Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
a28f43c6a7
DivestOS/Patches/LineageOS-17.1/android_bionic/0003-Graphene_Bionic_Hardening-12.patch
Tad 1df7c7f1d4 Churn 
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 19:16:19 -04:00

80 lines
2.0 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sat, 7 Feb 2015 20:14:24 -0500
Subject: [PATCH] add memory protection for at_quick_exit
---
.../lib/libc/stdlib/quick_exit.c | 40 ++++++++++++++++---
1 file changed, 35 insertions(+), 5 deletions(-)
diff --git a/libc/upstream-freebsd/lib/libc/stdlib/quick_exit.c b/libc/upstream-freebsd/lib/libc/stdlib/quick_exit.c
index ef8cdb1b4..63b54e3fb 100644
--- a/libc/upstream-freebsd/lib/libc/stdlib/quick_exit.c
+++ b/libc/upstream-freebsd/lib/libc/stdlib/quick_exit.c
@@ -28,6 +28,9 @@
#include <stdlib.h>
#include <pthread.h>
+#include <sys/mman.h>
+#include <sys/prctl.h>
+#include <unistd.h>
/**
* Linked list of quick exit handlers. This is simpler than the atexit()
@@ -39,6 +42,10 @@ struct quick_exit_handler {
void (*cleanup)(void);
};
+static struct quick_exit_handler *pool_page;
+static struct quick_exit_handler *pool;
+static size_t pool_size;
+
/**
* Lock protecting the handlers list.
*/
@@ -51,16 +58,39 @@ static struct quick_exit_handler *handlers;
int
at_quick_exit(void (*func)(void))
{
+ size_t page_size = getpagesize();
struct quick_exit_handler *h;
-
- h = malloc(sizeof(*h));
- if (NULL == h)
- return (1);
- h->cleanup = func;
pthread_mutex_lock(&atexit_mutex);
+
+ if (pool_size < sizeof(*h)) {
+ void *ptr = mmap(NULL, page_size, PROT_READ|PROT_WRITE,
+ MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
+ if (ptr == MAP_FAILED) {
+ pthread_mutex_unlock(&atexit_mutex);
+ return (1);
+ }
+ prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, ptr, page_size,
+ "at_quick_exit handlers");
+ pool_page = pool = ptr;
+ pool_size = page_size;
+ } else {
+ if (mprotect(pool_page, page_size, PROT_READ|PROT_WRITE)) {
+ pthread_mutex_unlock(&atexit_mutex);
+ return (1);
+ }
+ }
+
+ h = pool++;
+ pool_size -= sizeof(*h);
+
+ h->cleanup = func;
+
h->next = handlers;
handlers = h;
+
+ mprotect(pool_page, page_size, PROT_READ);
+
pthread_mutex_unlock(&atexit_mutex);
return (0);
}
Reference in New Issue View Git Blame Copy Permalink