Merge "Reset stack guard after fork from Zygote"
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index 1122c20..3622029 100644
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -94,6 +94,10 @@
#include "nativebridge/native_bridge.h"
+#if defined(__BIONIC__)
+extern "C" void android_reset_stack_guards();
+#endif
+
namespace {
// TODO (chriswailes): Add a function to initialize native Zygote data.
@@ -412,6 +416,7 @@
}
// This signal handler is for zygote mode, since the zygote must reap its children
+NO_STACK_PROTECTOR
static void SigChldHandler(int /*signal_number*/, siginfo_t* info, void* /*ucontext*/) {
pid_t pid;
int status;
@@ -2042,6 +2047,7 @@
static bool gPreloadFdsExtracted = false;
// Utility routine to fork a process from the zygote.
+NO_STACK_PROTECTOR
pid_t zygote::ForkCommon(JNIEnv* env, bool is_system_server,
const std::vector<int>& fds_to_close,
const std::vector<int>& fds_to_ignore,
@@ -2098,6 +2104,11 @@
setpriority(PRIO_PROCESS, 0, PROCESS_PRIORITY_MIN);
}
+#if defined(__BIONIC__)
+ // Reset the stack guard for the new process.
+ android_reset_stack_guards();
+#endif
+
// The child process.
PreApplicationInit();
@@ -2130,6 +2141,7 @@
PreApplicationInit();
}
+NO_STACK_PROTECTOR
static jint com_android_internal_os_Zygote_nativeForkAndSpecialize(
JNIEnv* env, jclass, jint uid, jint gid, jintArray gids, jint runtime_flags,
jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name,
@@ -2184,6 +2196,7 @@
return pid;
}
+NO_STACK_PROTECTOR
static jint com_android_internal_os_Zygote_nativeForkSystemServer(
JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,
jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities,
@@ -2255,6 +2268,7 @@
* @param is_priority_fork Controls the nice level assigned to the newly created process
* @return child pid in the parent, 0 in the child
*/
+NO_STACK_PROTECTOR
static jint com_android_internal_os_Zygote_nativeForkApp(JNIEnv* env,
jclass,
jint read_pipe_fd,
@@ -2269,6 +2283,7 @@
args_known == JNI_TRUE, is_priority_fork == JNI_TRUE, true);
}
+NO_STACK_PROTECTOR
int zygote::forkApp(JNIEnv* env,
int read_pipe_fd,
int write_pipe_fd,
diff --git a/core/jni/com_android_internal_os_Zygote.h b/core/jni/com_android_internal_os_Zygote.h
index b87396c..15f53e0 100644
--- a/core/jni/com_android_internal_os_Zygote.h
+++ b/core/jni/com_android_internal_os_Zygote.h
@@ -20,6 +20,14 @@
#define LOG_TAG "Zygote"
#define ATRACE_TAG ATRACE_TAG_DALVIK
+/*
+ * All functions that lead to ForkCommon must be marked with the
+ * no_stack_protector attributed. Because ForkCommon changes the stack
+ * protector cookie, all of the guard checks on the frames above ForkCommon
+ * would fail when they are popped.
+ */
+#define NO_STACK_PROTECTOR __attribute__((no_stack_protector))
+
#include <jni.h>
#include <vector>
#include <android-base/stringprintf.h>
diff --git a/core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp b/core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp
index add645de..2b5b8f7 100644
--- a/core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp
+++ b/core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp
@@ -377,6 +377,7 @@
// We only process fork commands if the peer uid matches expected_uid.
// For every fork command after the first, we check that the requested uid is at
// least minUid.
+NO_STACK_PROTECTOR
jboolean com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly(
JNIEnv* env,
jclass,