xref: /optee_os/lib/libmbedtls/mbedtls/library/memory_buffer_alloc.c (revision b0563631928755fe864b97785160fb3088e9efdc)

/*
 *  Buffer-based memory allocator
 *
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 */

#include "common.h"

#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h"

/* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C
   is dependent upon MBEDTLS_PLATFORM_C */
#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"

#include <string.h>

#if defined(MBEDTLS_MEMORY_BACKTRACE)
#include <execinfo.h>
#endif

#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
#endif

#define MAGIC1       0xFF00AA55
#define MAGIC2       0xEE119966
#define MAX_BT 20

typedef struct _memory_header memory_header;
struct _memory_header {
    size_t          magic1;
    size_t          size;
    size_t          alloc;
    memory_header   *prev;
    memory_header   *next;
    memory_header   *prev_free;
    memory_header   *next_free;
#if defined(MBEDTLS_MEMORY_BACKTRACE)
    char            **trace;
    size_t          trace_count;
#endif
    size_t          magic2;
};

typedef struct {
    unsigned char   *buf;
    size_t          len;
    memory_header   *first;
    memory_header   *first_free;
    int             verify;
#if defined(MBEDTLS_MEMORY_DEBUG)
    size_t          alloc_count;
    size_t          free_count;
    size_t          total_used;
    size_t          maximum_used;
    size_t          header_count;
    size_t          maximum_header_count;
#endif
#if defined(MBEDTLS_THREADING_C)
    mbedtls_threading_mutex_t   mutex;
#endif
}
buffer_alloc_ctx;

static buffer_alloc_ctx heap;

#if defined(MBEDTLS_MEMORY_DEBUG)
static void debug_header(memory_header *hdr)
{
#if defined(MBEDTLS_MEMORY_BACKTRACE)
    size_t i;
#endif

    mbedtls_fprintf(stderr, "HDR:  PTR(%10zu), PREV(%10zu), NEXT(%10zu), "
                            "ALLOC(%zu), SIZE(%10zu)\n",
                    (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next,
                    hdr->alloc, hdr->size);
    mbedtls_fprintf(stderr, "      FPREV(%10zu), FNEXT(%10zu)\n",
                    (size_t) hdr->prev_free, (size_t) hdr->next_free);

#if defined(MBEDTLS_MEMORY_BACKTRACE)
    mbedtls_fprintf(stderr, "TRACE: \n");
    for (i = 0; i < hdr->trace_count; i++) {
        mbedtls_fprintf(stderr, "%s\n", hdr->trace[i]);
    }
    mbedtls_fprintf(stderr, "\n");
#endif
}

static void debug_chain(void)
{
    memory_header *cur = heap.first;

    mbedtls_fprintf(stderr, "\nBlock list\n");
    while (cur != NULL) {
        debug_header(cur);
        cur = cur->next;
    }

    mbedtls_fprintf(stderr, "Free list\n");
    cur = heap.first_free;

    while (cur != NULL) {
        debug_header(cur);
        cur = cur->next_free;
    }
}
#endif /* MBEDTLS_MEMORY_DEBUG */

static int verify_header(memory_header *hdr)
{
    if (hdr->magic1 != MAGIC1) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        mbedtls_fprintf(stderr, "FATAL: MAGIC1 mismatch\n");
#endif
        return 1;
    }

    if (hdr->magic2 != MAGIC2) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        mbedtls_fprintf(stderr, "FATAL: MAGIC2 mismatch\n");
#endif
        return 1;
    }

    if (hdr->alloc > 1) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        mbedtls_fprintf(stderr, "FATAL: alloc has illegal value\n");
#endif
        return 1;
    }

    if (hdr->prev != NULL && hdr->prev == hdr->next) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        mbedtls_fprintf(stderr, "FATAL: prev == next\n");
#endif
        return 1;
    }

    if (hdr->prev_free != NULL && hdr->prev_free == hdr->next_free) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        mbedtls_fprintf(stderr, "FATAL: prev_free == next_free\n");
#endif
        return 1;
    }

    return 0;
}

static int verify_chain(void)
{
    memory_header *prv = heap.first, *cur;

    if (prv == NULL || verify_header(prv) != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        mbedtls_fprintf(stderr, "FATAL: verification of first header "
                                "failed\n");
#endif
        return 1;
    }

    if (heap.first->prev != NULL) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        mbedtls_fprintf(stderr, "FATAL: verification failed: "
                                "first->prev != NULL\n");
#endif
        return 1;
    }

    cur = heap.first->next;

    while (cur != NULL) {
        if (verify_header(cur) != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
            mbedtls_fprintf(stderr, "FATAL: verification of header "
                                    "failed\n");
#endif
            return 1;
        }

        if (cur->prev != prv) {
#if defined(MBEDTLS_MEMORY_DEBUG)
            mbedtls_fprintf(stderr, "FATAL: verification failed: "
                                    "cur->prev != prv\n");
#endif
            return 1;
        }

        prv = cur;
        cur = cur->next;
    }

    return 0;
}

static void *buffer_alloc_calloc(size_t n, size_t size)
{
    memory_header *new, *cur = heap.first_free;
    unsigned char *p;
    void *ret;
    size_t original_len, len;
#if defined(MBEDTLS_MEMORY_BACKTRACE)
    void *trace_buffer[MAX_BT];
    size_t trace_cnt;
#endif

    if (heap.buf == NULL || heap.first == NULL) {
        return NULL;
    }

    original_len = len = n * size;

    if (n == 0 || size == 0 || len / n != size) {
        return NULL;
    } else if (len > (size_t) -MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
        return NULL;
    }

    if (len % MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
        len -= len % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
        len += MBEDTLS_MEMORY_ALIGN_MULTIPLE;
    }

    // Find block that fits
    //
    while (cur != NULL) {
        if (cur->size >= len) {
            break;
        }

        cur = cur->next_free;
    }

    if (cur == NULL) {
        return NULL;
    }

    if (cur->alloc != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        mbedtls_fprintf(stderr, "FATAL: block in free_list but allocated "
                                "data\n");
#endif
        mbedtls_exit(1);
    }

#if defined(MBEDTLS_MEMORY_DEBUG)
    heap.alloc_count++;
#endif

    // Found location, split block if > memory_header + 4 room left
    //
    if (cur->size - len < sizeof(memory_header) +
        MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
        cur->alloc = 1;

        // Remove from free_list
        //
        if (cur->prev_free != NULL) {
            cur->prev_free->next_free = cur->next_free;
        } else {
            heap.first_free = cur->next_free;
        }

        if (cur->next_free != NULL) {
            cur->next_free->prev_free = cur->prev_free;
        }

        cur->prev_free = NULL;
        cur->next_free = NULL;

#if defined(MBEDTLS_MEMORY_DEBUG)
        heap.total_used += cur->size;
        if (heap.total_used > heap.maximum_used) {
            heap.maximum_used = heap.total_used;
        }
#endif
#if defined(MBEDTLS_MEMORY_BACKTRACE)
        trace_cnt = backtrace(trace_buffer, MAX_BT);
        cur->trace = backtrace_symbols(trace_buffer, trace_cnt);
        cur->trace_count = trace_cnt;
#endif

        if ((heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC) && verify_chain() != 0) {
            mbedtls_exit(1);
        }

        ret = (unsigned char *) cur + sizeof(memory_header);
        memset(ret, 0, original_len);

        return ret;
    }

    p = ((unsigned char *) cur) + sizeof(memory_header) + len;
    new = (memory_header *) p;

    new->size = cur->size - len - sizeof(memory_header);
    new->alloc = 0;
    new->prev = cur;
    new->next = cur->next;
#if defined(MBEDTLS_MEMORY_BACKTRACE)
    new->trace = NULL;
    new->trace_count = 0;
#endif
    new->magic1 = MAGIC1;
    new->magic2 = MAGIC2;

    if (new->next != NULL) {
        new->next->prev = new;
    }

    // Replace cur with new in free_list
    //
    new->prev_free = cur->prev_free;
    new->next_free = cur->next_free;
    if (new->prev_free != NULL) {
        new->prev_free->next_free = new;
    } else {
        heap.first_free = new;
    }

    if (new->next_free != NULL) {
        new->next_free->prev_free = new;
    }

    cur->alloc = 1;
    cur->size = len;
    cur->next = new;
    cur->prev_free = NULL;
    cur->next_free = NULL;

#if defined(MBEDTLS_MEMORY_DEBUG)
    heap.header_count++;
    if (heap.header_count > heap.maximum_header_count) {
        heap.maximum_header_count = heap.header_count;
    }
    heap.total_used += cur->size;
    if (heap.total_used > heap.maximum_used) {
        heap.maximum_used = heap.total_used;
    }
#endif
#if defined(MBEDTLS_MEMORY_BACKTRACE)
    trace_cnt = backtrace(trace_buffer, MAX_BT);
    cur->trace = backtrace_symbols(trace_buffer, trace_cnt);
    cur->trace_count = trace_cnt;
#endif

    if ((heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC) && verify_chain() != 0) {
        mbedtls_exit(1);
    }

    ret = (unsigned char *) cur + sizeof(memory_header);
    memset(ret, 0, original_len);

    return ret;
}

static void buffer_alloc_free(void *ptr)
{
    memory_header *hdr, *old = NULL;
    unsigned char *p = (unsigned char *) ptr;

    if (ptr == NULL || heap.buf == NULL || heap.first == NULL) {
        return;
    }

    if (p < heap.buf || p >= heap.buf + heap.len) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        mbedtls_fprintf(stderr, "FATAL: mbedtls_free() outside of managed "
                                "space\n");
#endif
        mbedtls_exit(1);
    }

    p -= sizeof(memory_header);
    hdr = (memory_header *) p;

    if (verify_header(hdr) != 0) {
        mbedtls_exit(1);
    }

    if (hdr->alloc != 1) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        mbedtls_fprintf(stderr, "FATAL: mbedtls_free() on unallocated "
                                "data\n");
#endif
        mbedtls_exit(1);
    }

    hdr->alloc = 0;

#if defined(MBEDTLS_MEMORY_DEBUG)
    heap.free_count++;
    heap.total_used -= hdr->size;
#endif

#if defined(MBEDTLS_MEMORY_BACKTRACE)
    free(hdr->trace);
    hdr->trace = NULL;
    hdr->trace_count = 0;
#endif

    // Regroup with block before
    //
    if (hdr->prev != NULL && hdr->prev->alloc == 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        heap.header_count--;
#endif
        hdr->prev->size += sizeof(memory_header) + hdr->size;
        hdr->prev->next = hdr->next;
        old = hdr;
        hdr = hdr->prev;

        if (hdr->next != NULL) {
            hdr->next->prev = hdr;
        }

        memset(old, 0, sizeof(memory_header));
    }

    // Regroup with block after
    //
    if (hdr->next != NULL && hdr->next->alloc == 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
        heap.header_count--;
#endif
        hdr->size += sizeof(memory_header) + hdr->next->size;
        old = hdr->next;
        hdr->next = hdr->next->next;

        if (hdr->prev_free != NULL || hdr->next_free != NULL) {
            if (hdr->prev_free != NULL) {
                hdr->prev_free->next_free = hdr->next_free;
            } else {
                heap.first_free = hdr->next_free;
            }

            if (hdr->next_free != NULL) {
                hdr->next_free->prev_free = hdr->prev_free;
            }
        }

        hdr->prev_free = old->prev_free;
        hdr->next_free = old->next_free;

        if (hdr->prev_free != NULL) {
            hdr->prev_free->next_free = hdr;
        } else {
            heap.first_free = hdr;
        }

        if (hdr->next_free != NULL) {
            hdr->next_free->prev_free = hdr;
        }

        if (hdr->next != NULL) {
            hdr->next->prev = hdr;
        }

        memset(old, 0, sizeof(memory_header));
    }

    // Prepend to free_list if we have not merged
    // (Does not have to stay in same order as prev / next list)
    //
    if (old == NULL) {
        hdr->next_free = heap.first_free;
        if (heap.first_free != NULL) {
            heap.first_free->prev_free = hdr;
        }
        heap.first_free = hdr;
    }

    if ((heap.verify & MBEDTLS_MEMORY_VERIFY_FREE) && verify_chain() != 0) {
        mbedtls_exit(1);
    }
}

void mbedtls_memory_buffer_set_verify(int verify)
{
    heap.verify = verify;
}

int mbedtls_memory_buffer_alloc_verify(void)
{
    return verify_chain();
}

#if defined(MBEDTLS_MEMORY_DEBUG)
void mbedtls_memory_buffer_alloc_status(void)
{
    mbedtls_fprintf(stderr,
                    "Current use: %zu blocks / %zu bytes, max: %zu blocks / "
                    "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n",
                    heap.header_count, heap.total_used,
                    heap.maximum_header_count, heap.maximum_used,
                    heap.maximum_header_count * sizeof(memory_header)
                    + heap.maximum_used,
                    heap.alloc_count, heap.free_count);

    if (heap.first->next == NULL) {
        mbedtls_fprintf(stderr, "All memory de-allocated in stack buffer\n");
    } else {
        mbedtls_fprintf(stderr, "Memory currently allocated:\n");
        debug_chain();
    }
}

void mbedtls_memory_buffer_alloc_count_get(size_t *alloc_count, size_t *free_count)
{
    *alloc_count = heap.alloc_count;
    *free_count = heap.free_count;
}

void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks)
{
    *max_used   = heap.maximum_used;
    *max_blocks = heap.maximum_header_count;
}

void mbedtls_memory_buffer_alloc_max_reset(void)
{
    heap.maximum_used = 0;
    heap.maximum_header_count = 0;
}

void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks)
{
    *cur_used   = heap.total_used;
    *cur_blocks = heap.header_count;
}
#endif /* MBEDTLS_MEMORY_DEBUG */

#if defined(MBEDTLS_THREADING_C)
static void *buffer_alloc_calloc_mutexed(size_t n, size_t size)
{
    void *buf;
    if (mbedtls_mutex_lock(&heap.mutex) != 0) {
        return NULL;
    }
    buf = buffer_alloc_calloc(n, size);
    if (mbedtls_mutex_unlock(&heap.mutex)) {
        return NULL;
    }
    return buf;
}

static void buffer_alloc_free_mutexed(void *ptr)
{
    /* We have no good option here, but corrupting the heap seems
     * worse than losing memory. */
    if (mbedtls_mutex_lock(&heap.mutex)) {
        return;
    }
    buffer_alloc_free(ptr);
    (void) mbedtls_mutex_unlock(&heap.mutex);
}
#endif /* MBEDTLS_THREADING_C */

void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len)
{
    memset(&heap, 0, sizeof(buffer_alloc_ctx));

#if defined(MBEDTLS_THREADING_C)
    mbedtls_mutex_init(&heap.mutex);
    mbedtls_platform_set_calloc_free(buffer_alloc_calloc_mutexed,
                                     buffer_alloc_free_mutexed);
#else
    mbedtls_platform_set_calloc_free(buffer_alloc_calloc, buffer_alloc_free);
#endif

    if (len < sizeof(memory_header) + MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
        return;
    } else if ((size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
        /* Adjust len first since buf is used in the computation */
        len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
               - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
        buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
               - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
    }

    memset(buf, 0, len);

    heap.buf = buf;
    heap.len = len;

    heap.first = (memory_header *) buf;
    heap.first->size = len - sizeof(memory_header);
    heap.first->magic1 = MAGIC1;
    heap.first->magic2 = MAGIC2;
    heap.first_free = heap.first;
}

void mbedtls_memory_buffer_alloc_free(void)
{
#if defined(MBEDTLS_THREADING_C)
    mbedtls_mutex_free(&heap.mutex);
#endif
    mbedtls_platform_zeroize(&heap, sizeof(buffer_alloc_ctx));
}

#if defined(MBEDTLS_SELF_TEST)
static int check_pointer(void *p)
{
    if (p == NULL) {
        return -1;
    }

    if ((size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0) {
        return -1;
    }

    return 0;
}

static int check_all_free(void)
{
    if (
#if defined(MBEDTLS_MEMORY_DEBUG)
        heap.total_used != 0 ||
#endif
        heap.first != heap.first_free ||
        (void *) heap.first != (void *) heap.buf) {
        return -1;
    }

    return 0;
}

#define TEST_ASSERT(condition)            \
    if (!(condition))                     \
    {                                       \
        if (verbose != 0)                  \
        mbedtls_printf("failed\n");  \
                                            \
        ret = 1;                            \
        goto cleanup;                       \
    }

int mbedtls_memory_buffer_alloc_self_test(int verbose)
{
    unsigned char buf[1024];
    unsigned char *p, *q, *r, *end;
    int ret = 0;

    if (verbose != 0) {
        mbedtls_printf("  MBA test #1 (basic alloc-free cycle): ");
    }

    mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));

    p = mbedtls_calloc(1, 1);
    q = mbedtls_calloc(1, 128);
    r = mbedtls_calloc(1, 16);

    TEST_ASSERT(check_pointer(p) == 0 &&
                check_pointer(q) == 0 &&
                check_pointer(r) == 0);

    mbedtls_free(r);
    mbedtls_free(q);
    mbedtls_free(p);

    TEST_ASSERT(check_all_free() == 0);

    /* Memorize end to compare with the next test */
    end = heap.buf + heap.len;

    mbedtls_memory_buffer_alloc_free();

    if (verbose != 0) {
        mbedtls_printf("passed\n");
    }

    if (verbose != 0) {
        mbedtls_printf("  MBA test #2 (buf not aligned): ");
    }

    mbedtls_memory_buffer_alloc_init(buf + 1, sizeof(buf) - 1);

    TEST_ASSERT(heap.buf + heap.len == end);

    p = mbedtls_calloc(1, 1);
    q = mbedtls_calloc(1, 128);
    r = mbedtls_calloc(1, 16);

    TEST_ASSERT(check_pointer(p) == 0 &&
                check_pointer(q) == 0 &&
                check_pointer(r) == 0);

    mbedtls_free(r);
    mbedtls_free(q);
    mbedtls_free(p);

    TEST_ASSERT(check_all_free() == 0);

    mbedtls_memory_buffer_alloc_free();

    if (verbose != 0) {
        mbedtls_printf("passed\n");
    }

    if (verbose != 0) {
        mbedtls_printf("  MBA test #3 (full): ");
    }

    mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));

    p = mbedtls_calloc(1, sizeof(buf) - sizeof(memory_header));

    TEST_ASSERT(check_pointer(p) == 0);
    TEST_ASSERT(mbedtls_calloc(1, 1) == NULL);

    mbedtls_free(p);

    p = mbedtls_calloc(1, sizeof(buf) - 2 * sizeof(memory_header) - 16);
    q = mbedtls_calloc(1, 16);

    TEST_ASSERT(check_pointer(p) == 0 && check_pointer(q) == 0);
    TEST_ASSERT(mbedtls_calloc(1, 1) == NULL);

    mbedtls_free(q);

    TEST_ASSERT(mbedtls_calloc(1, 17) == NULL);

    mbedtls_free(p);

    TEST_ASSERT(check_all_free() == 0);

    mbedtls_memory_buffer_alloc_free();

    if (verbose != 0) {
        mbedtls_printf("passed\n");
    }

cleanup:
    mbedtls_memory_buffer_alloc_free();

    return ret;
}
#endif /* MBEDTLS_SELF_TEST */

#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */