crazy linker: Add a Breakpad "guard region" to reserved space.

base/android/linker/linker_jni.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This is the Android-specific Chromium linker, a tiny shared library
 // implementing a custom dynamic linker that can be used to load the
 // real Chromium libraries (e.g. libcontentshell.so).
 
 // The main point of this linker is to be able to share the RELRO
 // section of libcontentshell.so (or equivalent) between the browser and
 // renderer process.
 
 // This source code *cannot* depend on anything from base/ or the C++
 // STL, to keep the final library small, and avoid ugly dependency issues.
 
 #include <android/log.h>
 #include <crazy_linker.h>
 #include <fcntl.h>
 #include <jni.h>
 #include <limits.h>
 #include <stdlib.h>
 #include <sys/mman.h>
 #include <unistd.h>
 
+// See commentary in crazy_linker_elf_loader.cpp for the effect of setting
+// this.  If changing there, change here also.
+//
+// For more, see:
+//   https://crbug.com/504410
+#define RESERVE_BREAKPAD_GUARD_REGION 1
+
 // Set this to 1 to enable debug traces to the Android log.
 // Note that LOG() from "base/logging.h" cannot be used, since it is
 // in base/ which hasn't been loaded yet.
 #define DEBUG 0
 
 #define TAG "chromium_android_linker"
 
 #if DEBUG
 #define LOG_INFO(...) __android_log_print(ANDROID_LOG_INFO, TAG, __VA_ARGS__)
 #else
@@ skipping 584 matching lines @@
            lib_name.c_str());
 
   return true;
 }
 
 jboolean CanUseSharedRelro(JNIEnv* env, jclass clazz) {
   return crazy_system_can_share_relro();
 }
 
 jlong GetRandomBaseLoadAddress(JNIEnv* env, jclass clazz, jlong bytes) {
+#if RESERVE_BREAKPAD_GUARD_REGION
+  // Add a Breakpad guard region.  16Mb should be comfortably larger than
+  // the largest relocation packer saving we expect to encounter.
+  static const size_t kBreakpadGuardRegionBytes = 16 * 1024 * 1024;
+  bytes += kBreakpadGuardRegionBytes;
+#endif
+
   void* address =
       mmap(NULL, bytes, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
   if (address == MAP_FAILED) {
     LOG_INFO("%s: Random base load address not determinable\n", __FUNCTION__);
     return 0;
   }
   munmap(address, bytes);
+
+#if RESERVE_BREAKPAD_GUARD_REGION
+  // Allow for a Breakpad guard region ahead of the returned address.
+  address = reinterpret_cast<void*>(
+      reinterpret_cast<uintptr_t>(address) + kBreakpadGuardRegionBytes);
+#endif
+
   LOG_INFO("%s: Random base load address is %p\n", __FUNCTION__, address);
   return static_cast<jlong>(reinterpret_cast<uintptr_t>(address));
 }
 
 // Get the full path of a library in the zip file
 // (lib/<abi>/crazy.<lib_name>).
 //
 // |env| is the current JNI environment handle.
 // |clazz| is the static class handle which is not used here.
 // |lib_name| is the library base name.
@@ skipping 148 matching lines @@
   crazy_context_t* context = GetCrazyContext();
   crazy_context_set_java_vm(context, vm, JNI_VERSION_1_4);
 
   // Register the function that the crazy linker can call to post code
   // for later execution.
   crazy_context_set_callback_poster(context, &PostForLaterExecution, NULL);
 
   LOG_INFO("%s: Done", __FUNCTION__);
   return JNI_VERSION_1_4;
 }