MMPolicyBase::FindRegion fails to find a free region
Categories
(Firefox :: Launcher Process, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox84 | --- | fixed |
People
(Reporter: toshi, Assigned: toshi)
References
Details
Attachments
(3 files)
20201013-20201022-without-fix.png
The launcher process ping shows failures with MMPOLICY_RESERVE_FINDREGION_VIRTUALQUERY_ERROR. A possible reason is that we don't scan the full range for free regions and the scanned region was too small due to a big random number generated.
|
Assignee | |
Comment 1•4 years ago
|
||
The latest launcher process ping showed one of the reasons why we failed to
detour NtMapViewOfSection is that MMPolicyBase::FindRegion failed to find
a free region. Inspecting the function carefully, there were three problems.
Firstly, FindRegion did not fully scan the given range. To randomize
the address of a free region we use, we start scanning from a random address
within the given range. The problem is we scan only addresses bigger than
that random address, without scanning smaller addresses. Probably this is
the reason why FindRegion fails.
Secondly, FindRegion may return an address not aligned with the allocation
granularity because VirtualQueryEx returns such an address. If that happens,
the subsequent mapping API fails with the alignment error.
Lastly, when we randomize an address to start scanning from, we divide a random
number by maxOffset, but with that, we never start scanning from the last
region. It does not affect the product's behavior, but to have fair randomization,
a divisor should be maxOffset + 1.
This patch fixes all of these three problems along with a new test program.
Pushed by rmaries@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1f77c5179f53 Expand the region to be scanned for a trampoline. r=mhowell
|
||
Comment 3•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 4•4 years ago
|
||
|
|
Assignee | |
Comment 5•4 years ago
|
||
The issue was nicely gone!
Description
•