add configuration for self-init
This needs to be disabled for compatibility with the exploit protection compatibility mode on GrapheneOS. hardened_malloc shouldn't be trying to initialize itself when exploit protection compatibility mode is enabled. This has to be handled in our Bionic integration instead.pull/195/merge TP1A.220905.004.2022091400
parent
dd427cb3b8
commit
8f38bbdee6
|
@ -29,6 +29,7 @@ common_cflags = [
|
||||||
"-DCONFIG_CLASS_REGION_SIZE=34359738368", // 32GiB
|
"-DCONFIG_CLASS_REGION_SIZE=34359738368", // 32GiB
|
||||||
"-DN_ARENA=1",
|
"-DN_ARENA=1",
|
||||||
"-DCONFIG_STATS=true",
|
"-DCONFIG_STATS=true",
|
||||||
|
"-DCONFIG_SELF_INIT=false",
|
||||||
]
|
]
|
||||||
|
|
||||||
cc_defaults {
|
cc_defaults {
|
||||||
|
|
7
Makefile
7
Makefile
|
@ -84,6 +84,10 @@ ifeq (,$(filter $(CONFIG_STATS),true false))
|
||||||
$(error CONFIG_STATS must be true or false)
|
$(error CONFIG_STATS must be true or false)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
ifeq (,$(filter $(CONFIG_SELF_INIT),true false))
|
||||||
|
$(error CONFIG_SELF_INIT must be true or false)
|
||||||
|
endif
|
||||||
|
|
||||||
CPPFLAGS += \
|
CPPFLAGS += \
|
||||||
-DCONFIG_SEAL_METADATA=$(CONFIG_SEAL_METADATA) \
|
-DCONFIG_SEAL_METADATA=$(CONFIG_SEAL_METADATA) \
|
||||||
-DZERO_ON_FREE=$(CONFIG_ZERO_ON_FREE) \
|
-DZERO_ON_FREE=$(CONFIG_ZERO_ON_FREE) \
|
||||||
|
@ -102,7 +106,8 @@ CPPFLAGS += \
|
||||||
-DFREE_SLABS_QUARANTINE_RANDOM_LENGTH=$(CONFIG_FREE_SLABS_QUARANTINE_RANDOM_LENGTH) \
|
-DFREE_SLABS_QUARANTINE_RANDOM_LENGTH=$(CONFIG_FREE_SLABS_QUARANTINE_RANDOM_LENGTH) \
|
||||||
-DCONFIG_CLASS_REGION_SIZE=$(CONFIG_CLASS_REGION_SIZE) \
|
-DCONFIG_CLASS_REGION_SIZE=$(CONFIG_CLASS_REGION_SIZE) \
|
||||||
-DN_ARENA=$(CONFIG_N_ARENA) \
|
-DN_ARENA=$(CONFIG_N_ARENA) \
|
||||||
-DCONFIG_STATS=$(CONFIG_STATS)
|
-DCONFIG_STATS=$(CONFIG_STATS) \
|
||||||
|
-DCONFIG_SELF_INIT=$(CONFIG_SELF_INIT)
|
||||||
|
|
||||||
$(OUT)/libhardened_malloc$(SUFFIX).so: $(OBJECTS) | $(OUT)
|
$(OUT)/libhardened_malloc$(SUFFIX).so: $(OBJECTS) | $(OUT)
|
||||||
$(CC) $(CFLAGS) $(LDFLAGS) -shared $^ $(LDLIBS) -o $@
|
$(CC) $(CFLAGS) $(LDFLAGS) -shared $^ $(LDLIBS) -o $@
|
||||||
|
|
|
@ -20,3 +20,4 @@ CONFIG_FREE_SLABS_QUARANTINE_RANDOM_LENGTH := 32
|
||||||
CONFIG_CLASS_REGION_SIZE := 34359738368 # 32GiB
|
CONFIG_CLASS_REGION_SIZE := 34359738368 # 32GiB
|
||||||
CONFIG_N_ARENA := 4
|
CONFIG_N_ARENA := 4
|
||||||
CONFIG_STATS := false
|
CONFIG_STATS := false
|
||||||
|
CONFIG_SELF_INIT := true
|
||||||
|
|
|
@ -20,3 +20,4 @@ CONFIG_FREE_SLABS_QUARANTINE_RANDOM_LENGTH := 32
|
||||||
CONFIG_CLASS_REGION_SIZE := 34359738368 # 32GiB
|
CONFIG_CLASS_REGION_SIZE := 34359738368 # 32GiB
|
||||||
CONFIG_N_ARENA := 4
|
CONFIG_N_ARENA := 4
|
||||||
CONFIG_STATS := false
|
CONFIG_STATS := false
|
||||||
|
CONFIG_SELF_INIT := true
|
||||||
|
|
|
@ -1183,11 +1183,13 @@ static inline unsigned init(void) {
|
||||||
return arena;
|
return arena;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if CONFIG_SELF_INIT
|
||||||
// trigger early initialization to set up pthread_atfork and protect state as soon as possible
|
// trigger early initialization to set up pthread_atfork and protect state as soon as possible
|
||||||
COLD __attribute__((constructor(101))) static void trigger_early_init(void) {
|
COLD __attribute__((constructor(101))) static void trigger_early_init(void) {
|
||||||
// avoid calling init directly to skip it if this isn't the malloc implementation
|
// avoid calling init directly to skip it if this isn't the malloc implementation
|
||||||
h_free(h_malloc(16));
|
h_free(h_malloc(16));
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
// Returns 0 on overflow.
|
// Returns 0 on overflow.
|
||||||
static size_t get_large_size_class(size_t size) {
|
static size_t get_large_size_class(size_t size) {
|
||||||
|
|
Loading…
Reference in New Issue