Merge 96836f463b into c110ba88f3

Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/build-and-test.yml

@@ -13,7 +13,7 @@ jobs:
       matrix:
         version: [14]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Setting up gcc version
         run: |
           sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-${{ matrix.version }} 100
@@ -26,7 +26,7 @@ jobs:
       matrix:
         version: [19, 20]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Install dependencies
         run: sudo apt-get update && sudo apt-get install -y --no-install-recommends clang-19 clang-20
       - name: Setting up clang version
@@ -40,7 +40,7 @@ jobs:
     container:
       image: alpine:latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Install dependencies
         run: apk update && apk add build-base python3
       - name: Build
@@ -48,7 +48,7 @@ jobs:
   build-ubuntu-gcc-aarch64:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Install dependencies
         run: sudo apt-get update && sudo apt-get install -y --no-install-recommends gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libgcc-s1-arm64-cross cpp-aarch64-linux-gnu
       - name: Build

h_malloc.c

@@ -1295,7 +1295,12 @@ COLD static void init_slow_path(void) {
 
     atomic_store_explicit(&ro.slab_region_end, slab_region_end, memory_order_release);
 
+#if defined(__ANDROID__) && defined(HAS_ARM_MTE)
+    /* Do not seal to support disabling memory tagging */
     if (unlikely(memory_protect_ro(&ro, sizeof(ro)))) {
+#else
+    if (unlikely(memory_protect_seal(&ro, sizeof(ro)))) {
+#endif
         fatal_error("failed to protect allocator data");
     }
     memory_set_name(&ro, sizeof(ro), "malloc read-only after init");

memory.c

@@ -1,6 +1,8 @@
 #include <errno.h>
+#include <unistd.h>
 
 #include <sys/mman.h>
+#include <sys/syscall.h>
 
 #ifdef LABEL_MEMORY
 #include <sys/prctl.h>
@@ -91,6 +93,22 @@ bool memory_protect_rw_metadata(void *ptr, size_t size) {
     return memory_protect_prot(ptr, size, PROT_READ|PROT_WRITE, get_metadata_key());
 }
 
+COLD bool memory_protect_seal(void *ptr, size_t size) {
+#if defined(__linux__) && defined(__NR_mseal)
+    /* supported since Linux 6.10 */
+    int ret = syscall(__NR_mseal, ptr, size, 0);
+    if (ret == 0)
+        return false;
+    if (unlikely(errno == ENOMEM))
+        return true;
+    if (errno == ENOSYS)
+        return memory_protect_ro(ptr, size);
+    fatal_error("non-ENOMEM and non-ENOSYS mseal failure");
+#else
+    return memory_protect_ro(ptr, size);
+#endif
+}
+
 #ifdef HAVE_COMPATIBLE_MREMAP
 bool memory_remap(void *old, size_t old_size, size_t new_size) {
     void *ptr = mremap(old, old_size, new_size, 0);

memory.h

@@ -22,6 +22,7 @@ bool memory_unmap(void *ptr, size_t size);
 bool memory_protect_ro(void *ptr, size_t size);
 bool memory_protect_rw(void *ptr, size_t size);
 bool memory_protect_rw_metadata(void *ptr, size_t size);
+bool memory_protect_seal(void *ptr, size_t size);
 #ifdef HAVE_COMPATIBLE_MREMAP
 bool memory_remap(void *old, size_t old_size, size_t new_size);
 bool memory_remap_fixed(void *old, size_t old_size, void *new, size_t new_size);