Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / f45b0e9edee72e97106c4b3d393b9bf1582303b3^! / . / linker / linker_phdr.cpp
commitf45b0e9edee72e97106c4b3d393b9bf1582303b3[log] [tgz]
authorDimitry Ivanov <dimitry@google.com>Fri Jan 15 11:13:35 2016 -0800
committerDimitry Ivanov <dimitry@google.com>Wed Jan 20 20:57:47 2016 -0800
tree4058875667899bec12774f4843a0e123aa7c4b6c
parentdf2f5fbe6f3d3937c3caf95138e43ee15f6d8497 [diff] [blame]
Do not unmap reserved region on dlclose

dlclose used to unmap the part of the reserved region
for ANDROID_DLEXT_RESERVED_ADDRESS that was neccessary
to map PT_LOAD segments. With this change dlclose
replaces mapped PT_LOAD segments with a PROT_NONE,
MAP_ANONYMOUS | MAP_NORESERVE.

Previously caller was unmapping the reserved region after
the failed dlclose which led to race condition when someone
else reused the region freed by dlclose but before the unmap
by the chromium code.

Bug: http://code.google.com/p/chromium/issues/detail?id=568880
Change-Id: I0f5eaa2bf6641f83dde469b631c518482acc59a2

diff --git a/linker/linker_phdr.cpp b/linker/linker_phdr.cpp
index 4c4ce17..e81e325 100644
--- a/linker/linker_phdr.cpp
+++ b/linker/linker_phdr.cpp

@@ -137,7 +137,8 @@
 ElfReader::ElfReader()
     : did_read_(false), did_load_(false), fd_(-1), file_offset_(0), file_size_(0), phdr_num_(0),
       phdr_table_(nullptr), shdr_table_(nullptr), shdr_num_(0), dynamic_(nullptr), strtab_(nullptr),
-      strtab_size_(0), load_start_(nullptr), load_size_(0), load_bias_(0), loaded_phdr_(nullptr) {
+      strtab_size_(0), load_start_(nullptr), load_size_(0), load_bias_(0), loaded_phdr_(nullptr),
+      mapped_by_caller_(false) {
 }
 
 bool ElfReader::Read(const char* name, int fd, off64_t file_offset, off64_t file_size) {
@@ -467,6 +468,7 @@
     }
   } else {
     start = extinfo->reserved_addr;
+    mapped_by_caller_ = true;
   }
 
   load_start_ = start;