DrSocalkwe3n/luajit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use a securely seeded global PRNG for the VM.

Browse Source 
It's not 2005 anymore.
This commit is contained in:
Mike Pall
2020-06-15 12:21:05 +02:00
parent 34e53736c6
commit a44f53acf5
22 changed files with 411 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/lj_mcode.c
View File

@@ -14,6 +14,7 @@
#include "lj_mcode.h"
#include "lj_trace.h"
#include "lj_dispatch.h"
#include "lj_prng.h"
#endif
#if LJ_HASJIT || LJ_HASFFI
#include "lj_vm.h"
@@ -118,52 +119,34 @@ static int mcode_setprot(void *p, size_t sz, int prot)
return mprotect(p, sz, prot);
}
#elif LJ_64
#error "Missing OS support for explicit placement of executable memory"
#else
/* Fallback allocator. This will fail if memory is not executable by default. */
#define LUAJIT_UNPROTECT_MCODE
#define MCPROT_RW 0
#define MCPROT_RX 0
#define MCPROT_RWX 0
static void *mcode_alloc_at(jit_State *J, uintptr_t hint, size_t sz, int prot)
{
UNUSED(hint); UNUSED(prot);
return lj_mem_new(J->L, sz);
}
static void mcode_free(jit_State *J, void *p, size_t sz)
{
lj_mem_free(J2G(J), p, sz);
}
#error "Missing OS support for explicit placement of executable memory"
#endif
/* -- MCode area protection ----------------------------------------------- */
/* Define this ONLY if page protection twiddling becomes a bottleneck. */
#ifdef LUAJIT_UNPROTECT_MCODE
#if LUAJIT_SECURITY_MCODE == 0
/* It's generally considered to be a potential security risk to have
/* Define this ONLY if page protection twiddling becomes a bottleneck.
**
** It's generally considered to be a potential security risk to have
** pages with simultaneous write *and* execute access in a process.
**
** Do not even think about using this mode for server processes or
** apps handling untrusted external data (such as a browser).
** apps handling untrusted external data.
**
** The security risk is not in LuaJIT itself -- but if an adversary finds
** any *other* flaw in your C application logic, then any RWX memory page
** simplifies writing an exploit considerably.
** any *other* flaw in your C application logic, then any RWX memory pages
** simplify writing an exploit considerably.
*/
#define MCPROT_GEN MCPROT_RWX
#define MCPROT_RUN MCPROT_RWX
static void mcode_protect(jit_State *J, int prot)
{
UNUSED(J); UNUSED(prot);
UNUSED(J); UNUSED(prot); UNUSED(mcode_setprot);
}
#else
@@ -242,7 +225,7 @@ static void *mcode_alloc(jit_State *J, size_t sz)
}
/* Next try probing 64K-aligned pseudo-random addresses. */
do {
hint = LJ_PRNG_BITS(J, LJ_TARGET_JUMPRANGE-16) << 16;
hint = lj_prng_u64(&J2G(J)->prng) & ((1u<<LJ_TARGET_JUMPRANGE)-0x10000);
} while (!(hint + sz < range+range));
hint = target + hint - range;
}
@@ -331,7 +314,7 @@ void lj_mcode_abort(jit_State *J)
/* Set/reset protection to allow patching of MCode areas. */
MCode *lj_mcode_patch(jit_State *J, MCode *ptr, int finish)
{
#ifdef LUAJIT_UNPROTECT_MCODE
#if LUAJIT_SECURITY_MCODE == 0
UNUSED(J); UNUSED(ptr); UNUSED(finish);
return NULL;
#else