Merge pull request #158 from struct/separate_tagging_tests

separate and cleanup all the tagged pointer tests

Author: struct

Makefile

@@ -304,10 +304,6 @@ cpp_library_debug: clean c_library_objects_debug
 tests: clean library_debug_unit_tests
 	@echo "make tests"
 	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/rand_freelist.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/rand_freelist $(LDFLAGS)
-	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/tagged_ptr_test.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/tagged_ptr_test $(LDFLAGS)
-	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/uaf_tag_ptr_test.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/uaf_tag_ptr_test $(LDFLAGS)
-	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/bad_tag_ptr_test.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/bad_tag_ptr_test $(LDFLAGS)
-	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/verify_tag_ptr_test.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/verify_tag_ptr_test $(LDFLAGS)
 	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/tests.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/tests $(LDFLAGS)
 	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/uaf.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/uaf $(LDFLAGS)
 	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/interfaces_test.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/interfaces_test $(LDFLAGS)
@@ -326,9 +322,16 @@ tests: clean library_debug_unit_tests
 	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/uninit_read.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/uninit_read $(LDFLAGS)
 	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/sized_free.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/sized_free $(LDFLAGS)
 	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/pool_test.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/pool_test $(LDFLAGS)
-
 	utils/run_tests.sh
 
+tagging_tests: clean cpp_library_debug
+	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/tagged_ptr_test.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/tagged_ptr_test $(LDFLAGS)
+	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/uaf_tag_ptr_test.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/uaf_tag_ptr_test $(LDFLAGS)
+	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/bad_tag_ptr_test.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/bad_tag_ptr_test $(LDFLAGS)
+	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/verify_tag_ptr_test.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/verify_tag_ptr_test $(LDFLAGS)
+	$(CXX) -DMEMORY_TAGGING=1 $(CXXFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(EXE_CFLAGS) $(OS_FLAGS) tests/tagged_ptr_test.cpp $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/tagged_ptr_test_cpp $(LDFLAGS)
+	utils/run_tagging_tests.sh
+
 init_test: clean library_debug_unit_tests
 	@echo "make init_test"
 	$(CC) $(CFLAGS) $(EXE_CFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(OS_FLAGS) tests/init_destroy.c $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/init_destroy $(LDFLAGS)
@@ -378,9 +381,7 @@ endif
 cpp_tests: clean cpp_library_debug
 	@echo "make cpp_tests"
 	$(CXX) $(CXXFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(EXE_CFLAGS) $(OS_FLAGS) tests/tests.cpp $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/cxx_tests $(LDFLAGS)
-	$(CXX) $(CXXFLAGS) $(DEBUG_LOG_FLAGS) $(GDB_FLAGS) $(EXE_CFLAGS) $(OS_FLAGS) tests/tagged_ptr_test.cpp $(ISO_ALLOC_PRINTF_SRC) -o $(BUILD_DIR)/tagged_ptr_test $(LDFLAGS)
 	LD_LIBRARY_PATH=$(BUILD_DIR)/ $(BUILD_DIR)/cxx_tests
-	LD_LIBRARY_PATH=$(BUILD_DIR)/ $(BUILD_DIR)/tagged_ptr_test
 
 install:
 	cp -pR build/$(LIBNAME) /usr/lib/

README.md

@@ -99,6 +99,8 @@ The Makefile targets are very simple:
 
 `make tests` - Builds and runs all tests
 
+`make tagging_tests` - Builds and runs the memory tagging tests
+
 `make libc_sanity_tests` - Builds the memcpy/memset libc hook sanity tests
 
 `make perf_tests` - Builds and runs a simple performance test that uses gprof. Linux only

tests/tagged_ptr_test.c

@@ -1,14 +1,14 @@
 /* iso_alloc tagged_ptr_test.c
  * Copyright 2022 - chris.rohlf@gmail.com */
-
-/* This test should successfully run with or
- * without MEMORY_TAGGING support */
-
 #include <stdio.h>
 #include <string.h>
 #include "iso_alloc.h"
 #include "iso_alloc_internal.h"
 
+#if !MEMORY_TAGGING
+#error "This test intended to be run with -DMEMORY_TAGGING=1"
+#endif
+
 #define SIZE 256
 
 int main(int argc, char *argv[]) {

tests/tagged_ptr_test.cpp

@@ -1,15 +1,16 @@
 // iso_alloc tagged_ptr_test.cpp
 // Copyright 2022 - chris.rohlf@gmail.com
 
-// This test should successfully run with or
-// without MEMORY_TAGGING support
-
 #include <memory>
 #include <iostream>
 #include <ostream>
 #include <string.h>
 #include "iso_alloc.h"
 
+#if !MEMORY_TAGGING
+#error "This test intended to be run with -DMEMORY_TAGGING=1"
+#endif
+
 iso_alloc_zone_handle *_zone_handle;
 constexpr uint32_t _str_size = 32;
 

tests/uaf_tag_ptr_test.c

@@ -6,6 +6,10 @@
 #include "iso_alloc.h"
 #include "iso_alloc_internal.h"
 
+#if !MEMORY_TAGGING
+#error "This test intended to be run with -DMEMORY_TAGGING=1"
+#endif
+
 #define SIZE 256
 
 int main(int argc, char *argv[]) {
@@ -26,11 +30,19 @@ int main(int argc, char *argv[]) {
      * result in a bad pointer */
     memset(p, 0x41, SIZE);
 
-    iso_alloc_destroy_zone(_zone_handle);
-
-#if !MEMORY_TAGGING
-    return -1;
+#if __aarch64__
+    /* aarch64 systems with TBI enabled will succeed in
+     * using the tagged pointer p. If p is still tagged
+     * we abort here */
+    if((uintptr_t) p & IS_TAGGED_PTR_MASK) {
+        LOG_AND_ABORT("Write to tagged ptr %p succeeded. TBI may be enabled", p);
+    }
+#else
+    if((uintptr_t) p & IS_TAGGED_PTR_MASK) {
+        LOG_AND_ABORT("Write to tagged ptr %p succeeded on x86_64 ?!", p);
+    }
 #endif
 
+    iso_alloc_destroy_zone(_zone_handle);
     return 0;
 }

tests/verify_tag_ptr_test.c

@@ -6,6 +6,10 @@
 #include "iso_alloc.h"
 #include "iso_alloc_internal.h"
 
+#if !MEMORY_TAGGING
+#error "This test intended to be run with -DMEMORY_TAGGING=1"
+#endif
+
 #define SIZE 256
 
 int main(int argc, char *argv[]) {

utils/run_tagging_tests.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+$(echo '' > tagging_test_output.txt)
+
+tests=("tagged_ptr_test" "tagged_ptr_test_cpp")
+failure=0
+succeeded=0
+
+$(ulimit -c 0)
+
+export LD_LIBRARY_PATH=build/
+
+for t in "${tests[@]}"; do
+    echo -n "Running $t test"
+    echo "Running $t test" >> tagging_test_output.txt 2>&1
+    $(build/$t >> tagging_test_output.txt 2>&1)
+    ret=$?
+
+    if [ $ret -ne 0 ]; then
+        echo "... Failed"
+        echo "... Failed" >> tagging_test_output.txt 2>&1
+        failure=$((failure+1))
+    else
+        echo "... Succeeded"
+        echo "... Succeeded" >> tagging_test_output.txt 2>&1
+        succeeded=$((succeeded+1))
+    fi
+done
+
+fail_tests=("bad_tag_ptr_test" "verify_tag_ptr_test" "uaf_tag_ptr_test")
+
+for t in "${fail_tests[@]}"; do
+    echo -n "Running $t test"
+    echo "Running $t test" >> tagging_test_output.txt 2>&1
+    $(build/$t >> tagging_test_output.txt 2>&1)
+    ret=$?
+
+    if [ $ret -ne 0 ]; then
+        echo "... Succeeded"
+        echo "... Succeeded" >> tagging_test_output.txt 2>&1
+        succeeded=$((succeeded+1))
+    else
+        echo "... Failed"
+        echo "... Failed" >> tagging_test_output.txt 2>&1
+        failure=$((failure+1))
+    fi
+done
+
+echo "$succeeded Tests passed"
+echo "$failure Tests failed"
+
+unset LD_LIBRARY_PATH
+unset LD_PRELOAD
+
+if [ $failure -ne 0 ]; then
+    cat tagging_test_output.txt
+    exit -1
+else
+    exit 0
+fi

utils/run_tests.sh

@@ -3,7 +3,7 @@
 # examples of code that should crash
 $(echo '' > test_output.txt)
 
-tests=("tests" "big_tests" "interfaces_test" "thread_tests" "tagged_ptr_test" "pool_test"
+tests=("tests" "big_tests" "interfaces_test" "thread_tests" "pool_test"
        "rand_freelist")
 failure=0
 succeeded=0
@@ -31,8 +31,7 @@ done
 
 fail_tests=("double_free" "big_double_free" "heap_overflow" "heap_underflow"
             "leaks_test" "wild_free" "unaligned_free" "incorrect_chunk_size_multiple"
-            "big_canary_test" "zero_alloc" "sized_free" "bad_tag_ptr_test"
-            "verify_tag_ptr_test")
+            "big_canary_test" "zero_alloc" "sized_free")
 
 for t in "${fail_tests[@]}"; do
     echo -n "Running $t test"