19.1: switch to latest hardened_malloc revision

+ other fixes

Signed-off-by: Tavi <tavi@divested.dev>

Logs/resetWorkspace-LineageOS-19.1.txt

@@ -52,7 +52,7 @@ external/ImageMagick 346cf7f5b84b846bd3ed13bcc6a31a23d608cfa2
 external/OpenCL-CTS 8c79c498686952c108943422bd01c1924f4f8346
 external/OpenCSD f61ef1151ed648047dbf8ba0a5feb887c2e54ba7
 external/Reactive-Extensions/RxCpp 5f4c3264fe797590114da4338e67590bddfb9179
-external/SecureCamera 488f5c27410aefae5a433cd112f8a490724943b4
+external/SecureCamera 6b16f075e691d064379fe9d855f4c5c5a44c7f55
 external/TestParameterInjector 912440cd7e915b2020af273373381d3f1c01a79d
 external/XNNPACK 8f8ffbb9d2bd3229b58f7570f9912f320b612c6c
 external/aac f9e918f31535e5dcfc53c788f630d9844d05e2c8
@@ -185,7 +185,7 @@ external/guava db153ed224e785e82b70793d0516a792f52503c4
 external/guice 6c56943a3c554b86b83cb82ec787e43b4c1892d8
 external/gwp_asan d8ce6a5e15b8567d1a4e35e34ba7644b877c9787
 external/hamcrest 543f2c338c205a34590a522c90c9812adb2c07a5
-external/hardened_malloc 0d6d63cbe7cb6326bb06e1161b680cb3229f25a0
+external/hardened_malloc 749640c274d54e084505a24fa758bcb5f96a25ef
 external/harfbuzz_ng ea886e460b1fc556a80869cf5c93a53454abc569
 external/hyphenation-patterns 109c2beeed753e908248ff37d0f2641c845a54d1
 external/icing 90395e474e3e50b6e8a411cc845e05591d971043

Manifests/Manifest_LAOS-19.1.xml

@@ -49,7 +49,7 @@
 
 <!-- START OF ADDITIONAL REPOS -->
 	<!-- GrapheneOS -->
-	<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="0d6d63cbe7cb6326bb06e1161b680cb3229f25a0" />
+	<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="749640c274d54e084505a24fa758bcb5f96a25ef" />
 	<project path="external/SecureCamera" name="GrapheneOS/platform_external_Camera" remote="github" revision="6b16f075e691d064379fe9d855f4c5c5a44c7f55" />
 <!-- END OF ADDITIONAL REPOS -->
 

Patches/LineageOS-19.1/android_external_hardened_malloc/0001-Broken_Cameras-1.patch

@@ -8,12 +8,12 @@ Subject: [PATCH] workarounds for Pixel 3 SoC era camera driver bugs
  1 file changed, 28 insertions(+), 5 deletions(-)
 
 diff --git a/h_malloc.c b/h_malloc.c
-index 39ba84d..5fceaef 100644
+index 15be0a2..3fa9ed7 100644
 --- a/h_malloc.c
 +++ b/h_malloc.c
-@@ -76,6 +76,9 @@ static union {
+@@ -80,6 +80,9 @@ static union {
- #ifdef USE_PKEY
+ #ifdef MEMTAG
-         int metadata_pkey;
+         bool is_memtag_disabled;
  #endif
 +        bool zero_on_free;
 +        bool purge_slabs;
@@ -21,7 +21,7 @@ index 39ba84d..5fceaef 100644
      };
      char padding[PAGE_SIZE];
  } ro __attribute__((aligned(PAGE_SIZE)));
-@@ -443,7 +446,7 @@ static void *slot_pointer(size_t size, void *slab, size_t slot) {
+@@ -465,7 +468,7 @@ static void *slot_pointer(size_t size, void *slab, size_t slot) {
  }
  
  static void write_after_free_check(const char *p, size_t size) {
@@ -30,25 +30,25 @@ index 39ba84d..5fceaef 100644
          return;
      }
  
-@@ -693,7 +696,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
+@@ -812,7 +815,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
-     if (likely(!is_zero_size)) {
+         }
-         check_canary(metadata, p, size);
+ #endif
  
--        if (ZERO_ON_FREE) {
+-        if (ZERO_ON_FREE && !skip_zero) {
-+        if (ro.zero_on_free) {
++        if (ro.zero_on_free && !skip_zero) {
              memset(p, 0, size - canary_size);
          }
      }
-@@ -770,7 +773,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
+@@ -890,7 +893,7 @@ static inline void deallocate_small(void *p, const size_t *expected_size) {
-         metadata->prev = NULL;
  
          if (c->empty_slabs_total + slab_size > max_empty_slabs_total) {
+             int saved_errno = errno;
 -            if (!memory_map_fixed(slab, slab_size)) {
 +            if (ro.purge_slabs && !memory_map_fixed(slab, slab_size)) {
                  label_slab(slab, slab_size, class);
                  stats_slab_deallocate(c, slab_size);
                  enqueue_free_slab(c, metadata);
-@@ -855,7 +858,7 @@ static void regions_quarantine_deallocate_pages(void *p, size_t size, size_t gua
+@@ -976,7 +979,7 @@ static void regions_quarantine_deallocate_pages(void *p, size_t size, size_t gua
          return;
      }
  
@@ -57,7 +57,7 @@ index 39ba84d..5fceaef 100644
          memory_purge(p, size);
      } else {
          memory_set_name(p, size, "malloc large quarantine");
-@@ -1071,6 +1074,21 @@ static inline void enforce_init(void) {
+@@ -1192,6 +1195,21 @@ static inline void enforce_init(void) {
      }
  }
  
@@ -76,10 +76,10 @@ index 39ba84d..5fceaef 100644
 +    }
 +}
 +
- COLD static void init_slow_path(void) {
+ static struct mutex init_lock = MUTEX_INITIALIZER;
-     static struct mutex lock = MUTEX_INITIALIZER;
  
-@@ -1085,6 +1103,11 @@ COLD static void init_slow_path(void) {
+ COLD static void init_slow_path(void) {
+@@ -1207,6 +1225,11 @@ COLD static void init_slow_path(void) {
      ro.metadata_pkey = pkey_alloc(0, 0);
  #endif
  
@@ -91,7 +91,7 @@ index 39ba84d..5fceaef 100644
      if (unlikely(sysconf(_SC_PAGESIZE) != PAGE_SIZE)) {
          fatal_error("runtime page size does not match compile-time page size which is not supported");
      }
-@@ -1360,7 +1383,7 @@ EXPORT void *h_calloc(size_t nmemb, size_t size) {
+@@ -1491,7 +1514,7 @@ EXPORT void *h_calloc(size_t nmemb, size_t size) {
      }
      total_size = adjust_size_for_canary(total_size);
      void *p = alloc(total_size);
@@ -99,4 +99,4 @@ index 39ba84d..5fceaef 100644
 +    if (!ro.zero_on_free && likely(p != NULL) && total_size && total_size <= max_slab_size_class) {
          memset(p, 0, total_size - canary_size);
      }
-     return p;
+ #ifdef HAS_ARM_MTE

Patches/LineageOS-19.1/android_external_hardened_malloc/0001-Broken_Cameras-2.patch

@@ -10,16 +10,16 @@ Change-Id: I23513ec0379bbb10829f989690334e9704fd20e2
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/h_malloc.c b/h_malloc.c
-index 5fceaef..70a3e82 100644
+index 3fa9ed7..0308d73 100644
 --- a/h_malloc.c
 +++ b/h_malloc.c
-@@ -1082,7 +1082,8 @@ COLD static void handle_bugs(void) {
+@@ -1203,7 +1203,8 @@ COLD static void handle_bugs(void) {
  
      // Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL camera provider
      const char camera_provider[] = "/vendor/bin/hw/android.hardware.camera.provider@2.4-service_64";
 -    if (strcmp(camera_provider, path) == 0) {
 +    // Any camera executable on system partition
-+    if (strcmp(camera_provider, path) == 0 || (strstr(path, "camera") != NULL && (strncmp("/system", path, 7) == 0 || strncmp("/vendor", path, 7) == 0))) {
++    if (strcmp(camera_provider, path) == 0 || (strstr(path, "camera") != NULL && (strncmp("/system", path, 7) == 0 || strncmp("/vendor", path, 7) == 0 || strncmp("/apex", path, 5) == 0))) {
          ro.zero_on_free = false;
          ro.purge_slabs = false;
          ro.region_quarantine_protect = false;

Patches/LineageOS-19.1/android_external_hardened_malloc/0002-Broken_Displays.patch

@@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Tue, 22 Nov 2022 07:23:10 -0500
+Subject: [PATCH] Add workaround for OnePlus 8 & 9 display driver crash
+
+Change-Id: Ie7a0ca79bb629814e57958d57546f85030b67048
+Signed-off-by: Tad <tad@spotco.us>
+---
+ h_malloc.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/h_malloc.c b/h_malloc.c
+index 0308d73..6c3b148 100644
+--- a/h_malloc.c
++++ b/h_malloc.c
+@@ -1209,6 +1209,15 @@ COLD static void handle_bugs(void) {
+         ro.purge_slabs = false;
+         ro.region_quarantine_protect = false;
+     }
++
++    // OnePlus 8 & 9 display composer
++    // https://gitlab.com/divested-mobile/divestos-build/-/issues/19
++    const char hwc[] = "/vendor/bin/hw/vendor.qti.hardware.display.composer-service";
++    if (strcmp(hwc, path) == 0) {
++        ro.zero_on_free = false;
++        ro.purge_slabs = false;
++        ro.region_quarantine_protect = false;
++    }
+ }
+ 
+ static struct mutex init_lock = MUTEX_INITIALIZER;

Patches/Linux

@@ -1 +1 @@
-Subproject commit 6979e159c035f7add4e2a36f30e42eac3e9fec40
+Subproject commit 02a693fb0f8a4831c487b530ad37e0449c897f1a

Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_xiaomi_sm6150.sh

@@ -430,7 +430,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48619/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48636/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48651/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48659/4.14/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48672/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48687/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48695/4.14/0003.patch
@@ -607,7 +606,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27074/^6.8/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27075/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27388/^6.8/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
-editKernelLocalversion "-dos.p607"
+editKernelLocalversion "-dos.p606"
 else echo "kernel_xiaomi_sm6150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-19.1/CVE_Patchers/android_kernel_xiaomi_sm8150.sh

@@ -516,7 +516,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48619/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48636/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48651/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48659/4.14/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48672/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48687/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48695/4.14/0003.patch
@@ -699,7 +698,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.14/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/4.14/0002.patch
-editKernelLocalversion "-dos.p699"
+editKernelLocalversion "-dos.p698"
 else echo "kernel_xiaomi_sm8150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-19.1/Functions.sh

@@ -66,10 +66,9 @@ patchWorkspaceReal() {
 	verifyAllPlatformTags;
 	gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
 
-	source build/envsetup.sh;
+	#source build/envsetup.sh;
 	#repopick -ift twelve-bt-sbc-hd-dualchannel;
 	#repopick -it twelve-colors;
-	repopick -it S_asb_2024-04;
 
 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";

Scripts/LineageOS-19.1/Patch.sh

@@ -119,6 +119,10 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
 if enterAndClear "external/hardened_malloc"; then
 applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-2.patch"; #Expand workaround to all camera executables (DivestOS)
+applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0002-Broken_Displays.patch"; #Add workaround for OnePlus 8 & 9 display driver crash (DivestOS)
+sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requirement
+sed -i -e '76,78d;' Android.bp; #fix compile under A13
+sed -i -e '22,24d;' androidtest/Android.bp; #fix compile under A12
 fi;
 fi;
 

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.14.sh

@@ -75,7 +75,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3061/^5.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4382/^6.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20382/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1989/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-3777/^6.5/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-6270/^6.8/0001.patch
@@ -160,7 +159,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27059/^6.8/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27074/^6.8/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27075/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27388/^6.8/0002.patch
-editKernelLocalversion "-dos.p160"
+editKernelLocalversion "-dos.p159"
 else echo "kernel_google_msm-4.14 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh

@@ -483,7 +483,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48619/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48636/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48651/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48659/4.14/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48672/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48687/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48695/4.14/0003.patch
@@ -665,7 +664,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27388/^6.8/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.14/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.14/0002.patch
-editKernelLocalversion "-dos.p665"
+editKernelLocalversion "-dos.p664"
 else echo "kernel_oneplus_sm8150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sm6150.sh

@@ -83,7 +83,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20158/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20158/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20371/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0590/4.14/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1989/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-3567/4.14/0007.patch
@@ -173,7 +172,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27059/^6.8/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27074/^6.8/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27075/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27388/^6.8/0002.patch
-editKernelLocalversion "-dos.p173"
+editKernelLocalversion "-dos.p172"
 else echo "kernel_xiaomi_sm6150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_vayu.sh

@@ -81,7 +81,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20158/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20158/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20371/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-48671/^6.0/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0590/4.14/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1989/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-3567/4.14/0007.patch
@@ -178,7 +177,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27059/^6.8/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27074/^6.8/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27075/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27388/^6.8/0002.patch
-editKernelLocalversion "-dos.p178"
+editKernelLocalversion "-dos.p177"
 else echo "kernel_xiaomi_vayu is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"