From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Thu, 3 Dec 2015 12:58:31 -0500
Subject: [PATCH] add memory protection for pthread_atfork handlers

Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
---
 libc/bionic/pthread_atfork.cpp | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/libc/bionic/pthread_atfork.cpp b/libc/bionic/pthread_atfork.cpp
index 6306052ee..d59f3ae54 100644
--- a/libc/bionic/pthread_atfork.cpp
+++ b/libc/bionic/pthread_atfork.cpp
@@ -47,6 +47,7 @@ struct atfork_t {
 };
 
 static atfork_t* pool;
+static atfork_t* page_list;
 
 class atfork_list_t {
  public:
@@ -160,13 +161,22 @@ void __bionic_atfork_run_parent() {
 // __register_atfork is the name used by glibc
 extern "C" int __register_atfork(void (*prepare)(void), void (*parent)(void),
                                  void(*child)(void), void* dso) {
+  size_t page_size = getpagesize();
+
   pthread_mutex_lock(&g_atfork_list_mutex);
 
+  for (atfork_t* page_it = page_list; page_it; page_it = page_it->next) {
+    mprotect(page_it, page_size, PROT_READ|PROT_WRITE);
+  }
+
   if (!pool) {
-    size_t page_size = getpagesize();
     char* page = static_cast<char*>(mmap(NULL, page_size, PROT_READ|PROT_WRITE,
                                          MAP_ANONYMOUS|MAP_PRIVATE, -1, 0));
     if (page == MAP_FAILED) {
+      for (atfork_t* page_it = page_list; page_it; page_it = page_it->next) {
+        mprotect(page_it, page_size, PROT_READ);
+      }
+
       pthread_mutex_unlock(&g_atfork_list_mutex);
       return ENOMEM;
     }
@@ -174,11 +184,15 @@ extern "C" int __register_atfork(void (*prepare)(void), void (*parent)(void),
     prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, page, page_size,
       "atfork handlers");
 
-    for (char* it = page; it < page + page_size - sizeof(atfork_t); it += sizeof(atfork_t)) {
+    for (char* it = page + sizeof(atfork_t); it < page + page_size - sizeof(atfork_t); it += sizeof(atfork_t)) {
       atfork_t* node = reinterpret_cast<atfork_t*>(it);
       node->next = pool;
       pool = node;
     }
+
+    atfork_t* page_node = reinterpret_cast<atfork_t*>(page);
+    page_node->next = page_list;
+    page_list = page_node;
   }
 
   atfork_t* entry = pool;
@@ -191,6 +205,10 @@ extern "C" int __register_atfork(void (*prepare)(void), void (*parent)(void),
 
   g_atfork_list.push_back(entry);
 
+  for (atfork_t* page_it = page_list; page_it; page_it = page_it->next) {
+    mprotect(page_it, page_size, PROT_READ);
+  }
+
   pthread_mutex_unlock(&g_atfork_list_mutex);
 
   return 0;
@@ -198,8 +216,20 @@ extern "C" int __register_atfork(void (*prepare)(void), void (*parent)(void),
 
 extern "C" __LIBC_HIDDEN__ void __unregister_atfork(void* dso) {
   pthread_mutex_lock(&g_atfork_list_mutex);
+
+  size_t page_size = getpagesize();
+
+  for (atfork_t* page_it = page_list; page_it; page_it = page_it->next) {
+    mprotect(page_it, page_size, PROT_READ|PROT_WRITE);
+  }
+
   g_atfork_list.remove_if([&](const atfork_t* entry) {
     return entry->dso_handle == dso;
   });
+
+  for (atfork_t* page_it = page_list; page_it; page_it = page_it->next) {
+    mprotect(page_it, page_size, PROT_READ);
+  }
+
   pthread_mutex_unlock(&g_atfork_list_mutex);
 }