From 32c922179cacafb594d78e43b0c47c9eb3232bc1 Mon Sep 17 00:00:00 2001 From: Jim Chen Date: Wed, 30 May 2018 11:47:07 -0400 Subject: [PATCH] Bug 1460989 - Check page protection flags again after mprotect(); r=glandium We are apparently still crashing even after mprotect() with write flag returns successfully. This patch reads the flags again after mprotect() returns, and hopefully the flags will tell the truth of whether the page is truly writable or not after calling mprotect(). MozReview-Commit-ID: Jsg8vHKFEvJ --HG-- extra : rebase_source : b028aa0d5cefd50302bfc2502292d9129d202e09 --- mozglue/linker/ElfLoader.cpp | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/mozglue/linker/ElfLoader.cpp b/mozglue/linker/ElfLoader.cpp index f3d5e1de710f..745923608b82 100644 --- a/mozglue/linker/ElfLoader.cpp +++ b/mozglue/linker/ElfLoader.cpp @@ -911,11 +911,21 @@ public: page = firstPage; int ret = mprotect(page, length, prot | PROT_WRITE); - success = ret == 0; + if (ret != 0) { + success = false; + WARN("mprotect(%p, %zu, %o) = %d (errno=%d; %s)", + page, length, prot | PROT_WRITE, ret, errno, strerror(errno)); + return; + } + + // XXX bug 1460989: on some devices, mprotect appears to return 0 for + // success even after _failing_ to make the page writable. Therefore, check + // for write access again instead of relying on the mprotect return value. + int newProt = getProt(start, &end); + success = (newProt != -1) && (newProt & PROT_WRITE); if (!success) { - ERROR("mprotect(%p, %zu, %d) = %d (errno=%d; %s)", - page, length, prot | PROT_WRITE, ret, - errno, strerror(errno)); + WARN("mprotect(%p, %zu, %o) returned 0 but page is not writable: %o", + page, length, prot | PROT_WRITE, newProt); } }