Merge pull request #161 from devnexen/solaris_sys_support

struct · web-flow · commit 1457da7e074d · 2022-12-03T16:42:29.000-05:00
solaris/illumos platform minimal support.
diff --git a/Makefile b/Makefile
@@ -183,6 +183,8 @@ AUTO_CTOR_DTOR = -DAUTO_CTOR_DTOR=1
 ## that call free will segfault
 ISO_DTOR_CLEANUP = -DISO_DTOR_CLEANUP=0
 
+LTO = -flto
+
 LIBNAME = libisoalloc.so
 
 UNAME := $(shell uname)
@@ -223,6 +225,16 @@ STRIP = strip -s $(BUILD_DIR)/$(LIBNAME)
 HUGE_PAGES =
 endif
 
+ifeq ($(UNAME), SunOS)
+STRIP = strip -s $(BUILD_DIR)/$(LIBNAME)
+# this platform is both 32 and 64 bits
+# we have to be explicit
+CFLAGS += -m64
+CXXFLAGS += -m64
+LTO =
+HUGE_PAGES =
+endif
+
 HOOKS = $(MALLOC_HOOK)
 OPTIMIZE = -O2 -fstrict-aliasing -Wstrict-aliasing
 COMMON_CFLAGS = -Wall -Iinclude/ $(THREAD_SUPPORT) $(PRE_POPULATE_PAGES) $(STARTUP_MEM_USAGE)
@@ -237,7 +249,7 @@ CFLAGS += $(COMMON_CFLAGS) $(SECURITY_FLAGS) $(BUILD_ERROR_FLAGS) $(HOOKS) $(HEA
 	$(EXPERIMENTAL) $(UAF_PTR_PAGE) $(VERIFY_FREE_BIT_SLOTS) $(NAMED_MAPPINGS) $(ABORT_ON_NULL) $(NO_ZERO_ALLOCATIONS) \
 	$(ABORT_NO_ENTROPY) $(ISO_DTOR_CLEANUP) $(RANDOMIZE_FREELIST) $(USE_SPINLOCK) $(HUGE_PAGES) $(USE_MLOCK) \
 	$(MEMORY_TAGGING) $(STRONG_SIZE_ISOLATION) $(MEMSET_SANITY) $(AUTO_CTOR_DTOR)
-CXXFLAGS = $(COMMON_CFLAGS) -DCPP_SUPPORT=1 -std=c++17 $(SANITIZER_SUPPORT) $(HOOKS)
+CXXFLAGS += $(COMMON_CFLAGS) -DCPP_SUPPORT=1 -std=c++17 $(SANITIZER_SUPPORT) $(HOOKS)
 EXE_CFLAGS = -fPIE
 GDB_FLAGS = -g -ggdb3 -fno-omit-frame-pointer
 PERF_FLAGS = -pg -DPERF_TEST_BUILD=1
@@ -247,7 +259,7 @@ C_SRCS = $(SRC_DIR)/*.c
 CXX_SRCS = $(SRC_DIR)/*.cpp
 ISO_ALLOC_PRINTF_SRC = $(SRC_DIR)/iso_alloc_printf.c
 BUILD_DIR = build
-LDFLAGS = -L$(BUILD_DIR) -lisoalloc -flto
+LDFLAGS = -L$(BUILD_DIR) -lisoalloc $(LTO)
 
 all: tests
 
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 
 Isolation Alloc (or IsoAlloc) is a secure and fast(ish) memory allocator written in C11. It is a drop in replacement for `malloc` on Linux / Mac OS using `LD_PRELOAD` or `DYLD_INSERT_LIBRARIES` respectively. Its security strategy is originally inspired by Chrome's [PartitionAlloc](https://chromium.googlesource.com/chromium/src/+/refs/heads/main/base/allocator/partition_allocator/PartitionAlloc.md). A memory allocation isolation security strategy is best summed up as maintaining spatial separation, or isolation between objects of different sizes or types. While IsoAlloc wraps `malloc` and enforces naive isolation by default very strict  isolation of allocations can be achieved using the APIs directly.
 
-IsoAlloc is designed and [tested](https://github.com/struct/isoalloc/actions) for 64 bit Linux and MacOS. The space afforded by a 64 bit process makes this possible, therefore Isolation Alloc does not support 32 bit targets. The number of bits of entropy provided to `mmap` based page allocations is far too low in a 32 bit process to provide much security value. It may work on operating systems other than Linux/MacOS but that is also untested at this time. There is partial FreeBSD support but CI is often flakey.
+IsoAlloc is designed and [tested](https://github.com/struct/isoalloc/actions) for 64 bit Linux and MacOS. The space afforded by a 64 bit process makes this possible, therefore Isolation Alloc does not support 32 bit targets. The number of bits of entropy provided to `mmap` based page allocations is far too low in a 32 bit process to provide much security value. It may work on operating systems other than Linux/MacOS but that is also untested at this time. There is partial FreeBSD support but CI is often flakey. A minimal Solaris/Illumos support is available, LTO not supported by the compilers backends.
 
 ## Design
 
diff --git a/src/iso_alloc_random.c b/src/iso_alloc_random.c
@@ -17,6 +17,8 @@
 #include <sys/random.h>
 #elif __NetBSD__
 #include <stdlib.h>
+#elif __sun
+#include <sys/random.h>
 #else
 #error "unknown OS"
 #endif
@@ -55,7 +57,7 @@ INTERNAL_HIDDEN INLINE uint64_t rand_uint64(void) {
     ret = syscall(SYS_getrandom, &val, sizeof(val), GRND_NONBLOCK) != sizeof(val);
 #elif __APPLE__
     ret = SecRandomCopyBytes(kSecRandomDefault, sizeof(val), &val);
-#elif __FreeBSD__ || __DragonFly__ || __linux__ || __ANDROID__
+#elif __FreeBSD__ || __DragonFly__ || __linux__ || __ANDROID__ || __sun
     ret = getrandom(&val, sizeof(val), GRND_NONBLOCK) != sizeof(val);
 #elif __NetBSD__
     /* Temporary solution until NetBSD 10 released with getrandom support */
