18.1: switch to latest hardened_malloc revision

+ other fixes

Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-05-06 14:54:08 -04:00
parent 2c90c48637
commit 11b5815f14
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
14 changed files with 155 additions and 13 deletions

View File

@ -217,7 +217,7 @@ external/guava f68acb20fe2dbfb31dd6259fd0cf161f09d51701
external/guice 341b3654f990734fccc4f8bdda401862f1aea696
external/gwp_asan 76e2fecf2dd8449ab4d636dc3e55f1be1d7a56d0
external/hamcrest c24f6249abf1583a60f7b33ea29e321e8f15c586
external/hardened_malloc 9823dcad79b5dc735720790d27770231ec90fee8
external/hardened_malloc 749640c274d54e084505a24fa758bcb5f96a25ef
external/harfbuzz_ng ab5e62fefce126b4f299430f1327b33c9fe526e1
external/honggfuzz 03bc7e514aac0c4c64a5bb978454aa2020695ac3
external/hyphenation-patterns ac87c57f7beddbf5d5a50462508ce182f4fe72e8

View File

@ -74,7 +74,7 @@
<!-- START OF ADDITIONAL REPOS -->
<!-- GrapheneOS -->
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="9823dcad79b5dc735720790d27770231ec90fee8" />
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="749640c274d54e084505a24fa758bcb5f96a25ef" />
<!-- END OF ADDITIONAL REPOS -->
<!-- START OF DEVICE REPOS -->

View File

@ -0,0 +1,102 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Tue, 1 Jan 2019 14:45:27 -0500
Subject: [PATCH] workarounds for Pixel 3 SoC era camera driver bugs
---
h_malloc.c | 33 ++++++++++++++++++++++++++++-----
1 file changed, 28 insertions(+), 5 deletions(-)
diff --git a/h_malloc.c b/h_malloc.c
index 15be0a2..3fa9ed7 100644
--- a/h_malloc.c
+++ b/h_malloc.c
@@ -80,6 +80,9 @@ static union {
#ifdef MEMTAG
bool is_memtag_disabled;
#endif
+ bool zero_on_free;
+ bool purge_slabs;
+ bool region_quarantine_protect;
};
char padding[PAGE_SIZE];
} ro __attribute__((aligned(PAGE_SIZE)));
@@ -465,7 +468,7 @@ static void *slot_pointer(size_t size, void *slab, size_t slot) {
}
static void write_after_free_check(const char *p, size_t size) {
- if (!WRITE_AFTER_FREE_CHECK) {
+ if (!WRITE_AFTER_FREE_CHECK || !ro.zero_on_free) {
return;
}
@@ -812,7 +815,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
}
#endif
- if (ZERO_ON_FREE && !skip_zero) {
+ if (ro.zero_on_free && !skip_zero) {
memset(p, 0, size - canary_size);
}
}
@@ -890,7 +893,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
if (c->empty_slabs_total + slab_size > max_empty_slabs_total) {
int saved_errno = errno;
- if (!memory_map_fixed(slab, slab_size)) {
+ if (ro.purge_slabs && !memory_map_fixed(slab, slab_size)) {
label_slab(slab, slab_size, class);
stats_slab_deallocate(c, slab_size);
enqueue_free_slab(c, metadata);
@@ -976,7 +979,7 @@ static void regions_quarantine_deallocate_pages(void *p, size_t size, size_t gua
return;
}
- if (unlikely(memory_map_fixed(p, size))) {
+ if (!ro.region_quarantine_protect || unlikely(memory_map_fixed(p, size))) {
memory_purge(p, size);
} else {
memory_set_name(p, size, "malloc large quarantine");
@@ -1192,6 +1195,21 @@ static inline void enforce_init(void) {
}
}
+COLD static void handle_bugs(void) {
+ char path[256];
+ if (readlink("/proc/self/exe", path, sizeof(path)) == -1) {
+ return;
+ }
+
+ // Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL camera provider
+ const char camera_provider[] = "/vendor/bin/hw/android.hardware.camera.provider@2.4-service_64";
+ if (strcmp(camera_provider, path) == 0) {
+ ro.zero_on_free = false;
+ ro.purge_slabs = false;
+ ro.region_quarantine_protect = false;
+ }
+}
+
static struct mutex init_lock = MUTEX_INITIALIZER;
COLD static void init_slow_path(void) {
@@ -1207,6 +1225,11 @@ COLD static void init_slow_path(void) {
ro.metadata_pkey = pkey_alloc(0, 0);
#endif
+ ro.purge_slabs = true;
+ ro.zero_on_free = ZERO_ON_FREE;
+ ro.region_quarantine_protect = true;
+ handle_bugs();
+
if (unlikely(sysconf(_SC_PAGESIZE) != PAGE_SIZE)) {
fatal_error("runtime page size does not match compile-time page size which is not supported");
}
@@ -1491,7 +1514,7 @@ EXPORT void *h_calloc(size_t nmemb, size_t size) {
}
total_size = adjust_size_for_canary(total_size);
void *p = alloc(total_size);
- if (!ZERO_ON_FREE && likely(p != NULL) && total_size && total_size <= max_slab_size_class) {
+ if (!ro.zero_on_free && likely(p != NULL) && total_size && total_size <= max_slab_size_class) {
memset(p, 0, total_size - canary_size);
}
#ifdef HAS_ARM_MTE

View File

@ -10,16 +10,16 @@ Change-Id: I23513ec0379bbb10829f989690334e9704fd20e2
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/h_malloc.c b/h_malloc.c
index a6e1a7c..1b574e4 100644
index 3fa9ed7..0308d73 100644
--- a/h_malloc.c
+++ b/h_malloc.c
@@ -1070,7 +1070,8 @@ COLD static void handle_bugs(void) {
@@ -1203,7 +1203,8 @@ COLD static void handle_bugs(void) {
// Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL camera provider
const char camera_provider[] = "/vendor/bin/hw/android.hardware.camera.provider@2.4-service_64";
- if (strcmp(camera_provider, path) == 0) {
+ // Any camera executable on system partition
+ if (strcmp(camera_provider, path) == 0 || (strstr(path, "camera") != NULL && (strncmp("/system", path, 7) == 0 || strncmp("/vendor", path, 7) == 0))) {
+ if (strcmp(camera_provider, path) == 0 || (strstr(path, "camera") != NULL && (strncmp("/system", path, 7) == 0 || strncmp("/vendor", path, 7) == 0 || strncmp("/apex", path, 5) == 0))) {
ro.zero_on_free = false;
ro.purge_slabs = false;
ro.region_quarantine_protect = false;

View File

@ -0,0 +1,31 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 22 Nov 2022 07:23:10 -0500
Subject: [PATCH] Add workaround for OnePlus 8 & 9 display driver crash
Change-Id: Ie7a0ca79bb629814e57958d57546f85030b67048
Signed-off-by: Tad <tad@spotco.us>
---
h_malloc.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/h_malloc.c b/h_malloc.c
index 0308d73..6c3b148 100644
--- a/h_malloc.c
+++ b/h_malloc.c
@@ -1209,6 +1209,15 @@ COLD static void handle_bugs(void) {
ro.purge_slabs = false;
ro.region_quarantine_protect = false;
}
+
+ // OnePlus 8 & 9 display composer
+ // https://gitlab.com/divested-mobile/divestos-build/-/issues/19
+ const char hwc[] = "/vendor/bin/hw/vendor.qti.hardware.display.composer-service";
+ if (strcmp(hwc, path) == 0) {
+ ro.zero_on_free = false;
+ ro.purge_slabs = false;
+ ro.region_quarantine_protect = false;
+ }
}
static struct mutex init_lock = MUTEX_INITIALIZER;

View File

@ -133,7 +133,7 @@ done
declare -a threeDotEighteen=("${threeDotTen[@]}" "android_kernel_samsung_universal8890.sh" "android_kernel_google_dragon.sh" "android_kernel_zte_msm8996.sh" "android_kernel_asus_msm8953.sh" "android_kernel_google_marlin.sh" "android_kernel_motorola_msm8996.sh" "android_kernel_oneplus_msm8996.sh");
for script in "${threeDotEighteen[@]}"
do
commentPatches $script "0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch" "CVE-2018-16597/4.4" "CVE-2019-19319/4.4" "CVE-2020-0305/4.4" "CVE-2020-0429/4.4" "CVE-2020-8992/4.4" "CVE-2021-1048/4.4" "CVE-2021-3428/4.4" "CVE-2021-20265/4.4" "CVE-2022-1184/4.4/0014.patch" "CVE-2022-1184/4.9/0007.patch" "CVE-2022-40768/4.9/0007.patch" "CVE-2022-40768/4.4/0008.patch" "CVE-2022-47929/4.4" "CVE-2023-0458";
commentPatches $script "0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch" "CVE-2018-16597/4.4" "CVE-2019-19319/4.4" "CVE-2020-0305/4.4" "CVE-2020-0429/4.4" "CVE-2020-8992/4.4" "CVE-2021-1048/4.4" "CVE-2021-3428/4.4" "CVE-2021-20265/4.4" "CVE-2022-1184/4.4/0014.patch" "CVE-2022-1184/4.9/0007.patch" "CVE-2022-40768/4.9/0007.patch" "CVE-2022-40768/4.4/0008.patch" "CVE-2022-47929/4.4" "CVE-2023-0458" "CVE-2024-26889";
done
#4.4
declare -a fourDotFour=("${threeDotEighteen[@]}" "android_kernel_essential_msm8998.sh" "android_kernel_fxtec_msm8998.sh" "android_kernel_lge_msm8996.sh" "android_kernel_zuk_msm8996.sh" "android_kernel_xiaomi_sdm660.sh" "android_kernel_sony_sdm660.sh" "android_kernel_razer_msm8998.sh" "android_kernel_oneplus_msm8998.sh" "android_kernel_google_wahoo.sh" "android_kernel_yandex_sdm660.sh" "android_kernel_zuk_msm8996.sh");

View File

@ -860,7 +860,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch

View File

@ -822,7 +822,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch

View File

@ -812,7 +812,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch

View File

@ -629,7 +629,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch

View File

@ -645,7 +645,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch

View File

@ -633,7 +633,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch

View File

@ -120,7 +120,14 @@ fi;
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
if enterAndClear "external/hardened_malloc"; then
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-2.patch"; #Expand workaround to all camera executables (DivestOS)
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0002-Broken_Displays.patch"; #Add workaround for OnePlus 8 & 9 display driver crash (DivestOS)
sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requirement
sed -i -e '76,78d;' Android.bp; #fix compile under A13
sed -i -e '22,24d;' androidtest/Android.bp; #fix compile under A12
awk -i inplace '!/vendor_ramdisk_available/' Android.bp; #fix compile under A11
rm -rfv androidtest;
fi;
fi;

View File

@ -205,3 +205,5 @@ source "$DOS_SCRIPTS/Functions.sh";
[[ -f "$DOS_BUILD_BASE/.repo/local_manifests/roomservice.xml" ]] && echo "roomservice manifest found! Please fix your manifests before continuing!";
[[ -f "$DOS_BUILD_BASE/DOS_PATCHED_FLAG" ]] && echo "NOTE: THIS WORKSPACE IS ALREADY PATCHED, PLEASE RESET BEFORE PATCHING AGAIN!";
if grep -sq "orphan_file" "/etc/mke2fs.conf"; then echo "NOTE: YOU MUST REMOVE orphan_file AND metadata_csum_seed FROM /etc/mke2fs.conf"; fi;