Update Art 6.0.1 stack guard patch
Backport of https://android-review.googlesource.com/#/c/427061/.
R=ricow@google.com
Bug: 63151667
Change-Id: I3e77396936635cdd1b0a953bdef314af2a8b3b7d
diff --git a/tools/linux/README.art-versions b/tools/linux/README.art-versions
index acca426..ed0fa3b 100644
--- a/tools/linux/README.art-versions
+++ b/tools/linux/README.art-versions
@@ -47,7 +47,60 @@
art-6.0.1
---------
-Build from branch android-6.0.1_r66.
+Build from branch android-6.0.1_r66 with the following patch:
+
+diff --git a/runtime/thread.cc b/runtime/thread.cc
+index 6e8f89cb4..788d717ca 100644
+--- a/runtime/thread.cc
++++ b/runtime/thread.cc
+@@ -357,20 +357,37 @@ void Thread::InstallImplicitProtection() {
+ uint8_t* stack_top = reinterpret_cast<uint8_t*>(reinterpret_cast<uintptr_t>(&stack_himem) &
+ ~(kPageSize - 1)); // Page containing current top of stack.
+
++ //
++ // Accesses too far below the current machine register corresponding to the stack pointer (e.g.,
++ // ESP on x86[-32], SP on ARM) might cause a SIGSEGV (at least on x86 with newer kernels). We
++ // thus have to move the stack pointer. We do this portably by using a recursive function with a
++ // large stack frame size.
++
+ // First remove the protection on the protected region as will want to read and
+ // write it. This may fail (on the first attempt when the stack is not mapped)
+ // but we ignore that.
+ UnprotectStack();
+
+- // Map in the stack. This must be done by reading from the
+- // current stack pointer downwards as the stack may be mapped using VM_GROWSDOWN
+- // in the kernel. Any access more than a page below the current SP might cause
+- // a segv.
+-
+- // Read every page from the high address to the low.
+- for (uint8_t* p = stack_top; p >= pregion; p -= kPageSize) {
+- dont_optimize_this = *p;
+- }
++ struct RecurseDownStack {
++ // This function has an intentionally large stack size.
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wframe-larger-than="
++ NO_INLINE
++ static void Touch(uintptr_t target) {
++ volatile size_t zero = 0;
++ // Use a large local volatile array to ensure a large frame size. Do not use anything close
++ // to a full page for ASAN. It would be nice to ensure the frame size is at most a page, but
++ // there is no pragma support for this.
++ volatile char space[kPageSize - 256];
++ char sink ATTRIBUTE_UNUSED = space[zero];
++ if (reinterpret_cast<uintptr_t>(space) >= target + kPageSize) {
++ Touch(target);
++ }
++ zero *= 2; // Try to avoid tail recursion.
++ }
++#pragma GCC diagnostic pop
++ };
++ RecurseDownStack::Touch(reinterpret_cast<uintptr_t>(pregion));
+
+ VLOG(threads) << "installing stack protected region at " << std::hex <<
+ static_cast<void*>(pregion) << " to " <<
+
mkdir 6.0.1_r66
cd 6.0.1_r66
@@ -55,6 +108,9 @@
repo sync
source build/envsetup.sh
lunch aosp_angler-userdebug
+ cd art
+ <apply patch>
+ cd ..
m -j24
m -j24 build-art
m -j24 test-art-host
@@ -79,4 +135,4 @@
Collected into tools/linux/art-5.1.1.
- scripts/update-host-art.sh --android-checkout ~/android/5.1.1_r19 --art-dir art-5.1.1 --android-product mako
\ No newline at end of file
+ scripts/update-host-art.sh --android-checkout ~/android/5.1.1_r19 --art-dir art-5.1.1 --android-product mako
diff --git a/tools/linux/art-6.0.1.tar.gz.sha1 b/tools/linux/art-6.0.1.tar.gz.sha1
index 40391f2..8e9cf7f 100644
--- a/tools/linux/art-6.0.1.tar.gz.sha1
+++ b/tools/linux/art-6.0.1.tar.gz.sha1
@@ -1 +1 @@
-cb65dc9c52727ea0f5a60f6145a83dc07ed06ecf
\ No newline at end of file
+8d46aad0898be3291dffa3c2656a28ffbc155ad4
\ No newline at end of file
