100644 --- a/tests/destructors/main.c +++ b/tests/destructors/main.c @@ -1,12 +1,10 @@ #include +#include "plugin.h" +#include #include #include #include -#include -#include "plugin.h" - - // This test uses two protection keys INIT_RUNTIME(2); @@ -24,33 +22,33 @@ bool debug_mode IA2_SHARED_DATA = false; bool clean_exit IA2_SHARED_DATA = false; void print_message(void) { - cr_log_info("this is defined in the main binary"); - if (debug_mode) { - cr_log_info("the main secret is at %p", &secret); - } - cr_assert(secret == 0x09431233); - if (steal_plugin_secret) { - cr_assert(CHECK_VIOLATION(plugin_secret) == 0x78341244); - } + cr_log_info("this is defined in the main binary"); + if (debug_mode) { + cr_log_info("the main secret is at %p", &secret); + } + cr_assert(secret == 0x09431233); + if (steal_plugin_secret) { + cr_assert(CHECK_VIOLATION(plugin_secret) == 0x78341244); + } } Test(two_keys, main) { - start_plugin(); + start_plugin(); } Test(two_keys, plugin) { - steal_plugin_secret = true; - start_plugin(); + steal_plugin_secret = true; + start_plugin(); } Test(two_keys, clean_exit) { - clean_exit = true; - start_plugin(); - exit(0); + clean_exit = true; + start_plugin(); + exit(0); } Test(two_keys, plugin_clean_exit) { - clean_exit = true; - start_plugin(); - exit_from_plugin(); + clean_exit = true; + start_plugin(); + exit_from_plugin(); } diff --git a/tests/destructors/plugin.c b/tests/destructors/plugin.c index ab2d33173f..3252a63070 100644 --- a/tests/destructors/plugin.c +++ b/tests/destructors/plugin.c @@ -1,9 +1,8 @@ #include -#include -#include #include "exported_fn.h" - +#include +#include #define IA2_COMPARTMENT 2 #include @@ -13,17 +12,17 @@ uint32_t plugin_secret = 0x78341244; extern bool clean_exit; void start_plugin(void) { - cr_log_info("this is defined in the plugin"); - if (debug_mode) { - cr_log_info("the plugin secret is at %p", &plugin_secret); - } - cr_assert(plugin_secret == 0x78341244); - print_message(); - if (!clean_exit) { - cr_assert(CHECK_VIOLATION(secret) == 0x09431233); - } + cr_log_info("this is defined in the plugin"); + if (debug_mode) { + cr_log_info("the plugin secret is at %p", &plugin_secret); + } + cr_assert(plugin_secret == 0x78341244); + print_message(); + if (!clean_exit) { + cr_assert(CHECK_VIOLATION(secret) == 0x09431233); + } } void exit_from_plugin(void) { - exit(0); + exit(0); } diff --git a/tests/ffmpeg/main.c b/tests/ffmpeg/main.c index eff38f25a1..7bfc04b7f0 100644 --- a/tests/ffmpeg/main.c +++ b/tests/ffmpeg/main.c @@ -28,40 +28,41 @@ #include -#include -#include -#include #include "libavutil/mem.h" #include +#include +#include +#include INIT_RUNTIME(1); #define IA2_COMPARTMENT 1 #include -int main (int argc, char **argv) -{ - AVFormatContext *fmt_ctx = NULL; - AVDictionaryEntry *tag = NULL; - int ret; +int main(int argc, char **argv) { + AVFormatContext *fmt_ctx = NULL; + AVDictionaryEntry *tag = NULL; + int ret; - if (argc != 2) { - printf("usage: %s \n" - "example program to demonstrate the use of the libavformat metadata API.\n" - "\n", argv[0]); - return 1; - } + if (argc != 2) { + printf( + "usage: %s \n" + "example program to demonstrate the use of the libavformat metadata API.\n" + "\n", + argv[0]); + return 1; + } - if ((ret = avformat_open_input(&fmt_ctx, argv[1], NULL, NULL))) - return ret; + if ((ret = avformat_open_input(&fmt_ctx, argv[1], NULL, NULL))) + return ret; - if ((ret = avformat_find_stream_info(fmt_ctx, NULL)) < 0) { - av_log(NULL, AV_LOG_ERROR, "Cannot find stream information\n"); - return ret; - } + if ((ret = avformat_find_stream_info(fmt_ctx, NULL)) < 0) { + av_log(NULL, AV_LOG_ERROR, "Cannot find stream information\n"); + return ret; + } - while ((tag = av_dict_get(fmt_ctx->metadata, "", tag, AV_DICT_IGNORE_SUFFIX))) - printf("%s=%s\n", tag->key, tag->value); + while ((tag = av_dict_get(fmt_ctx->metadata, "", tag, AV_DICT_IGNORE_SUFFIX))) + printf("%s=%s\n", tag->key, tag->value); - avformat_close_input(&fmt_ctx); - return 0; + avformat_close_input(&fmt_ctx); + return 0; } diff --git a/tests/global_fn_ptr/include/operations.h b/tests/global_fn_ptr/include/operations.h index d2ae659f51..a07e2d3918 100644 --- a/tests/global_fn_ptr/include/operations.h +++ b/tests/global_fn_ptr/include/operations.h @@ -3,8 +3,8 @@ RUN: cat %t.c.args | FileCheck --check-prefix=LINKARGS %s */ #pragma once -#include #include +#include // LINKARGS: --wrap=call_operations uint32_t call_operation(size_t i); @@ -15,14 +15,14 @@ typedef uint32_t (*WordFn)(uint32_t, uint32_t); typedef uint16_t (*HalfFn)(uint16_t, uint16_t); typedef struct { - const char *data; - size_t len; + const char *data; + size_t len; } str; typedef struct { - str name; - // CHECK: struct IA2_fnptr__ZTSPFjjjE function; - uint32_t (*function)(uint32_t, uint32_t); - str desc; - uint32_t last_result; + str name; + // CHECK: struct IA2_fnptr__ZTSPFjjjE function; + uint32_t (*function)(uint32_t, uint32_t); + str desc; + uint32_t last_result; } Op; diff --git a/tests/global_fn_ptr/main.c b/tests/global_fn_ptr/main.c index 16fe1be454..e56cd5a966 100644 --- a/tests/global_fn_ptr/main.c +++ b/tests/global_fn_ptr/main.c @@ -14,32 +14,32 @@ INIT_RUNTIME(1); #include // `sum` can't be set to __ia2_add since it's defined in asm so the compiler doesn't know it's a valid initializer -//static WordFn sum = __ia2_add; +// static WordFn sum = __ia2_add; // REWRITER: static WordFn sum = IA2_FN(add); static WordFn sum = add; // REWRITER: static HalfFn diff = IA2_FN(sub); static HalfFn diff = sub; // The following won't compile since the inner pointer is also type-specific -//static HalfFn mul = {&__ia2_mul_0_1}; +// static HalfFn mul = {&__ia2_mul_0_1}; Op operations[2] IA2_SHARED_DATA = { { - { "add", 4 }, + {"add", 4}, // REWRITER: IA2_FN(add), add, - { "Adds two u32s", 14 }, + {"Adds two u32s", 14}, 0, }, { - { "mul", 4 }, + {"mul", 4}, // REWRITER: IA2_FN(mul), mul, - { "Multiply two u32s", 18 }, + {"Multiply two u32s", 18}, 0, }, }; Test(global_fn_ptr, main) { - cr_assert(call_operation(0) == 43312); - cr_assert(call_operation(1) == 461513047); + cr_assert(call_operation(0) == 43312); + cr_assert(call_operation(1) == 461513047); } diff --git a/tests/global_fn_ptr/operations.c b/tests/global_fn_ptr/operations.c index cd22ee94ff..4238141cea 100644 --- a/tests/global_fn_ptr/operations.c +++ b/tests/global_fn_ptr/operations.c @@ -9,10 +9,10 @@ extern Op operations[2]; // LINKARGS: --wrap=call_operation uint32_t call_operation(size_t i) { - // TODO: Add a way to share strings between compartments - //printf("%s\n", operations[i].desc.data); - uint32_t x = 18923; - uint32_t y = 24389; - uint32_t res = operations[i].function(x, y); - return res; + // TODO: Add a way to share strings between compartments + // printf("%s\n", operations[i].desc.data); + uint32_t x = 18923; + uint32_t y = 24389; + uint32_t res = operations[i].function(x, y); + return res; } diff --git a/tests/header_includes/impl.c b/tests/header_includes/impl.c index c6abe55e4f..d0922ca13f 100644 --- a/tests/header_includes/impl.c +++ b/tests/header_includes/impl.c @@ -5,9 +5,9 @@ RUN: cat header_includes_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s // LINKARGS: --wrap=unwrap_or int unwrap_or(Option opt, int default_value) { - if (opt.present) { - return opt.value; - } else { - return default_value; - } + if (opt.present) { + return opt.value; + } else { + return default_value; + } } diff --git a/tests/header_includes/include/liboption.h b/tests/header_includes/include/liboption.h index e479fd4ea4..dfff56e6f5 100644 --- a/tests/header_includes/include/liboption.h +++ b/tests/header_includes/include/liboption.h @@ -1,6 +1,6 @@ #pragma once -#include "types.h" #include "impl.h" +#include "types.h" Option Some(int x); diff --git a/tests/header_includes/include/types.h b/tests/header_includes/include/types.h index 27d7e8031a..39eb7e44b5 100644 --- a/tests/header_includes/include/types.h +++ b/tests/header_includes/include/types.h @@ -2,6 +2,6 @@ #include typedef struct Option { - int value; - bool present; + int value; + bool present; } Option; diff --git a/tests/header_includes/liboption.c b/tests/header_includes/liboption.c index ed0fcf0da0..de01a3d582 100644 --- a/tests/header_includes/liboption.c +++ b/tests/header_includes/liboption.c @@ -2,26 +2,26 @@ RUN: cat header_includes_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s */ -#include #include "liboption.h" #include "types.h" +#include // LINKARGS: --wrap=None Option None() { - cr_log_info("returning `None`"); - Option none = { - .value = 0, - .present = false, - }; - return none; + cr_log_info("returning `None`"); + Option none = { + .value = 0, + .present = false, + }; + return none; } // LINKARGS: --wrap=Some Option Some(int x) { - cr_log_info("returning `Some(%d)`", x); - Option opt = { - .value = x, - .present = true, - }; - return opt; + cr_log_info("returning `Some(%d)`", x); + Option opt = { + .value = x, + .present = true, + }; + return opt; } diff --git a/tests/header_includes/main.c b/tests/header_includes/main.c index ef1c8578da..d5a5f4451e 100644 --- a/tests/header_includes/main.c +++ b/tests/header_includes/main.c @@ -12,8 +12,8 @@ INIT_RUNTIME(1); #include Test(header_includes, main) { - Option x = Some(3); - Option none = None(); - cr_assert_eq(unwrap_or(x, -1), 3); - cr_assert_eq(unwrap_or(none, -1), -1); + Option x = Some(3); + Option none = None(); + cr_assert_eq(unwrap_or(x, -1), 3); + cr_assert_eq(unwrap_or(none, -1), -1); } diff --git a/tests/heap_two_keys/include/main/exported_fn.h b/tests/heap_two_keys/include/main/exported_fn.h index 01f9db6499..e7b1ff1236 100644 --- a/tests/heap_two_keys/include/main/exported_fn.h +++ b/tests/heap_two_keys/include/main/exported_fn.h @@ -1,3 +1,3 @@ #pragma once -#include #include +#include diff --git a/tests/heap_two_keys/include/plugin/plugin.h b/tests/heap_two_keys/include/plugin/plugin.h index f8a382739d..4dd318eaa4 100644 --- a/tests/heap_two_keys/include/plugin/plugin.h +++ b/tests/heap_two_keys/include/plugin/plugin.h @@ -1,6 +1,6 @@ #pragma once -#include #include +#include void trigger_compartment_init(void); diff --git a/tests/heap_two_keys/main.c b/tests/heap_two_keys/main.c index 66ceab222e..3e5c60379b 100644 --- a/tests/heap_two_keys/main.c +++ b/tests/heap_two_keys/main.c @@ -3,14 +3,11 @@ RUN: sh -c 'if [ ! -s "heap_two_keys_call_gates_0.ld" ]; then echo "No link args */ #include - -#include +#include "plugin.h" #include #include #include -#include "plugin.h" - - +#include // This test uses two protection keys INIT_RUNTIME(2); @@ -18,44 +15,43 @@ INIT_RUNTIME(2); #include // Test that the program can exit without error -Test(heap_two_keys, 0, .init = trigger_compartment_init) { -} +Test(heap_two_keys, 0, .init = trigger_compartment_init) {} // Test that the main binary's heap can't be read Test(heap_two_keys, 1, .init = trigger_compartment_init) { - uint32_t *x = (uint32_t *)malloc(sizeof(uint32_t)); - if (!x) { - cr_fatal("Failed to allocate memory on the heap"); - } - *x = 0x09431233; - read_from_plugin_expect_fault((uint8_t*)x); - free(x); - // This test shouldn't return - cr_fatal("Should have segfaulted but didn't"); + uint32_t *x = (uint32_t *)malloc(sizeof(uint32_t)); + if (!x) { + cr_fatal("Failed to allocate memory on the heap"); + } + *x = 0x09431233; + read_from_plugin_expect_fault((uint8_t *)x); + free(x); + // This test shouldn't return + cr_fatal("Should have segfaulted but didn't"); } // Test that the main binary's heap can't be written to Test(heap_two_keys, 2, .init = trigger_compartment_init) { - // This zeroes out the allocated memory - uint8_t *x = (uint8_t *)calloc(sizeof(uint8_t), 12); - if (!x) { - cr_fatal("Failed to allocate memory on the heap"); - } - write_from_plugin_expect_fault(x, 12); - free(x); - // This test shouldn't return - cr_fatal("Should have segfaulted but didn't"); + // This zeroes out the allocated memory + uint8_t *x = (uint8_t *)calloc(sizeof(uint8_t), 12); + if (!x) { + cr_fatal("Failed to allocate memory on the heap"); + } + write_from_plugin_expect_fault(x, 12); + free(x); + // This test shouldn't return + cr_fatal("Should have segfaulted but didn't"); } // Test that the main binary's shared data can be read Test(heap_two_keys, 3, .init = trigger_compartment_init) { - uint16_t *x = (uint16_t *)shared_malloc(sizeof(uint16_t)); - if (!x) { - cr_fatal("Failed to allocate memory on the heap"); - } - *x = 0xffed; - assert(read_from_plugin((uint8_t*)x) == 0xed); - shared_free(x); + uint16_t *x = (uint16_t *)shared_malloc(sizeof(uint16_t)); + if (!x) { + cr_fatal("Failed to allocate memory on the heap"); + } + *x = 0xffed; + assert(read_from_plugin((uint8_t *)x) == 0xed); + shared_free(x); } // TODO: Add tests for free, realloc, the plugin's heap and reserving more than diff --git a/tests/heap_two_keys/plugin.c b/tests/heap_two_keys/plugin.c index 1d09518089..2135e853e1 100644 --- a/tests/heap_two_keys/plugin.c +++ b/tests/heap_two_keys/plugin.c @@ -1,11 +1,10 @@ /* RUN: cat heap_two_keys_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s */ +#include "exported_fn.h" +#include #include #include -#include -#include "exported_fn.h" - #define IA2_COMPARTMENT 2 #include diff --git a/tests/libusb/main.c b/tests/libusb/main.c index bd749cb491..0dbe42dfb3 100644 --- a/tests/libusb/main.c +++ b/tests/libusb/main.c @@ -17,9 +17,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#include -#include #include +#include +#include #include "libusb.h" #include "usb-1.0_fn_ptr_ia2.h" @@ -28,53 +28,51 @@ INIT_RUNTIME(1); #define IA2_COMPARTMENT 1 #include -static void print_devs(libusb_device **devs) -{ - libusb_device *dev; - int i = 0, j = 0; - uint8_t path[8]; +static void print_devs(libusb_device **devs) { + libusb_device *dev; + int i = 0, j = 0; + uint8_t path[8]; - while ((dev = devs[i++]) != NULL) { - struct libusb_device_descriptor desc; - int r = libusb_get_device_descriptor(dev, &desc); - if (r < 0) { - fprintf(stderr, "failed to get device descriptor"); - return; - } + while ((dev = devs[i++]) != NULL) { + struct libusb_device_descriptor desc; + int r = libusb_get_device_descriptor(dev, &desc); + if (r < 0) { + fprintf(stderr, "failed to get device descriptor"); + return; + } - printf("%04x:%04x (bus %d, device %d)", - desc.idVendor, desc.idProduct, - libusb_get_bus_number(dev), libusb_get_device_address(dev)); + printf("%04x:%04x (bus %d, device %d)", + desc.idVendor, desc.idProduct, + libusb_get_bus_number(dev), libusb_get_device_address(dev)); - r = libusb_get_port_numbers(dev, path, sizeof(path)); - if (r > 0) { - printf(" path: %d", path[0]); - for (j = 1; j < r; j++) - printf(".%d", path[j]); - } - printf("\n"); - } + r = libusb_get_port_numbers(dev, path, sizeof(path)); + if (r > 0) { + printf(" path: %d", path[0]); + for (j = 1; j < r; j++) + printf(".%d", path[j]); + } + printf("\n"); + } } -int main(void) -{ - libusb_device **devs; - int r; - ssize_t cnt; +int main(void) { + libusb_device **devs; + int r; + ssize_t cnt; - r = libusb_init(NULL); - if (r < 0) - return r; + r = libusb_init(NULL); + if (r < 0) + return r; - cnt = libusb_get_device_list(NULL, &devs); - if (cnt < 0){ - libusb_exit(NULL); - return (int) cnt; - } + cnt = libusb_get_device_list(NULL, &devs); + if (cnt < 0) { + libusb_exit(NULL); + return (int)cnt; + } - print_devs(devs); - libusb_free_device_list(devs, 1); + print_devs(devs); + libusb_free_device_list(devs, 1); - libusb_exit(NULL); - return 0; + libusb_exit(NULL); + return 0; } diff --git a/tests/macro_attr/functions.c b/tests/macro_attr/functions.c index 7826f834ef..d73aae8ab3 100644 --- a/tests/macro_attr/functions.c +++ b/tests/macro_attr/functions.c @@ -2,36 +2,36 @@ RUN: cat macro_attr_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s */ -#include #include "functions.h" +#include // LINKARGS: --wrap=f void f() { - cr_log_info("Called `f()`"); + cr_log_info("Called `f()`"); } // LINKARGS: --wrap=g void g() { - cr_log_info("Called `g()`"); + cr_log_info("Called `g()`"); } // TODO(src_rewriter_wip): this gets --wrap, but i don't think it should void h(CB cb) { - cr_log_info("Calling `cb(0)` from `h`"); - cb(0); + cr_log_info("Calling `cb(0)` from `h`"); + cb(0); } // LINKARGS: --wrap=i void i() { - cr_log_info("Called `i()`"); + cr_log_info("Called `i()`"); } // LINKARGS: --wrap=j void j() { - cr_log_info("Called `j()`"); + cr_log_info("Called `j()`"); } // LINKARGS: --wrap=k void k() { - cr_log_info("Called `k()`"); + cr_log_info("Called `k()`"); } diff --git a/tests/macro_attr/include/functions.h b/tests/macro_attr/include/functions.h index a8af33fc39..7f106c05e4 100644 --- a/tests/macro_attr/include/functions.h +++ b/tests/macro_attr/include/functions.h @@ -14,6 +14,8 @@ void h(CB cb); EMPTY void i(); -EMPTY_FNLIKE(0) void j(); +EMPTY_FNLIKE(0) +void j(); -EMPTY_VARIADIC_FNLIKE(1, 2) void k(); +EMPTY_VARIADIC_FNLIKE(1, 2) +void k(); diff --git a/tests/macro_attr/main.c b/tests/macro_attr/main.c index a50b9f450f..4267683cc3 100644 --- a/tests/macro_attr/main.c +++ b/tests/macro_attr/main.c @@ -10,9 +10,9 @@ INIT_RUNTIME(1); #include Test(macro_attr, main) { - f(); - g(); - i(); - j(); - k(); + f(); + g(); + i(); + j(); + k(); } diff --git a/tests/minimal/main.c b/tests/minimal/main.c index 4afc95aaf1..5af292de26 100644 --- a/tests/minimal/main.c +++ b/tests/minimal/main.c @@ -4,15 +4,15 @@ RUN: sh -c 'if [ ! -s "minimal_call_gates_0.ld" ]; then echo "No link args as ex // Check that readelf shows exactly one executable segment -#include #include "minimal.h" #include +#include INIT_RUNTIME(1); #define IA2_COMPARTMENT 1 #include Test(minimal, main) { - cr_log_info("Calling foo"); - foo(); + cr_log_info("Calling foo"); + foo(); } diff --git a/tests/minimal/minimal.c b/tests/minimal/minimal.c index 437a408142..b740a2bcdc 100644 --- a/tests/minimal/minimal.c +++ b/tests/minimal/minimal.c @@ -2,23 +2,21 @@ RUN: cat minimal_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s */ -#include #include "minimal.h" - +#include // LINKARGS: --wrap=arg1 void arg1(int x) { - cr_log_info("arg1"); + cr_log_info("arg1"); } // LINKARGS: --wrap=foo void foo() { - cr_log_info("foo"); + cr_log_info("foo"); } // LINKARGS: --wrap=return_val int return_val() { - cr_log_info("return_val"); - return 1; + cr_log_info("return_val"); + return 1; } - diff --git a/tests/minimal_no_criterion/main.c b/tests/minimal_no_criterion/main.c index 65702cd06e..0dbceeae11 100644 --- a/tests/minimal_no_criterion/main.c +++ b/tests/minimal_no_criterion/main.c @@ -4,15 +4,15 @@ RUN: sh -c 'if [ ! -s "minimal_call_gates_0.ld" ]; then echo "No link args as ex // Check that readelf shows exactly one executable segment -#include #include "minimal.h" #include +#include INIT_RUNTIME(1); #define IA2_COMPARTMENT 1 #include int main() { - printf("Calling foo"); - foo(); + printf("Calling foo"); + foo(); } diff --git a/tests/minimal_no_criterion/minimal.c b/tests/minimal_no_criterion/minimal.c index f8db4f9b0f..84645203ca 100644 --- a/tests/minimal_no_criterion/minimal.c +++ b/tests/minimal_no_criterion/minimal.c @@ -7,17 +7,16 @@ RUN: cat minimal_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s // LINKARGS: --wrap=arg1 void arg1(int x) { - printf("arg1"); + printf("arg1"); } // LINKARGS: --wrap=foo void foo() { - printf("foo"); + printf("foo"); } // LINKARGS: --wrap=return_val int return_val() { - printf("return_val"); - return 1; + printf("return_val"); + return 1; } - diff --git a/tests/mmap_loop/main.c b/tests/mmap_loop/main.c index 17ef469fba..be9a69e76e 100644 --- a/tests/mmap_loop/main.c +++ b/tests/mmap_loop/main.c @@ -4,12 +4,9 @@ RUN: sh -c 'if [ ! -s "mmap_loop_call_gates_0.ld" ]; then echo "No link args as #include "mmap_loop.h" #include #include +#include #include #include -#include - - - /* This program tests that mmap and heap allocations are handled properly. diff --git a/tests/namespaces/main.cpp b/tests/namespaces/main.cpp index 4ed20b4652..4940e4273e 100644 --- a/tests/namespaces/main.cpp +++ b/tests/namespaces/main.cpp @@ -2,6 +2,6 @@ #include int main() { - std::cout << foo::random(); - std::cout << bar::random(); + std::cout << foo::random(); + std::cout << bar::random(); } diff --git a/tests/namespaces/random.cpp b/tests/namespaces/random.cpp index 311039f0dc..49f3ef35dd 100644 --- a/tests/namespaces/random.cpp +++ b/tests/namespaces/random.cpp @@ -1,13 +1,13 @@ #include namespace foo { - int random(void) { - return 1; - } +int random(void) { + return 1; } +} // namespace foo namespace bar { - int random(void) { - return -1; - } +int random(void) { + return -1; } +} // namespace bar diff --git a/tests/namespaces/random.hpp b/tests/namespaces/random.hpp index 0736d0be55..79fe32e43d 100644 --- a/tests/namespaces/random.hpp +++ b/tests/namespaces/random.hpp @@ -1,11 +1,11 @@ #pragma once namespace foo { - int random(void); +int random(void); }; int foo::random(void); namespace bar { - int random(void); +int random(void); }; diff --git a/tests/permissive_mode/permissive_mode.c b/tests/permissive_mode/permissive_mode.c index 4915ac235a..33ddbc0d98 100644 --- a/tests/permissive_mode/permissive_mode.c +++ b/tests/permissive_mode/permissive_mode.c @@ -1,8 +1,8 @@ #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif -#include #include +#include #include INIT_RUNTIME(1); @@ -10,19 +10,19 @@ INIT_RUNTIME(1); #include Test(permissive_mode, main) { - char* buffer = NULL; - cr_assert(ia2_get_pkru() == 0xFFFFFFF0); + char *buffer = NULL; + cr_assert(ia2_get_pkru() == 0xFFFFFFF0); - /* allocate an extra pkey */ - cr_assert(pkey_alloc(0, PKEY_DISABLE_ACCESS | PKEY_DISABLE_WRITE) == 2); + /* allocate an extra pkey */ + cr_assert(pkey_alloc(0, PKEY_DISABLE_ACCESS | PKEY_DISABLE_WRITE) == 2); - buffer = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); + buffer = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); - pkey_mprotect(buffer, 4096, PROT_READ | PROT_WRITE, 1); - buffer[0] = 'a'; + pkey_mprotect(buffer, 4096, PROT_READ | PROT_WRITE, 1); + buffer[0] = 'a'; - pkey_mprotect(buffer, 4096, PROT_READ | PROT_WRITE, 2); - buffer[0] = 'b'; + pkey_mprotect(buffer, 4096, PROT_READ | PROT_WRITE, 2); + buffer[0] = 'b'; - cr_assert(ia2_get_pkru() == 0xFFFFFFF0); + cr_assert(ia2_get_pkru() == 0xFFFFFFF0); } diff --git a/tests/read_config/builtin.c b/tests/read_config/builtin.c index 389a8d2391..a001dcff31 100644 --- a/tests/read_config/builtin.c +++ b/tests/read_config/builtin.c @@ -2,13 +2,13 @@ RUN: cat read_config_call_gates_2.ld | FileCheck --check-prefix=LINKARGS %s */ +#include #include #include #include -#include // This is a hack. See includes in main.c. -#include "plugin.h" #include "core.h" +#include "plugin.h" static void parse_array(char *opt, void *out); @@ -34,8 +34,8 @@ static struct cfg_opt opts[3] = { }; static void parse_array(char *opt, void *out) { - uint8_t **res = out; - memcpy(*res, opt, sizeof(uint8_t[3])); + uint8_t **res = out; + memcpy(*res, opt, sizeof(uint8_t[3])); } // The arguments to the following functions point to the main binary so we don't @@ -43,16 +43,16 @@ static void parse_array(char *opt, void *out) { // LINKARGS: --wrap=get_builtin_opt struct cfg_opt *get_builtin_opt(char *name) { - for (size_t i = 0; i < 3; i++) { - if (!strcmp(opts[i].name, name)) { - return &opts[i]; - } + for (size_t i = 0; i < 3; i++) { + if (!strcmp(opts[i].name, name)) { + return &opts[i]; } - cr_log_info("Option %s not found!", name); - exit(-1); + } + cr_log_info("Option %s not found!", name); + exit(-1); } // LINKARGS: --wrap=print_array void print_array(uint8_t ar[3]) { - cr_log_info("[%x, %x, %x]", ar[0], ar[1], ar[2]); + cr_log_info("[%x, %x, %x]", ar[0], ar[1], ar[2]); } diff --git a/tests/read_config/include/core.h b/tests/read_config/include/core.h index f4143262f5..b2606c0b94 100644 --- a/tests/read_config/include/core.h +++ b/tests/read_config/include/core.h @@ -1,10 +1,10 @@ #pragma once -#include #include +#include // Functions that parse config entries must have this signature. -typedef void(*parse_fn)(char *, void *); - +typedef void (*parse_fn)(char *, void *); + // The main binary provides function for parsing basic config entries. To parse // other data types the plugin must provide a parsing function. void parse_bool(char *opt, void *out); @@ -14,30 +14,30 @@ void parse_str(char *opt, void *out); void parse_u32(char *opt, void *out); enum entry_type { - str, - boolean, - u32, - other, + str, + boolean, + u32, + other, }; // The entry in the config file. struct cfg_entry { - char *name; - enum entry_type ty; - union { - char *str; - bool boolean; - uint32_t integer; - void *other; - } value; + char *name; + enum entry_type ty; + union { + char *str; + bool boolean; + uint32_t integer; + void *other; + } value; }; // The config options the plugin expects and a function pointer to their parsing // functions. struct cfg_opt { - char *name; - enum entry_type ty; - parse_fn parse; + char *name; + enum entry_type ty; + parse_fn parse; }; struct cfg_opt *get_builtin_opt(char *name); diff --git a/tests/read_config/include/plugin.h b/tests/read_config/include/plugin.h index 2779427e5a..2fbd2d297f 100644 --- a/tests/read_config/include/plugin.h +++ b/tests/read_config/include/plugin.h @@ -2,8 +2,8 @@ #include "core.h" struct tuple { - uint32_t first; - uint32_t second; + uint32_t first; + uint32_t second; }; // Get the config option for a given entry name. diff --git a/tests/read_config/main.c b/tests/read_config/main.c index 3d55247be4..d1ab6e4bce 100644 --- a/tests/read_config/main.c +++ b/tests/read_config/main.c @@ -15,8 +15,6 @@ RUN: cat main.c | FileCheck --match-full-lines --check-prefix=REWRITER %s // including plugin.h (which does include the output header) before core.h. #include "core.h" - - /* This test is modeled after nginx's function pointer usage. In this test, plugins define a list of options that may appear in its section of the diff --git a/tests/recursion/dso.c b/tests/recursion/dso.c index 3104eaaa4e..d7d231c9a6 100644 --- a/tests/recursion/dso.c +++ b/tests/recursion/dso.c @@ -2,8 +2,8 @@ RUN: cat recursion_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s */ #include "recursion_main.h" -#include #include +#include #include #define IA2_COMPARTMENT 2 diff --git a/tests/recursion/main.c b/tests/recursion/main.c index 67a9342614..2206ea2ded 100644 --- a/tests/recursion/main.c +++ b/tests/recursion/main.c @@ -8,8 +8,6 @@ RUN: cat recursion_call_gates_2.ld | FileCheck --check-prefix=LINKARGS %s #include #include - - INIT_RUNTIME(2); #define IA2_COMPARTMENT 1 #include diff --git a/tests/rewrite_fn_ptr_eq/lib.c b/tests/rewrite_fn_ptr_eq/lib.c index 74b9a536ae..b967d0e321 100644 --- a/tests/rewrite_fn_ptr_eq/lib.c +++ b/tests/rewrite_fn_ptr_eq/lib.c @@ -3,15 +3,15 @@ RUN: cat rewrite_fn_ptr_eq_call_gates_1.ld | FileCheck --check-prefix=LINKARGS % */ #include +#include #include #include #include -#include // LINKARGS: --wrap=call_fn int call_fn(bin_op fn, int x, int y) { - cr_assert(fn != NULL); - int res = fn(x, y); - cr_log_info("%d\n", res); - return res; + cr_assert(fn != NULL); + int res = fn(x, y); + cr_log_info("%d\n", res); + return res; } diff --git a/tests/rewrite_fn_ptr_eq/main.c b/tests/rewrite_fn_ptr_eq/main.c index e616bb1b6c..9cf0e9d9ae 100644 --- a/tests/rewrite_fn_ptr_eq/main.c +++ b/tests/rewrite_fn_ptr_eq/main.c @@ -1,96 +1,95 @@ /* RUN: cat main.c | FileCheck --match-full-lines --check-prefix=REWRITER %S/main.c */ +#include #include -#include #include -#include +#include INIT_RUNTIME(1); #define IA2_COMPARTMENT 1 #include int add(int x, int y) { - return x + y; + return x + y; } -__attribute__((used)) -static int sub(int x, int y) { - return x - y; +__attribute__((used)) static int sub(int x, int y) { + return x - y; } struct module { - bin_op fn; + bin_op fn; }; Test(rewrite_fn_ptr_eq, main) { - int res; - int *y = &res; - void *x = NULL; - bin_op fn = add; - bin_op fn2 = NULL; - - // Check that pointers for types other than functions are not rewritten - // REWRITER: if (y) { } - if (y) { } - // REWRITER: if (x) { } - if (x) { } - // REWRITER: if (!y) { } - if (!y) { } - // REWRITER: if (!x) { } - if (!x) { } - - // REWRITER: if (IA2_ADDR(fn)) { - if (fn) { - call_fn(fn, 2, 1); - } - // REWRITER: if (!IA2_ADDR(fn2)) { - if (!fn2) { - fn2 = sub; - call_fn(fn2, 2, 1); - } - struct module mod = { add }; - if (mod.fn) { } - - struct module *mod_ptr = &mod; - if (mod_ptr->fn) { } - - // REWRITER: res = IA2_ADDR(fn) ? IA2_CALL(fn, _ZTSPFiiiE, 1, 2) : -1; - res = fn ? fn(1, 2) : -1; - - // REWRITER: res = !IA2_ADDR(fn) ? -1 : IA2_CALL(fn, _ZTSPFiiiE, 1, 2); - res = !fn ? -1 : fn(1, 2); - - // REWRITER: res = x && IA2_ADDR(fn) ? IA2_CALL(fn, _ZTSPFiiiE, 1, 2) : -1; - res = x && fn ? fn(1, 2) : -1; - - // REWRITER: res = IA2_ADDR(fn) && IA2_ADDR(fn2) ? IA2_CALL(fn, _ZTSPFiiiE, 1, 2) + IA2_CALL(fn2, _ZTSPFiiiE, 1, 2) : -1; - res = fn && fn2 ? fn(1, 2) + fn2(1, 2) : -1; - - // REWRITER: fn = IA2_ADDR(fn2) ? fn2 : fn; - fn = fn2 ? fn2 : fn; - - bin_op *ptr = &fn; - // REWRITER: if (IA2_ADDR(*ptr)) { } - if (*ptr) { } - - // REWRITER: if (NULL == IA2_ADDR(mod_ptr->fn)) { } - if (NULL == mod_ptr->fn) { } - // REWRITER: if (IA2_ADDR(mod.fn) != NULL) { } - if (mod.fn != NULL) { } - - // REWRITER: if (IA2_ADDR(mod.fn) == IA2_ADDR(mod_ptr->fn)) { } - if (mod.fn == mod_ptr->fn) { } - - // REWRITER: if (IA2_ADDR(mod.fn) == IA2_FN_ADDR(add)) { } - if (mod.fn == add) { } - // REWRITER: if (IA2_FN_ADDR(sub) == IA2_ADDR(mod_ptr->fn)) { } - if (sub == mod_ptr->fn) { } - - // REWRITER: if (x && IA2_ADDR(fn2)) { } - if (x && fn2) { } - // REWRITER: if (y || !IA2_ADDR(fn)) { } - if (y || !fn) { } - // REWRITER: if (x && IA2_ADDR(fn) && y) { } - if (x && fn && y) { } + int res; + int *y = &res; + void *x = NULL; + bin_op fn = add; + bin_op fn2 = NULL; + + // Check that pointers for types other than functions are not rewritten + // REWRITER: if (y) {} + if (y) {} + // REWRITER: if (x) {} + if (x) {} + // REWRITER: if (!y) {} + if (!y) {} + // REWRITER: if (!x) {} + if (!x) {} + + // REWRITER: if (IA2_ADDR(fn)) { + if (fn) { + call_fn(fn, 2, 1); + } + // REWRITER: if (!IA2_ADDR(fn2)) { + if (!fn2) { + fn2 = sub; + call_fn(fn2, 2, 1); + } + struct module mod = {add}; + if (mod.fn) {} + + struct module *mod_ptr = &mod; + if (mod_ptr->fn) {} + + // REWRITER: res = IA2_ADDR(fn) ? IA2_CALL(fn, _ZTSPFiiiE, 1, 2) : -1; + res = fn ? fn(1, 2) : -1; + + // REWRITER: res = !IA2_ADDR(fn) ? -1 : IA2_CALL(fn, _ZTSPFiiiE, 1, 2); + res = !fn ? -1 : fn(1, 2); + + // REWRITER: res = x && IA2_ADDR(fn) ? IA2_CALL(fn, _ZTSPFiiiE, 1, 2) : -1; + res = x && fn ? fn(1, 2) : -1; + + // REWRITER: res = IA2_ADDR(fn) && IA2_ADDR(fn2) ? IA2_CALL(fn, _ZTSPFiiiE, 1, 2) + IA2_CALL(fn2, _ZTSPFiiiE, 1, 2) : -1; + res = fn && fn2 ? fn(1, 2) + fn2(1, 2) : -1; + + // REWRITER: fn = IA2_ADDR(fn2) ? fn2 : fn; + fn = fn2 ? fn2 : fn; + + bin_op *ptr = &fn; + // REWRITER: if (IA2_ADDR(*ptr)) {} + if (*ptr) {} + + // REWRITER: if (NULL == IA2_ADDR(mod_ptr->fn)) {} + if (NULL == mod_ptr->fn) {} + // REWRITER: if (IA2_ADDR(mod.fn) != NULL) {} + if (mod.fn != NULL) {} + + // REWRITER: if (IA2_ADDR(mod.fn) == IA2_ADDR(mod_ptr->fn)) {} + if (mod.fn == mod_ptr->fn) {} + + // REWRITER: if (IA2_ADDR(mod.fn) == IA2_FN_ADDR(add)) {} + if (mod.fn == add) {} + // REWRITER: if (IA2_FN_ADDR(sub) == IA2_ADDR(mod_ptr->fn)) {} + if (sub == mod_ptr->fn) {} + + // REWRITER: if (x && IA2_ADDR(fn2)) {} + if (x && fn2) {} + // REWRITER: if (y || !IA2_ADDR(fn)) {} + if (y || !fn) {} + // REWRITER: if (x && IA2_ADDR(fn) && y) {} + if (x && fn && y) {} } diff --git a/tests/rewrite_macros/include/lib.h b/tests/rewrite_macros/include/lib.h index 85a74bf9ca..56466ea35e 100644 --- a/tests/rewrite_macros/include/lib.h +++ b/tests/rewrite_macros/include/lib.h @@ -4,10 +4,10 @@ struct event; struct event_actions { - bool (*add)(struct event *evt); - bool (*del)(struct event *evt); - void (*enable)(struct event *evt); - void (*disable)(struct event *evt); + bool (*add)(struct event *evt); + bool (*del)(struct event *evt); + void (*enable)(struct event *evt); + void (*disable)(struct event *evt); }; extern struct event_actions actions; diff --git a/tests/rewrite_macros/lib.c b/tests/rewrite_macros/lib.c index d9d6233330..ce5ba66cc4 100644 --- a/tests/rewrite_macros/lib.c +++ b/tests/rewrite_macros/lib.c @@ -12,24 +12,24 @@ struct event_actions actions = { }; struct event { - int id; + int id; }; // LINKARGS: --wrap=get_event struct event *get_event() { - static struct event evt = { .id = 1 }; - return &evt; + static struct event evt = {.id = 1}; + return &evt; } static bool nop(struct event *evt) { - return false; + return false; } -static void nop2(struct event *evt) { } +static void nop2(struct event *evt) {} // LINKARGS: --wrap=init_actions void init_actions() { - actions.add = nop; - actions.del = nop; - actions.enable = nop2; - actions.disable = nop2; + actions.add = nop; + actions.del = nop; + actions.enable = nop2; + actions.disable = nop2; } diff --git a/tests/rewrite_macros/main.c b/tests/rewrite_macros/main.c index a309703ccd..8ad35dec5e 100644 --- a/tests/rewrite_macros/main.c +++ b/tests/rewrite_macros/main.c @@ -2,38 +2,38 @@ RUN: cat main.c | FileCheck --match-full-lines --check-prefix=REWRITER %s */ #include "lib.h" -#include #include #include +#include INIT_RUNTIME(1); #define IA2_COMPARTMENT 1 #include Test(rewrite_macros, main) { - init_actions(); + init_actions(); - // The next two lines use macros that cannot be easily rewritten so the - // rewriter should leave them unmodified. - if (check_actions(NULL)) {} - call_add_event(NULL); + // The next two lines use macros that cannot be easily rewritten so the + // rewriter should leave them unmodified. + if (check_actions(NULL)) {} + call_add_event(NULL); - struct event *evt = get_event(); - // Test that the FnPtrCall pass can rewrite simple macros - // REWRITER: IA2_CALL(add_event, _ZTSPFbP5eventE, evt); - add_event(evt); - // REWRITER: IA2_CALL(actions.add, _ZTSPFbP5eventE, evt); - actions.add(evt); + struct event *evt = get_event(); + // Test that the FnPtrCall pass can rewrite simple macros + // REWRITER: IA2_CALL(add_event, _ZTSPFbP5eventE, evt); + add_event(evt); + // REWRITER: IA2_CALL(actions.add, _ZTSPFbP5eventE, evt); + actions.add(evt); - bool(*fn)(struct event *evt) = add_event; - bool(*fn2)(struct event *evt) = actions.add; + bool (*fn)(struct event *evt) = add_event; + bool (*fn2)(struct event *evt) = actions.add; - // Test that the FnPtrEq pass can rewrite simple macros - // REWRITER: if (IA2_ADDR(fn) == IA2_ADDR(add_event)) {} - if (fn == add_event) {} - // REWRITER: if (IA2_ADDR(fn) == IA2_ADDR(actions.add)) {} - if (fn == actions.add) {} + // Test that the FnPtrEq pass can rewrite simple macros + // REWRITER: if (IA2_ADDR(fn) == IA2_ADDR(add_event)) {} + if (fn == add_event) {} + // REWRITER: if (IA2_ADDR(fn) == IA2_ADDR(actions.add)) {} + if (fn == actions.add) {} - // REWRITER: IA2_CALL(fn, _ZTSPFbP5eventE, evt); - fn(evt); + // REWRITER: IA2_CALL(fn, _ZTSPFbP5eventE, evt); + fn(evt); } diff --git a/tests/ro_sharing/main.c b/tests/ro_sharing/main.c index b1aaa0f73d..e301118c1d 100644 --- a/tests/ro_sharing/main.c +++ b/tests/ro_sharing/main.c @@ -3,12 +3,10 @@ RUN: sh -c 'if [ ! -s "ro_sharing_call_gates_0.ld" ]; then echo "No link args as */ #include -#include #include +#include #include - - // This test checks that all RO data mapped in from executable files is shared. // This is needed so that the dynamic linker can read ELF metadata. Read-only // data mapped in from the executable file should not be secret (files on disk diff --git a/tests/ro_sharing/plugin.c b/tests/ro_sharing/plugin.c index 88802f9272..9b349b0273 100644 --- a/tests/ro_sharing/plugin.c +++ b/tests/ro_sharing/plugin.c @@ -5,10 +5,10 @@ RUN: cat ro_sharing_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s #include #include +#include #include #include #include -#include #define IA2_COMPARTMENT 2 #include diff --git a/tests/shared_data/access_shared.c b/tests/shared_data/access_shared.c index 5e07992b3a..7dbbae0da8 100644 --- a/tests/shared_data/access_shared.c +++ b/tests/shared_data/access_shared.c @@ -1,21 +1,20 @@ /* RUN: cat shared_data_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s */ -#include #include "access_shared.h" #include - +#include // LINKARGS: --wrap=read_shared uint8_t read_shared(uint8_t *shared) { - cr_log_info("read %d from shared variable\n", *shared); - return *shared; + cr_log_info("read %d from shared variable\n", *shared); + return *shared; } // LINKARGS: --wrap=write_shared uint8_t write_shared(uint8_t *shared, uint8_t new_value) { - uint8_t old_value = *shared; - cr_log_info("writing %d to shared variable\n", new_value); - *shared = new_value; - return old_value; + uint8_t old_value = *shared; + cr_log_info("writing %d to shared variable\n", new_value); + *shared = new_value; + return old_value; } diff --git a/tests/shared_data/main.c b/tests/shared_data/main.c index 976d0961e0..f0bef8e3bb 100644 --- a/tests/shared_data/main.c +++ b/tests/shared_data/main.c @@ -1,30 +1,30 @@ /* RUN: sh -c 'if [ ! -s "shared_data_call_gates_0.ld" ]; then echo "No link args as expected"; exit 0; fi; echo "Unexpected link args"; exit 1;' */ -#include +#include "access_shared.h" #include #include -#include "access_shared.h" #include +#include INIT_RUNTIME(1); #define IA2_COMPARTMENT 1 #include -uint8_t shared_val[4097] IA2_SHARED_DATA = { 0 }; +uint8_t shared_val[4097] IA2_SHARED_DATA = {0}; void check_shared_access(uint8_t *shared) { - uint8_t original = *shared; - uint8_t result = read_shared(shared); - cr_assert(original == *shared); - cr_assert(original == result); - uint8_t old_val = write_shared(shared, original + 1); - cr_assert(original == old_val); + uint8_t original = *shared; + uint8_t result = read_shared(shared); + cr_assert(original == *shared); + cr_assert(original == result); + uint8_t old_val = write_shared(shared, original + 1); + cr_assert(original == old_val); } Test(shared_data, main) { - shared_val[0] = 23; - shared_val[4096] = 254; - check_shared_access(&shared_val[0]); - check_shared_access(&shared_val[4096]); + shared_val[0] = 23; + shared_val[4096] = 254; + check_shared_access(&shared_val[0]); + check_shared_access(&shared_val[4096]); } \ No newline at end of file diff --git a/tests/should_segfault/main.c b/tests/should_segfault/main.c index 71b0772768..eab24dad0b 100644 --- a/tests/should_segfault/main.c +++ b/tests/should_segfault/main.c @@ -1,14 +1,12 @@ /* RUN: sh -c 'if [ ! -s "should_segfault_call_gates_0.ld" ]; then echo "No link args as expected"; exit 0; fi; echo "Unexpected link args"; exit 1;' */ +#include #include +#include +#include #include #include -#include -#include -#include - - INIT_RUNTIME(1); #define IA2_COMPARTMENT 1 @@ -23,11 +21,11 @@ uint32_t secret = 0xdeadbeef; // CHECK_VIOLATION results in a exit code of -1 (255). Test(should_segfault, main) { - cr_assert(secret); - print_secret(); + cr_assert(secret); + print_secret(); } Test(should_segfault, early_fault, .exit_code = 255) { - do_early_fault(); - print_secret(); + do_early_fault(); + print_secret(); } diff --git a/tests/should_segfault/print_secret.c b/tests/should_segfault/print_secret.c index 1b86cba923..96bdbe065e 100644 --- a/tests/should_segfault/print_secret.c +++ b/tests/should_segfault/print_secret.c @@ -1,13 +1,12 @@ /* RUN: cat should_segfault_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s */ +#include "print_secret.h" #include +#include +#include #include #include -#include -#include -#include "print_secret.h" - static bool early_fault = false; @@ -15,13 +14,13 @@ static bool early_fault = false; // different message than in the mpk violation case. // LINKARGS: --wrap=do_early_fault void do_early_fault() { - early_fault = true; + early_fault = true; } // LINKARGS: --wrap=print_secret void print_secret() { - if (early_fault) { - raise(SIGSEGV); - } - cr_assert(CHECK_VIOLATION(secret)); + if (early_fault) { + raise(SIGSEGV); + } + cr_assert(CHECK_VIOLATION(secret)); } diff --git a/tests/sighandler/lib.c b/tests/sighandler/lib.c index e35eefc35c..a45017dbca 100644 --- a/tests/sighandler/lib.c +++ b/tests/sighandler/lib.c @@ -3,12 +3,9 @@ RUN: cat sighandler_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s */ #include "lib.h" -#include #include #include - - - +#include #define IA2_COMPARTMENT 2 #include @@ -17,42 +14,42 @@ extern int main_secret; int lib_secret = 4; struct handler { - IA2_IGNORE(void (*handler)(int sig)); + IA2_IGNORE(void (*handler)(int sig)); }; void trap_handler_lib(int sig) { - volatile int test = lib_secret; - volatile int test2 = CHECK_VIOLATION(main_secret); + volatile int test = lib_secret; + volatile int test2 = CHECK_VIOLATION(main_secret); }; IA2_DEFINE_SIGHANDLER(trap_handler_lib, 2); // LINKARGS: --wrap=test_handler_from_lib void test_handler_from_lib(void) { - raise(SIGTRAP); + raise(SIGTRAP); } void install_sighandler_lib(struct handler *h) { - static struct sigaction sa; - memset(&sa, 0, sizeof(struct sigaction)); - sigemptyset(&(sa.sa_mask)); - - if (h) { - sa.sa_handler = h->handler; - } else { - sa.sa_handler = IA2_SIGHANDLER(trap_handler_lib); - } - sigaction(SIGTRAP, &sa, NULL); - cr_log_info("Installed SIGTRAP handler in lib"); + static struct sigaction sa; + memset(&sa, 0, sizeof(struct sigaction)); + sigemptyset(&(sa.sa_mask)); + + if (h) { + sa.sa_handler = h->handler; + } else { + sa.sa_handler = IA2_SIGHANDLER(trap_handler_lib); + } + sigaction(SIGTRAP, &sa, NULL); + cr_log_info("Installed SIGTRAP handler in lib"); } void install_sighandler_in_lib(bool rewrite) { - if (rewrite) { - install_sighandler_lib(NULL); - } else { - static struct handler h = { - .handler = IA2_SIGHANDLER(trap_handler_lib), - }; - install_sighandler_lib(&h); - } + if (rewrite) { + install_sighandler_lib(NULL); + } else { + static struct handler h = { + .handler = IA2_SIGHANDLER(trap_handler_lib), + }; + install_sighandler_lib(&h); + } } diff --git a/tests/sighandler/main.c b/tests/sighandler/main.c index f3f18cbf97..9b03b7f724 100644 --- a/tests/sighandler/main.c +++ b/tests/sighandler/main.c @@ -4,10 +4,9 @@ We need this because lib.c uses LINKARGS checks but not this file. */ #include "lib.h" -#include -#include #include - +#include +#include #include @@ -15,52 +14,51 @@ INIT_RUNTIME(2); #define IA2_COMPARTMENT 1 #include - struct handler { - IA2_IGNORE(void (*handler)(int sig)); + IA2_IGNORE(void (*handler)(int sig)); }; int main_secret = 3; void trap_handler(int sig) { - volatile int test = main_secret; - volatile int test2 = CHECK_VIOLATION(lib_secret); + volatile int test = main_secret; + volatile int test2 = CHECK_VIOLATION(lib_secret); }; IA2_DEFINE_SIGHANDLER(trap_handler, 1); void install_sighandler(struct handler *h) { - static struct sigaction sa; - memset(&sa, 0, sizeof(struct sigaction)); - sigemptyset(&(sa.sa_mask)); + static struct sigaction sa; + memset(&sa, 0, sizeof(struct sigaction)); + sigemptyset(&(sa.sa_mask)); - if (h) { - sa.sa_handler = h->handler; - } else { - sa.sa_handler = IA2_SIGHANDLER(trap_handler); - } - sigaction(SIGTRAP, &sa, NULL); + if (h) { + sa.sa_handler = h->handler; + } else { + sa.sa_handler = IA2_SIGHANDLER(trap_handler); + } + sigaction(SIGTRAP, &sa, NULL); } Test(sighandler, main_rewriter) { - install_sighandler(NULL); - raise(SIGTRAP); + install_sighandler(NULL); + raise(SIGTRAP); } Test(sighandler, main_ignore) { - static struct handler h = { - .handler = IA2_SIGHANDLER(trap_handler), - }; - install_sighandler(&h); - raise(SIGTRAP); + static struct handler h = { + .handler = IA2_SIGHANDLER(trap_handler), + }; + install_sighandler(&h); + raise(SIGTRAP); } Test(sighandler, lib_rewriter) { - install_sighandler_in_lib(true); - test_handler_from_lib(); + install_sighandler_in_lib(true); + test_handler_from_lib(); } Test(sighandler, lib_ignore) { - install_sighandler_in_lib(false); - test_handler_from_lib(); + install_sighandler_in_lib(false); + test_handler_from_lib(); } \ No newline at end of file diff --git a/tests/simple1/include/simple1.h b/tests/simple1/include/simple1.h index c730e78e06..7962492f07 100644 --- a/tests/simple1/include/simple1.h +++ b/tests/simple1/include/simple1.h @@ -10,8 +10,7 @@ struct SimpleCallbacks { typedef int (*SimpleMapFn)(int); struct Simple *simple_new(struct SimpleCallbacks); -void simple_reset(struct Simple*); -void simple_destroy(struct Simple*); -void simple_foreach_v1(struct Simple*, int (*)(int)); -void simple_foreach_v2(struct Simple*, SimpleMapFn); - +void simple_reset(struct Simple *); +void simple_destroy(struct Simple *); +void simple_foreach_v1(struct Simple *, int (*)(int)); +void simple_foreach_v2(struct Simple *, SimpleMapFn); diff --git a/tests/simple1/main.c b/tests/simple1/main.c index e8a3c2abf5..5df0b1ee75 100644 --- a/tests/simple1/main.c +++ b/tests/simple1/main.c @@ -4,7 +4,6 @@ RUN: cat simple1_call_gates_0.ld | FileCheck --check-prefix=LINKARGS %s */ #include - #include #include #include diff --git a/tests/static_addr_taken/include/static_fns.h b/tests/static_addr_taken/include/static_fns.h index 9f399664fe..e29d8ca298 100644 --- a/tests/static_addr_taken/include/static_fns.h +++ b/tests/static_addr_taken/include/static_fns.h @@ -5,7 +5,7 @@ typedef void (*fn_ptr_ty)(void); static void inline_noop(void) { - printf("called %s defined in header\n", __func__); + printf("called %s defined in header\n", __func__); } fn_ptr_ty *get_ptrs_in_main(void); diff --git a/tests/static_addr_taken/lib.c b/tests/static_addr_taken/lib.c index 389f0e1306..59db921fd5 100644 --- a/tests/static_addr_taken/lib.c +++ b/tests/static_addr_taken/lib.c @@ -1,5 +1,5 @@ -#include #include +#include #define IA2_COMPARTMENT 2 #include @@ -7,18 +7,17 @@ #include "static_fns.h" static void duplicate_noop(void) { - printf("called %s in library\n", __func__); + printf("called %s in library\n", __func__); } static void identical_name(void) { - static int x = 4; - printf("%s in library read x = %d\n", __func__, x); + static int x = 4; + printf("%s in library read x = %d\n", __func__, x); } static fn_ptr_ty ptrs[3] IA2_SHARED_DATA = { - inline_noop, duplicate_noop, identical_name -}; + inline_noop, duplicate_noop, identical_name}; fn_ptr_ty *get_ptrs_in_lib(void) { - return ptrs; + return ptrs; } diff --git a/tests/static_addr_taken/main.c b/tests/static_addr_taken/main.c index 57b6ba7449..4489fc6a0d 100644 --- a/tests/static_addr_taken/main.c +++ b/tests/static_addr_taken/main.c @@ -1,5 +1,5 @@ -#include #include +#include INIT_RUNTIME(2); #define IA2_COMPARTMENT 1 @@ -8,11 +8,11 @@ INIT_RUNTIME(2); #include "static_fns.h" static void duplicate_noop(void) { - printf("called %s in main binary\n", __func__); + printf("called %s in main binary\n", __func__); } LOCAL void macro_attr_noop(void) { - printf("called %s in main binary\n", __func__); + printf("called %s in main binary\n", __func__); } // static void identical_name(void) { @@ -21,22 +21,24 @@ LOCAL void macro_attr_noop(void) { // } static fn_ptr_ty ptrs[] IA2_SHARED_DATA = { - inline_noop, duplicate_noop, /* identical_name, */ macro_attr_noop, + inline_noop, + duplicate_noop, + /* identical_name, */ macro_attr_noop, }; fn_ptr_ty *get_ptrs_in_main(void) { - return ptrs; + return ptrs; } Test(static_addr_taken, call_ptrs_in_main) { - for (int i = 0; i < sizeof(ptrs) / sizeof(ptrs[0]); i++) { - ptrs[i](); - } + for (int i = 0; i < sizeof(ptrs) / sizeof(ptrs[0]); i++) { + ptrs[i](); + } } Test(static_addr_taken, call_ptr_from_lib) { - fn_ptr_ty *lib_ptrs = get_ptrs_in_lib(); - for (int i = 0; i < 3; i++) { - lib_ptrs[i](); - } + fn_ptr_ty *lib_ptrs = get_ptrs_in_lib(); + for (int i = 0; i < 3; i++) { + lib_ptrs[i](); + } } diff --git a/tests/structs/main.c b/tests/structs/main.c index e5931a9854..8db90668f5 100644 --- a/tests/structs/main.c +++ b/tests/structs/main.c @@ -18,28 +18,46 @@ INIT_RUNTIME(1); #define EPSILON 0.0001f -#define check_close_float(name, val) \ - { cr_assert_lt(fabs(name(s) - (val)), EPSILON); } -#define check_field_float(name, val) \ - { cr_assert_lt(fabs(s.name - (val)), EPSILON); } +#define check_close_float(name, val) \ + { \ + cr_assert_lt(fabs(name(s) - (val)), EPSILON); \ + } +#define check_field_float(name, val) \ + { \ + cr_assert_lt(fabs(s.name - (val)), EPSILON); \ + } #define check_eq_int(name, val) \ - { cr_assert(name(s) == val); } + { \ + cr_assert(name(s) == val); \ + } #define check_field_int(name, val) \ - { cr_assert(s.name == val); } + { \ + cr_assert(s.name == val); \ + } -#define check_eq_size(name, val) \ - { cr_assert(name(s) == (size_t)val); } -#define check_field_size(name, val) \ - { cr_assert(s.name == (size_t)val); } +#define check_eq_size(name, val) \ + { \ + cr_assert(name(s) == (size_t)val); \ + } +#define check_field_size(name, val) \ + { \ + cr_assert(s.name == (size_t)val); \ + } -#define check_field_ptr(name, val) \ - { cr_assert(s.name == (void *)val); } +#define check_field_ptr(name, val) \ + { \ + cr_assert(s.name == (void *)val); \ + } -#define check_eq_i128(name, val) \ - { cr_assert(name(s) == (__int128)val); } -#define check_field_i128(name, val) \ - { cr_assert(s.name == (__int128)val); } +#define check_eq_i128(name, val) \ + { \ + cr_assert(name(s) == (__int128)val); \ + } +#define check_field_i128(name, val) \ + { \ + cr_assert(s.name == (__int128)val); \ + } Test(structs, main) { /* For each struct, test passing it to functions, returning it from functions diff --git a/tests/threads/main.c b/tests/threads/main.c index f9f77d7731..7717472d64 100644 --- a/tests/threads/main.c +++ b/tests/threads/main.c @@ -10,7 +10,6 @@ RUN: sh -c 'if [ ! -s "threads_call_gates_0.ld" ]; then echo "No link args as ex #include #include - #include INIT_RUNTIME(1); @@ -57,7 +56,7 @@ void *access_ptr_thread_fn(void *ptr) { int *x = (int *)ptr; cr_log_info("c1t3 accessing c1t1 thread-local: %d\n", *x); cr_log_info("c2t3 accessing c1t1 thread-local: %d\n", - CHECK_VIOLATION(library_access_int_ptr(x))); + CHECK_VIOLATION(library_access_int_ptr(x))); return NULL; } diff --git a/tests/three_keys_minimal/include/lib.h b/tests/three_keys_minimal/include/lib.h index f45821a036..94a39d3ca9 100644 --- a/tests/three_keys_minimal/include/lib.h +++ b/tests/three_keys_minimal/include/lib.h @@ -1,73 +1,74 @@ -#define DECLARE_LIB(lib_num, other_lib) \ - void lib_##lib_num##_noop(void); \ - void lib_##lib_num##_call_lib_##other_lib(void); \ - void lib_##lib_num##_call_main(void); \ - void lib_##lib_num##_call_loop(void); \ - int lib_##lib_num##_read(int *x); \ - void lib_##lib_num##_write(int *x, int newval); \ - int *lib_##lib_num##_get_static(void); \ - int *lib_##lib_num##_get_shared_static(void); \ - int *lib_##lib_num##_get_heap(void); \ - int *lib_##lib_num##_get_shared_heap(void); \ - int *lib_##lib_num##_get_tls(void); \ - void lib_##lib_num##_test_local(void); +#define DECLARE_LIB(lib_num, other_lib) \ + void lib_##lib_num##_noop(void); \ + void lib_##lib_num##_call_lib_##other_lib(void); \ + void lib_##lib_num##_call_main(void); \ + void lib_##lib_num##_call_loop(void); \ + int lib_##lib_num##_read(int *x); \ + void lib_##lib_num##_write(int *x, int newval); \ + int *lib_##lib_num##_get_static(void); \ + int *lib_##lib_num##_get_shared_static(void); \ + int *lib_##lib_num##_get_heap(void); \ + int *lib_##lib_num##_get_shared_heap(void); \ + int *lib_##lib_num##_get_tls(void); \ + void lib_##lib_num##_test_local(void); - -#define DEFINE_LIB(lib_num, other_lib) \ - void lib_##lib_num##_noop(void) { \ - } \ - \ - void lib_##lib_num##_call_lib_##other_lib(void) { \ - lib_##other_lib##_noop(); \ - } \ - \ - void lib_##lib_num##_call_main(void) { \ - main_noop(); \ - } \ - \ - void lib_##lib_num##_call_loop(void) { \ - lib_##other_lib##_call_main(); \ - } \ - \ - int lib_##lib_num##_read(int *x) { \ - if (!x) { \ - return -1; \ - } \ - return *x; \ - } \ - void lib_##lib_num##_write(int *x, int newval) { \ - if (!x) { *x = newval; } \ - } \ - int *lib_##lib_num##_get_static(void) { \ - static int x = 0; \ - return &x; \ - } \ - int *lib_##lib_num##_get_shared_static(void) { \ - static int x IA2_SHARED_DATA = 0; \ - return &x; \ - } \ - int *lib_##lib_num##_get_heap(void) { \ - static int *x = NULL; \ - if (!x) { \ - x = (int *)malloc(sizeof(*x)); \ - } \ - return x; \ - } \ - int *lib_##lib_num##_get_shared_heap(void) { \ - static int *x = NULL; \ - if (!x) { \ - x = (int *)shared_malloc(sizeof(*x)); \ - } \ - return x; \ - } \ - int *lib_##lib_num##_get_tls(void) { \ - thread_local static int x = 3; \ - return &x; \ - } \ - void lib_##lib_num##_test_local(void) { \ - int tmp = 3; \ - main_read(&tmp); \ - main_write(&tmp, tmp + 1); \ - lib_##other_lib##_read(&tmp); \ - lib_##other_lib##_write(&tmp, tmp + 1); \ - } +#define DEFINE_LIB(lib_num, other_lib) \ + void lib_##lib_num##_noop(void) { \ + } \ + \ + void lib_##lib_num##_call_lib_##other_lib(void) { \ + lib_##other_lib##_noop(); \ + } \ + \ + void lib_##lib_num##_call_main(void) { \ + main_noop(); \ + } \ + \ + void lib_##lib_num##_call_loop(void) { \ + lib_##other_lib##_call_main(); \ + } \ + \ + int lib_##lib_num##_read(int *x) { \ + if (!x) { \ + return -1; \ + } \ + return *x; \ + } \ + void lib_##lib_num##_write(int *x, int newval) { \ + if (!x) { \ + *x = newval; \ + } \ + } \ + int *lib_##lib_num##_get_static(void) { \ + static int x = 0; \ + return &x; \ + } \ + int *lib_##lib_num##_get_shared_static(void) { \ + static int x IA2_SHARED_DATA = 0; \ + return &x; \ + } \ + int *lib_##lib_num##_get_heap(void) { \ + static int *x = NULL; \ + if (!x) { \ + x = (int *)malloc(sizeof(*x)); \ + } \ + return x; \ + } \ + int *lib_##lib_num##_get_shared_heap(void) { \ + static int *x = NULL; \ + if (!x) { \ + x = (int *)shared_malloc(sizeof(*x)); \ + } \ + return x; \ + } \ + int *lib_##lib_num##_get_tls(void) { \ + thread_local static int x = 3; \ + return &x; \ + } \ + void lib_##lib_num##_test_local(void) { \ + int tmp = 3; \ + main_read(&tmp); \ + main_write(&tmp, tmp + 1); \ + lib_##other_lib##_read(&tmp); \ + lib_##other_lib##_write(&tmp, tmp + 1); \ + } diff --git a/tests/three_keys_minimal/lib_1.c b/tests/three_keys_minimal/lib_1.c index ebf85324f3..81eace6ac1 100644 --- a/tests/three_keys_minimal/lib_1.c +++ b/tests/three_keys_minimal/lib_1.c @@ -1,13 +1,13 @@ -#include #include +#include #define IA2_COMPARTMENT 3 #include #include "lib.h" -#include "main/main.h" #include "lib_2/lib_2.h" -#include +#include "main/main.h" #include +#include DEFINE_LIB(1, 2); diff --git a/tests/three_keys_minimal/lib_2.c b/tests/three_keys_minimal/lib_2.c index f0e4bc1509..3c5e48dc98 100644 --- a/tests/three_keys_minimal/lib_2.c +++ b/tests/three_keys_minimal/lib_2.c @@ -1,13 +1,13 @@ -#include #include +#include #define IA2_COMPARTMENT 2 #include #include "lib.h" -#include "main/main.h" #include "lib_1/lib_1.h" -#include +#include "main/main.h" #include +#include DEFINE_LIB(2, 1); diff --git a/tests/three_keys_minimal/main.c b/tests/three_keys_minimal/main.c index e13278fd6c..877ceaa4d7 100644 --- a/tests/three_keys_minimal/main.c +++ b/tests/three_keys_minimal/main.c @@ -1,8 +1,8 @@ #include "ia2_internal.h" #include "lib_1/lib_1.h" #include "lib_2/lib_2.h" -#include #include +#include INIT_RUNTIME(3); #define IA2_COMPARTMENT 1 @@ -10,11 +10,7 @@ INIT_RUNTIME(3); #include #include - - - -void main_noop(void) { -} +void main_noop(void) {} int main_read(int *x) { if (!x) { diff --git a/tests/tls_protected/library.c b/tests/tls_protected/library.c index d238ebd8d0..132933ff7a 100644 --- a/tests/tls_protected/library.c +++ b/tests/tls_protected/library.c @@ -1,5 +1,5 @@ /* -*/ + */ // Check that readelf shows exactly one executable segment #include "library.h" diff --git a/tests/tls_protected/main.c b/tests/tls_protected/main.c index 5f9319ce12..ada7534e22 100644 --- a/tests/tls_protected/main.c +++ b/tests/tls_protected/main.c @@ -6,7 +6,6 @@ #include #include - #include INIT_RUNTIME(2); diff --git a/tests/trusted_direct/include/main/exported_fn.h b/tests/trusted_direct/include/main/exported_fn.h index 0859edde51..2ae26d19b8 100644 --- a/tests/trusted_direct/include/main/exported_fn.h +++ b/tests/trusted_direct/include/main/exported_fn.h @@ -1,6 +1,6 @@ #pragma once -#include #include +#include void print_message(void); diff --git a/tests/trusted_direct/main.c b/tests/trusted_direct/main.c index 87ff0bdde1..c845aa2723 100644 --- a/tests/trusted_direct/main.c +++ b/tests/trusted_direct/main.c @@ -7,10 +7,8 @@ RUN: cat trusted_direct_call_gates_0.ld | FileCheck --check-prefix=LINKARGS %s #include #include -#include #include "plugin.h" - - +#include // This test checks that an untrusted library can call a trusted main binary. An // MPK violation is triggered from the untrusted library if no arguments are @@ -24,18 +22,18 @@ uint32_t secret = 0x09431233; bool clean_exit IA2_SHARED_DATA = false; -//LINKARGS: --wrap=print_message +// LINKARGS: --wrap=print_message void print_message(void) { - cr_log_info("%s: the secret 0x%" PRIx32 " is defined in the main binary\n", __func__, secret); - cr_assert(secret == 0x09431233); + cr_log_info("%s: the secret 0x%" PRIx32 " is defined in the main binary\n", __func__, secret); + cr_assert(secret == 0x09431233); } Test(trusted_direct, no_clean_exit) { - clean_exit = false; - start_plugin(); + clean_exit = false; + start_plugin(); } Test(trusted_direct, clean_exit) { - clean_exit = true; - start_plugin(); + clean_exit = true; + start_plugin(); } diff --git a/tests/trusted_direct/plugin.c b/tests/trusted_direct/plugin.c index 0cc9d1407a..89e62bf43a 100644 --- a/tests/trusted_direct/plugin.c +++ b/tests/trusted_direct/plugin.c @@ -5,13 +5,12 @@ RUN: cat trusted_direct_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s #include "exported_fn.h" - // LINKARGS: --wrap=start_plugin void start_plugin(void) { - cr_log_info("%s: this is defined in the plugin\n", __func__); - print_message(); - if (!clean_exit) { - cr_log_info("%s: the secret is %d\n", __func__, CHECK_VIOLATION(secret)); - cr_fatal("Should have segfaulted on cross-boundary access"); - } + cr_log_info("%s: this is defined in the plugin\n", __func__); + print_message(); + if (!clean_exit) { + cr_log_info("%s: the secret is %d\n", __func__, CHECK_VIOLATION(secret)); + cr_fatal("Should have segfaulted on cross-boundary access"); + } } diff --git a/tests/trusted_indirect/include/rand_op.h b/tests/trusted_indirect/include/rand_op.h index c32a024a83..452bc31561 100644 --- a/tests/trusted_indirect/include/rand_op.h +++ b/tests/trusted_indirect/include/rand_op.h @@ -2,11 +2,11 @@ #include // CHECK: typedef struct IA2_fnptr__ZTSPFjjjE binary_op; -typedef uint32_t(*binary_op)(uint32_t, uint32_t); +typedef uint32_t (*binary_op)(uint32_t, uint32_t); typedef struct function_s { - binary_op op; - const char *name; + binary_op op; + const char *name; } function_t; void swap_function(void); diff --git a/tests/trusted_indirect/main.c b/tests/trusted_indirect/main.c index 10efdf062a..6ab98c16d2 100644 --- a/tests/trusted_indirect/main.c +++ b/tests/trusted_indirect/main.c @@ -7,8 +7,6 @@ RUN: sh -c 'if [ ! -s "trusted_indirect_call_gates_0.ld" ]; then echo "No link a #include "rand_op.h" #include - - /* This program tests that a trusted binary can receive and call function pointers from an untrusted shared library. @@ -23,56 +21,56 @@ bool clean_exit IA2_SHARED_DATA = false; // Declare some functions to ensure that we can call a function pointer regardless of whether it // points to an untrusted shared library or this binary. uint32_t multiply(uint32_t x, uint32_t y) { - return x * y; + return x * y; } static uint32_t divide(uint32_t x, uint32_t y) { - return x / y; + return x / y; } void call_fn_ptr() { - function_t f = get_function(); - cr_log_info("Got the function %s from the library\n", f.name); - uint32_t x = 987234; - uint32_t y = 142151; - // This calls `f.op` with and without parentheses to ensure the rewriter handles both - // REWRITER: uint32_t res1 = IA2_CALL(f.op, _ZTSPFjjjE, x, y); - uint32_t res1 = f.op(x, y); - // REWRITER: f.op = IA2_FN(multiply); - f.op = multiply; - // REWRITER: uint32_t res2 = IA2_CALL((f.op), _ZTSPFjjjE, x, y); - uint32_t res2 = (f.op)(x, y); - cr_assert_eq(res2, 2897346862); - // REWRITER: f.op = IA2_FN(divide); - f.op = divide; - // REWRITER: uint32_t res3 = IA2_CALL(f.op, _ZTSPFjjjE, x, y); - uint32_t res3 = f.op(x, y); - cr_assert_eq(res3, 6); + function_t f = get_function(); + cr_log_info("Got the function %s from the library\n", f.name); + uint32_t x = 987234; + uint32_t y = 142151; + // This calls `f.op` with and without parentheses to ensure the rewriter handles both + // REWRITER: uint32_t res1 = IA2_CALL(f.op, _ZTSPFjjjE, x, y); + uint32_t res1 = f.op(x, y); + // REWRITER: f.op = IA2_FN(multiply); + f.op = multiply; + // REWRITER: uint32_t res2 = IA2_CALL((f.op), _ZTSPFjjjE, x, y); + uint32_t res2 = (f.op)(x, y); + cr_assert_eq(res2, 2897346862); + // REWRITER: f.op = IA2_FN(divide); + f.op = divide; + // REWRITER: uint32_t res3 = IA2_CALL(f.op, _ZTSPFjjjE, x, y); + uint32_t res3 = f.op(x, y); + cr_assert_eq(res3, 6); } void do_test() { - // Test calling a function pointer with one of the shared library's functions - call_fn_ptr(); + // Test calling a function pointer with one of the shared library's functions + call_fn_ptr(); - // Test calling a function pointer with the other shared library function. - swap_function(); - call_fn_ptr(); + // Test calling a function pointer with the other shared library function. + swap_function(); + call_fn_ptr(); - // Test a that segfault occurs if the pointee tries to access memory it shouldn't - function_t f = get_bad_function(); + // Test a that segfault occurs if the pointee tries to access memory it shouldn't + function_t f = get_bad_function(); - static uint32_t secret = 34; - leak_secret_address(&secret); - // REWRITER: IA2_CALL((f.op), _ZTSPFjjjE, 0, 0); - (f.op)(0, 0); + static uint32_t secret = 34; + leak_secret_address(&secret); + // REWRITER: IA2_CALL((f.op), _ZTSPFjjjE, 0, 0); + (f.op)(0, 0); } Test(trusted_indirect, no_clean_exit) { - clean_exit = false; - do_test(); + clean_exit = false; + do_test(); } Test(trusted_indirect, clean_exit) { - clean_exit = true; - do_test(); + clean_exit = true; + do_test(); } diff --git a/tests/trusted_indirect/rand_op.c b/tests/trusted_indirect/rand_op.c index cc7e542867..5f8ccc9ab2 100644 --- a/tests/trusted_indirect/rand_op.c +++ b/tests/trusted_indirect/rand_op.c @@ -4,10 +4,8 @@ RUN: cat trusted_indirect_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s #include - -#include #include "rand_op.h" - +#include // This library either returns a pointer to `add` or to `sub`. One of the functions is static and // the other is part of the public API to ensure that both types of cross-compartment function @@ -18,52 +16,52 @@ static bool fn_is_add = true; static uint32_t *secret_address = NULL; uint32_t add(uint32_t x, uint32_t y) { - return x + y; + return x + y; } static uint32_t steal_secret(uint32_t x, uint32_t y) { - if (!clean_exit) { - if (secret_address) { - cr_log_info("the secret is %x\n", CHECK_VIOLATION(*secret_address)); - cr_fatal("Should have segfaulted here"); - } + if (!clean_exit) { + if (secret_address) { + cr_log_info("the secret is %x\n", CHECK_VIOLATION(*secret_address)); + cr_fatal("Should have segfaulted here"); } - return 0; + } + return 0; } // LINKARGS: --wrap=get_bad_function function_t get_bad_function(void) { - function_t f = (function_t){ - .name = "", - .op = steal_secret, - }; - return f; + function_t f = (function_t){ + .name = "", + .op = steal_secret, + }; + return f; } // LINKARGS: --wrap=get_function function_t get_function(void) { - function_t f; - if (fn_is_add) { - f.name = "add"; - f.op = add; - } else { - f.name = "sub"; - f.op = sub; - } - return f; + function_t f; + if (fn_is_add) { + f.name = "add"; + f.op = add; + } else { + f.name = "sub"; + f.op = sub; + } + return f; } // LINKARGS: --wrap=leak_secret_address void leak_secret_address(uint32_t *addr) { - secret_address = addr; + secret_address = addr; } // LINKARGS: --wrap=sub uint32_t sub(uint32_t x, uint32_t y) { - return x - y; + return x - y; } // LINKARGS: --wrap=swap_function void swap_function(void) { - fn_is_add = !fn_is_add; + fn_is_add = !fn_is_add; } diff --git a/tests/two_keys_minimal/include/main/exported_fn.h b/tests/two_keys_minimal/include/main/exported_fn.h index c0b933893d..ece5f5771b 100644 --- a/tests/two_keys_minimal/include/main/exported_fn.h +++ b/tests/two_keys_minimal/include/main/exported_fn.h @@ -1,6 +1,6 @@ #pragma once -#include #include +#include void print_message(void); diff --git a/tests/two_keys_minimal/main.c b/tests/two_keys_minimal/main.c index 76d26ff3ae..593f527108 100644 --- a/tests/two_keys_minimal/main.c +++ b/tests/two_keys_minimal/main.c @@ -7,12 +7,10 @@ RUN: cat two_keys_minimal_call_gates_2.ld | FileCheck --check-prefix=LINKARGS %s #include +#include "plugin.h" +#include #include #include -#include -#include "plugin.h" - - // This test uses two protection keys INIT_RUNTIME(2); @@ -31,26 +29,26 @@ bool clean_exit IA2_SHARED_DATA = false; // LINKARGS: --wrap=print_message void print_message(void) { - cr_log_info("this is defined in the main binary"); - if (debug_mode) { - cr_log_info("the main secret is at %p", &secret); - } - cr_assert(secret == 0x09431233); - if (steal_plugin_secret) { - cr_assert(CHECK_VIOLATION(plugin_secret) == 0x78341244); - } + cr_log_info("this is defined in the main binary"); + if (debug_mode) { + cr_log_info("the main secret is at %p", &secret); + } + cr_assert(secret == 0x09431233); + if (steal_plugin_secret) { + cr_assert(CHECK_VIOLATION(plugin_secret) == 0x78341244); + } } Test(two_keys, main) { - start_plugin(); + start_plugin(); } Test(two_keys, plugin) { - steal_plugin_secret = true; - start_plugin(); + steal_plugin_secret = true; + start_plugin(); } Test(two_keys, clean_exit) { - clean_exit = true; - start_plugin(); + clean_exit = true; + start_plugin(); } diff --git a/tests/two_keys_minimal/plugin.c b/tests/two_keys_minimal/plugin.c index b8b84c929e..347427ddb6 100644 --- a/tests/two_keys_minimal/plugin.c +++ b/tests/two_keys_minimal/plugin.c @@ -6,10 +6,9 @@ RUN: cat two_keys_minimal_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s #include -#include -#include #include "exported_fn.h" - +#include +#include #define IA2_COMPARTMENT 2 #include @@ -20,13 +19,13 @@ extern bool clean_exit; // LINKARGS: --wrap=start_plugin void start_plugin(void) { - cr_log_info("this is defined in the plugin"); - if (debug_mode) { - cr_log_info("the plugin secret is at %p", &plugin_secret); - } - cr_assert(plugin_secret == 0x78341244); - print_message(); - if (!clean_exit) { - cr_assert(CHECK_VIOLATION(secret) == 0x09431233); - } + cr_log_info("this is defined in the plugin"); + if (debug_mode) { + cr_log_info("the plugin secret is at %p", &plugin_secret); + } + cr_assert(plugin_secret == 0x78341244); + print_message(); + if (!clean_exit) { + cr_assert(CHECK_VIOLATION(secret) == 0x09431233); + } } diff --git a/tests/two_shared_ranges/include/main/exported_fn.h b/tests/two_shared_ranges/include/main/exported_fn.h index dc884bbe09..7ad8543453 100644 --- a/tests/two_shared_ranges/include/main/exported_fn.h +++ b/tests/two_shared_ranges/include/main/exported_fn.h @@ -1,6 +1,6 @@ #pragma once -#include #include +#include void print_message(void); diff --git a/tests/two_shared_ranges/main.c b/tests/two_shared_ranges/main.c index b3e4027e3f..a660ae468a 100644 --- a/tests/two_shared_ranges/main.c +++ b/tests/two_shared_ranges/main.c @@ -6,11 +6,9 @@ RUN: cat two_shared_ranges_call_gates_2.ld | FileCheck --check-prefix=LINKARGS % #include -#include -#include #include "plugin.h" - - +#include +#include // This test uses two protection keys INIT_RUNTIME(2); @@ -26,26 +24,26 @@ bool clean_exit IA2_SHARED_DATA = false; // LINKARGS: --wrap=print_message void print_message(void) { - cr_log_info("this is defined in the main binary"); - cr_log_info("the main secret is at %p", &secret); - cr_log_info("the plugin shared data is at %p", &plugin_shared); - cr_log_info("the main secret is %x", secret); - cr_log_info("the plugin shared data is %x", plugin_shared); - if (steal_plugin_secret) { - cr_log_info("the plugin secret is %x\n", CHECK_VIOLATION(plugin_secret)); - } + cr_log_info("this is defined in the main binary"); + cr_log_info("the main secret is at %p", &secret); + cr_log_info("the plugin shared data is at %p", &plugin_shared); + cr_log_info("the main secret is %x", secret); + cr_log_info("the plugin shared data is %x", plugin_shared); + if (steal_plugin_secret) { + cr_log_info("the plugin secret is %x\n", CHECK_VIOLATION(plugin_secret)); + } } Test(two_shared_ranges, main) { - start_plugin(); + start_plugin(); } Test(two_shared_ranges, plugin) { - steal_plugin_secret = true; - start_plugin(); + steal_plugin_secret = true; + start_plugin(); } Test(two_shared_ranges, clean_exit) { - clean_exit = true; - start_plugin(); + clean_exit = true; + start_plugin(); } \ No newline at end of file diff --git a/tests/two_shared_ranges/plugin.c b/tests/two_shared_ranges/plugin.c index 16faff0e0a..598a58be98 100644 --- a/tests/two_shared_ranges/plugin.c +++ b/tests/two_shared_ranges/plugin.c @@ -4,11 +4,9 @@ RUN: cat two_shared_ranges_call_gates_1.ld | FileCheck --check-prefix=LINKARGS % // Check that readelf shows exactly one executable segment - -#include -#include #include "exported_fn.h" - +#include +#include #define IA2_COMPARTMENT 2 #include @@ -20,13 +18,13 @@ extern bool clean_exit; // LINKARGS: --wrap=start_plugin void start_plugin(void) { - cr_log_info("this is defined in the plugin"); - cr_log_info("the plugin secret is at %p", &plugin_secret); - cr_log_info("the main shared data is at %p", &shared); - cr_log_info("the plugin secret is %x", plugin_secret); - cr_log_info("the main shared data is %x", shared); - print_message(); - if (!clean_exit) { - cr_log_info("the main secret is %x", CHECK_VIOLATION(secret)); - } + cr_log_info("this is defined in the plugin"); + cr_log_info("the plugin secret is at %p", &plugin_secret); + cr_log_info("the main shared data is at %p", &shared); + cr_log_info("the plugin secret is %x", plugin_secret); + cr_log_info("the main shared data is %x", shared); + print_message(); + if (!clean_exit) { + cr_log_info("the main secret is %x", CHECK_VIOLATION(secret)); + } } diff --git a/tests/untrusted_indirect/foo.c b/tests/untrusted_indirect/foo.c index 2b0606dcc9..5c35d9b643 100644 --- a/tests/untrusted_indirect/foo.c +++ b/tests/untrusted_indirect/foo.c @@ -3,14 +3,13 @@ RUN: cat untrusted_indirect_call_gates_1.ld | FileCheck --check-prefix=LINKARGS */ #include -#include #include "foo.h" - +#include extern bool clean_exit; uint64_t pick_lhs(uint64_t x, uint64_t y) { - return x; + return x; } static callback_t function = pick_lhs; @@ -19,27 +18,27 @@ static uint64_t last_result = 0; // LINKARGS: --wrap=apply_callback // Applies a binary operation to the args using either a registered callback or an internal default function. uint64_t apply_callback(uint64_t x, uint64_t y) { - last_result = function(x, y); - return last_result; + last_result = function(x, y); + return last_result; } // LINKARGS: --wrap=register_callback bool register_callback(callback_t cb) { - if (!cb) { - return false; - } - function = cb; - return true; + if (!cb) { + return false; + } + function = cb; + return true; } // LINKARGS: --wrap=unregister_callback void unregister_callback() { - function = pick_lhs; - if (last_result) { - if (!clean_exit) { - // Check for an mpk violation when the library tries to read the main binary's memory - uint64_t stolen_secret = CHECK_VIOLATION(*(uint64_t *)last_result); - cr_fatal("Did not segfault on boundary violation"); - } + function = pick_lhs; + if (last_result) { + if (!clean_exit) { + // Check for an mpk violation when the library tries to read the main binary's memory + uint64_t stolen_secret = CHECK_VIOLATION(*(uint64_t *)last_result); + cr_fatal("Did not segfault on boundary violation"); } + } } diff --git a/tests/untrusted_indirect/include/foo.h b/tests/untrusted_indirect/include/foo.h index 16c3d6a23e..1c2687a740 100644 --- a/tests/untrusted_indirect/include/foo.h +++ b/tests/untrusted_indirect/include/foo.h @@ -4,7 +4,7 @@ #include // CHECK: typedef struct IA2_fnptr__ZTSPFmmmE callback_t; -typedef uint64_t(*callback_t)(uint64_t, uint64_t); +typedef uint64_t (*callback_t)(uint64_t, uint64_t); bool register_callback(callback_t cb); uint64_t apply_callback(uint64_t x, uint64_t y); diff --git a/tests/untrusted_indirect/main.c b/tests/untrusted_indirect/main.c index ae72570ab1..43b35013b9 100644 --- a/tests/untrusted_indirect/main.c +++ b/tests/untrusted_indirect/main.c @@ -3,11 +3,9 @@ RUN: sh -c 'if [ ! -s "untrusted_indirect_call_gates_0.ld" ]; then echo "No link */ #include -#include #include "foo.h" #include - - +#include INIT_RUNTIME(1); #define IA2_COMPARTMENT 1 @@ -34,51 +32,54 @@ uint32_t uninit_var __attribute__((section("my_uninit_var_section"))) __attribut bool clean_exit IA2_SHARED_DATA = false; // Declare some new sections with different flags. -__asm__(".section my_alloc_section, \"a\"\n\ +__asm__( + ".section my_alloc_section, \"a\"\n\ .byte 0\n\ .previous"); -__asm__(".section my_write_section, \"w\"\n\ +__asm__( + ".section my_write_section, \"w\"\n\ .byte 0\n\ .previous"); -__asm__(".section my_executable_section, \"x\"\n\ +__asm__( + ".section my_executable_section, \"x\"\n\ .byte 0\n\ .previous"); // Place a function in a custom section. __attribute__((section("my_fn_section"))) uint64_t pick_rhs(uint64_t x, uint64_t y) { - return y; + return y; } static uint64_t secret = 0xcafed00d; uint64_t leak_secret_address(uint64_t x, uint64_t y) { - return (uint64_t)&secret; + return (uint64_t)&secret; } void do_test() { - cr_log_info("TRUSTED: the secret is 0x%lx\n", secret); - cr_log_info("0x%lx\n", apply_callback(1, 2)); + cr_log_info("TRUSTED: the secret is 0x%lx\n", secret); + cr_log_info("0x%lx\n", apply_callback(1, 2)); - // REWRITER: register_callback(IA2_FN(pick_rhs)); - register_callback(pick_rhs); - cr_log_info("0x%lx\n", apply_callback(3, 4)); + // REWRITER: register_callback(IA2_FN(pick_rhs)); + register_callback(pick_rhs); + cr_log_info("0x%lx\n", apply_callback(3, 4)); - // REWRITER: register_callback(IA2_FN(leak_secret_address)); - register_callback(leak_secret_address); - cr_log_info("TRUSTED: oops we leaked the address of the secret\n"); - apply_callback(5, 6); + // REWRITER: register_callback(IA2_FN(leak_secret_address)); + register_callback(leak_secret_address); + cr_log_info("TRUSTED: oops we leaked the address of the secret\n"); + apply_callback(5, 6); - unregister_callback(); + unregister_callback(); } Test(untrusted_indirect, no_clean_exit) { - clean_exit = false; - do_test(); + clean_exit = false; + do_test(); } Test(untrusted_indirect, clean_exit) { - clean_exit = true; - do_test(); + clean_exit = true; + do_test(); } \ No newline at end of file diff --git a/tools/rewriter/GenCallAsm.cpp b/tools/rewriter/GenCallAsm.cpp index c937a07c52..adc6c88571 100644 --- a/tools/rewriter/GenCallAsm.cpp +++ b/tools/rewriter/GenCallAsm.cpp @@ -525,8 +525,8 @@ static void x86_emit_intermediate_pkru(AsmWriter &aw, uint32_t caller_pkey, uint static void emit_copy_args(AsmWriter &aw, const std::vector &args, const std::optional> &wrapper_args, - size_t stack_return_size, size_t stack_return_padding, int stack_alignment, - size_t stack_arg_size, size_t stack_arg_padding, size_t wrapper_stack_arg_size, + size_t stack_return_size, size_t stack_return_padding, int stack_alignment, + size_t stack_arg_size, size_t stack_arg_padding, size_t wrapper_stack_arg_size, uint32_t caller_pkey, Arch arch) { if (arch == Arch::X86) { // When returning via memory, the address of the return value is passed in @@ -588,7 +588,7 @@ static void emit_copy_args(AsmWriter &aw, const std::vector &args, src_arg++; dest_arg++; } - + add_asm_line(aw, "movq %"s + src_arg->as_str() + ", %r12"); src_arg++; for (; dest_arg != args.end(); src_arg++, dest_arg++) { diff --git a/tools/rewriter/GenCallAsm.h b/tools/rewriter/GenCallAsm.h index 9b06bffaa3..64dc44ece8 100644 --- a/tools/rewriter/GenCallAsm.h +++ b/tools/rewriter/GenCallAsm.h @@ -17,7 +17,8 @@ enum class WrapperKind { }; enum class Arch { - Aarch64, X86 + Aarch64, + X86 }; extern bool enable_dav1d_get_picture_post_condition; diff --git a/tools/rewriter/SourceRewriter.cpp b/tools/rewriter/SourceRewriter.cpp index 89845076f7..841a1926c2 100644 --- a/tools/rewriter/SourceRewriter.cpp +++ b/tools/rewriter/SourceRewriter.cpp @@ -571,16 +571,17 @@ class FnPtrCall : public RefactoringCallback { std::string new_expr = "IA2_CALL("s + old_callee.str() + ", " + mangled_ty; - + for (auto const &arg : fn_ptr_call->arguments()) { - new_expr += ", " + clang::Lexer::getSourceText( - clang::CharSourceRange::getTokenRange(arg->getSourceRange()), sm, - ctxt.getLangOpts()) - .str(); + new_expr += ", " + + clang::Lexer::getSourceText( + clang::CharSourceRange::getTokenRange(arg->getSourceRange()), sm, + ctxt.getLangOpts()) + .str(); } new_expr += ")"; - auto char_range = + auto char_range = clang::CharSourceRange::getTokenRange(fn_ptr_call->getSourceRange()); if (in_macro_expansion(char_range.getBegin(), sm)) {