Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / 7b13dd918e6e2c1638e6b137f27c80979a4ecd3f^! / . / libc / bionic / pthread_internal.h
commit7b13dd918e6e2c1638e6b137f27c80979a4ecd3f[log] [tgz]
authorPeter Collingbourne <pcc@google.com>Mon Oct 29 21:48:38 2018 +0000
committerPeter Collingbourne <pcc@google.com>Mon Oct 29 21:48:59 2018 +0000
treeb7f8343a6fc3767bd968b68ba8b6be74466d027a
parentda1bc79f937225b1a048d9e5a03eca81680a17fd [diff] [blame]
Revert "bionic: Allocate a shadow call stack for each thread."

This reverts commit da1bc79f937225b1a048d9e5a03eca81680a17fd.

Reason for revert: Caused OOM in media process

Bug: 112907825
Bug: 118593766
Change-Id: I545663871d75889b209b9fd2131cdaa97166478f

diff --git a/libc/bionic/pthread_internal.h b/libc/bionic/pthread_internal.h
index b7173a3..65ec5ff 100644
--- a/libc/bionic/pthread_internal.h
+++ b/libc/bionic/pthread_internal.h

@@ -106,29 +106,6 @@
 
   void* alternate_signal_stack;
 
-  // The start address of the shadow call stack's guard region (arm64 only).
-  // This address is only used to deallocate the shadow call stack on thread
-  // exit; the address of the stack itself is stored only in the x18 register.
-  // Because the protection offered by SCS relies on the secrecy of the stack
-  // address, storing the address here weakens the protection, but only
-  // slightly, because it is relatively easy for an attacker to discover the
-  // address of the guard region anyway (e.g. it can be discovered by reference
-  // to other allocations), but not the stack itself, which is <0.1% of the size
-  // of the guard region.
-  //
-  // There are at least two other options for discovering the start address of
-  // the guard region on thread exit, but they are not as simple as storing in
-  // TLS.
-  // 1) Derive it from the value of the x18 register. This is only possible in
-  //    processes that do not contain legacy code that might clobber x18,
-  //    therefore each process must declare early during process startup whether
-  //    it might load legacy code.
-  // 2) Mark the guard region as such using prctl(PR_SET_VMA_ANON_NAME) and
-  //    discover its address by reading /proc/self/maps. One issue with this is
-  //    that reading /proc/self/maps can race with allocations, so we may need
-  //    code to handle retries.
-  void* shadow_call_stack_guard_region;
-
   Lock startup_handshake_lock;
 
   size_t mmap_size;
@@ -152,7 +129,7 @@
 __LIBC_HIDDEN__ int __init_thread(pthread_internal_t* thread);
 __LIBC_HIDDEN__ bool __init_tls(pthread_internal_t* thread);
 __LIBC_HIDDEN__ void __init_thread_stack_guard(pthread_internal_t* thread);
-__LIBC_HIDDEN__ void __init_additional_stacks(pthread_internal_t*);
+__LIBC_HIDDEN__ void __init_alternate_signal_stack(pthread_internal_t*);
 
 __LIBC_HIDDEN__ pthread_t           __pthread_internal_add(pthread_internal_t* thread);
 __LIBC_HIDDEN__ pthread_internal_t* __pthread_internal_find(pthread_t pthread_id);
@@ -201,13 +178,6 @@
 // Leave room for a guard page in the internally created signal stacks.
 #define SIGNAL_STACK_SIZE (SIGNAL_STACK_SIZE_WITHOUT_GUARD + PTHREAD_GUARD_SIZE)
 
-// Size of the shadow call stack.
-#define SCS_SIZE (8 * 1024)
-
-// The shadow call stack is allocated at a random address within a guard region
-// of this size.
-#define SCS_GUARD_REGION_SIZE (16 * 1024 * 1024)
-
 // Needed by fork.
 __LIBC_HIDDEN__ extern void __bionic_atfork_run_prepare();
 __LIBC_HIDDEN__ extern void __bionic_atfork_run_child();