Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e9877928 authored by Evgenii Stepanov's avatar Evgenii Stepanov
Browse files

[cfi] Adjust RLIMIT_AS by CFI shadow size. 

CFI (control flow integrity) implementation is using a MAP_NORESERVE
allocation of up to 2GB is size. Only a tiny portion of it is backed
by physical memory. Take this into account when setting RLIMIT_AS for
media services.

Test: no immediate effect; CFI shadow increase for 48-bit aarch64 can
      be reapplied w/o breaking android boot.
Bug: 64293803

See https://android-review.googlesource.com/#/c/platform/bionic/+/424903/.

(cherry picked from commit f1b05236)

Change-Id: I3fe72edcdaf908f42a1ffdfde645e34263564990
parent 8a37a466

media/libmedia/MediaUtils.cpp

+15 −0
Original line number Original line Diff line number Diff line
@@ -24,6 +24,8 @@ 




#include "MediaUtils.h"

#include "MediaUtils.h"





extern "C" size_t __cfi_shadow_size();



namespace android {

namespace android {





void limitProcessMemory(

void limitProcessMemory(
@@ -62,6 +64,19 @@ void limitProcessMemory( 
    if (propVal > 0 && uint64_t(propVal) <= SIZE_MAX) {

    if (propVal > 0 && uint64_t(propVal) <= SIZE_MAX) {

        maxMem = propVal;

        maxMem = propVal;

    }

    }



    // Increase by the size of the CFI shadow mapping. Most of the shadow is not

    // backed with physical pages, and it is possible for the result to be

    // higher than total physical memory. This is fine for RLIMIT_AS.

    size_t cfi_size = __cfi_shadow_size();

    if (cfi_size) {

      ALOGV("cfi shadow size: %zu", cfi_size);

      if (maxMem <= SIZE_MAX - cfi_size) {

        maxMem += cfi_size;

      } else {

        maxMem = SIZE_MAX;

      }

    }

    ALOGV("actual limit: %zu", maxMem);

    ALOGV("actual limit: %zu", maxMem);





    struct rlimit limit;

    struct rlimit limit;