bugfix: do not attempt to re-enable memory tagging

Memory tagging is unconditionally enabled in all Vanadium processes, but part of WebView code runs inside the host app. If that app has disabled memory tagging, attempt to enable it will fail, which leads to app process crash due to a failed assertion.
GrapheneOS · Nov 23, 2023 · a65df15 · a65df15
1 parent 123d09a
commit a65df15
Showing 1 changed file with 49 additions and 0 deletions.
diff --git a/patches/0121-bugfix-do-not-attempt-to-re-enable-memory-tagging.patch b/patches/0121-bugfix-do-not-attempt-to-re-enable-memory-tagging.patch
@@ -0,0 +1,49 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
+Date: Wed, 22 Nov 2023 15:19:54 +0200
+Subject: [PATCH] bugfix: do not attempt to re-enable memory tagging
+
+Memory tagging is unconditionally enabled in all Vanadium processes, but part of WebView code runs
+inside the host app. If that app has disabled memory tagging, attempt to enable it will fail, which
+leads to app process crash due to a failed assertion.
+---
+ base/allocator/partition_alloc_support.cc | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/base/allocator/partition_alloc_support.cc b/base/allocator/partition_alloc_support.cc
+index 00be89a6703b3..de5684c6da39c 100644
+--- a/base/allocator/partition_alloc_support.cc
++++ b/base/allocator/partition_alloc_support.cc
+@@ -1105,27 +1105,29 @@ void PartitionAllocSupport::ReconfigureAfterFeatureListInit(
+   partition_alloc::TagViolationReportingMode memory_tagging_reporting_mode =
+       partition_alloc::TagViolationReportingMode::kUndefined;
+
+ #if PA_CONFIG(HAS_MEMORY_TAGGING)
+   // ShouldEnableMemoryTagging() checks kKillPartitionAllocMemoryTagging but
+   // check here too to wrap the GetMemoryTaggingModeForCurrentThread() call.
+   if (!base::FeatureList::IsEnabled(
+           base::features::kKillPartitionAllocMemoryTagging)) {
+     // If synchronous mode is enabled from startup it means this is a test and
+     // memory tagging should be enabled.
+-    if (partition_alloc::internal::GetMemoryTaggingModeForCurrentThread() ==
+-        partition_alloc::TagViolationReportingMode::kSynchronous) {
++    auto cur_memtag_mode = partition_alloc::internal::GetMemoryTaggingModeForCurrentThread();
++    if (cur_memtag_mode == partition_alloc::TagViolationReportingMode::kSynchronous) {
+       enable_memory_tagging = true;
+       memory_tagging_reporting_mode =
+           partition_alloc::TagViolationReportingMode::kSynchronous;
+     } else {
+-      enable_memory_tagging = ShouldEnableMemoryTagging(process_type);
++      enable_memory_tagging = ShouldEnableMemoryTagging(process_type) &&
++          // memory tagging can't be re-enabled
++          cur_memtag_mode != partition_alloc::TagViolationReportingMode::kDisabled;
+ #if BUILDFLAG(IS_ANDROID)
+       if (enable_memory_tagging) {
+         switch (base::features::kMemtagModeParam.Get()) {
+           case base::features::MemtagMode::kSync:
+             memory_tagging_reporting_mode =
+                 partition_alloc::TagViolationReportingMode::kSynchronous;
+             break;
+           case base::features::MemtagMode::kAsync:
+             memory_tagging_reporting_mode =
+                 partition_alloc::TagViolationReportingMode::kAsynchronous;