Pagetable-friendly shared library address randomization. Add inaccessible gaps between shared libraries to make it harder for the attackers to defeat ASLR by random probing. To avoid excessive page table bloat, only do this when a library is about to cross a huge page boundary, effectively allowing several smaller libraries to be lumped together. Bug: 158113540 Test: look at /proc/$$/maps Change-Id: I39c0100b81f72447e8b3c6faafa561111492bf8c

commit: e0848bbf896ad1f704c48c0da9ff4fb397644dac [log] [tgz]
author: Evgenii Stepanov <eugenis@google.com> Tue Jul 14 16:44:57 2020 -0700
committer: Evgenii Stepanov <eugenis@google.com> Thu Jul 16 13:57:20 2020 -0700
tree: bd5261ac8d40d05eaf706424c7c9174eda45275a
parent: a96099e13068278e54afa637c088496d56c85b62 [diff] [blame]
diff --git a/linker/linker.cpp b/linker/linker.cpp
index 10608f4..a41ca09 100644
--- a/linker/linker.cpp
+++ b/linker/linker.cpp

@@ -311,6 +311,10 @@
     }
   }
 
+  if (si->has_min_version(6) && si->get_gap_size()) {
+    munmap(reinterpret_cast<void*>(si->get_gap_start()), si->get_gap_size());
+  }
+
   TRACE("name %s: freeing soinfo @ %p", si->get_realpath(), si);
 
   if (!solist_remove_soinfo(si)) {
@@ -599,6 +603,8 @@
     si_->load_bias = elf_reader.load_bias();
     si_->phnum = elf_reader.phdr_count();
     si_->phdr = elf_reader.loaded_phdr();
+    si_->set_gap_start(elf_reader.gap_start());
+    si_->set_gap_size(elf_reader.gap_size());
 
     return true;
   }
commit	e0848bbf896ad1f704c48c0da9ff4fb397644dac	[log] [tgz]
author	Evgenii Stepanov <eugenis@google.com>	Tue Jul 14 16:44:57 2020 -0700
committer	Evgenii Stepanov <eugenis@google.com>	Thu Jul 16 13:57:20 2020 -0700
tree	bd5261ac8d40d05eaf706424c7c9174eda45275a
parent	a96099e13068278e54afa637c088496d56c85b62 [diff] [blame]