Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f1b05236 authored by Evgenii Stepanov's avatar Evgenii Stepanov
Browse files

[cfi] Adjust RLIMIT_AS by CFI shadow size. 

CFI (control flow integrity) implementation is using a MAP_NORESERVE
allocation of up to 2GB is size. Only a tiny portion of it is backed
by physical memory. Take this into account when setting RLIMIT_AS for
media services.

Test: no immediate effect; CFI shadow increase for 48-bit aarch64 can
      be reapplied w/o breaking android boot.
Bug: 64293803

See https://android-review.googlesource.com/#/c/platform/bionic/+/424903/.

Change-Id: I8d4e780a8579f3102f97abe0f5c9bf8f3dee3d2f
parent f402866c

media/libmedia/MediaUtils.cpp

+15 −0
Original line number Diff line number Diff line
@@ -24,6 +24,8 @@ 


#include "MediaUtils.h"



extern "C" size_t __cfi_shadow_size();



namespace android {



void limitProcessMemory(
@@ -62,6 +64,19 @@ void limitProcessMemory( 
    if (propVal > 0 && uint64_t(propVal) <= SIZE_MAX) {

        maxMem = propVal;

    }



    // Increase by the size of the CFI shadow mapping. Most of the shadow is not

    // backed with physical pages, and it is possible for the result to be

    // higher than total physical memory. This is fine for RLIMIT_AS.

    size_t cfi_size = __cfi_shadow_size();

    if (cfi_size) {

      ALOGV("cfi shadow size: %zu", cfi_size);

      if (maxMem <= SIZE_MAX - cfi_size) {

        maxMem += cfi_size;

      } else {

        maxMem = SIZE_MAX;

      }

    }

    ALOGV("actual limit: %zu", maxMem);



    struct rlimit limit;