Merge "Use PROT_NONE on the unused parts of CFI shadow."
diff --git a/linker/linker_cfi.cpp b/linker/linker_cfi.cpp
index 5995013..87b5d34 100644
--- a/linker/linker_cfi.cpp
+++ b/linker/linker_cfi.cpp
@@ -56,6 +56,7 @@
reinterpret_cast<char*>(mmap(nullptr, aligned_end - aligned_start, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0));
CHECK(tmp_start != MAP_FAILED);
+ mprotect(aligned_start, aligned_end - aligned_start, PROT_READ);
memcpy(tmp_start, aligned_start, shadow_start - aligned_start);
memcpy(tmp_start + (shadow_end - aligned_start), shadow_end, aligned_end - shadow_end);
}
@@ -154,7 +155,7 @@
uintptr_t CFIShadowWriter::MapShadow() {
void* p =
- mmap(nullptr, kShadowSize, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0);
+ mmap(nullptr, kShadowSize, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0);
CHECK(p != MAP_FAILED);
return reinterpret_cast<uintptr_t>(p);
}
diff --git a/tests/libs/cfi_test_lib.cpp b/tests/libs/cfi_test_lib.cpp
index 9f456d3..6f551c5 100644
--- a/tests/libs/cfi_test_lib.cpp
+++ b/tests/libs/cfi_test_lib.cpp
@@ -67,12 +67,9 @@
void check_cfi_self() {
g_last_type_id = 0;
assert(&__cfi_slowpath);
- // CFI check for an invalid address. Normally, this would kill the process by routing the call
- // back to the calling module's __cfi_check, which does the right thing based on
- // -fsanitize-recover / -fsanitize-trap. But this module has custom __cfi_check that does not do
- // any of that, so the result looks like a passing check.
- int zz;
- __cfi_slowpath(13, static_cast<void*>(&zz));
+ // CFI check for an address inside this DSO. This goes to the current module's __cfi_check,
+ // which updates g_last_type_id.
+ __cfi_slowpath(13, static_cast<void*>(&g_last_type_id));
assert(g_last_type_id == 13);
// CFI check for a libc function. This never goes into this module's __cfi_check, and must pass.
__cfi_slowpath(14, reinterpret_cast<void*>(&exit));