jmb/hardened_malloc
1
0
Fork 0
mirror of https://github.com/GrapheneOS/hardened_malloc.git synced 2025-10-30 15:56:32 +01:00
Code Issues Projects Releases Packages Wiki Activity
651 commits 6 branches 862 tags 2.6 MiB
Commit graph

144 commits

Author SHA1 Message Date
jvoisin
b511696c55 clean up includes and remove non-portable includes 
This marginally increases the portability of hardened_malloc,
eg. on OSX.
 2022-02-07 07:14:51 -05:00
Daniel Micay
448170a412 fix case for non-macro constant 2022-01-21 23:59:37 -05:00
Daniel Micay
995ce07d45 add is_init likely/unlikely markers 2022-01-21 19:46:49 -05:00
Daniel Micay
c9d1abcd7e explicitly mark fatal error conditions unlikely 2022-01-21 19:45:05 -05:00
Daniel Micay
8f0b252c33 mark more out-of-memory conditions as unlikely 2022-01-21 19:03:02 -05:00
Daniel Micay
3cffc1e1af treat zero size malloc as unlikely 
Calls to malloc with a zero size are extremely rare relative to normal
usage of the API. It's generally only done by inefficient C code with
open coded dynamic array implementations where they aren't handling zero
size as a special case for their usage of malloc/realloc. Efficient code
wouldn't be making these allocations. It doesn't make sense to optimize
for the performance of rare edge cases caused by inefficient code.
 2022-01-21 18:27:04 -05:00
Daniel Micay
b3d78bd5f6 use static const for local constants 2022-01-16 21:02:17 -05:00
Daniel Micay
8d61e63274 add comment about special small size classes 2022-01-16 20:50:49 -05:00
Daniel Micay
81cf2f27a0 calculate slab size class instead of array loop 2022-01-16 16:18:14 -05:00
Daniel Micay
d8cb2d9f7a use consistent wrappers around clz/ffs 2022-01-16 15:39:59 -05:00
Daniel Micay
86f9c739ee define constant for u64 bit width 2022-01-16 15:06:36 -05:00
Daniel Micay
536f852538 reuse a single size alignment implementation 2022-01-16 14:44:28 -05:00
Daniel Micay
2a5662948e rename bitmap manipulation functions 2022-01-04 12:14:55 -05:00
Daniel Micay
d1c39edc9b use const for malloc_object_size API 2022-01-04 10:14:41 -05:00
Daniel Micay
5f32942263 get rid of canary_value when canaries are disabled 2022-01-03 20:39:30 -05:00
Daniel Micay
3696f071a4 use SLAB_CANARY for conditional checks 2022-01-03 02:17:04 -05:00
Daniel Micay
8ae78237ae avoid unnecessarily mixing 32-bit and 64-bit ints 
It's ever so slightly faster to stick to stick to 64-bit arithmetic and
it avoids clang tidy being unhappy about the implicit widening.
 2022-01-03 00:54:43 -05:00
Daniel Micay
3f8e9d3184 make MREMAP_MOVE_THRESHOLD into size_t constant 
This avoids a clang-tidy warning and is a bit cleaner.
 2022-01-03 00:32:06 -05:00
jvoisin
9142a9376b Add a bunch of const qualifiers 2021-12-30 21:25:16 -05:00
jvoisin
0655c1d024 Add a missing const 2021-12-26 18:19:59 -05:00
Daniel Micay
e41d37c3de remove unnecessary else 2021-09-30 10:57:05 -04:00
Daniel Micay
be6dde66f9 fix missing include for Intel MPK support 2021-05-21 09:07:28 -04:00
Daniel Micay
27fcfccb67 make __GLIBC_PREREQ check for mallinfo2 portable 2021-05-12 22:53:20 -04:00
Daniel Micay
da190f1469 mark pvalloc error path as unlikely 2021-05-12 21:01:13 -04:00
Daniel Micay
b0f81365a8 reuse code for aligned allocation API entry points 2021-05-12 20:59:04 -04:00
Daniel Micay
c9820b6e37 mark alloc_aligned_simple error path unlikely 2021-05-12 20:41:46 -04:00
Daniel Micay
f1cdc1e484 remove disconcerting newline 2021-05-12 20:34:18 -04:00
Daniel Micay
26b74b87bf improve code reuse for malloc API entry points 2021-05-12 20:28:50 -04:00
Daniel Micay
89faba4232 set errno in malloc_get_state to match glibc 2021-05-12 20:19:12 -04:00
Daniel Micay
a45dacc57b add support for glibc mallinfo2 2021-05-12 20:07:15 -04:00
Daniel Micay
f9a8e7216b purge slab memory even if using MAP_FIXED fails 2021-05-12 00:45:19 -04:00
Daniel Micay
5c974bdf82 use region quarantine even if MAP_FIXED call fails 
This is a more sensible way of handling an out-of-memory failure in this
edge case. It doesn't matter much in practice.
 2021-05-12 00:20:03 -04:00
Daniel Micay
2335f56713 add wrapper function for getting slot count 2021-05-10 07:04:50 -04:00
Daniel Micay
13a3aa16d0 improve naming of adjust_size_for_canaries 2021-05-07 04:23:49 -04:00
Daniel Micay
8bfa1a7dd5 use 1 slot for all extended size classes 
This reduces memory usage and improves security in combination with the
guard slab feature.
 2021-05-01 22:10:20 -04:00
Daniel Micay
3952645318 avoid unused variable for some configurations 2021-03-31 12:12:49 -04:00
Daniel Micay
f773a96b59 remove unnecessary sys/mman.h include 2021-03-22 12:25:22 -04:00
Daniel Micay
b84af9b499 add wrapper for madvise 2021-03-22 12:24:26 -04:00
Daniel Micay
e77ffa76d9 add initial malloc_trim slab quarantine purging 
This currently only purges the quarantines for extended size classes.
 2021-03-22 11:16:57 -04:00
Daniel Micay
86b0b3e452 fix !CONFIG_EXTENDED_SIZE_CLASSES configuration 2021-03-21 18:09:02 -04:00
Daniel Micay
a3b4c163eb drop unused header 2021-03-05 00:35:10 -05:00
Daniel Micay
ddd14bc421 avoid type comparison warning on some platforms 2021-02-16 17:18:35 -05:00
Daniel Micay
29b09648d6 avoid undefined clz and shift in edge cases 
This is triggered when get_large_size_class is called with a size in the
range [1,4]. This can occur with aligned_alloc(8192, size). In practice,
it doesn't appear to cause any harm, but we shouldn't have any undefined
behavior for well-defined usage of the API. It also occurs if the caller
passes a pointer outside the slab region to free_sized but the expected
size is in the range [1,4]. That usage of free_sized is already going to
be considered undefined, but we should avoid undefined behavior in the
caller from triggering more undefined behavior when it's avoidable.
 2021-02-16 08:31:17 -05:00
Thibaut Sautereau
1984cb3b3d malloc_object_size: avoid fault for invalid region 
It's the region pointer that can be NULL here, and p was checked at the
beginning of the function.
 2021-02-10 17:43:36 -05:00
Thibaut Sautereau
76860c72e1 malloc_usable_size: clean abort on invalid region 
It's the region pointer that can be NULL here, and p was checked at the
beginning of the function. Also fix the test accordingly.
 2021-02-10 17:41:17 -05:00
Daniel Micay
5275563252 fix C++ sized deallocation check false positive 
This is a compatibility issue triggered when both slab canaries and the
C++ allocator overloads providing sized deallocation checks are enabled.

The boundary where slab allocations are turned into large allocations
due to not having room for the canary in the largest slab allocation
size class triggers a false positive in the sized deallocation check.
 2021-01-06 00:18:59 -05:00
Daniel Micay
b90f650153 fix sized deallocation check with large sizes 
The CONFIG_CXX_ALLOCATOR feature enables sanity checks for sized
deallocation and this wasn't updated to handle the introduction of
performing size class rounding for large sizes.
 2020-11-10 13:53:32 -05:00
Daniel Micay
b072022022 perform init sanity checks before MPK unsealing 2020-10-06 17:34:35 -04:00
Daniel Micay
2bb1c39d31 add MPK support for stats retrieval functions 2020-10-06 17:32:25 -04:00
Daniel Micay
0bf18b7c26 optimize malloc_usable_size enforce_init 2020-10-03 15:10:49 -04:00