Do not unmap reserved region on dlclose dlclose used to unmap the part of the reserved region for ANDROID_DLEXT_RESERVED_ADDRESS that was neccessary to map PT_LOAD segments. With this change dlclose replaces mapped PT_LOAD segments with a PROT_NONE, MAP_ANONYMOUS | MAP_NORESERVE. Previously caller was unmapping the reserved region after the failed dlclose which led to race condition when someone else reused the region freed by dlclose but before the unmap by the chromium code. Bug: http://code.google.com/p/chromium/issues/detail?id=568880 Change-Id: I0f5eaa2bf6641f83dde469b631c518482acc59a2

commit: f45b0e9edee72e97106c4b3d393b9bf1582303b3 [log] [tgz]
author: Dimitry Ivanov <dimitry@google.com> Fri Jan 15 11:13:35 2016 -0800
committer: Dimitry Ivanov <dimitry@google.com> Wed Jan 20 20:57:47 2016 -0800
tree: 4058875667899bec12774f4843a0e123aa7c4b6c
parent: df2f5fbe6f3d3937c3caf95138e43ee15f6d8497 [diff] [blame]
diff --git a/linker/linker_phdr.h b/linker/linker_phdr.h
index c359cca..89ec094 100644
--- a/linker/linker_phdr.h
+++ b/linker/linker_phdr.h

@@ -53,6 +53,7 @@
   const ElfW(Phdr)* loaded_phdr() const { return loaded_phdr_; }
   const ElfW(Dyn)* dynamic() const { return dynamic_; }
   const char* get_string(ElfW(Word) index) const;
+  bool is_mapped_by_caller() const { return mapped_by_caller_; }
 
  private:
   bool ReadElfHeader();
@@ -99,6 +100,9 @@
 
   // Loaded phdr.
   const ElfW(Phdr)* loaded_phdr_;
+
+  // Is map owned by the caller
+  bool mapped_by_caller_;
 };
 
 size_t phdr_table_get_load_size(const ElfW(Phdr)* phdr_table, size_t phdr_count,
commit	f45b0e9edee72e97106c4b3d393b9bf1582303b3	[log] [tgz]
author	Dimitry Ivanov <dimitry@google.com>	Fri Jan 15 11:13:35 2016 -0800
committer	Dimitry Ivanov <dimitry@google.com>	Wed Jan 20 20:57:47 2016 -0800
tree	4058875667899bec12774f4843a0e123aa7c4b6c
parent	df2f5fbe6f3d3937c3caf95138e43ee15f6d8497 [diff] [blame]