Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / c340a08b1b2d439f482144d03df1a781c26cb0e5^! / . / libutils / RefBase.cpp
commitc340a08b1b2d439f482144d03df1a781c26cb0e5[log] [tgz]
authorSteven Moreland <smoreland@google.com>Tue Jul 26 17:09:50 2022 +0000
committerSteven Moreland <smoreland@google.com>Tue Jul 26 22:10:51 2022 +0000
tree9ee13956999522d0c67ba82270d9477f08adb85f
parentccb1ce32cca359c1b6648b2337d79830da3ec31c [diff] [blame]
libutils: RefBase always disallow on stack

Before, we only did this in sp<> constructors, but we can always make
this check during the initial incStrong.

Since prebuilts call into the existing report race function declared
in StrongPointer.h, we still call this function from RefBase.cpp.

Bug: 232557259
Test: libutils_test
Change-Id: I4080b1869b83ecf655fc9c182b6de768a6358adf

diff --git a/libutils/RefBase.cpp b/libutils/RefBase.cpp
index 4ddac3d..79c5743 100644
--- a/libutils/RefBase.cpp
+++ b/libutils/RefBase.cpp

@@ -149,6 +149,29 @@
 // Same for weak counts.
 #define BAD_WEAK(c) ((c) == 0 || ((c) & (~MAX_COUNT)) != 0)
 
+// see utils/StrongPointer.h - declared there for legacy reasons
+void sp_report_stack_pointer();
+
+// Check whether address is definitely on the calling stack.  We actually check whether it is on
+// the same 4K page as the frame pointer.
+//
+// Assumptions:
+// - Pages are never smaller than 4K (MIN_PAGE_SIZE)
+// - Malloced memory never shares a page with a stack.
+//
+// It does not appear safe to broaden this check to include adjacent pages; apparently this code
+// is used in environments where there may not be a guard page below (at higher addresses than)
+// the bottom of the stack.
+static void check_not_on_stack(const void* ptr) {
+    static constexpr int MIN_PAGE_SIZE = 0x1000;  // 4K. Safer than including sys/user.h.
+    static constexpr uintptr_t MIN_PAGE_MASK = ~static_cast<uintptr_t>(MIN_PAGE_SIZE - 1);
+    uintptr_t my_frame_address =
+            reinterpret_cast<uintptr_t>(__builtin_frame_address(0 /* this frame */));
+    if (((reinterpret_cast<uintptr_t>(ptr) ^ my_frame_address) & MIN_PAGE_MASK) == 0) {
+        sp_report_stack_pointer();
+    }
+}
+
 // ---------------------------------------------------------------------------
 
 class RefBase::weakref_impl : public RefBase::weakref_type
@@ -432,6 +455,8 @@
         return;
     }
 
+    check_not_on_stack(this);
+
     int32_t old __unused = refs->mStrong.fetch_sub(INITIAL_STRONG_VALUE, std::memory_order_relaxed);
     // A decStrong() must still happen after us.
     ALOG_ASSERT(old > INITIAL_STRONG_VALUE, "0x%x too small", old);