1*00c7fec1SAndroid Build Coastguard Worker /*
2*00c7fec1SAndroid Build Coastguard Worker * Copyright (C) 2008 The Android Open Source Project
3*00c7fec1SAndroid Build Coastguard Worker *
4*00c7fec1SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*00c7fec1SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*00c7fec1SAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*00c7fec1SAndroid Build Coastguard Worker *
8*00c7fec1SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*00c7fec1SAndroid Build Coastguard Worker *
10*00c7fec1SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*00c7fec1SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*00c7fec1SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*00c7fec1SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*00c7fec1SAndroid Build Coastguard Worker * limitations under the License.
15*00c7fec1SAndroid Build Coastguard Worker */
16*00c7fec1SAndroid Build Coastguard Worker
17*00c7fec1SAndroid Build Coastguard Worker #include <cutils/ashmem.h>
18*00c7fec1SAndroid Build Coastguard Worker
19*00c7fec1SAndroid Build Coastguard Worker /*
20*00c7fec1SAndroid Build Coastguard Worker * Implementation of the user-space ashmem API for devices, which have our
21*00c7fec1SAndroid Build Coastguard Worker * ashmem-enabled kernel. See ashmem-sim.c for the "fake" tmp-based version,
22*00c7fec1SAndroid Build Coastguard Worker * used by the simulator.
23*00c7fec1SAndroid Build Coastguard Worker */
24*00c7fec1SAndroid Build Coastguard Worker #define LOG_TAG "ashmem"
25*00c7fec1SAndroid Build Coastguard Worker
26*00c7fec1SAndroid Build Coastguard Worker #include <errno.h>
27*00c7fec1SAndroid Build Coastguard Worker #include <fcntl.h>
28*00c7fec1SAndroid Build Coastguard Worker #include <linux/ashmem.h>
29*00c7fec1SAndroid Build Coastguard Worker #include <linux/memfd.h>
30*00c7fec1SAndroid Build Coastguard Worker #include <log/log.h>
31*00c7fec1SAndroid Build Coastguard Worker #include <pthread.h>
32*00c7fec1SAndroid Build Coastguard Worker #include <stdio.h>
33*00c7fec1SAndroid Build Coastguard Worker #include <string.h>
34*00c7fec1SAndroid Build Coastguard Worker #include <sys/ioctl.h>
35*00c7fec1SAndroid Build Coastguard Worker #include <sys/mman.h>
36*00c7fec1SAndroid Build Coastguard Worker #include <sys/stat.h>
37*00c7fec1SAndroid Build Coastguard Worker #include <sys/syscall.h>
38*00c7fec1SAndroid Build Coastguard Worker #include <sys/sysmacros.h>
39*00c7fec1SAndroid Build Coastguard Worker #include <sys/types.h>
40*00c7fec1SAndroid Build Coastguard Worker #include <unistd.h>
41*00c7fec1SAndroid Build Coastguard Worker
42*00c7fec1SAndroid Build Coastguard Worker #include <android-base/file.h>
43*00c7fec1SAndroid Build Coastguard Worker #include <android-base/properties.h>
44*00c7fec1SAndroid Build Coastguard Worker #include <android-base/strings.h>
45*00c7fec1SAndroid Build Coastguard Worker #include <android-base/unique_fd.h>
46*00c7fec1SAndroid Build Coastguard Worker
47*00c7fec1SAndroid Build Coastguard Worker /* ashmem identity */
48*00c7fec1SAndroid Build Coastguard Worker static dev_t __ashmem_rdev;
49*00c7fec1SAndroid Build Coastguard Worker /*
50*00c7fec1SAndroid Build Coastguard Worker * If we trigger a signal handler in the middle of locked activity and the
51*00c7fec1SAndroid Build Coastguard Worker * signal handler calls ashmem, we could get into a deadlock state.
52*00c7fec1SAndroid Build Coastguard Worker */
53*00c7fec1SAndroid Build Coastguard Worker static pthread_mutex_t __ashmem_lock = PTHREAD_MUTEX_INITIALIZER;
54*00c7fec1SAndroid Build Coastguard Worker
55*00c7fec1SAndroid Build Coastguard Worker /*
56*00c7fec1SAndroid Build Coastguard Worker * has_memfd_support() determines if the device can use memfd. memfd support
57*00c7fec1SAndroid Build Coastguard Worker * has been there for long time, but certain things in it may be missing. We
58*00c7fec1SAndroid Build Coastguard Worker * check for needed support in it. Also we check if the VNDK version of
59*00c7fec1SAndroid Build Coastguard Worker * libcutils being used is new enough, if its not, then we cannot use memfd
60*00c7fec1SAndroid Build Coastguard Worker * since the older copies may be using ashmem so we just use ashmem. Once all
61*00c7fec1SAndroid Build Coastguard Worker * Android devices that are getting updates are new enough (ex, they were
62*00c7fec1SAndroid Build Coastguard Worker * originally shipped with Android release > P), then we can just use memfd and
63*00c7fec1SAndroid Build Coastguard Worker * delete all ashmem code from libcutils (while preserving the interface).
64*00c7fec1SAndroid Build Coastguard Worker *
65*00c7fec1SAndroid Build Coastguard Worker * NOTE:
66*00c7fec1SAndroid Build Coastguard Worker * The sys.use_memfd property is set by default to false in Android
67*00c7fec1SAndroid Build Coastguard Worker * to temporarily disable memfd, till vendor and apps are ready for it.
68*00c7fec1SAndroid Build Coastguard Worker * The main issue: either apps or vendor processes can directly make ashmem
69*00c7fec1SAndroid Build Coastguard Worker * IOCTLs on FDs they receive by assuming they are ashmem, without going
70*00c7fec1SAndroid Build Coastguard Worker * through libcutils. Such fds could have very well be originally created with
71*00c7fec1SAndroid Build Coastguard Worker * libcutils hence they could be memfd. Thus the IOCTLs will break.
72*00c7fec1SAndroid Build Coastguard Worker *
73*00c7fec1SAndroid Build Coastguard Worker * Set default value of sys.use_memfd property to true once the issue is
74*00c7fec1SAndroid Build Coastguard Worker * resolved, so that the code can then self-detect if kernel support is present
75*00c7fec1SAndroid Build Coastguard Worker * on the device. The property can also set to true from adb shell, for
76*00c7fec1SAndroid Build Coastguard Worker * debugging.
77*00c7fec1SAndroid Build Coastguard Worker */
78*00c7fec1SAndroid Build Coastguard Worker
79*00c7fec1SAndroid Build Coastguard Worker static bool debug_log = false; /* set to true for verbose logging and other debug */
80*00c7fec1SAndroid Build Coastguard Worker static bool pin_deprecation_warn = true; /* Log the pin deprecation warning only once */
81*00c7fec1SAndroid Build Coastguard Worker
82*00c7fec1SAndroid Build Coastguard Worker /* Determine if vendor processes would be ok with memfd in the system:
83*00c7fec1SAndroid Build Coastguard Worker *
84*00c7fec1SAndroid Build Coastguard Worker * Previously this function checked if memfd is supported by checking if
85*00c7fec1SAndroid Build Coastguard Worker * vendor VNDK version is greater than Q. As we can assume all treblelized
86*00c7fec1SAndroid Build Coastguard Worker * device using this code is up to date enough to use memfd, memfd is allowed
87*00c7fec1SAndroid Build Coastguard Worker * if the device is treblelized.
88*00c7fec1SAndroid Build Coastguard Worker */
check_vendor_memfd_allowed()89*00c7fec1SAndroid Build Coastguard Worker static bool check_vendor_memfd_allowed() {
90*00c7fec1SAndroid Build Coastguard Worker static bool is_treblelized = android::base::GetBoolProperty("ro.treble.enabled", false);
91*00c7fec1SAndroid Build Coastguard Worker
92*00c7fec1SAndroid Build Coastguard Worker return is_treblelized;
93*00c7fec1SAndroid Build Coastguard Worker }
94*00c7fec1SAndroid Build Coastguard Worker
95*00c7fec1SAndroid Build Coastguard Worker /* Determine if memfd can be supported. This is just one-time hardwork
96*00c7fec1SAndroid Build Coastguard Worker * which will be cached by the caller.
97*00c7fec1SAndroid Build Coastguard Worker */
__has_memfd_support()98*00c7fec1SAndroid Build Coastguard Worker static bool __has_memfd_support() {
99*00c7fec1SAndroid Build Coastguard Worker if (check_vendor_memfd_allowed() == false) {
100*00c7fec1SAndroid Build Coastguard Worker return false;
101*00c7fec1SAndroid Build Coastguard Worker }
102*00c7fec1SAndroid Build Coastguard Worker
103*00c7fec1SAndroid Build Coastguard Worker /* Used to turn on/off the detection at runtime, in the future this
104*00c7fec1SAndroid Build Coastguard Worker * property will be removed once we switch everything over to ashmem.
105*00c7fec1SAndroid Build Coastguard Worker * Currently it is used only for debugging to switch the system over.
106*00c7fec1SAndroid Build Coastguard Worker */
107*00c7fec1SAndroid Build Coastguard Worker if (!android::base::GetBoolProperty("sys.use_memfd", false)) {
108*00c7fec1SAndroid Build Coastguard Worker if (debug_log) {
109*00c7fec1SAndroid Build Coastguard Worker ALOGD("sys.use_memfd=false so memfd disabled\n");
110*00c7fec1SAndroid Build Coastguard Worker }
111*00c7fec1SAndroid Build Coastguard Worker return false;
112*00c7fec1SAndroid Build Coastguard Worker }
113*00c7fec1SAndroid Build Coastguard Worker
114*00c7fec1SAndroid Build Coastguard Worker // Check if kernel support exists, otherwise fall back to ashmem.
115*00c7fec1SAndroid Build Coastguard Worker // This code needs to build on old API levels, so we can't use the libc
116*00c7fec1SAndroid Build Coastguard Worker // wrapper.
117*00c7fec1SAndroid Build Coastguard Worker //
118*00c7fec1SAndroid Build Coastguard Worker // MFD_NOEXEC_SEAL is used to match the semantics of the ashmem device,
119*00c7fec1SAndroid Build Coastguard Worker // which did not have executable permissions. This also seals the executable
120*00c7fec1SAndroid Build Coastguard Worker // permissions of the buffer (i.e. they cannot be changed by fchmod()).
121*00c7fec1SAndroid Build Coastguard Worker //
122*00c7fec1SAndroid Build Coastguard Worker // MFD_NOEXEC_SEAL implies MFD_ALLOW_SEALING.
123*00c7fec1SAndroid Build Coastguard Worker android::base::unique_fd fd(
124*00c7fec1SAndroid Build Coastguard Worker syscall(__NR_memfd_create, "test_android_memfd", MFD_CLOEXEC | MFD_NOEXEC_SEAL));
125*00c7fec1SAndroid Build Coastguard Worker if (fd == -1) {
126*00c7fec1SAndroid Build Coastguard Worker ALOGE("memfd_create failed: %s, no memfd support.\n", strerror(errno));
127*00c7fec1SAndroid Build Coastguard Worker return false;
128*00c7fec1SAndroid Build Coastguard Worker }
129*00c7fec1SAndroid Build Coastguard Worker
130*00c7fec1SAndroid Build Coastguard Worker if (fcntl(fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE) == -1) {
131*00c7fec1SAndroid Build Coastguard Worker ALOGE("fcntl(F_ADD_SEALS) failed: %s, no memfd support.\n", strerror(errno));
132*00c7fec1SAndroid Build Coastguard Worker return false;
133*00c7fec1SAndroid Build Coastguard Worker }
134*00c7fec1SAndroid Build Coastguard Worker
135*00c7fec1SAndroid Build Coastguard Worker if (debug_log) {
136*00c7fec1SAndroid Build Coastguard Worker ALOGD("memfd: device has memfd support, using it\n");
137*00c7fec1SAndroid Build Coastguard Worker }
138*00c7fec1SAndroid Build Coastguard Worker return true;
139*00c7fec1SAndroid Build Coastguard Worker }
140*00c7fec1SAndroid Build Coastguard Worker
has_memfd_support()141*00c7fec1SAndroid Build Coastguard Worker static bool has_memfd_support() {
142*00c7fec1SAndroid Build Coastguard Worker /* memfd_supported is the initial global per-process state of what is known
143*00c7fec1SAndroid Build Coastguard Worker * about memfd.
144*00c7fec1SAndroid Build Coastguard Worker */
145*00c7fec1SAndroid Build Coastguard Worker static bool memfd_supported = __has_memfd_support();
146*00c7fec1SAndroid Build Coastguard Worker
147*00c7fec1SAndroid Build Coastguard Worker return memfd_supported;
148*00c7fec1SAndroid Build Coastguard Worker }
149*00c7fec1SAndroid Build Coastguard Worker
get_ashmem_device_path()150*00c7fec1SAndroid Build Coastguard Worker static std::string get_ashmem_device_path() {
151*00c7fec1SAndroid Build Coastguard Worker static const std::string boot_id_path = "/proc/sys/kernel/random/boot_id";
152*00c7fec1SAndroid Build Coastguard Worker std::string boot_id;
153*00c7fec1SAndroid Build Coastguard Worker if (!android::base::ReadFileToString(boot_id_path, &boot_id)) {
154*00c7fec1SAndroid Build Coastguard Worker ALOGE("Failed to read %s: %s.\n", boot_id_path.c_str(), strerror(errno));
155*00c7fec1SAndroid Build Coastguard Worker return "";
156*00c7fec1SAndroid Build Coastguard Worker };
157*00c7fec1SAndroid Build Coastguard Worker boot_id = android::base::Trim(boot_id);
158*00c7fec1SAndroid Build Coastguard Worker
159*00c7fec1SAndroid Build Coastguard Worker return "/dev/ashmem" + boot_id;
160*00c7fec1SAndroid Build Coastguard Worker }
161*00c7fec1SAndroid Build Coastguard Worker
162*00c7fec1SAndroid Build Coastguard Worker /* logistics of getting file descriptor for ashmem */
__ashmem_open_locked()163*00c7fec1SAndroid Build Coastguard Worker static int __ashmem_open_locked()
164*00c7fec1SAndroid Build Coastguard Worker {
165*00c7fec1SAndroid Build Coastguard Worker static const std::string ashmem_device_path = get_ashmem_device_path();
166*00c7fec1SAndroid Build Coastguard Worker
167*00c7fec1SAndroid Build Coastguard Worker if (ashmem_device_path.empty()) {
168*00c7fec1SAndroid Build Coastguard Worker return -1;
169*00c7fec1SAndroid Build Coastguard Worker }
170*00c7fec1SAndroid Build Coastguard Worker
171*00c7fec1SAndroid Build Coastguard Worker int fd = TEMP_FAILURE_RETRY(open(ashmem_device_path.c_str(), O_RDWR | O_CLOEXEC));
172*00c7fec1SAndroid Build Coastguard Worker
173*00c7fec1SAndroid Build Coastguard Worker // fallback for APEX w/ use_vendor on Q, which would have still used /dev/ashmem
174*00c7fec1SAndroid Build Coastguard Worker if (fd < 0) {
175*00c7fec1SAndroid Build Coastguard Worker int saved_errno = errno;
176*00c7fec1SAndroid Build Coastguard Worker fd = TEMP_FAILURE_RETRY(open("/dev/ashmem", O_RDWR | O_CLOEXEC));
177*00c7fec1SAndroid Build Coastguard Worker if (fd < 0) {
178*00c7fec1SAndroid Build Coastguard Worker /* Q launching devices and newer must not reach here since they should have been
179*00c7fec1SAndroid Build Coastguard Worker * able to open ashmem_device_path */
180*00c7fec1SAndroid Build Coastguard Worker ALOGE("Unable to open ashmem device %s (error = %s) and /dev/ashmem(error = %s)",
181*00c7fec1SAndroid Build Coastguard Worker ashmem_device_path.c_str(), strerror(saved_errno), strerror(errno));
182*00c7fec1SAndroid Build Coastguard Worker return fd;
183*00c7fec1SAndroid Build Coastguard Worker }
184*00c7fec1SAndroid Build Coastguard Worker }
185*00c7fec1SAndroid Build Coastguard Worker struct stat st;
186*00c7fec1SAndroid Build Coastguard Worker int ret = TEMP_FAILURE_RETRY(fstat(fd, &st));
187*00c7fec1SAndroid Build Coastguard Worker if (ret < 0) {
188*00c7fec1SAndroid Build Coastguard Worker int save_errno = errno;
189*00c7fec1SAndroid Build Coastguard Worker close(fd);
190*00c7fec1SAndroid Build Coastguard Worker errno = save_errno;
191*00c7fec1SAndroid Build Coastguard Worker return ret;
192*00c7fec1SAndroid Build Coastguard Worker }
193*00c7fec1SAndroid Build Coastguard Worker if (!S_ISCHR(st.st_mode) || !st.st_rdev) {
194*00c7fec1SAndroid Build Coastguard Worker close(fd);
195*00c7fec1SAndroid Build Coastguard Worker errno = ENOTTY;
196*00c7fec1SAndroid Build Coastguard Worker return -1;
197*00c7fec1SAndroid Build Coastguard Worker }
198*00c7fec1SAndroid Build Coastguard Worker
199*00c7fec1SAndroid Build Coastguard Worker __ashmem_rdev = st.st_rdev;
200*00c7fec1SAndroid Build Coastguard Worker return fd;
201*00c7fec1SAndroid Build Coastguard Worker }
202*00c7fec1SAndroid Build Coastguard Worker
__ashmem_open()203*00c7fec1SAndroid Build Coastguard Worker static int __ashmem_open()
204*00c7fec1SAndroid Build Coastguard Worker {
205*00c7fec1SAndroid Build Coastguard Worker int fd;
206*00c7fec1SAndroid Build Coastguard Worker
207*00c7fec1SAndroid Build Coastguard Worker pthread_mutex_lock(&__ashmem_lock);
208*00c7fec1SAndroid Build Coastguard Worker fd = __ashmem_open_locked();
209*00c7fec1SAndroid Build Coastguard Worker pthread_mutex_unlock(&__ashmem_lock);
210*00c7fec1SAndroid Build Coastguard Worker
211*00c7fec1SAndroid Build Coastguard Worker return fd;
212*00c7fec1SAndroid Build Coastguard Worker }
213*00c7fec1SAndroid Build Coastguard Worker
214*00c7fec1SAndroid Build Coastguard Worker /* Make sure file descriptor references ashmem, negative number means false */
__ashmem_is_ashmem(int fd,int fatal)215*00c7fec1SAndroid Build Coastguard Worker static int __ashmem_is_ashmem(int fd, int fatal)
216*00c7fec1SAndroid Build Coastguard Worker {
217*00c7fec1SAndroid Build Coastguard Worker dev_t rdev;
218*00c7fec1SAndroid Build Coastguard Worker struct stat st;
219*00c7fec1SAndroid Build Coastguard Worker
220*00c7fec1SAndroid Build Coastguard Worker if (fstat(fd, &st) < 0) {
221*00c7fec1SAndroid Build Coastguard Worker return -1;
222*00c7fec1SAndroid Build Coastguard Worker }
223*00c7fec1SAndroid Build Coastguard Worker
224*00c7fec1SAndroid Build Coastguard Worker rdev = 0; /* Too much complexity to sniff __ashmem_rdev */
225*00c7fec1SAndroid Build Coastguard Worker if (S_ISCHR(st.st_mode) && st.st_rdev) {
226*00c7fec1SAndroid Build Coastguard Worker pthread_mutex_lock(&__ashmem_lock);
227*00c7fec1SAndroid Build Coastguard Worker rdev = __ashmem_rdev;
228*00c7fec1SAndroid Build Coastguard Worker if (rdev) {
229*00c7fec1SAndroid Build Coastguard Worker pthread_mutex_unlock(&__ashmem_lock);
230*00c7fec1SAndroid Build Coastguard Worker } else {
231*00c7fec1SAndroid Build Coastguard Worker int fd = __ashmem_open_locked();
232*00c7fec1SAndroid Build Coastguard Worker if (fd < 0) {
233*00c7fec1SAndroid Build Coastguard Worker pthread_mutex_unlock(&__ashmem_lock);
234*00c7fec1SAndroid Build Coastguard Worker return -1;
235*00c7fec1SAndroid Build Coastguard Worker }
236*00c7fec1SAndroid Build Coastguard Worker rdev = __ashmem_rdev;
237*00c7fec1SAndroid Build Coastguard Worker pthread_mutex_unlock(&__ashmem_lock);
238*00c7fec1SAndroid Build Coastguard Worker
239*00c7fec1SAndroid Build Coastguard Worker close(fd);
240*00c7fec1SAndroid Build Coastguard Worker }
241*00c7fec1SAndroid Build Coastguard Worker
242*00c7fec1SAndroid Build Coastguard Worker if (st.st_rdev == rdev) {
243*00c7fec1SAndroid Build Coastguard Worker return 0;
244*00c7fec1SAndroid Build Coastguard Worker }
245*00c7fec1SAndroid Build Coastguard Worker }
246*00c7fec1SAndroid Build Coastguard Worker
247*00c7fec1SAndroid Build Coastguard Worker if (fatal) {
248*00c7fec1SAndroid Build Coastguard Worker if (rdev) {
249*00c7fec1SAndroid Build Coastguard Worker LOG_ALWAYS_FATAL("illegal fd=%d mode=0%o rdev=%d:%d expected 0%o %d:%d",
250*00c7fec1SAndroid Build Coastguard Worker fd, st.st_mode, major(st.st_rdev), minor(st.st_rdev),
251*00c7fec1SAndroid Build Coastguard Worker S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IRGRP,
252*00c7fec1SAndroid Build Coastguard Worker major(rdev), minor(rdev));
253*00c7fec1SAndroid Build Coastguard Worker } else {
254*00c7fec1SAndroid Build Coastguard Worker LOG_ALWAYS_FATAL("illegal fd=%d mode=0%o rdev=%d:%d expected 0%o",
255*00c7fec1SAndroid Build Coastguard Worker fd, st.st_mode, major(st.st_rdev), minor(st.st_rdev),
256*00c7fec1SAndroid Build Coastguard Worker S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IRGRP);
257*00c7fec1SAndroid Build Coastguard Worker }
258*00c7fec1SAndroid Build Coastguard Worker /* NOTREACHED */
259*00c7fec1SAndroid Build Coastguard Worker }
260*00c7fec1SAndroid Build Coastguard Worker
261*00c7fec1SAndroid Build Coastguard Worker errno = ENOTTY;
262*00c7fec1SAndroid Build Coastguard Worker return -1;
263*00c7fec1SAndroid Build Coastguard Worker }
264*00c7fec1SAndroid Build Coastguard Worker
__ashmem_check_failure(int fd,int result)265*00c7fec1SAndroid Build Coastguard Worker static int __ashmem_check_failure(int fd, int result)
266*00c7fec1SAndroid Build Coastguard Worker {
267*00c7fec1SAndroid Build Coastguard Worker if (result == -1 && errno == ENOTTY) __ashmem_is_ashmem(fd, 1);
268*00c7fec1SAndroid Build Coastguard Worker return result;
269*00c7fec1SAndroid Build Coastguard Worker }
270*00c7fec1SAndroid Build Coastguard Worker
memfd_is_ashmem(int fd)271*00c7fec1SAndroid Build Coastguard Worker static bool memfd_is_ashmem(int fd) {
272*00c7fec1SAndroid Build Coastguard Worker static bool fd_check_error_once = false;
273*00c7fec1SAndroid Build Coastguard Worker
274*00c7fec1SAndroid Build Coastguard Worker if (__ashmem_is_ashmem(fd, 0) == 0) {
275*00c7fec1SAndroid Build Coastguard Worker if (!fd_check_error_once) {
276*00c7fec1SAndroid Build Coastguard Worker ALOGE("memfd: memfd expected but ashmem fd used - please use libcutils.\n");
277*00c7fec1SAndroid Build Coastguard Worker fd_check_error_once = true;
278*00c7fec1SAndroid Build Coastguard Worker }
279*00c7fec1SAndroid Build Coastguard Worker
280*00c7fec1SAndroid Build Coastguard Worker return true;
281*00c7fec1SAndroid Build Coastguard Worker }
282*00c7fec1SAndroid Build Coastguard Worker
283*00c7fec1SAndroid Build Coastguard Worker return false;
284*00c7fec1SAndroid Build Coastguard Worker }
285*00c7fec1SAndroid Build Coastguard Worker
ashmem_valid(int fd)286*00c7fec1SAndroid Build Coastguard Worker int ashmem_valid(int fd)
287*00c7fec1SAndroid Build Coastguard Worker {
288*00c7fec1SAndroid Build Coastguard Worker if (has_memfd_support() && !memfd_is_ashmem(fd)) {
289*00c7fec1SAndroid Build Coastguard Worker return 1;
290*00c7fec1SAndroid Build Coastguard Worker }
291*00c7fec1SAndroid Build Coastguard Worker
292*00c7fec1SAndroid Build Coastguard Worker return __ashmem_is_ashmem(fd, 0) >= 0;
293*00c7fec1SAndroid Build Coastguard Worker }
294*00c7fec1SAndroid Build Coastguard Worker
memfd_create_region(const char * name,size_t size)295*00c7fec1SAndroid Build Coastguard Worker static int memfd_create_region(const char* name, size_t size) {
296*00c7fec1SAndroid Build Coastguard Worker // This code needs to build on old API levels, so we can't use the libc
297*00c7fec1SAndroid Build Coastguard Worker // wrapper.
298*00c7fec1SAndroid Build Coastguard Worker //
299*00c7fec1SAndroid Build Coastguard Worker // MFD_NOEXEC_SEAL to match the semantics of the ashmem device, which did
300*00c7fec1SAndroid Build Coastguard Worker // not have executable permissions. This also seals the executable
301*00c7fec1SAndroid Build Coastguard Worker // permissions of the buffer (i.e. they cannot be changed by fchmod()).
302*00c7fec1SAndroid Build Coastguard Worker //
303*00c7fec1SAndroid Build Coastguard Worker // MFD_NOEXEC_SEAL implies MFD_ALLOW_SEALING.
304*00c7fec1SAndroid Build Coastguard Worker android::base::unique_fd fd(syscall(__NR_memfd_create, name, MFD_CLOEXEC | MFD_NOEXEC_SEAL));
305*00c7fec1SAndroid Build Coastguard Worker
306*00c7fec1SAndroid Build Coastguard Worker if (fd == -1) {
307*00c7fec1SAndroid Build Coastguard Worker ALOGE("memfd_create(%s, %zd) failed: %s\n", name, size, strerror(errno));
308*00c7fec1SAndroid Build Coastguard Worker return -1;
309*00c7fec1SAndroid Build Coastguard Worker }
310*00c7fec1SAndroid Build Coastguard Worker
311*00c7fec1SAndroid Build Coastguard Worker if (ftruncate(fd, size) == -1) {
312*00c7fec1SAndroid Build Coastguard Worker ALOGE("ftruncate(%s, %zd) failed for memfd creation: %s\n", name, size, strerror(errno));
313*00c7fec1SAndroid Build Coastguard Worker return -1;
314*00c7fec1SAndroid Build Coastguard Worker }
315*00c7fec1SAndroid Build Coastguard Worker
316*00c7fec1SAndroid Build Coastguard Worker // forbid size changes to match ashmem behaviour
317*00c7fec1SAndroid Build Coastguard Worker if (fcntl(fd, F_ADD_SEALS, F_SEAL_GROW | F_SEAL_SHRINK) == -1) {
318*00c7fec1SAndroid Build Coastguard Worker ALOGE("memfd_create(%s, %zd) F_ADD_SEALS failed: %m", name, size);
319*00c7fec1SAndroid Build Coastguard Worker return -1;
320*00c7fec1SAndroid Build Coastguard Worker }
321*00c7fec1SAndroid Build Coastguard Worker
322*00c7fec1SAndroid Build Coastguard Worker if (debug_log) {
323*00c7fec1SAndroid Build Coastguard Worker ALOGE("memfd_create(%s, %zd) success. fd=%d\n", name, size, fd.get());
324*00c7fec1SAndroid Build Coastguard Worker }
325*00c7fec1SAndroid Build Coastguard Worker return fd.release();
326*00c7fec1SAndroid Build Coastguard Worker }
327*00c7fec1SAndroid Build Coastguard Worker
328*00c7fec1SAndroid Build Coastguard Worker /*
329*00c7fec1SAndroid Build Coastguard Worker * ashmem_create_region - creates a new ashmem region and returns the file
330*00c7fec1SAndroid Build Coastguard Worker * descriptor, or <0 on error
331*00c7fec1SAndroid Build Coastguard Worker *
332*00c7fec1SAndroid Build Coastguard Worker * `name' is an optional label to give the region (visible in /proc/pid/maps)
333*00c7fec1SAndroid Build Coastguard Worker * `size' is the size of the region, in page-aligned bytes
334*00c7fec1SAndroid Build Coastguard Worker */
ashmem_create_region(const char * name,size_t size)335*00c7fec1SAndroid Build Coastguard Worker int ashmem_create_region(const char *name, size_t size)
336*00c7fec1SAndroid Build Coastguard Worker {
337*00c7fec1SAndroid Build Coastguard Worker int ret, save_errno;
338*00c7fec1SAndroid Build Coastguard Worker
339*00c7fec1SAndroid Build Coastguard Worker if (has_memfd_support()) {
340*00c7fec1SAndroid Build Coastguard Worker return memfd_create_region(name ? name : "none", size);
341*00c7fec1SAndroid Build Coastguard Worker }
342*00c7fec1SAndroid Build Coastguard Worker
343*00c7fec1SAndroid Build Coastguard Worker int fd = __ashmem_open();
344*00c7fec1SAndroid Build Coastguard Worker if (fd < 0) {
345*00c7fec1SAndroid Build Coastguard Worker return fd;
346*00c7fec1SAndroid Build Coastguard Worker }
347*00c7fec1SAndroid Build Coastguard Worker
348*00c7fec1SAndroid Build Coastguard Worker if (name) {
349*00c7fec1SAndroid Build Coastguard Worker char buf[ASHMEM_NAME_LEN] = {0};
350*00c7fec1SAndroid Build Coastguard Worker
351*00c7fec1SAndroid Build Coastguard Worker strlcpy(buf, name, sizeof(buf));
352*00c7fec1SAndroid Build Coastguard Worker ret = TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_SET_NAME, buf));
353*00c7fec1SAndroid Build Coastguard Worker if (ret < 0) {
354*00c7fec1SAndroid Build Coastguard Worker goto error;
355*00c7fec1SAndroid Build Coastguard Worker }
356*00c7fec1SAndroid Build Coastguard Worker }
357*00c7fec1SAndroid Build Coastguard Worker
358*00c7fec1SAndroid Build Coastguard Worker ret = TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_SET_SIZE, size));
359*00c7fec1SAndroid Build Coastguard Worker if (ret < 0) {
360*00c7fec1SAndroid Build Coastguard Worker goto error;
361*00c7fec1SAndroid Build Coastguard Worker }
362*00c7fec1SAndroid Build Coastguard Worker
363*00c7fec1SAndroid Build Coastguard Worker return fd;
364*00c7fec1SAndroid Build Coastguard Worker
365*00c7fec1SAndroid Build Coastguard Worker error:
366*00c7fec1SAndroid Build Coastguard Worker save_errno = errno;
367*00c7fec1SAndroid Build Coastguard Worker close(fd);
368*00c7fec1SAndroid Build Coastguard Worker errno = save_errno;
369*00c7fec1SAndroid Build Coastguard Worker return ret;
370*00c7fec1SAndroid Build Coastguard Worker }
371*00c7fec1SAndroid Build Coastguard Worker
memfd_set_prot_region(int fd,int prot)372*00c7fec1SAndroid Build Coastguard Worker static int memfd_set_prot_region(int fd, int prot) {
373*00c7fec1SAndroid Build Coastguard Worker int seals = fcntl(fd, F_GET_SEALS);
374*00c7fec1SAndroid Build Coastguard Worker if (seals == -1) {
375*00c7fec1SAndroid Build Coastguard Worker ALOGE("memfd_set_prot_region(%d, %d): F_GET_SEALS failed: %s\n", fd, prot, strerror(errno));
376*00c7fec1SAndroid Build Coastguard Worker return -1;
377*00c7fec1SAndroid Build Coastguard Worker }
378*00c7fec1SAndroid Build Coastguard Worker
379*00c7fec1SAndroid Build Coastguard Worker if (prot & PROT_WRITE) {
380*00c7fec1SAndroid Build Coastguard Worker /* Now we want the buffer to be read-write, let's check if the buffer
381*00c7fec1SAndroid Build Coastguard Worker * has been previously marked as read-only before, if so return error
382*00c7fec1SAndroid Build Coastguard Worker */
383*00c7fec1SAndroid Build Coastguard Worker if (seals & F_SEAL_FUTURE_WRITE) {
384*00c7fec1SAndroid Build Coastguard Worker ALOGE("memfd_set_prot_region(%d, %d): region is write protected\n", fd, prot);
385*00c7fec1SAndroid Build Coastguard Worker errno = EINVAL; // inline with ashmem error code, if already in
386*00c7fec1SAndroid Build Coastguard Worker // read-only mode
387*00c7fec1SAndroid Build Coastguard Worker return -1;
388*00c7fec1SAndroid Build Coastguard Worker }
389*00c7fec1SAndroid Build Coastguard Worker return 0;
390*00c7fec1SAndroid Build Coastguard Worker }
391*00c7fec1SAndroid Build Coastguard Worker
392*00c7fec1SAndroid Build Coastguard Worker /* We would only allow read-only for any future file operations */
393*00c7fec1SAndroid Build Coastguard Worker if (fcntl(fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE | F_SEAL_SEAL) == -1) {
394*00c7fec1SAndroid Build Coastguard Worker ALOGE("memfd_set_prot_region(%d, %d): F_SEAL_FUTURE_WRITE | F_SEAL_SEAL seal failed: %s\n",
395*00c7fec1SAndroid Build Coastguard Worker fd, prot, strerror(errno));
396*00c7fec1SAndroid Build Coastguard Worker return -1;
397*00c7fec1SAndroid Build Coastguard Worker }
398*00c7fec1SAndroid Build Coastguard Worker
399*00c7fec1SAndroid Build Coastguard Worker return 0;
400*00c7fec1SAndroid Build Coastguard Worker }
401*00c7fec1SAndroid Build Coastguard Worker
ashmem_set_prot_region(int fd,int prot)402*00c7fec1SAndroid Build Coastguard Worker int ashmem_set_prot_region(int fd, int prot)
403*00c7fec1SAndroid Build Coastguard Worker {
404*00c7fec1SAndroid Build Coastguard Worker if (has_memfd_support() && !memfd_is_ashmem(fd)) {
405*00c7fec1SAndroid Build Coastguard Worker return memfd_set_prot_region(fd, prot);
406*00c7fec1SAndroid Build Coastguard Worker }
407*00c7fec1SAndroid Build Coastguard Worker
408*00c7fec1SAndroid Build Coastguard Worker return __ashmem_check_failure(fd, TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_SET_PROT_MASK, prot)));
409*00c7fec1SAndroid Build Coastguard Worker }
410*00c7fec1SAndroid Build Coastguard Worker
ashmem_pin_region(int fd,size_t offset,size_t len)411*00c7fec1SAndroid Build Coastguard Worker int ashmem_pin_region(int fd, size_t offset, size_t len)
412*00c7fec1SAndroid Build Coastguard Worker {
413*00c7fec1SAndroid Build Coastguard Worker if (!pin_deprecation_warn || debug_log) {
414*00c7fec1SAndroid Build Coastguard Worker ALOGE("Pinning is deprecated since Android Q. Please use trim or other methods.\n");
415*00c7fec1SAndroid Build Coastguard Worker pin_deprecation_warn = true;
416*00c7fec1SAndroid Build Coastguard Worker }
417*00c7fec1SAndroid Build Coastguard Worker
418*00c7fec1SAndroid Build Coastguard Worker if (has_memfd_support() && !memfd_is_ashmem(fd)) {
419*00c7fec1SAndroid Build Coastguard Worker return 0;
420*00c7fec1SAndroid Build Coastguard Worker }
421*00c7fec1SAndroid Build Coastguard Worker
422*00c7fec1SAndroid Build Coastguard Worker // TODO: should LP64 reject too-large offset/len?
423*00c7fec1SAndroid Build Coastguard Worker ashmem_pin pin = { static_cast<uint32_t>(offset), static_cast<uint32_t>(len) };
424*00c7fec1SAndroid Build Coastguard Worker return __ashmem_check_failure(fd, TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_PIN, &pin)));
425*00c7fec1SAndroid Build Coastguard Worker }
426*00c7fec1SAndroid Build Coastguard Worker
ashmem_unpin_region(int fd,size_t offset,size_t len)427*00c7fec1SAndroid Build Coastguard Worker int ashmem_unpin_region(int fd, size_t offset, size_t len)
428*00c7fec1SAndroid Build Coastguard Worker {
429*00c7fec1SAndroid Build Coastguard Worker if (!pin_deprecation_warn || debug_log) {
430*00c7fec1SAndroid Build Coastguard Worker ALOGE("Pinning is deprecated since Android Q. Please use trim or other methods.\n");
431*00c7fec1SAndroid Build Coastguard Worker pin_deprecation_warn = true;
432*00c7fec1SAndroid Build Coastguard Worker }
433*00c7fec1SAndroid Build Coastguard Worker
434*00c7fec1SAndroid Build Coastguard Worker if (has_memfd_support() && !memfd_is_ashmem(fd)) {
435*00c7fec1SAndroid Build Coastguard Worker return 0;
436*00c7fec1SAndroid Build Coastguard Worker }
437*00c7fec1SAndroid Build Coastguard Worker
438*00c7fec1SAndroid Build Coastguard Worker // TODO: should LP64 reject too-large offset/len?
439*00c7fec1SAndroid Build Coastguard Worker ashmem_pin pin = { static_cast<uint32_t>(offset), static_cast<uint32_t>(len) };
440*00c7fec1SAndroid Build Coastguard Worker return __ashmem_check_failure(fd, TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_UNPIN, &pin)));
441*00c7fec1SAndroid Build Coastguard Worker }
442*00c7fec1SAndroid Build Coastguard Worker
ashmem_get_size_region(int fd)443*00c7fec1SAndroid Build Coastguard Worker int ashmem_get_size_region(int fd)
444*00c7fec1SAndroid Build Coastguard Worker {
445*00c7fec1SAndroid Build Coastguard Worker if (has_memfd_support() && !memfd_is_ashmem(fd)) {
446*00c7fec1SAndroid Build Coastguard Worker struct stat sb;
447*00c7fec1SAndroid Build Coastguard Worker
448*00c7fec1SAndroid Build Coastguard Worker if (fstat(fd, &sb) == -1) {
449*00c7fec1SAndroid Build Coastguard Worker ALOGE("ashmem_get_size_region(%d): fstat failed: %s\n", fd, strerror(errno));
450*00c7fec1SAndroid Build Coastguard Worker return -1;
451*00c7fec1SAndroid Build Coastguard Worker }
452*00c7fec1SAndroid Build Coastguard Worker
453*00c7fec1SAndroid Build Coastguard Worker if (debug_log) {
454*00c7fec1SAndroid Build Coastguard Worker ALOGD("ashmem_get_size_region(%d): %d\n", fd, static_cast<int>(sb.st_size));
455*00c7fec1SAndroid Build Coastguard Worker }
456*00c7fec1SAndroid Build Coastguard Worker
457*00c7fec1SAndroid Build Coastguard Worker return sb.st_size;
458*00c7fec1SAndroid Build Coastguard Worker }
459*00c7fec1SAndroid Build Coastguard Worker
460*00c7fec1SAndroid Build Coastguard Worker return __ashmem_check_failure(fd, TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_GET_SIZE, NULL)));
461*00c7fec1SAndroid Build Coastguard Worker }
462