1f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 2f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)// found in the LICENSE file. 4f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 5f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#ifndef CRAZY_LINKER_ASHMEM_H 6f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#define CRAZY_LINKER_ASHMEM_H 7f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 8f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include <unistd.h> 9f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 10f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)namespace crazy { 11f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 12f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)// Helper class to hold a scoped ashmem region file descriptor. 13f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)class AshmemRegion { 14f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) public: 15f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) AshmemRegion() : fd_(-1) {} 16f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 17f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) ~AshmemRegion() { Reset(-1); } 18f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 19f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) int fd() const { return fd_; } 20f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 21f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) int Release() { 22f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) int ret = fd_; 23f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) fd_ = -1; 24f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) return ret; 25f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) } 26f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 27f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) void Reset(int fd) { 28f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) if (fd_ != -1) { 29f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) ::close(fd_); 30f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) } 31f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) fd_ = fd; 32f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) } 33f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 34f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // Try to allocate a new ashmem region of |region_size| 35f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // (page-aligned) bytes. |region_name| is optional, if not NULL 36f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // it will be the name of the region (only used for debugging). 37f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // Returns true on success, false otherwise. 38f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) bool Allocate(size_t region_size, const char* region_name); 39f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 40f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // Change the protection flags of the region. Returns true on success. 41f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // On failure, check errno for an error code. 42f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) bool SetProtectionFlags(int prot_flags); 43f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 44f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // Check that the region tied to file descriptor |fd| is properly read-only: 45f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // I.e. that it cannot be mapped writable, or that a read-only mapping cannot 46f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // be mprotect()-ed into MAP_WRITE. On failure, return false and sets errno. 47f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // 48f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // See: 49f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // http://www.cvedetails.com/cve/CVE-2011-1149/ 50f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // And kernel patch at: 51f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // https://android.googlesource.com/kernel/common.git/+/ 52f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // 56f76fc68492af718fff88927bc296635d634b78%5E%21/ 53f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) static bool CheckFileDescriptorIsReadOnly(int fd); 54f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 55f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) private: 56f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) AshmemRegion(const AshmemRegion& other); 57f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) AshmemRegion& operator=(const AshmemRegion& other); 58f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 59f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) int fd_; 60f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)}; 61f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 62f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} // namespace crazy 63f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 64f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#endif // CRAZY_LINKER_ASHMEM_H 65