taint.h 2.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
  1. // SPDX-License-Identifier: GPL-3.0-or-later
  2. // Copyright © 2018-2019 Ariadne Devos
  3. /* sHT -- mark memory as having become meaningless */
  4. #ifndef _sHT_TAINT_H
  5. #define _sHT_TAINT_H
  6. #include <stddef.h>
  7. /** Memory tainting
  8. Tainting is marking memory as meaningless. This module allows four modes
  9. of operation: do nothing, clear memory, inform MemorySanitizer and inform
  10. Valgrind's Memcheck.
  11. As of now, only integers can be tainted, until the need arises and the idea
  12. is implemented.
  13. The policy is chosing by setting @var{sHT_taint_policy} to:
  14. - @var{sHT_taint_policy_clear}: set to zero
  15. - @var{sHT_taint_policy_nothing}: do nothing (default)
  16. - @var{sHT_taint_policy_msan}: inform MemorySanitizer
  17. - @var{sHT_taint_policy_memcheck}: inform Valgrind's memcheck
  18. Integer variables can be tainted with @var{sHT_taint}, which takes an integer
  19. pointer. */
  20. #define sHT_taint_policy_clear 0
  21. #define sHT_taint_policy_nothing 1
  22. #define sHT_taint_policy_msan 2
  23. #define sHT_taint_policy_memcheck 3
  24. #ifndef sHT_taint_policy
  25. # define sHT_taint_policy sHT_taint_policy_nothing
  26. #endif
  27. #define _sHT_taint_req(e) \
  28. _Generic(*(e), \
  29. char: (e), \
  30. unsigned char: (e), \
  31. signed char: (e), \
  32. unsigned short: (e), \
  33. signed short: (e), \
  34. unsigned int: (e), \
  35. signed int: (e), \
  36. unsigned long: (e), \
  37. signed long: (e), \
  38. unsigned long long: (e), \
  39. signed long long: (e))
  40. #if sHT_taint_policy == sHT_taint_policy_clear
  41. /* Reduce exploitation oppurtunities. */
  42. # define sHT_taint(e) \
  43. do { *_sHT_taint_req(e) = 0; } while (0)
  44. #elif sHT_taint_policy == sHT_taint_policy_nothing
  45. /* For when s2 has been proved correct. */
  46. # define sHT_taint(e) \
  47. do { (void) _sHT_taint_req(e); } while (0)
  48. #elif sHT_taint_policy == sHT_taint_policy_msan
  49. /* Supported by certain versions of gcc and clang. */
  50. # include <sanitizer/msan_interface.h>
  51. /* While fuzzing. */
  52. # define sHT_taint(e) \
  53. __msan_poison(_sHT_taint_req(e), sizeof(*(e)))
  54. #elif sHT_taint_policy == sHT_taint_policy_memcheck
  55. # include "memcheck.h"
  56. # define sHT_taint(e) \
  57. VALGRIND_MAKE_MEM_UNDEFINED(_sHT_taint_req(e), sizeof(*(e)))
  58. #else
  59. # error unsupported taint policy
  60. #endif
  61. #endif