| commit | 1bb001059e2e1420ef095b0fd15b9d9199cf366e | |
| author | simonb@chromium.org <simonb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | |
| Thu, 21 Aug 2014 17:06:39 +0000 (21 17:06 +0000) | ||
| committer | simonb@chromium.org <simonb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | |
| Thu, 21 Aug 2014 17:08:10 +0000 (21 17:08 +0000) | ||
| tree | cc644fadcba9da7dcc0ed75bfc2be9b55a2ed619 | treesnapshot (tar.gz zip) |
| parent | 4c07a715534ad3639ccde83a5ecd7b6780bd4e69 | commitdiff |
Switch from local random address generation to kernel ASLR
The current random base address generation in the Android chromium linker is prone
to error. It selects an address at random between 0x20000000 and 0x40000000 and
expects that this will be clear. This is occasionally untrue for ARM, but very
often untrue for MIPS. As a consequence, RELRO sharing is being turned off more
frequently than it could be.
This change removes the local random address generation code and instead replaces
it with code that speculatively maps a large region, captures the address returned
by mmap, then unmaps and returns the address. The expectation is that this region
will remain free for use when the time comes for the crazy linker to map the browser
into it. This generally holds because the time between these two actions is short
and little, if anything, loads or mmaps between them. Worst case is that RELRO
sharing turns off as at present, but the probability of this happening should now
be much lower.
Note that capturing the address from mmap relies on Android ASLR being active for
mmap. This is the default device state since ICS. The revised random browser
load address is only as entropic as Android's ASLR.
BUG=397634
Review URL: https://codereview.chromium.org/470053003
Cr-Commit-Position: refs/heads/master@{#291111}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@291111 0039d316-1c4b-4281-b951-d872f2087c98
The current random base address generation in the Android chromium linker is prone
to error. It selects an address at random between 0x20000000 and 0x40000000 and
expects that this will be clear. This is occasionally untrue for ARM, but very
often untrue for MIPS. As a consequence, RELRO sharing is being turned off more
frequently than it could be.
This change removes the local random address generation code and instead replaces
it with code that speculatively maps a large region, captures the address returned
by mmap, then unmaps and returns the address. The expectation is that this region
will remain free for use when the time comes for the crazy linker to map the browser
into it. This generally holds because the time between these two actions is short
and little, if anything, loads or mmaps between them. Worst case is that RELRO
sharing turns off as at present, but the probability of this happening should now
be much lower.
Note that capturing the address from mmap relies on Android ASLR being active for
mmap. This is the default device state since ICS. The revised random browser
load address is only as entropic as Android's ASLR.
BUG=397634
Review URL: https://codereview.chromium.org/470053003
Cr-Commit-Position: refs/heads/master@{#291111}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@291111 0039d316-1c4b-4281-b951-d872f2087c98
| base/android/java/src/org/chromium/base/library_loader/Linker.java | diffblobblamehistory | |
| base/android/linker/linker_jni.cc | diffblobblamehistory |