jmb/hardened_malloc
1
0
Fork 0
mirror of https://github.com/GrapheneOS/hardened_malloc.git synced 2026-03-04 20:52:51 +01:00
Code Issues Projects Releases Packages Wiki Activity
745 commits 8 branches 886 tags 3.1 MiB
Commit graph

745 commits

This branch
This branch
All branches
Author SHA1 Message Date
Daniel Micay
3bee8d3e0e fix realloc from small sized allocations with above PAGE_SIZE alignment 
Large allocations don't always have a size larger than the maximum slab
size class because alignment larger than PAGE_SIZE is handled via large
allocations. The general case in realloc was assuming small sizes imply
slab allocations which isn't guaranteed.

Alignment above PAGE_SIZE is rare and realloc doesn't preserve alignment
so passing aligned allocations to realloc is also rare. In practice, it
ends up doing invalid accesses within the reserved metadata region which
will almost always crash due to it being largely PROT_NONE memory and it
having an extremely high likelihood of indexing into the PROT_NONE areas
rather than the actual metadata. That means if this impacted an app, it
would currently be crashing in practice. Due to the reserved region for
metadata and the fact that it would be crashing, this can be ruled out
as a security concern but is potentially an extremely rare compatibility
issue if there's any code using this.

Reported-by: Stefan Rus <stefan@photonspark.com>
 2026-02-22 14:58:24 -05:00
Daniel Micay
1044b541a9 update libdivide to 5.3.0 2026-02-16 11:30:28 -05:00
bravesasha
d4e40af550 Update LICENSE 2026-01-07 03:07:41 -05:00
qikp0
bb9187b94c Android 16 QPR2 is now the active branch of AOSP 2026-01-03 14:47:39 -05:00
Ganwtrs
261b7bbf09 Correct title of README from Hardened malloc to hardened_malloc 2025-12-06 00:40:28 -05:00
Ganwtrs
74ef8a96ed Remove spaces around the slash (like one/two) 2025-12-05 21:55:56 -05:00
dependabot[bot]
c110ba88f3 build(deps): bump actions/checkout from 5 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 13:27:29 -05:00
charles25565
a000fd4b5e Bump minimum AOSP version to QPR1 2025-11-15 17:04:35 -05:00
Charles
5cb0ff9f4d gitignore: use exact matches 2025-10-29 16:26:38 -04:00
Daniel Micay
e371736b17 drop legacy compiler versions from GitHub workflow 2025-09-23 18:12:57 -04:00
Daniel Micay
c46d3cab33 add newer Clang versions for GitHub workflow 2025-09-23 18:12:39 -04:00
Christian Göttsche
33ed3027ab Fix two typos 2025-09-21 12:35:28 -04:00
Christian Göttsche
86dde60fcf ReadMe: adjust section about library location 2025-09-21 12:35:28 -04:00
charles25565
ff99511eb4 Update dependencies in README 
Update from bookworm to trixie, updating GKIs, and changing to Android 16.
 2025-09-17 11:03:53 -04:00
Daniel Micay
c392d40843 update GitHub actions/checkout to 5 2025-08-12 00:28:58 -04:00
Віктор Дуйко
7481c8857f docs: updated the license date 2025-04-05 13:13:18 -04:00
Christian Göttsche
1d7fc7ffe0 support GCC15 
GCC 15 starts warning about non NUL-terminated string literals:

    chacha.c:44:31: error: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (17 chars into 16 available) [-Werror=unterminated-string-initialization]
       44 | static const char sigma[16] = "expand 32-byte k";
          |                               ^~~~~~~~~~~~~~~~~~
 2025-04-03 18:31:55 -04:00
Daniel Micay
4fe9018b6f rename calculate_waste.py to calculate-waste 2025-02-17 12:47:30 -05:00
Daniel Micay
3ab23f7ebf update libdivide to 5.2.0 2025-01-25 16:13:22 -05:00
Daniel Micay
c894f3ec1d add newer compiler versions for GitHub workflow 2024-12-15 22:20:01 -05:00
Daniel Micay
c97263ef0c handle GitHub runner image updates 
clang-14 and clang-15 are no longer installed by default.
 2024-12-15 22:18:40 -05:00
Daniel Micay
a7302add63 update outdated branch in README 2024-10-23 06:36:02 -04:00
Daniel Micay
b1d9571fec remove trailing whitespace 2024-10-12 03:23:52 -04:00
Daniel Micay
e03579253a preserve PROT_MTE when releasing memory 2024-10-12 03:19:16 -04:00
Daniel Micay
9739cb4690 use wrapper for calling memory_map_mte 2024-10-12 03:19:03 -04:00
Daniel Micay
aa950244f8 reuse code for memory_map_mte 
This drops the separate error message since that doesn't seem useful.
 2024-10-12 03:18:36 -04:00
Daniel Micay
6402e2b0d4 reduce probability hint for is_memtag_enabled 2024-10-12 03:17:44 -04:00
Daniel Micay
e86192e7fe remove redundant warning switches for Android 
Android already enables -Wall and -Wextra in the global soong build
settings.
 2024-10-09 19:57:15 -04:00
Julien Voisin
6ce663a8bd Fix -Wimplicit-function-declaration error with gcc 14. 
```
malloc_info.c: In function 'leak_memory':
malloc_info.c:12:12: error: implicit declaration of function 'malloc' [-Wimplicit-function-declaration]
   12 |     (void)!malloc(1024 * 1024 * 1024);
      |            ^~~~~~
malloc_info.c:10:1: note: include '<stdlib.h>' or provide a declaration of 'malloc'
    9 | #include "../util.h"
  +++ |+#include <stdlib.h>
   10 |
malloc_info.c:12:12: warning: incompatible implicit declaration of built-in function 'malloc' [-Wbuiltin-declaration-mismatch]
   12 |     (void)!malloc(1024 * 1024 * 1024);
      |            ^~~~~~
```

Taken from https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/72971/

Co-authored-by: @mio
 2024-10-03 23:44:15 -04:00
maade93791
9ca9d2d925 android: use more basic CPU target for memtag 
This is required for hardened_malloc to work in microdroid on MTE-enabled devices (currently, 8th
and 9th generation Pixels) since PVMFW only supports ARMv8 cores.

https://android.googlesource.com/platform/packages/modules/Virtualization/+/refs/tags/android-15.0.0_r1/pvmfw/platform.dts#100
 2024-09-09 19:22:23 -04:00
Daniel Micay
3f07acfab1 update libdivide to 5.1 2024-08-05 02:25:55 -04:00
Daniel Micay
749640c274 update copyright notice 2024-02-15 02:57:33 -05:00
Dmitry Muhomor
7268189933 mte: use tag 0 for freed slots, stop reserving tag 15 2024-01-23 12:56:54 -05:00
Dmitry Muhomor
3c1f40aff0 amend memory tagging README section 
Memory tagging is enabled by default in bionic, but can be disabled at any point.
Memory tagging can't be re-enabled after it's disabled.
 2024-01-23 12:56:54 -05:00
Dmitry Muhomor
5fbbdc2ef8 memtag_test: add test for MADV_DONTNEED behavior 2024-01-23 12:56:54 -05:00
Dmitry Muhomor
7d2151e40c mte: remove util.h dependency from arm_mte.h 
It's needed for including arm_mte.h into memtag_test.cc
 2024-01-23 12:56:54 -05:00
Dmitry Muhomor
4756716904 memtag_test: move SEGV code checks to device-side binary 2024-01-23 12:56:54 -05:00
Daniel Micay
a3bf742c3e remove trailing whitespace 2024-01-03 14:44:08 -05:00
Julien Voisin
53a45b4661 Improve a bit the formulation of the MTE documentation 2024-01-03 13:40:42 -05:00
Daniel Micay
abe54dba27 update memory tagging documentation 2024-01-03 12:22:56 -05:00
Dmitry Muhomor
365ee6900d android: restore the default SIGABRT handler in fatal_error() 
async_safe_fatal() calls abort() at the end, which can be intercepted by a custom SIGABRT handler.

In particular, crashlytics installs such a handler and tries to fork() after catching SIGABRT.

hardened_malloc uses pthread_atfork() to register fork handlers. These handlers try to lock internal
hardened_malloc mutexes. If at least one of those mutexes is already locked, which is usually the
case, thread that called fatai_error() gets deadlocked, while the other threads (if there are any)
continue to run.
 2023-12-31 11:21:28 -05:00
Christian Göttsche
7093fdc482 README: add note about AppArmor constraint on Debian 2023-12-14 09:06:32 -05:00
jvoisin
61821b02c8 Clarify a bit why a particular magic number was chosen 2023-11-16 14:25:54 -05:00
Daniel Micay
3c274731ba Revert "use safe_flag for -fstack-clash-protection" 
This reverts commit 4171bd164e.
 2023-11-14 16:19:33 -05:00
Daniel Micay
4171bd164e use safe_flag for -fstack-clash-protection 2023-11-08 14:21:04 -05:00
jvoisin
352c083f65 Run the testsuite on multiple compiler versions 2023-11-05 17:58:32 -05:00
Dmitry Muhomor
88b3c1acf9 memtag_test: fix sporadic failures of overflow/underflow tests 2023-11-01 17:33:20 -04:00
Daniel Micay
f793a3edf6 update README now that MTE is implemented 2023-10-30 14:23:48 -04:00
Dmitry Muhomor
fd75fc1ba8 mte: add scudo to CREDITS file 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
72dc236d5f mte: add untag_pointer() variant for const pointers 2023-10-30 14:20:53 -04:00