From 11e5415e0b3b9931180fc8b916dcdbbb4e690ea4 Mon Sep 17 00:00:00 2001 From: wangyinghao Date: Wed, 28 May 2025 16:35:03 +0800 Subject: [PATCH 1/5] Support log in ValidateCodeCopy Signed-off-by: wangyinghao Change-Id: Icc39dbf380d87e18ab19275b359f98e8a6826409 --- interfaces/inner_api/common/include/errcode.h | 2 + .../include/jit_buffer_integrity.h | 3 ++ .../jit_code_sign/include/jit_code_signer.h | 30 +++++++++++++ .../jit_code_sign/src/jit_code_signer.cpp | 43 +++++++++++++++++++ utils/include/log.h | 6 +++ 5 files changed, 84 insertions(+) diff --git a/interfaces/inner_api/common/include/errcode.h b/interfaces/inner_api/common/include/errcode.h index 541be0e..184ccd9 100644 --- a/interfaces/inner_api/common/include/errcode.h +++ b/interfaces/inner_api/common/include/errcode.h @@ -113,6 +113,8 @@ enum JitCodeSignErrCode { CS_ERR_SIGN_OFFSET = -0x707, CS_ERR_INVALID_DATA = -0x708, CS_ERR_JIT_MEMORY = -0x709, + CS_ERR_OOM = -0x710, + CS_ERR_LOG_TOO_LONG = -0x711, CS_ERR_UNSUPPORT = -0x7ff, }; #endif diff --git a/interfaces/inner_api/jit_code_sign/include/jit_buffer_integrity.h b/interfaces/inner_api/jit_code_sign/include/jit_buffer_integrity.h index 37b4703..f84910b 100644 --- a/interfaces/inner_api/jit_code_sign/include/jit_buffer_integrity.h +++ b/interfaces/inner_api/jit_code_sign/include/jit_buffer_integrity.h @@ -228,6 +228,9 @@ static inline int32_t CopyToJitCode( } #ifndef JIT_FORT_DISABLE prctlRet = PrctlWrapper(JITFORT_PRCTL_OPTION, JITFORT_SWITCH_OUT, 0); + + signer->FlushLog(); + if (prctlRet < 0) { return CS_ERR_JITFORT_OUT; } diff --git a/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h b/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h index b1d9902..ee58d56 100644 --- a/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h +++ b/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h @@ -18,6 +18,9 @@ #include #include +#ifndef JIT_FORT_DISABLE +#include "hilog/log.h" +#endif #include "pac_sign_ctx.h" namespace OHOS { @@ -28,12 +31,33 @@ using Byte = uint8_t; constexpr int32_t INSTRUCTION_SIZE = 4; constexpr int32_t LOG_2_INSTRUCTION_SIZE = 2; +#ifndef JIT_FORT_DISABLE +// This is interpreted from code logic. If a new long log comes this must be updated. +constexpr size_t MAX_DEFERRED_LOG_LENGTH = 150; +#endif static inline int GetIndexFromOffset(int offset) { return static_cast(static_cast(offset) >> LOG_2_INSTRUCTION_SIZE); } +#ifndef JIT_FORT_DISABLE +struct DeferredLog{ + DeferredLog() = delete; + DeferredLog(char* message, LogLevel level) noexcept :message(message),level(level){} + DeferredLog(const DeferredLog& other) = delete; + DeferredLog(DeferredLog&& other) noexcept: message(other.message), level(other.level) { + other.message = nullptr; + } + ~DeferredLog(){ + delete message; + message = nullptr; + } + char* message; + LogLevel level; +}; +#endif + class JitCodeSigner { public: JitCodeSigner(); @@ -49,6 +73,9 @@ public: int32_t PatchInstruction(Byte *jitBuffer, Instr insn); int32_t PatchData(int offset, const Byte *const data, uint32_t size); int32_t PatchData(Byte *buffer, const Byte *const data, uint32_t size); +#ifndef JIT_FORT_DISABLE + void FlushLog(); +#endif protected: bool ConvertPatchOffsetToIndex(const int offset, int &curIndex); @@ -60,6 +87,9 @@ protected: std::queue willSign_; std::vector signTable_; PACSignCtx ctx_; +#ifndef JIT_FORT_DISABLE + std::vector deferredLogs; +#endif }; } } diff --git a/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp b/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp index 69f50a8..2629228 100644 --- a/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp +++ b/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp @@ -16,6 +16,9 @@ #include "jit_code_signer.h" #include +#ifndef JIT_FORT_DISABLE +#include "securec.h" +#endif #include "errcode.h" #include "log.h" @@ -125,6 +128,16 @@ int32_t JitCodeSigner::PatchData(Byte *buffer, const Byte *const data, uint32_t return PatchData(static_cast(buffer - tmpBuffer_), data, size); } +#ifndef JIT_FORT_DISABLE +void JitCodeSigner::FlushLog(){ + for (auto &log: deferredLogs) { + LOG_LEVELED(log.level, "%{public}s", log.message); + } + deferredLogs.clear(); + // There're at most 2 logs. No need to shrink. +} +#endif + bool JitCodeSigner::ConvertPatchOffsetToIndex(const int offset, int &curIndex) { if ((offset < 0) || ((static_cast(offset) & UNALIGNMENT_MASK) != 0)) { @@ -156,6 +169,20 @@ int32_t JitCodeSigner::CheckDataCopy(Instr *jitMemory, Byte *tmpBuffer, int size #ifdef JIT_FORT_DISABLE LOG_ERROR("Range invalid, size = %{public}d, table size = %{public}zu", size, signTable_.size()); +#else + char *buffer = reinterpret_cast(malloc(MAX_DEFERRED_LOG_LENGTH)); + if (!buffer) { + return CS_ERR_OOM; + } + + int ret = sprintf_s(buffer, MAX_DEFERRED_LOG_LENGTH, + "[%s]: Range invalid, size = %d, table size = %zu", size, signTable_.size()); + if (ret == -1){ + free(buffer); + buffer = nullptr; + return CS_ERR_LOG_TOO_LONG; + } + deferredLogs.emplace_back(DeferredLog{buffer, LOG_ERROR}); #endif return CS_ERR_JIT_SIGN_SIZE; } @@ -212,6 +239,22 @@ int32_t JitCodeSigner::ValidateCodeCopy(Instr *jitMemory, LOG_ERROR("validate insn(%{public}x) without context failed at index = " \ "%{public}x, signature(%{public}x) != wanted(%{public}x)", insn, index * INSTRUCTION_SIZE, signature, signTable_[index]); +#else + char *buffer = reinterpret_cast(malloc(MAX_DEFERRED_LOG_LENGTH)); + if (!buffer) { + return CS_ERR_OOM; + } + + int ret = sprintf_s(buffer, MAX_DEFERRED_LOG_LENGTH, + "[%s]: validate insn(%x) without context failed at index = " \ + "%x, signature(%x) != wanted(%x)", + insn, index * INSTRUCTION_SIZE, signature, signTable_[index]); + if (ret == -1){ + free(buffer); + buffer = nullptr; + return CS_ERR_LOG_TOO_LONG; + } + deferredLogs.emplace_back(DeferredLog{buffer, LOG_ERROR}); #endif #ifndef JIT_CODE_SIGN_PERMISSIVE return CS_ERR_VALIDATE_CODE; diff --git a/utils/include/log.h b/utils/include/log.h index 5bae85a..e36f667 100644 --- a/utils/include/log.h +++ b/utils/include/log.h @@ -35,6 +35,12 @@ #define LOG_ERROR(fmt, ...) HILOG_ERROR(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__) #define LOG_FATAL(fmt, ...) HILOG_FATAL(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__) +/* Deferred logs have variable level, and their caller must be recorded + when the log is generated, not when this macro is invoked. + * LOG_LEVEL is used as the enum name. +*/ +#define LOG_LEVELED(level, ...) HILOG_IMPL(LOG_CORE, level, LOG_DOMAIN, LOG_TAG, ##__VA_ARGS__) + #else // LOG_RUST namespace OHOS { namespace Security { -- Gitee From 1432e03ea367f1dd563cbd82683d6ad3eeedf6a5 Mon Sep 17 00:00:00 2001 From: wangyinghao Date: Thu, 29 May 2025 10:00:28 +0800 Subject: [PATCH 2/5] Fix issues in code Signed-off-by: wangyinghao Change-Id: Ib0da7649dd65044f8a21607be566de2a73da5c90 --- .../jit_code_sign/include/jit_code_signer.h | 6 +++--- .../jit_code_sign/src/jit_code_signer.cpp | 16 ++++++++++------ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h b/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h index ee58d56..eff65be 100644 --- a/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h +++ b/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h @@ -44,13 +44,13 @@ static inline int GetIndexFromOffset(int offset) #ifndef JIT_FORT_DISABLE struct DeferredLog{ DeferredLog() = delete; - DeferredLog(char* message, LogLevel level) noexcept :message(message),level(level){} + DeferredLog(char* message, LogLevel level) noexcept :message(message),level(level) {} DeferredLog(const DeferredLog& other) = delete; DeferredLog(DeferredLog&& other) noexcept: message(other.message), level(other.level) { other.message = nullptr; } - ~DeferredLog(){ - delete message; + ~DeferredLog() { + free(message); message = nullptr; } char* message; diff --git a/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp b/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp index 2629228..c308f67 100644 --- a/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp +++ b/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp @@ -129,7 +129,7 @@ int32_t JitCodeSigner::PatchData(Byte *buffer, const Byte *const data, uint32_t } #ifndef JIT_FORT_DISABLE -void JitCodeSigner::FlushLog(){ +void JitCodeSigner::FlushLog() { for (auto &log: deferredLogs) { LOG_LEVELED(log.level, "%{public}s", log.message); } @@ -176,12 +176,15 @@ int32_t JitCodeSigner::CheckDataCopy(Instr *jitMemory, Byte *tmpBuffer, int size } int ret = sprintf_s(buffer, MAX_DEFERRED_LOG_LENGTH, - "[%s]: Range invalid, size = %d, table size = %zu", size, signTable_.size()); - if (ret == -1){ + "[%s]: Range invalid, size = %d, table size = %zu", + __func__, size, signTable_.size()); + + if (ret == -1) { free(buffer); buffer = nullptr; return CS_ERR_LOG_TOO_LONG; } + deferredLogs.emplace_back(DeferredLog{buffer, LOG_ERROR}); #endif return CS_ERR_JIT_SIGN_SIZE; @@ -247,9 +250,10 @@ int32_t JitCodeSigner::ValidateCodeCopy(Instr *jitMemory, int ret = sprintf_s(buffer, MAX_DEFERRED_LOG_LENGTH, "[%s]: validate insn(%x) without context failed at index = " \ - "%x, signature(%x) != wanted(%x)", - insn, index * INSTRUCTION_SIZE, signature, signTable_[index]); - if (ret == -1){ + "%x, signature(%x) != wanted(%x)", + __func__, insn, index * INSTRUCTION_SIZE, signature, signTable_[index]); + + if (ret == -1) { free(buffer); buffer = nullptr; return CS_ERR_LOG_TOO_LONG; -- Gitee From fdbfb46a9ab149dc0e6f13f505d6a0abc7a8a2d7 Mon Sep 17 00:00:00 2001 From: wangyinghao Date: Thu, 29 May 2025 10:02:42 +0800 Subject: [PATCH 3/5] Fix issues in code Signed-off-by: wangyinghao Change-Id: Ia749292a73c457684fd01645e10636f45058cf92 --- interfaces/inner_api/jit_code_sign/include/jit_code_signer.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h b/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h index eff65be..c94d3d5 100644 --- a/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h +++ b/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h @@ -46,7 +46,7 @@ struct DeferredLog{ DeferredLog() = delete; DeferredLog(char* message, LogLevel level) noexcept :message(message),level(level) {} DeferredLog(const DeferredLog& other) = delete; - DeferredLog(DeferredLog&& other) noexcept: message(other.message), level(other.level) { + DeferredLog(DeferredLog&& other) noexcept :message(other.message), level(other.level) { other.message = nullptr; } ~DeferredLog() { -- Gitee From 2e591fa5ef036df184639c5d58db5f3ada75f39c Mon Sep 17 00:00:00 2001 From: wangyinghao Date: Thu, 29 May 2025 10:04:33 +0800 Subject: [PATCH 4/5] Fix issues in code Signed-off-by: wangyinghao Change-Id: I2ef9ea2448f5708b817e3ca420d25b0285976bb5 --- interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp b/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp index c308f67..557846a 100644 --- a/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp +++ b/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp @@ -134,7 +134,7 @@ void JitCodeSigner::FlushLog() { LOG_LEVELED(log.level, "%{public}s", log.message); } deferredLogs.clear(); - // There're at most 2 logs. No need to shrink. + // There's at most 1 log, for now. No need to shrink. } #endif @@ -184,7 +184,7 @@ int32_t JitCodeSigner::CheckDataCopy(Instr *jitMemory, Byte *tmpBuffer, int size buffer = nullptr; return CS_ERR_LOG_TOO_LONG; } - + deferredLogs.emplace_back(DeferredLog{buffer, LOG_ERROR}); #endif return CS_ERR_JIT_SIGN_SIZE; -- Gitee From 73c517ee73eef6c6f849e226c439cb2667b01f18 Mon Sep 17 00:00:00 2001 From: wangyinghao Date: Thu, 29 May 2025 14:20:34 +0800 Subject: [PATCH 5/5] Fix issues in code Signed-off-by: wangyinghao Change-Id: Ibe989866e592092e48b60905a8e5461d466fc711 --- .../jit_code_sign/include/jit_buffer_integrity.h | 4 +++- .../jit_code_sign/include/jit_code_signer.h | 14 ++++++++------ .../jit_code_sign/src/jit_code_signer.cpp | 7 ++++--- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/interfaces/inner_api/jit_code_sign/include/jit_buffer_integrity.h b/interfaces/inner_api/jit_code_sign/include/jit_buffer_integrity.h index f84910b..b6541f9 100644 --- a/interfaces/inner_api/jit_code_sign/include/jit_buffer_integrity.h +++ b/interfaces/inner_api/jit_code_sign/include/jit_buffer_integrity.h @@ -229,7 +229,9 @@ static inline int32_t CopyToJitCode( #ifndef JIT_FORT_DISABLE prctlRet = PrctlWrapper(JITFORT_PRCTL_OPTION, JITFORT_SWITCH_OUT, 0); - signer->FlushLog(); + if (IsSupportJitCodeSigner()) { + signer->FlushLog(); + } if (prctlRet < 0) { return CS_ERR_JITFORT_OUT; diff --git a/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h b/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h index c94d3d5..ae87718 100644 --- a/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h +++ b/interfaces/inner_api/jit_code_sign/include/jit_code_signer.h @@ -42,18 +42,20 @@ static inline int GetIndexFromOffset(int offset) } #ifndef JIT_FORT_DISABLE -struct DeferredLog{ +struct DeferredLog { DeferredLog() = delete; - DeferredLog(char* message, LogLevel level) noexcept :message(message),level(level) {} - DeferredLog(const DeferredLog& other) = delete; - DeferredLog(DeferredLog&& other) noexcept :message(other.message), level(other.level) { + DeferredLog(char *message, LogLevel level) noexcept : message(message), level(level) {} + DeferredLog(const DeferredLog &other) = delete; + DeferredLog(DeferredLog &&other) noexcept : message(other.message), level(other.level) + { other.message = nullptr; } - ~DeferredLog() { + ~DeferredLog() + { free(message); message = nullptr; } - char* message; + char *message; LogLevel level; }; #endif diff --git a/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp b/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp index 557846a..05558c0 100644 --- a/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp +++ b/interfaces/inner_api/jit_code_sign/src/jit_code_signer.cpp @@ -129,7 +129,8 @@ int32_t JitCodeSigner::PatchData(Byte *buffer, const Byte *const data, uint32_t } #ifndef JIT_FORT_DISABLE -void JitCodeSigner::FlushLog() { +void JitCodeSigner::FlushLog() +{ for (auto &log: deferredLogs) { LOG_LEVELED(log.level, "%{public}s", log.message); } @@ -171,7 +172,7 @@ int32_t JitCodeSigner::CheckDataCopy(Instr *jitMemory, Byte *tmpBuffer, int size size, signTable_.size()); #else char *buffer = reinterpret_cast(malloc(MAX_DEFERRED_LOG_LENGTH)); - if (!buffer) { + if (buffer == nullptr) { return CS_ERR_OOM; } @@ -244,7 +245,7 @@ int32_t JitCodeSigner::ValidateCodeCopy(Instr *jitMemory, insn, index * INSTRUCTION_SIZE, signature, signTable_[index]); #else char *buffer = reinterpret_cast(malloc(MAX_DEFERRED_LOG_LENGTH)); - if (!buffer) { + if (buffer == nullptr) { return CS_ERR_OOM; } -- Gitee