GitLab

The current random base address generation in the Android chromium linker is prone
to error.  It selects an address at random between 0x20000000 and 0x40000000 and
expects that this will be clear.  This is occasionally untrue for ARM, but very
often untrue for MIPS.  As a consequence, RELRO sharing is being turned off more
frequently than it could be.

This change removes the local random address generation code and instead replaces
it with code that speculatively maps a large region, captures the address returned
by mmap, then unmaps and returns the address.  The expectation is that this region
will remain free for use when the time comes for the crazy linker to map the browser
into it.  This generally holds because the time between these two actions is short
and little, if anything, loads or mmaps between them.  Worst case is that RELRO
sharing turns off as at present, but the probability of this happening should now
be much lower.

Note that capturing the address from mmap relies on Android ASLR being active for
mmap.  This is the default device state since ICS.  The revised random browser
load address is only as entropic as Android's ASLR.

BUG=397634

Review URL: https://codereview.chromium.org/470053003

Cr-Commit-Position: refs/heads/master@{#291111}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@291111 0039d316-1c4b-4281-b951-d872f2087c98