mirror of
https://github.com/GrapheneOS/hardened_malloc.git
synced 2024-12-23 22:49:35 -05:00
add documentation on system calls
This commit is contained in:
parent
4a000d96e2
commit
ddd616aa0b
30
README.md
30
README.md
@ -605,3 +605,33 @@ less useful results falling back to higher upper bounds, but is very fast. In
|
|||||||
this implementation, it retrieves an upper bound on the size for small memory
|
this implementation, it retrieves an upper bound on the size for small memory
|
||||||
allocations based on calculating the size class region. This function is safe
|
allocations based on calculating the size class region. This function is safe
|
||||||
to use from signal handlers already.
|
to use from signal handlers already.
|
||||||
|
|
||||||
|
## System calls
|
||||||
|
|
||||||
|
This is intended to aid with creating system call whitelists via seccomp-bpf
|
||||||
|
and will change over time.
|
||||||
|
|
||||||
|
System calls used by all build configurations:
|
||||||
|
|
||||||
|
* `futex(uaddr, FUTEX_WAIT_PRIVATE, val, NULL)` (via `pthread_mutex_lock`)
|
||||||
|
* `futex(uaddr, FUTEX_WAKE_PRIVATE, val)` (via `pthread_mutex_unlock`)
|
||||||
|
* `getrandom(buf, buflen, 0)` (to seed and regularly reseed the CSPRNG)
|
||||||
|
* `mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0)`
|
||||||
|
* `mmap(ptr, size, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED, -1, 0)`
|
||||||
|
* `mprotect(ptr, size, PROT_READ)`
|
||||||
|
* `mprotect(ptr, size, PROT_READ|PROT_WRITE)`
|
||||||
|
* `mremap(old, old_size, new_size, 0)`
|
||||||
|
* `mremap(old, old_size, new_size, MREMAP_MAYMOVE|MREMAP_FIXED, new)`
|
||||||
|
* `munmap`
|
||||||
|
* `write(STDERR_FILENO, buf, len)` (before aborting due to memory corruption)
|
||||||
|
|
||||||
|
Additional system calls when `CONFIG_SEAL_METADATA=true` is set:
|
||||||
|
|
||||||
|
* `pkey_alloc`
|
||||||
|
* `pkey_mprotect` instead of `mprotect` with an additional `pkey` parameter,
|
||||||
|
but otherwise the same (regular `mprotect` is never called)
|
||||||
|
* `uname` (to detect old buggy kernel versions)
|
||||||
|
|
||||||
|
Additional system calls for Android builds with `LABEL_MEMORY`:
|
||||||
|
|
||||||
|
* `prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, ptr, size, name)`
|
||||||
|
Loading…
Reference in New Issue
Block a user