Merge 6e39d5713d into 33ed3027ab

Fix two typos
ReadMe: adjust section about library location
2025-11-03 09:16:32 +01:00 · 2025-09-23 16:45:46 -04:00 · 2025-09-21 12:35:28 -04:00 · 2025-09-21 12:35:28 -04:00 · 2025-09-17 11:03:53 -04:00 · 2025-06-23 16:23:06 +02:00
3 changed files with 24 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -22,6 +22,7 @@
 * [API extensions](#api-extensions)
 * [Stats](#stats)
 * [System calls](#system-calls)
+* [Citations](#citations-and-mentions)

 ## Introduction

@ -65,14 +66,14 @@ used instead as this allocator fundamentally doesn't support that environment.

 ## Dependencies

-Debian stable (currently Debian 12) determines the most ancient set of
+Debian stable (currently Debian 13) determines the most ancient set of
 supported dependencies:

-* glibc 2.36
-* Linux 6.1
-* Clang 14.0.6 or GCC 12.2.0
+* glibc 2.41
+* Linux 6.12
+* Clang 19.1.7 or GCC 14.2.0

-For Android, the Linux GKI 5.10, 5.15 and 6.1 branches are supported.
+For Android, the Linux GKI 6.1, 6.6 and 6.12 branches are supported.

 However, using more recent releases is highly recommended. Older versions of
 the dependencies may be compatible at the moment but are not tested and will
@ -83,7 +84,7 @@ there will be custom integration offering better performance in the future
 along with other hardening for the C standard library implementation.

 For Android, only the current generation, actively developed maintenance branch of the Android
-Open Source Project will be supported, which currently means `android15-release`.
+Open Source Project will be supported, which currently means `android16-release`.

 ## Testing

@ -159,8 +160,11 @@ line to the `/etc/ld.so.preload` configuration file:
 The format of this configuration file is a whitespace-separated list, so it's
 good practice to put each library on a separate line.

-On Debian systems `libhardened_malloc.so` should be installed into `/usr/lib/`
-to avoid preload failures caused by AppArmor profile restrictions.
+For maximum compatibility `libhardened_malloc.so` can be installed into
+`/usr/lib/` to avoid preload failures caused by AppArmor profiles or systemd
+ExecPaths= restrictions. Check for logs of the following format:
+
+    ERROR: ld.so: object '/usr/local/lib/libhardened_malloc.so' from /etc/ld.so.preload cannot be preloaded (failed to map segment from shared object): ignored.

 Using the `LD_PRELOAD` environment variable to load it on a case-by-case basis
 will not work when `AT_SECURE` is set such as with setuid binaries. It's also
@ -1004,3 +1008,13 @@ Additional system calls when `CONFIG_SEAL_METADATA=true` is set:
 Additional system calls for Android builds with `LABEL_MEMORY`:

 * `prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, ptr, size, name)`
+
+## Citations and mentions
+
+- [StarMalloc: Verifying a Modern, Hardened Memory Allocator](https://dl.acm.org/doi/10.1145/3689773) (2024)
+- [S2malloc: Statistically Secure Allocator for Use-After-Free Protection And More](https://arxiv.org/abs/2402.01894) (2024))
+- [TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution](https://arxiv.org/abs/2406.08719) (2024)
+- [GuaNary: Efficient Buffer Overflow Detection In Virtualized Clouds Using Intel EPT-based Sub-Page Write Protection Support](https://dl.acm.org/doi/10.1145/3626787) (2023)
+- [DangZero: Efficient Use-After-Free Detection via Direct Page Table Access](https://dl.acm.org/doi/10.1145/3548606.3560625) (2022)
+- [Understanding and Mitigating Memory Corruption Attacks](https://repository.library.northeastern.edu/files/neu:4f186m727/fulltext.pdf), PhD Dissertation (2022)
+- [HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators](https://dl.acm.org/doi/10.1145/3460120.3484740) (2021)
--- a/androidtest/memtag/memtag_test.cc
+++ b/androidtest/memtag/memtag_test.cc
@ -44,7 +44,7 @@ void *set_pointer_tag(void *ptr, u8 tag) {
    return (void *) (((uintptr_t) tag << 56) | (uintptr_t) untag_pointer(ptr));
 }

-// This test checks that slab slot allocation uses tag that is distint from tags of its neighbors
+// This test checks that slab slot allocation uses tag that is distinct from tags of its neighbors
 // and from the tag of the previous allocation that used the same slot
 void tag_distinctness() {
    // tag 0 is reserved
--- a/test/test_smc.py
+++ b/test/test_smc.py
@ -98,7 +98,7 @@ class TestSimpleMemoryCorruption(unittest.TestCase):
        self.assertEqual(stderr.decode("utf-8"),
                         "fatal allocator error: invalid free\n")

-    def test_invalid_malloc_usable_size_small_quarantene(self):
+    def test_invalid_malloc_usable_size_small_quarantine(self):
        _stdout, stderr, returncode = self.run_test(
            "invalid_malloc_usable_size_small_quarantine")
        self.assertEqual(returncode, -6)
Author	SHA1	Message	Date
Julien Voisin	06fa9908ef	Merge `6e39d5713d` into `33ed3027ab`	2025-09-23 16:45:46 -04:00
Christian Göttsche	33ed3027ab	Fix two typos	2025-09-21 12:35:28 -04:00
Christian Göttsche	86dde60fcf	ReadMe: adjust section about library location	2025-09-21 12:35:28 -04:00
charles25565	ff99511eb4	Update dependencies in README Update from bookworm to trixie, updating GKIs, and changing to Android 16.	2025-09-17 11:03:53 -04:00
jvoisin	6e39d5713d	Add a Citations and mentions section If only to make it easier to prove that smart(tm) people are looking at how secure/useable/fast/cool/... GrapheneOS' hardened_malloc is.	2025-06-23 16:23:06 +02:00