Daniel Micay
0af33616f0
cleaner wording in introduction
2019-08-18 06:47:25 -04:00
Daniel Micay
c66cf10894
clarify malloc_object_size state further
2019-08-18 06:45:53 -04:00
Daniel Micay
0129d8e470
move point about delayed free for slab allocations
2019-08-18 06:44:35 -04:00
Daniel Micay
5eefcd39b4
the design / implementation is fairly complete now
2019-08-18 06:24:21 -04:00
Daniel Micay
2288b3a754
add information on stats
2019-08-18 06:21:39 -04:00
Daniel Micay
f4afedb137
add links to size class section from configuration
2019-08-18 05:48:29 -04:00
Daniel Micay
ac70e2c250
use full sentences to describe compile options
2019-08-18 05:47:13 -04:00
Daniel Micay
d0b466beb8
elaborate on the cost of GUARD_SLABS_INTERVAL
2019-08-18 05:46:20 -04:00
Daniel Micay
7a8c57d0f5
stop marking MPK support 'extremely experimental'
2019-08-18 05:37:42 -04:00
Daniel Micay
c4fc025fde
clarify ZERO_ON_FREE / WRITE_AFTER_FREE_CHECK
2019-08-18 05:35:48 -04:00
Daniel Micay
58b56f10ea
avoid -shared-libgcc due to old Clang versions
2019-08-18 04:53:51 -04:00
Daniel Micay
125efe99db
fix wording in note about malloc_object_size
2019-08-18 02:51:32 -04:00
Daniel Micay
77b242ea3f
enable misc tidy checks
2019-08-18 02:43:49 -04:00
Daniel Micay
d37657e125
enable llvm-include-order tidy check
2019-08-18 02:39:55 -04:00
Daniel Micay
3c67708c3a
reorder clang-tidy checks parameters
2019-08-18 02:34:51 -04:00
Daniel Micay
2ad74515b1
enable -Werror for Android build system
2019-08-18 02:31:05 -04:00
Daniel Micay
abece7656b
add enabled-by-default option to use -Werror
2019-08-18 02:28:23 -04:00
Daniel Micay
c70745ab15
Makefile: add check target depending on tidy
2019-08-18 02:20:06 -04:00
Daniel Micay
7d4d2ef0fb
treat clang-tidy warnings as errors for automation
2019-08-18 02:18:04 -04:00
Daniel Micay
8133444f43
move clang-tidy configuration to .clang-tidy
2019-08-18 02:12:18 -04:00
Daniel Micay
8f9f2521a0
disable sanitizer recovery in UBSan debug builds
...
This makes it harder to miss that an error occurred and avoids spamming
output. There should never be a single error, so it doesn't make sense
to gather as many errors as possible when a single error is already a
serious issue that would need to be fixed.
2019-08-18 02:00:13 -04:00
Daniel Micay
d8ebdea05f
handle CONFIG_SEAL_METADATA option like the others
2019-08-18 01:56:20 -04:00
Daniel Micay
defd55f302
provide link to Bionic integration commit
2019-08-18 01:44:40 -04:00
Daniel Micay
04f69d9f0d
update supported Android branches
2019-08-18 01:41:56 -04:00
Daniel Micay
995d0580d1
remove extra spaces inserted by vim joinspaces
2019-08-18 01:39:22 -04:00
Daniel Micay
8d2df1deb8
use CC as CXX to make sure LTO is compatible
2019-08-18 01:28:59 -04:00
Daniel Micay
1bc201c4c1
use -Wcast-align if -Wcast-align=strict is missing
2019-08-18 01:15:54 -04:00
Daniel Micay
cc8c4459e1
make safe_flag treat unknown warnings as missing
2019-08-18 01:15:54 -04:00
Daniel Micay
b6b910f032
add table of contents to README
2019-08-18 01:15:54 -04:00
Daniel Micay
24de5aab05
still need to finish up initial malloc_object_size
2019-08-18 01:15:54 -04:00
Daniel Micay
71e4577367
fix some inconsistencies in the tagging examples
2019-08-13 21:44:16 -04:00
Patrick Schleizer
75e86914aa
respect existing CFLAGS, CPPFLAGS and LDFLAGS
2019-07-29 13:52:55 -04:00
Daniel Micay
90d12fb340
override local default to -fstack-protector-strong
...
This is a no-op on a toolchain compiled with the basic mitigations
enabled by default, so this is generally a no-op anywhere this project
is likely to be deployed. SSP has a very low performance cost so there's
little reason to avoid it, even though it also has zero value for this
code in practice. It would be great if one of the more modern approaches
was widely adopted, but unfortunately SSP is as good as it gets for
portable options. It doesn't provide any protection against external
writes to the stack data which is all that's really needed here.
ShadowCallStack is a great option for arm64, but it's substantially more
difficult to protect return addresses well on x86_64 due to the design of
the ISA and ABI.
2019-07-19 11:53:55 -04:00
Daniel Micay
77743e5a36
use -fstack-clash-protection for completeness
...
This is a no-op for the current code and will likely remain that way so
there's no benefit but also no performance cost.
2019-07-19 11:18:49 -04:00
Daniel Micay
3ed6e546c8
OS integration guide
2019-07-18 07:22:29 -04:00
Daniel Micay
d80919fa1e
substantially raise the arbitrary arena limit
2019-07-12 03:43:33 -04:00
Daniel Micay
410e9efb93
extend configuration sanity checks
2019-07-11 17:09:48 -04:00
Daniel Micay
7bcfa500be
remove note about lack of sanity checks for config
2019-07-11 15:50:45 -04:00
Daniel Micay
72a08f88fb
supports Debian oldstable due to Buster release
2019-07-10 18:08:14 -04:00
Daniel Micay
a32e26b8e9
avoid trying to use mremap outside of Linux
2019-07-05 21:59:44 -04:00
Daniel Micay
934ab4cb59
explain extended size classes impact on quarantine
2019-07-05 17:57:41 -04:00
Daniel Micay
060f74b993
extended size classes now go up to 128k not 64k
2019-07-05 17:55:25 -04:00
Daniel Micay
4d4277319a
clarifications to randomization documentation
2019-06-23 19:20:16 -04:00
Daniel Micay
a579257a26
update libdivide to 1.1
2019-06-23 00:39:35 -04:00
Daniel Micay
bb65d088dc
drop default class region size to 32GiB
2019-06-19 01:00:22 -04:00
Daniel Micay
706c1970b5
add GitHub funding metadata
2019-06-18 22:54:49 -04:00
Daniel Micay
dba11c0091
fix warning with glibc from cfree
2019-06-18 22:50:10 -04:00
Daniel Micay
539d4f0d37
add extended size classes to offset test
2019-06-18 15:51:28 -04:00
Daniel Micay
bc75c4db7b
realloc: use copy_size to check for canaries
...
This avoids unnecessarily copying the canary when doing a realloc from a
small size to a large size. It also avoids trying to copy a non-existent
canary out of a zero-size allocation, which are memory protected.
2019-06-17 00:28:10 -04:00
Daniel Micay
37474e117c
limit precision for fragmentation in table
2019-06-12 13:29:04 -04:00
