mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 06:59:27 -05:00
19.1: switch to latest hardened_malloc revision
+ other fixes Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
parent
c26af5a755
commit
2c90c48637
@ -52,7 +52,7 @@ external/ImageMagick 346cf7f5b84b846bd3ed13bcc6a31a23d608cfa2
|
||||
external/OpenCL-CTS 8c79c498686952c108943422bd01c1924f4f8346
|
||||
external/OpenCSD f61ef1151ed648047dbf8ba0a5feb887c2e54ba7
|
||||
external/Reactive-Extensions/RxCpp 5f4c3264fe797590114da4338e67590bddfb9179
|
||||
external/SecureCamera 488f5c27410aefae5a433cd112f8a490724943b4
|
||||
external/SecureCamera 6b16f075e691d064379fe9d855f4c5c5a44c7f55
|
||||
external/TestParameterInjector 912440cd7e915b2020af273373381d3f1c01a79d
|
||||
external/XNNPACK 8f8ffbb9d2bd3229b58f7570f9912f320b612c6c
|
||||
external/aac f9e918f31535e5dcfc53c788f630d9844d05e2c8
|
||||
@ -185,7 +185,7 @@ external/guava db153ed224e785e82b70793d0516a792f52503c4
|
||||
external/guice 6c56943a3c554b86b83cb82ec787e43b4c1892d8
|
||||
external/gwp_asan d8ce6a5e15b8567d1a4e35e34ba7644b877c9787
|
||||
external/hamcrest 543f2c338c205a34590a522c90c9812adb2c07a5
|
||||
external/hardened_malloc 0d6d63cbe7cb6326bb06e1161b680cb3229f25a0
|
||||
external/hardened_malloc 749640c274d54e084505a24fa758bcb5f96a25ef
|
||||
external/harfbuzz_ng ea886e460b1fc556a80869cf5c93a53454abc569
|
||||
external/hyphenation-patterns 109c2beeed753e908248ff37d0f2641c845a54d1
|
||||
external/icing 90395e474e3e50b6e8a411cc845e05591d971043
|
||||
|
@ -49,7 +49,7 @@
|
||||
|
||||
<!-- START OF ADDITIONAL REPOS -->
|
||||
<!-- GrapheneOS -->
|
||||
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="0d6d63cbe7cb6326bb06e1161b680cb3229f25a0" />
|
||||
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="749640c274d54e084505a24fa758bcb5f96a25ef" />
|
||||
<project path="external/SecureCamera" name="GrapheneOS/platform_external_Camera" remote="github" revision="6b16f075e691d064379fe9d855f4c5c5a44c7f55" />
|
||||
<!-- END OF ADDITIONAL REPOS -->
|
||||
|
||||
|
@ -8,12 +8,12 @@ Subject: [PATCH] workarounds for Pixel 3 SoC era camera driver bugs
|
||||
1 file changed, 28 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/h_malloc.c b/h_malloc.c
|
||||
index 39ba84d..5fceaef 100644
|
||||
index 15be0a2..3fa9ed7 100644
|
||||
--- a/h_malloc.c
|
||||
+++ b/h_malloc.c
|
||||
@@ -76,6 +76,9 @@ static union {
|
||||
#ifdef USE_PKEY
|
||||
int metadata_pkey;
|
||||
@@ -80,6 +80,9 @@ static union {
|
||||
#ifdef MEMTAG
|
||||
bool is_memtag_disabled;
|
||||
#endif
|
||||
+ bool zero_on_free;
|
||||
+ bool purge_slabs;
|
||||
@ -21,7 +21,7 @@ index 39ba84d..5fceaef 100644
|
||||
};
|
||||
char padding[PAGE_SIZE];
|
||||
} ro __attribute__((aligned(PAGE_SIZE)));
|
||||
@@ -443,7 +446,7 @@ static void *slot_pointer(size_t size, void *slab, size_t slot) {
|
||||
@@ -465,7 +468,7 @@ static void *slot_pointer(size_t size, void *slab, size_t slot) {
|
||||
}
|
||||
|
||||
static void write_after_free_check(const char *p, size_t size) {
|
||||
@ -30,25 +30,25 @@ index 39ba84d..5fceaef 100644
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -693,7 +696,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
|
||||
if (likely(!is_zero_size)) {
|
||||
check_canary(metadata, p, size);
|
||||
@@ -812,7 +815,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
|
||||
}
|
||||
#endif
|
||||
|
||||
- if (ZERO_ON_FREE) {
|
||||
+ if (ro.zero_on_free) {
|
||||
- if (ZERO_ON_FREE && !skip_zero) {
|
||||
+ if (ro.zero_on_free && !skip_zero) {
|
||||
memset(p, 0, size - canary_size);
|
||||
}
|
||||
}
|
||||
@@ -770,7 +773,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
|
||||
metadata->prev = NULL;
|
||||
@@ -890,7 +893,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
|
||||
|
||||
if (c->empty_slabs_total + slab_size > max_empty_slabs_total) {
|
||||
int saved_errno = errno;
|
||||
- if (!memory_map_fixed(slab, slab_size)) {
|
||||
+ if (ro.purge_slabs && !memory_map_fixed(slab, slab_size)) {
|
||||
label_slab(slab, slab_size, class);
|
||||
stats_slab_deallocate(c, slab_size);
|
||||
enqueue_free_slab(c, metadata);
|
||||
@@ -855,7 +858,7 @@ static void regions_quarantine_deallocate_pages(void *p, size_t size, size_t gua
|
||||
@@ -976,7 +979,7 @@ static void regions_quarantine_deallocate_pages(void *p, size_t size, size_t gua
|
||||
return;
|
||||
}
|
||||
|
||||
@ -57,7 +57,7 @@ index 39ba84d..5fceaef 100644
|
||||
memory_purge(p, size);
|
||||
} else {
|
||||
memory_set_name(p, size, "malloc large quarantine");
|
||||
@@ -1071,6 +1074,21 @@ static inline void enforce_init(void) {
|
||||
@@ -1192,6 +1195,21 @@ static inline void enforce_init(void) {
|
||||
}
|
||||
}
|
||||
|
||||
@ -76,10 +76,10 @@ index 39ba84d..5fceaef 100644
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
COLD static void init_slow_path(void) {
|
||||
static struct mutex lock = MUTEX_INITIALIZER;
|
||||
static struct mutex init_lock = MUTEX_INITIALIZER;
|
||||
|
||||
@@ -1085,6 +1103,11 @@ COLD static void init_slow_path(void) {
|
||||
COLD static void init_slow_path(void) {
|
||||
@@ -1207,6 +1225,11 @@ COLD static void init_slow_path(void) {
|
||||
ro.metadata_pkey = pkey_alloc(0, 0);
|
||||
#endif
|
||||
|
||||
@ -91,7 +91,7 @@ index 39ba84d..5fceaef 100644
|
||||
if (unlikely(sysconf(_SC_PAGESIZE) != PAGE_SIZE)) {
|
||||
fatal_error("runtime page size does not match compile-time page size which is not supported");
|
||||
}
|
||||
@@ -1360,7 +1383,7 @@ EXPORT void *h_calloc(size_t nmemb, size_t size) {
|
||||
@@ -1491,7 +1514,7 @@ EXPORT void *h_calloc(size_t nmemb, size_t size) {
|
||||
}
|
||||
total_size = adjust_size_for_canary(total_size);
|
||||
void *p = alloc(total_size);
|
||||
@ -99,4 +99,4 @@ index 39ba84d..5fceaef 100644
|
||||
+ if (!ro.zero_on_free && likely(p != NULL) && total_size && total_size <= max_slab_size_class) {
|
||||
memset(p, 0, total_size - canary_size);
|
||||
}
|
||||
return p;
|
||||
#ifdef HAS_ARM_MTE
|
||||
|
@ -10,16 +10,16 @@ Change-Id: I23513ec0379bbb10829f989690334e9704fd20e2
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/h_malloc.c b/h_malloc.c
|
||||
index 5fceaef..70a3e82 100644
|
||||
index 3fa9ed7..0308d73 100644
|
||||
--- a/h_malloc.c
|
||||
+++ b/h_malloc.c
|
||||
@@ -1082,7 +1082,8 @@ COLD static void handle_bugs(void) {
|
||||
@@ -1203,7 +1203,8 @@ COLD static void handle_bugs(void) {
|
||||
|
||||
// Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL camera provider
|
||||
const char camera_provider[] = "/vendor/bin/hw/android.hardware.camera.provider@2.4-service_64";
|
||||
- if (strcmp(camera_provider, path) == 0) {
|
||||
+ // Any camera executable on system partition
|
||||
+ if (strcmp(camera_provider, path) == 0 || (strstr(path, "camera") != NULL && (strncmp("/system", path, 7) == 0 || strncmp("/vendor", path, 7) == 0))) {
|
||||
+ if (strcmp(camera_provider, path) == 0 || (strstr(path, "camera") != NULL && (strncmp("/system", path, 7) == 0 || strncmp("/vendor", path, 7) == 0 || strncmp("/apex", path, 5) == 0))) {
|
||||
ro.zero_on_free = false;
|
||||
ro.purge_slabs = false;
|
||||
ro.region_quarantine_protect = false;
|
||||
|
@ -0,0 +1,31 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Tue, 22 Nov 2022 07:23:10 -0500
|
||||
Subject: [PATCH] Add workaround for OnePlus 8 & 9 display driver crash
|
||||
|
||||
Change-Id: Ie7a0ca79bb629814e57958d57546f85030b67048
|
||||
Signed-off-by: Tad <tad@spotco.us>
|
||||
---
|
||||
h_malloc.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/h_malloc.c b/h_malloc.c
|
||||
index 0308d73..6c3b148 100644
|
||||
--- a/h_malloc.c
|
||||
+++ b/h_malloc.c
|
||||
@@ -1209,6 +1209,15 @@ COLD static void handle_bugs(void) {
|
||||
ro.purge_slabs = false;
|
||||
ro.region_quarantine_protect = false;
|
||||
}
|
||||
+
|
||||
+ // OnePlus 8 & 9 display composer
|
||||
+ // https://gitlab.com/divested-mobile/divestos-build/-/issues/19
|
||||
+ const char hwc[] = "/vendor/bin/hw/vendor.qti.hardware.display.composer-service";
|
||||
+ if (strcmp(hwc, path) == 0) {
|
||||
+ ro.zero_on_free = false;
|
||||
+ ro.purge_slabs = false;
|
||||
+ ro.region_quarantine_protect = false;
|
||||
+ }
|
||||
}
|
||||
|
||||
static struct mutex init_lock = MUTEX_INITIALIZER;
|
@ -1 +1 @@
|
||||
Subproject commit 6979e159c035f7add4e2a36f30e42eac3e9fec40
|
||||
Subproject commit 02a693fb0f8a4831c487b530ad37e0449c897f1a
|
@ -430,7 +430,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48619/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48636/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48651/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48659/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48672/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48687/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48695/4.14/0003.patch
|
||||
@ -607,7 +606,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27074/^6.8/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27075/^6.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27388/^6.8/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
|
||||
editKernelLocalversion "-dos.p607"
|
||||
editKernelLocalversion "-dos.p606"
|
||||
else echo "kernel_xiaomi_sm6150 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
@ -516,7 +516,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48619/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48636/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48651/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48659/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48672/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48687/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48695/4.14/0003.patch
|
||||
@ -699,7 +698,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.14/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/4.14/0002.patch
|
||||
editKernelLocalversion "-dos.p699"
|
||||
editKernelLocalversion "-dos.p698"
|
||||
else echo "kernel_xiaomi_sm8150 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
@ -66,10 +66,9 @@ patchWorkspaceReal() {
|
||||
verifyAllPlatformTags;
|
||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||
|
||||
source build/envsetup.sh;
|
||||
#source build/envsetup.sh;
|
||||
#repopick -ift twelve-bt-sbc-hd-dualchannel;
|
||||
#repopick -it twelve-colors;
|
||||
repopick -it S_asb_2024-04;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
@ -119,6 +119,10 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
||||
if enterAndClear "external/hardened_malloc"; then
|
||||
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-2.patch"; #Expand workaround to all camera executables (DivestOS)
|
||||
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0002-Broken_Displays.patch"; #Add workaround for OnePlus 8 & 9 display driver crash (DivestOS)
|
||||
sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requirement
|
||||
sed -i -e '76,78d;' Android.bp; #fix compile under A13
|
||||
sed -i -e '22,24d;' androidtest/Android.bp; #fix compile under A12
|
||||
fi;
|
||||
fi;
|
||||
|
||||
|
@ -75,7 +75,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3061/^5.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4382/^6.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20382/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1989/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-3777/^6.5/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-6270/^6.8/0001.patch
|
||||
@ -160,7 +159,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27059/^6.8/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27074/^6.8/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27075/^6.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27388/^6.8/0002.patch
|
||||
editKernelLocalversion "-dos.p160"
|
||||
editKernelLocalversion "-dos.p159"
|
||||
else echo "kernel_google_msm-4.14 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
@ -483,7 +483,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48619/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48636/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48651/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48659/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48672/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48687/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48695/4.14/0003.patch
|
||||
@ -665,7 +664,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27388/^6.8/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.14/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.14/0002.patch
|
||||
editKernelLocalversion "-dos.p665"
|
||||
editKernelLocalversion "-dos.p664"
|
||||
else echo "kernel_oneplus_sm8150 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
@ -83,7 +83,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20158/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20158/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20371/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0590/4.14/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1989/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-3567/4.14/0007.patch
|
||||
@ -173,7 +172,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27059/^6.8/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27074/^6.8/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27075/^6.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27388/^6.8/0002.patch
|
||||
editKernelLocalversion "-dos.p173"
|
||||
editKernelLocalversion "-dos.p172"
|
||||
else echo "kernel_xiaomi_sm6150 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
@ -81,7 +81,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20158/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20158/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20371/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0590/4.14/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1989/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-3567/4.14/0007.patch
|
||||
@ -178,7 +177,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27059/^6.8/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27074/^6.8/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27075/^6.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27388/^6.8/0002.patch
|
||||
editKernelLocalversion "-dos.p178"
|
||||
editKernelLocalversion "-dos.p177"
|
||||
else echo "kernel_xiaomi_vayu is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
Loading…
Reference in New Issue
Block a user