Fix some minor issues with fixed load address in chromium linker.

- Fix address space leak in modern linker. If wanted address can no longer be mapped at (which is possible), linker falls back to usual aslr loading without sharing relro's. There was a missing call to munmap, so that this chunk of 192MB remained dangling. Legacy linker handles this correctly, see InternalElfLoader::ReserveAddressSpace at crazy_linker lib. - Fix needless call to GetRandomBaseLoadAddress in child processes. Method ensureInitializedLocked uses mInBrowserProcess to determine if it needs to generate an address for library loading. mInBrowserProcess is initialized with 'true', so we had a useless mmap of 192MB in every child process. Change-Id: I918e9a35bf5179a79a3676e4a50f3c6e7677933c Bug: 1108740 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2315019Reviewed-by: Benoit L <lizeb@chromium.org> Commit-Queue: Benoit L <lizeb@chromium.org> Auto-Submit: Igor Eremeev <myrth@yandex-team.ru> Cr-Commit-Position: refs/heads/master@{#791213}

Fix some minor issues with fixed load address in chromium linker.
- Fix address space leak in modern linker. If wanted address can no longer be mapped at (which is possible), linker falls back to usual aslr loading without sharing relro's. There was a missing call to munmap, so that this chunk of 192MB remained dangling. Legacy linker handles this correctly, see InternalElfLoader::ReserveAddressSpace at crazy_linker lib. - Fix needless call to GetRandomBaseLoadAddress in child processes. Method ensureInitializedLocked uses mInBrowserProcess to determine if it needs to generate an address for library loading. mInBrowserProcess is initialized with 'true', so we had a useless mmap of 192MB in every child process. Change-Id: I918e9a35bf5179a79a3676e4a50f3c6e7677933c Bug: 1108740 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2315019Reviewed-by: Benoit L <lizeb@chromium.org> Commit-Queue: Benoit L <lizeb@chromium.org> Auto-Submit: Igor Eremeev <myrth@yandex-team.ru> Cr-Commit-Position: refs/heads/master@{#791213}
61c8116a · Igor Eremeev · Commit Bot · a1d2477d · 61c8116a · 61c8116a
Commit 61c8116a authored Jul 23, 2020 by Igor Eremeev Committed by Commit Bot Jul 23, 2020
Showing with 4 additions and 2 deletions

base/android/java/src/org/chromium/base/library_loader/Linker.java ...oid/java/src/org/chromium/base/library_loader/Linker.java +3 -2

base/android/linker/modern_linker_jni.cc base/android/linker/modern_linker_jni.cc +1 -0

No files found.
--- a/base/android/java/src/org/chromium/base/library_loader/Linker.java
+++ b/base/android/java/src/org/chromium/base/library_loader/Linker.java
@@ -256,9 +256,9 @@ public abstract class Linker {
    public final void disableSharedRelros() {
        if (DEBUG) Log.i(TAG, "disableSharedRelros() called");
        synchronized (sLock) {
+            mInBrowserProcess = false;
            ensureInitializedLocked();
            assert mState == State.INITIALIZED; // Not after the library has been loaded.
-            mInBrowserProcess = false;
            mWaitForSharedRelros = false;
        }
    }
@@ -358,10 +358,11 @@ public abstract class Linker {
    public final void initServiceProcess(long baseLoadAddress) {
        if (DEBUG) Log.i(TAG, "initServiceProcess(0x%x) called", baseLoadAddress);
        synchronized (sLock) {
+            mInBrowserProcess = false;
+
            ensureInitializedLocked();
            assert mState == State.INITIALIZED;

-            mInBrowserProcess = false;
            mWaitForSharedRelros = true;
            mBaseLoadAddress = baseLoadAddress;
        }

--- a/base/android/linker/modern_linker_jni.cc
+++ b/base/android/linker/modern_linker_jni.cc
@@ -116,6 +116,7 @@ ScopedAnonymousMmap ScopedAnonymousMmap::ReserveAtAddress(void* address,

  if (actual_address && actual_address != address) {
    LOG_ERROR("Failed to obtain fixed address for load");
+    munmap(actual_address, size);
    return {};
  }