Move the ILP32 mremap() hackery into legacy_32_bit_support.cpp.

Similar to mmap(), this confuses me every time I look at it. Move it out
of the way, and make it clearer that this is just junk that can be
deleted when we remove 32-bit support.

Also improve coverage by adding a test for the varargs special case.

Test: treehugger
Merged-in: Ia375c29d18e31e646b795e643534f0be07d382b9
Change-Id: Ia375c29d18e31e646b795e643534f0be07d382b9

Author: enh-google

libc/Android.bp

@@ -879,7 +879,6 @@ cc_library_static {
         "bionic/mkfifo.cpp",
         "bionic/mknod.cpp",
         "bionic/mntent.cpp",
-        "bionic/mremap.cpp",
         "bionic/netdb.cpp",
         "bionic/net_if.cpp",
         "bionic/netinet_ether.cpp",

libc/SYSCALLS.TXT

@@ -118,7 +118,6 @@ ssize_t     copy_file_range(int, off64_t*, int, off64_t*, size_t, unsigned int)
 pid_t       __getpid:getpid()  all
 int memfd_create(const char*, unsigned) all
 int         munmap(void*, size_t)  all
-void*       __mremap:mremap(void*, size_t, size_t, int, void*)  all
 int         msync(const void*, size_t, int)    all
 int         mprotect(const void*, size_t, int)  all
 int         madvise(void*, size_t, int)  all
@@ -190,6 +189,10 @@ int ftruncate|ftruncate64(int, off_t) lp64
 void* __mmap2:mmap2(void*, size_t, int, int, int, long) lp32
 void* mmap|mmap64(void*, size_t, int, int, int, off_t) lp64
 
+# mremap is in C++ for 32-bit so we can add the PTRDIFF_MAX check.
+void* __mremap:mremap(void*, size_t, size_t, int, void*) lp32
+void* mremap(void*, size_t, size_t, int, void*) lp64
+
 # posix_fadvise64 is awkward: arm has shuffled arguments,
 # the POSIX functions don't set errno, and no architecture has posix_fadvise.
 int __arm_fadvise64_64:arm_fadvise64_64(int, int, off64_t, off64_t) arm

libc/bionic/legacy_32_bit_support.cpp

@@ -30,6 +30,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <stdarg.h>
 #include <stdint.h>
 #include <sys/mman.h>
 #include <sys/resource.h>
@@ -135,3 +136,28 @@ void* mmap64(void* addr, size_t size, int prot, int flags, int fd, off64_t offse
 void* mmap(void* addr, size_t size, int prot, int flags, int fd, off_t offset) {
   return mmap64(addr, size, prot, flags, fd, static_cast<off64_t>(offset));
 }
+
+// The only difference here is that the libc API uses varargs for the
+// optional `new_address` argument that's only used by MREMAP_FIXED.
+extern "C" void* __mremap(void*, size_t, size_t, int, void*);
+
+void* mremap(void* old_address, size_t old_size, size_t new_size, int flags, ...) {
+  // Prevent allocations large enough for `end - start` to overflow,
+  // to avoid security bugs.
+  size_t rounded = __BIONIC_ALIGN(new_size, page_size());
+  if (rounded < new_size || rounded > PTRDIFF_MAX) {
+    errno = ENOMEM;
+    return MAP_FAILED;
+  }
+
+  // The optional argument is only valid if the MREMAP_FIXED flag is set,
+  // so we assume it's not present otherwise.
+  void* new_address = nullptr;
+  if ((flags & MREMAP_FIXED) != 0) {
+    va_list ap;
+    va_start(ap, flags);
+    new_address = va_arg(ap, void*);
+    va_end(ap);
+  }
+  return __mremap(old_address, old_size, new_size, flags, new_address);
+}

libc/bionic/mremap.cpp

@@ -243,6 +243,20 @@ TEST(sys_mman, mremap_PTRDIFF_MAX) {
   ASSERT_EQ(0, munmap(map, kPageSize));
 }
 
+TEST(sys_mman, mremap_MREMAP_FIXED) {
+  // We're not trying to test the kernel here; that's external/ltp's job.
+  // We just want to check that optional argument (mremap() is varargs)
+  // gets passed through in an MREMAP_FIXED call.
+  void* vma1 = mmap(NULL, getpagesize(), PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+  ASSERT_NE(MAP_FAILED, vma1);
+
+  void* vma2 = mmap(NULL, getpagesize(), PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+  ASSERT_NE(MAP_FAILED, vma2);
+
+  void* vma3 = mremap(vma1, getpagesize(), getpagesize(), MREMAP_FIXED | MREMAP_MAYMOVE, vma2);
+  ASSERT_EQ(vma2, vma3);
+}
+
 TEST(sys_mman, mmap_bug_27265969) {
   char* base = reinterpret_cast<char*>(
       mmap(nullptr, kPageSize * 2, PROT_EXEC | PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0));