madvise: tolerate EINVAL and ENOSYS

These errors can occur if we are built on a system with support for
madvise(MADV_NOFORK) but then we are run on a system whose kernel
does not support that flag.

If the error is something that we don't tolerate at all, we now log
it before crashing.

Fixes bug 31570.  I am calling this a bugfix on 0.4.1.1-alpha, where
we actually started using the map_anon code.

diff --git a/changes/bug31570 b/changes/bug31570
new file mode 100644 (file)
index 0000000..f70b577
--- /dev/null
+++ b/changes/bug31570
@@ -0,0 +1,5 @@
+  o Major bugfixes (crash, android):
+    - Tolerate systems (including some Android installations) where madvise
+      and MADV_DONTDUMP are available at build-time, but not at run time.
+      Previously, these systems would notice a failed syscall and abort.
+      Fixes bug 31570; bugfix on 0.4.1.1-alpha.

diff --git a/src/lib/malloc/map_anon.c b/src/lib/malloc/map_anon.c
index 0f6a4150c7551786680402ec7394f867ca69b211..79bbb99f722650e8de53d07c571bfb3170193579 100644 (file)
--- a/src/lib/malloc/map_anon.c
+++ b/src/lib/malloc/map_anon.c
@@ -27,6 +27,9 @@
 #include <windows.h>
 #endif
 
+#include <string.h>
+#include <errno.h>
+
 /**
  * Macro to get the high bytes of a size_t, if there are high bytes.
  * Windows needs this; other operating systems define a size_t that does
@@ -108,7 +111,17 @@ static int
 nodump_mem(void *mem, size_t sz)
 {
 #if defined(MADV_DONTDUMP)
-  return madvise(mem, sz, MADV_DONTDUMP);
+  int rv = madvise(mem, sz, MADV_DONTDUMP);
+  if (rv == 0) {
+    return 0;
+  } else if (errno == ENOSYS || errno == EINVAL) {
+    return 0; // syscall not supported, or flag not supported.
+  } else {
+    tor_log_err_sigsafe("Unexpected error from madvise: ",
+                        strerror(errno),
+                        NULL);
+    return -1;
+  }
 #else
   (void) mem;
   (void) sz;