Pagetable-friendly shared library address randomization.

Add inaccessible gaps between shared libraries to make it harder for the attackers to defeat ASLR by random probing. To avoid excessive page table bloat, only do this when a library is about to cross a huge page boundary, effectively allowing several smaller libraries to be lumped together. Bug: 158113540 Test: look at /proc/$$/maps Change-Id: I39c0100b81f72447e8b3c6faafa561111492bf8c
author: Evgenii Stepanov <eugenis@google.com> 2020-07-14 16:44:57 -0700
committer: Evgenii Stepanov <eugenis@google.com> 2020-07-16 13:57:20 -0700
commit: e0848bbf896ad1f704c48c0da9ff4fb397644dac (patch)
tree: bd5261ac8d40d05eaf706424c7c9174eda45275a /linker/linker.cpp
parent: a96099e13068278e54afa637c088496d56c85b62 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/linker/linker.cpp b/linker/linker.cpp
index 10608f46f..a41ca091b 100644
--- a/linker/linker.cpp
+++ b/linker/linker.cpp
@@ -311,6 +311,10 @@ static void soinfo_free(soinfo* si) {
     }
   }
 
+  if (si->has_min_version(6) && si->get_gap_size()) {
+    munmap(reinterpret_cast<void*>(si->get_gap_start()), si->get_gap_size());
+  }
+
   TRACE("name %s: freeing soinfo @ %p", si->get_realpath(), si);
 
   if (!solist_remove_soinfo(si)) {
@@ -599,6 +603,8 @@ class LoadTask {
     si_->load_bias = elf_reader.load_bias();
     si_->phnum = elf_reader.phdr_count();
     si_->phdr = elf_reader.loaded_phdr();
+    si_->set_gap_start(elf_reader.gap_start());
+    si_->set_gap_size(elf_reader.gap_size());
 
     return true;
   }
author	Evgenii Stepanov <eugenis@google.com>	2020-07-14 16:44:57 -0700
committer	Evgenii Stepanov <eugenis@google.com>	2020-07-16 13:57:20 -0700
commit	e0848bbf896ad1f704c48c0da9ff4fb397644dac (patch)
tree	bd5261ac8d40d05eaf706424c7c9174eda45275a /linker/linker.cpp
parent	a96099e13068278e54afa637c088496d56c85b62 (diff)