__init_shadow_call_stack: explicitly check for mmap() failures.
Also reword the comments slightly for clarity, and explicitly say PROT_NONE rather than 0, also for clarity.
Change-Id: If2e40016f1c632723ef103a636d3b0a93dd9a30f
diff --git a/libc/bionic/pthread_create.cpp b/libc/bionic/pthread_create.cpp
index a8d09eb..93efb6c 100644
--- a/libc/bionic/pthread_create.cpp
+++ b/libc/bionic/pthread_create.cpp
@@ -118,12 +118,15 @@
static void __init_shadow_call_stack(pthread_internal_t* thread __unused) {
#if defined(__aarch64__) || defined(__riscv)
- // Allocate the stack and the guard region.
+ // Allocate the shadow call stack and its guard region.
char* scs_guard_region = reinterpret_cast<char*>(
- mmap(nullptr, SCS_GUARD_REGION_SIZE, 0, MAP_PRIVATE | MAP_ANON, -1, 0));
+ mmap(nullptr, SCS_GUARD_REGION_SIZE, PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0));
+ if (scs_guard_region == MAP_FAILED) {
+ async_safe_fatal("failed to allocate shadow stack: %m");
+ }
thread->shadow_call_stack_guard_region = scs_guard_region;
- // The address is aligned to SCS_SIZE so that we only need to store the lower log2(SCS_SIZE) bits
+ // Align the address to SCS_SIZE so that we only need to store the lower log2(SCS_SIZE) bits
// in jmp_buf. See the SCS commentary in pthread_internal.h for more detail.
char* scs_aligned_guard_region =
reinterpret_cast<char*>(align_up(reinterpret_cast<uintptr_t>(scs_guard_region), SCS_SIZE));