jmb/hardened_malloc
1
0
Fork 0
mirror of https://github.com/GrapheneOS/hardened_malloc.git synced 2025-04-20 06:20:20 +02:00
Code Issues Projects Releases Packages Wiki Activity
400 commits 5 branches 809 tags 2.3 MiB
Commit graph

400 commits

This branch
This branch
All branches
Author SHA1 Message Date
Patrick Schleizer
3a27245fca
lower verbosity 2019-07-23 01:23:57 +00:00
Patrick Schleizer
3fc23f8bfd
lower debian/changelog versions during development 2019-07-22 23:43:23 +00:00
Patrick Schleizer
4a286a9d0e
set CONFIG_NATIVE=false to not optimize for build machine 2019-07-22 23:03:31 +00:00
Patrick Schleizer
dc599bf62d
fortunately no need to use versioned shared object file names 
https://www.debian.org/doc/debian-policy/ch-sharedlibs.html
 2019-07-22 12:05:53 -04:00
Patrick Schleizer
b8fa714be7
move genmkfile appendix to bottom instead of top to not break the default make target 2019-07-22 12:01:12 -04:00
Patrick Schleizer
4c00e74d45
bumped changelog version 2019-07-22 01:15:34 +00:00
Patrick Schleizer
f7d78bba9c
/usr/lib/libhardened_malloc.so.1 instead of /usr/lib/libhardened_malloc.so 2019-07-21 01:25:40 +00:00
Patrick Schleizer
e2bba96033
fix changelog 2019-07-21 00:24:30 +00:00
Daniel Micay
8cd51ca138
override local default to -fstack-protector-strong 
This is a no-op on a toolchain compiled with the basic mitigations
enabled by default, so this is generally a no-op anywhere this project
is likely to be deployed. SSP has a very low performance cost so there's
little reason to avoid it, even though it also has zero value for this
code in practice. It would be great if one of the more modern approaches
was widely adopted, but unfortunately SSP is as good as it gets for
portable options. It doesn't provide any protection against external
writes to the stack data which is all that's really needed here.

ShadowCallStack is a great option for arm64, but it's substantially more
difficult to protect return addresses well on x86_64 due to the design of
the ISA and ABI.
 2019-07-21 00:22:52 +00:00
Daniel Micay
e6ff9c7468
use -fstack-clash-protection for completeness 
This is a no-op for the current code and will likely remain that way so
there's no benefit but also no performance cost.
 2019-07-21 00:22:43 +00:00
Patrick Schleizer
f3e201bac9
initial debian packaging 2019-07-21 00:20:45 +00:00
Daniel Micay
d80919fa1e substantially raise the arbitrary arena limit 2019-07-12 03:43:33 -04:00
Daniel Micay
410e9efb93 extend configuration sanity checks 2019-07-11 17:09:48 -04:00
Daniel Micay
7bcfa500be remove note about lack of sanity checks for config 2019-07-11 15:50:45 -04:00
Daniel Micay
72a08f88fb supports Debian oldstable due to Buster release 2019-07-10 18:08:14 -04:00
Daniel Micay
a32e26b8e9 avoid trying to use mremap outside of Linux 2019-07-05 21:59:44 -04:00
Daniel Micay
934ab4cb59 explain extended size classes impact on quarantine 2019-07-05 17:57:41 -04:00
Daniel Micay
060f74b993 extended size classes now go up to 128k not 64k 2019-07-05 17:55:25 -04:00
Daniel Micay
4d4277319a clarifications to randomization documentation 2019-06-23 19:20:16 -04:00
Daniel Micay
a579257a26 update libdivide to 1.1 2019-06-23 00:39:35 -04:00
Daniel Micay
bb65d088dc drop default class region size to 32GiB 2019-06-19 01:00:22 -04:00
Daniel Micay
706c1970b5 add GitHub funding metadata 2019-06-18 22:54:49 -04:00
Daniel Micay
dba11c0091 fix warning with glibc from cfree 2019-06-18 22:50:10 -04:00
Daniel Micay
539d4f0d37 add extended size classes to offset test 2019-06-18 15:51:28 -04:00
Daniel Micay
bc75c4db7b realloc: use copy_size to check for canaries 
This avoids unnecessarily copying the canary when doing a realloc from a
small size to a large size. It also avoids trying to copy a non-existent
canary out of a zero-size allocation, which are memory protected.
 2019-06-17 00:28:10 -04:00
Daniel Micay
37474e117c limit precision for fragmentation in table 2019-06-12 13:29:04 -04:00
Daniel Micay
12525f2861 work around old glibc releases without threads.h 2019-06-06 08:10:57 -04:00
Daniel Micay
5449f4a94e use safe_flag for -fno-plt 
This isn't supported by the ancient Clang release in Debian Stable.
 2019-06-06 07:33:39 -04:00
Daniel Micay
64a1f59020 note about getrandom with syscall whitelists 2019-06-02 22:24:25 -04:00
Daniel Micay
b40ba9754b add malloc_info test 2019-05-05 08:37:55 -04:00
Daniel Micay
f6f4402ff3 expand test gitignore 2019-05-05 08:37:55 -04:00
Daniel Micay
2ae0ed4674 add large array growth test 2019-05-05 08:37:55 -04:00
Daniel Micay
ae4142c2d1 note that arenas are isolated from each other 2019-04-23 02:01:44 -04:00
Daniel Micay
18f36c3e8d expand description of randomized delay free 2019-04-23 01:59:31 -04:00
Daniel Micay
7f0bbddfca merge points about out-of-line / protected state 2019-04-23 01:58:37 -04:00
Daniel Micay
409a639312 provide working malloc_info outside Android too 2019-04-19 16:56:07 -04:00
Daniel Micay
494436c904 implement options handling for malloc_info 2019-04-19 16:23:14 -04:00
Daniel Micay
13ee04c8c3 fill CSPRNG caches lazily to speed up early init 2019-04-15 07:23:30 -04:00
Daniel Micay
a13db3fc68 initialize size class CSPRNGs from init CSPRNG 
This avoids making a huge number of getrandom system calls during
initialization. The init CSPRNG is unmapped before initialization
finishes and these are still reseeded from the OS. The purpose of the
independent CSPRNGs is simply to avoid the massive performance hit of
synchronization and there's no harm in doing it this way.

Keeping around the init CSPRNG and reseeding from it would defeat the
purpose of reseeding, and it isn't a measurable performance issue since
it can just be tuned to reseed less often.
 2019-04-15 06:50:24 -04:00
Daniel Micay
c7e2cb82f4 add generic get_random_bytes function 2019-04-15 06:07:28 -04:00
Daniel Micay
f115be8392 shrink initial region table size to fit in 1 page 2019-04-15 00:04:00 -04:00
Daniel Micay
e7eeb3f35c avoid reading thread_local more than once 2019-04-14 20:26:14 -04:00
Daniel Micay
7e465c621e use allocate_large directly in large remap path 2019-04-14 19:46:22 -04:00
Daniel Micay
1c899657c1 add is_init check to mallinfo functions 2019-04-14 19:12:38 -04:00
Daniel Micay
8774065b13 fix non-init size for malloc_object_size extension 2019-04-14 19:01:25 -04:00
Daniel Micay
84a25ec83e fix build with CONFIG_STATS enabled 2019-04-11 00:51:34 -04:00
Daniel Micay
34b6754f70 enable CONFIG_STATS by default for Android 
The tiny performance cost might as well be accepted now because this
will be needed for Android Q. It's also quite possible that some apps
make use of the features based on this including malloc_info.
 2019-04-10 17:12:17 -04:00
Daniel Micay
d4b8fee1c4 allow using the largest slab allocation size 2019-04-10 16:54:58 -04:00
Daniel Micay
086eb1fee4 at a final spacing class of 1 slot size classes 2019-04-10 16:32:24 -04:00
Daniel Micay
7a89a7b8c5 support for slabs with 1 slot for largest sizes 2019-04-10 16:26:49 -04:00