Commit Graph

459 Commits (d757835d9077d8bf1b7194ec22bb5e5e1d2661d5)

Author SHA1 Message Date
Daniel Micay 2ad74515b1 enable -Werror for Android build system 2019-08-18 02:31:05 -04:00
Daniel Micay abece7656b add enabled-by-default option to use -Werror 2019-08-18 02:28:23 -04:00
Daniel Micay c70745ab15 Makefile: add check target depending on tidy 2019-08-18 02:20:06 -04:00
Daniel Micay 7d4d2ef0fb treat clang-tidy warnings as errors for automation 2019-08-18 02:18:04 -04:00
Daniel Micay 8133444f43 move clang-tidy configuration to .clang-tidy 2019-08-18 02:12:18 -04:00
Daniel Micay 8f9f2521a0 disable sanitizer recovery in UBSan debug builds
This makes it harder to miss that an error occurred and avoids spamming
output. There should never be a single error, so it doesn't make sense
to gather as many errors as possible when a single error is already a
serious issue that would need to be fixed.
2019-08-18 02:00:13 -04:00
Daniel Micay d8ebdea05f handle CONFIG_SEAL_METADATA option like the others 2019-08-18 01:56:20 -04:00
Daniel Micay defd55f302 provide link to Bionic integration commit 2019-08-18 01:44:40 -04:00
Daniel Micay 04f69d9f0d update supported Android branches 2019-08-18 01:41:56 -04:00
Daniel Micay 995d0580d1 remove extra spaces inserted by vim joinspaces 2019-08-18 01:39:22 -04:00
Daniel Micay 8d2df1deb8 use CC as CXX to make sure LTO is compatible 2019-08-18 01:28:59 -04:00
Daniel Micay 1bc201c4c1 use -Wcast-align if -Wcast-align=strict is missing 2019-08-18 01:15:54 -04:00
Daniel Micay cc8c4459e1 make safe_flag treat unknown warnings as missing 2019-08-18 01:15:54 -04:00
Daniel Micay b6b910f032 add table of contents to README 2019-08-18 01:15:54 -04:00
Daniel Micay 24de5aab05 still need to finish up initial malloc_object_size 2019-08-18 01:15:54 -04:00
Daniel Micay 71e4577367 fix some inconsistencies in the tagging examples 2019-08-13 21:44:16 -04:00
Patrick Schleizer 75e86914aa respect existing CFLAGS, CPPFLAGS and LDFLAGS 2019-07-29 13:52:55 -04:00
Daniel Micay 90d12fb340 override local default to -fstack-protector-strong
This is a no-op on a toolchain compiled with the basic mitigations
enabled by default, so this is generally a no-op anywhere this project
is likely to be deployed. SSP has a very low performance cost so there's
little reason to avoid it, even though it also has zero value for this
code in practice. It would be great if one of the more modern approaches
was widely adopted, but unfortunately SSP is as good as it gets for
portable options. It doesn't provide any protection against external
writes to the stack data which is all that's really needed here.

ShadowCallStack is a great option for arm64, but it's substantially more
difficult to protect return addresses well on x86_64 due to the design of
the ISA and ABI.
2019-07-19 11:53:55 -04:00
Daniel Micay 77743e5a36 use -fstack-clash-protection for completeness
This is a no-op for the current code and will likely remain that way so
there's no benefit but also no performance cost.
2019-07-19 11:18:49 -04:00
Daniel Micay 3ed6e546c8 OS integration guide 2019-07-18 07:22:29 -04:00
Daniel Micay d80919fa1e substantially raise the arbitrary arena limit 2019-07-12 03:43:33 -04:00
Daniel Micay 410e9efb93 extend configuration sanity checks 2019-07-11 17:09:48 -04:00
Daniel Micay 7bcfa500be remove note about lack of sanity checks for config 2019-07-11 15:50:45 -04:00
Daniel Micay 72a08f88fb supports Debian oldstable due to Buster release 2019-07-10 18:08:14 -04:00
Daniel Micay a32e26b8e9 avoid trying to use mremap outside of Linux 2019-07-05 21:59:44 -04:00
Daniel Micay 934ab4cb59 explain extended size classes impact on quarantine 2019-07-05 17:57:41 -04:00
Daniel Micay 060f74b993 extended size classes now go up to 128k not 64k 2019-07-05 17:55:25 -04:00
Daniel Micay 4d4277319a clarifications to randomization documentation 2019-06-23 19:20:16 -04:00
Daniel Micay a579257a26 update libdivide to 1.1 2019-06-23 00:39:35 -04:00
Daniel Micay bb65d088dc drop default class region size to 32GiB 2019-06-19 01:00:22 -04:00
Daniel Micay 706c1970b5 add GitHub funding metadata 2019-06-18 22:54:49 -04:00
Daniel Micay dba11c0091 fix warning with glibc from cfree 2019-06-18 22:50:10 -04:00
Daniel Micay 539d4f0d37 add extended size classes to offset test 2019-06-18 15:51:28 -04:00
Daniel Micay bc75c4db7b realloc: use copy_size to check for canaries
This avoids unnecessarily copying the canary when doing a realloc from a
small size to a large size. It also avoids trying to copy a non-existent
canary out of a zero-size allocation, which are memory protected.
2019-06-17 00:28:10 -04:00
Daniel Micay 37474e117c limit precision for fragmentation in table 2019-06-12 13:29:04 -04:00
Daniel Micay 12525f2861 work around old glibc releases without threads.h 2019-06-06 08:10:57 -04:00
Daniel Micay 5449f4a94e use safe_flag for -fno-plt
This isn't supported by the ancient Clang release in Debian Stable.
2019-06-06 07:33:39 -04:00
Daniel Micay 64a1f59020 note about getrandom with syscall whitelists 2019-06-02 22:24:25 -04:00
Daniel Micay b40ba9754b add malloc_info test 2019-05-05 08:37:55 -04:00
Daniel Micay f6f4402ff3 expand test gitignore 2019-05-05 08:37:55 -04:00
Daniel Micay 2ae0ed4674 add large array growth test 2019-05-05 08:37:55 -04:00
Daniel Micay ae4142c2d1 note that arenas are isolated from each other 2019-04-23 02:01:44 -04:00
Daniel Micay 18f36c3e8d expand description of randomized delay free 2019-04-23 01:59:31 -04:00
Daniel Micay 7f0bbddfca merge points about out-of-line / protected state 2019-04-23 01:58:37 -04:00
Daniel Micay 409a639312 provide working malloc_info outside Android too 2019-04-19 16:56:07 -04:00
Daniel Micay 494436c904 implement options handling for malloc_info 2019-04-19 16:23:14 -04:00
Daniel Micay 13ee04c8c3 fill CSPRNG caches lazily to speed up early init 2019-04-15 07:23:30 -04:00
Daniel Micay a13db3fc68 initialize size class CSPRNGs from init CSPRNG
This avoids making a huge number of getrandom system calls during
initialization. The init CSPRNG is unmapped before initialization
finishes and these are still reseeded from the OS. The purpose of the
independent CSPRNGs is simply to avoid the massive performance hit of
synchronization and there's no harm in doing it this way.

Keeping around the init CSPRNG and reseeding from it would defeat the
purpose of reseeding, and it isn't a measurable performance issue since
it can just be tuned to reseed less often.
2019-04-15 06:50:24 -04:00
Daniel Micay c7e2cb82f4 add generic get_random_bytes function 2019-04-15 06:07:28 -04:00
Daniel Micay f115be8392 shrink initial region table size to fit in 1 page 2019-04-15 00:04:00 -04:00