jmb/hardened_malloc
1
0
Fork 0
mirror of https://github.com/GrapheneOS/hardened_malloc.git synced 2025-10-25 14:46:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

workarounds for Pixel 3 SoC era camera driver bugs

Browse source
This commit is contained in:
Daniel Micay 2019-01-01 14:45:27 -05:00
parent fa46a7a85d
commit 93063c9a8f
1 changed files with 28 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
h_malloc.c
View file

@ -78,6 +78,9 @@ static union {
#ifdef USE_PKEY #ifdef USE_PKEY
int metadata_pkey; int metadata_pkey;
#endif #endif
bool zero_on_free;
bool purge_slabs;
bool region_quarantine_protect;
}; };
char padding[PAGE_SIZE]; char padding[PAGE_SIZE];
} ro __attribute__((aligned(PAGE_SIZE))); } ro __attribute__((aligned(PAGE_SIZE)));
@ -439,7 +442,7 @@ static void *slot_pointer(size_t size, void *slab, size_t slot) {
} }
static void write_after_free_check(const char *p, size_t size) { static void write_after_free_check(const char *p, size_t size) {
if (!WRITE_AFTER_FREE_CHECK) { if (!WRITE_AFTER_FREE_CHECK || !ro.zero_on_free) {
return; return;
} }
@ -681,7 +684,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
} }
} }
if (ZERO_ON_FREE) { if (ro.zero_on_free) {
memset(p, 0, size - canary_size); memset(p, 0, size - canary_size);
} }
} }
@ -758,7 +761,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
metadata->prev = NULL; metadata->prev = NULL;
if (c->empty_slabs_total + slab_size > max_empty_slabs_total) { if (c->empty_slabs_total + slab_size > max_empty_slabs_total) {
if (!memory_map_fixed(slab, slab_size)) { if (ro.purge_slabs && !memory_map_fixed(slab, slab_size)) {
label_slab(slab, slab_size, class); label_slab(slab, slab_size, class);
stats_slab_deallocate(c, slab_size); stats_slab_deallocate(c, slab_size);
enqueue_free_slab(c, metadata); enqueue_free_slab(c, metadata);
@ -843,7 +846,7 @@ static void regions_quarantine_deallocate_pages(void *p, size_t size, size_t gua
return; return;
} }
if (unlikely(memory_map_fixed(p, size))) { if (!ro.region_quarantine_protect || unlikely(memory_map_fixed(p, size))) {
memory_purge(p, size); memory_purge(p, size);
} else { } else {
memory_set_name(p, size, "malloc large quarantine"); memory_set_name(p, size, "malloc large quarantine");
@ -1059,6 +1062,21 @@ static inline void enforce_init(void) {
} }
} }
COLD static void handle_bugs(void) {
char path[256];
if (readlink("/proc/self/exe", path, sizeof(path)) == -1) {
return;
}
// Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL camera provider
const char camera_provider[] = "/vendor/bin/hw/android.hardware.camera.provider@2.4-service_64";
if (strcmp(camera_provider, path) == 0) {
ro.zero_on_free = false;
ro.purge_slabs = false;
ro.region_quarantine_protect = false;
}
}
COLD static void init_slow_path(void) { COLD static void init_slow_path(void) {
static struct mutex lock = MUTEX_INITIALIZER; static struct mutex lock = MUTEX_INITIALIZER;
@ -1073,6 +1091,11 @@ COLD static void init_slow_path(void) {
ro.metadata_pkey = pkey_alloc(0, 0); ro.metadata_pkey = pkey_alloc(0, 0);
#endif #endif
ro.purge_slabs = true;
ro.zero_on_free = ZERO_ON_FREE;
ro.region_quarantine_protect = true;
handle_bugs();
if (sysconf(_SC_PAGESIZE) != PAGE_SIZE) { if (sysconf(_SC_PAGESIZE) != PAGE_SIZE) {
fatal_error("runtime page size does not match compile-time page size which is not supported"); fatal_error("runtime page size does not match compile-time page size which is not supported");
} }
@ -1351,7 +1374,7 @@ EXPORT void *h_calloc(size_t nmemb, size_t size) {
} }
total_size = adjust_size_for_canary(total_size); total_size = adjust_size_for_canary(total_size);
void *p = alloc(total_size); void *p = alloc(total_size);
if (!ZERO_ON_FREE && likely(p != NULL) && total_size && total_size <= MAX_SLAB_SIZE_CLASS) { if (!ro.zero_on_free && likely(p != NULL) && total_size && total_size <= MAX_SLAB_SIZE_CLASS) {
memset(p, 0, total_size - canary_size); memset(p, 0, total_size - canary_size);
} }
return p; return p;