Dmitry Muhomor
f042a6b9b0
android: add function for disabling MTE at runtime
...
On Android, MTE is always enabled in Zygote, and is disabled after fork for apps that didn't opt-in
to MTE.
Depends on the slab canary adjustments in the previous commit.
2023-10-30 14:20:53 -04:00
Dmitry Muhomor
001fc86585
mte: disable slab canaries when MTE is on
...
Canary with the "0" value is now reserved to support re-enabling slab canaries if MTE is turned off
at runtime.
2023-10-30 14:20:53 -04:00
Dmitry Muhomor
70c91f4c3e
mte: disable write-after-free check for slab allocations when MTE is on
...
Freed slab memory is tagged with a reserved tag value that is never used for live allocations.
2023-10-30 14:20:53 -04:00
Dmitry Muhomor
e3686ae457
add support for Arm MTE memory tagging
...
- tag slab allocations with [1..14] tags
- tag freed slab allocations with the "15" tag value to detect accesses to freed slab memory
- when generating tag value for a slab slot, always exclude most recent tag value for that slot
(to make use-after-free detection more reliable) and most recent tag values of its immediate
neighbors (to detect linear overflows and underflows)
2023-10-30 14:20:53 -04:00
Dmitry Muhomor
19a46e0f96
add helper functions for using u8 array as u4 array
2023-10-30 14:20:53 -04:00
Dmitry Muhomor
8d5c631224
android: implement fatal_error() via async_safe_fatal()
...
async_safe_fatal() performs the following steps:
- logs the error message to stderr and logcat
- passes error message to debuggerd via android_set_abort_message(). debuggerd then saves the error
message in the crash report file ("tombstone")
- calls abort()
2023-09-28 13:47:11 -04:00
Christian Göttsche
903cba5a84
test: add regression test for missing init() in realloc()
2023-09-27 19:19:19 -04:00
Christian Göttsche
9cb4e6daf6
do not skip init() in realloc()
...
If N_ARENA is greater than 1 `thread_arena` is initially to N_ARENA,
which is an invalid index into `ro.size_class_metadata[]`.
The actual used arena is computed in init().
Ensure init() is called if a new thread is only using realloc() to avoid
UB, e.g. pthread_mutex_lock() might crash due the memory not holding an
initialized mutex.
Affects mesa 23.2.0~rc4.
Example back trace using glmark2 (note `arena=4` with the default
N_ARENA being 4):
Program terminated with signal SIGSEGV, Segmentation fault.
#0 ___pthread_mutex_lock (mutex=0x7edff8d3f200) at ./nptl/pthread_mutex_lock.c:80
type = <optimized out>
__PRETTY_FUNCTION__ = "___pthread_mutex_lock"
id = <optimized out>
#1 0x00007f0ab62091a6 in mutex_lock (m=0x7edff8d3f200) at ./mutex.h:21
No locals.
#2 0x00007f0ab620c9b5 in allocate_small (arena=4, requested_size=24) at h_malloc.c:517
info = {size = 32, class = 2}
size = 32
c = 0x7edff8d3f200
slots = 128
slab_size = 4096
metadata = 0x0
slot = 0
slab = 0x0
p = 0x0
#3 0x00007f0ab6209809 in allocate (arena=4, size=24) at h_malloc.c:1252
No locals.
#4 0x00007f0ab6208e26 in realloc (old=0x72b138199120, size=24) at h_malloc.c:1499
vma_merging_reliable = false
old_size = 16
new = 0x0
copy_size = 139683981990973
#5 0x00007299f919e556 in attach_shader (ctx=0x7299e9ef9000, shProg=0x7370c9277d30, sh=0x7370c9278230) at ../src/mesa/main/shaderapi.c:336
n = 1
#6 0x00007299f904223e in _mesa_unmarshal_AttachShader (ctx=<optimized out>, cmd=<optimized out>) at src/mapi/glapi/gen/marshal_generated2.c:1539
program = <optimized out>
shader = <optimized out>
cmd_size = 2
#7 0x00007299f8f2e3b2 in glthread_unmarshal_batch (job=job@entry=0x7299e9ef9168, gdata=gdata@entry=0x0, thread_index=thread_index@entry=0) at ../src/mesa/main/glthread.c:139
cmd = 0x7299e9ef9180
batch = 0x7299e9ef9168
ctx = 0x7299e9ef9000
pos = 0
used = 3
buffer = 0x7299e9ef9180
shared = <optimized out>
lock_mutexes = <optimized out>
batch_index = <optimized out>
#8 0x00007299f8ecc2d9 in util_queue_thread_func (input=input@entry=0x72c1160e5580) at ../src/util/u_queue.c:309
job = {job = 0x7299e9ef9168, global_data = 0x0, job_size = 0, fence = 0x7299e9ef9168, execute = <optimized out>, cleanup = <optimized out>}
queue = 0x7299e9ef9058
thread_index = 0
#9 0x00007299f8f1bcbb in impl_thrd_routine (p=<optimized out>) at ../src/c11/impl/threads_posix.c:67
pack = {func = 0x7299f8ecc190 <util_queue_thread_func>, arg = 0x72c1160e5580}
#10 0x00007f0ab5aa63ec in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:444
ret = <optimized out>
pd = <optimized out>
out = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139683974242608, 2767510063778797177, -168, 11, 140727286820160, 126005371879424, -4369625917767903623, -2847048016936659335}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0,
0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
#11 0x00007f0ab5b26a2c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
2023-09-26 20:03:02 -04:00
dependabot[bot]
8696431b88
Bump actions/checkout from 3 to 4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-04 15:37:49 -04:00
Daniel Micay
2d302f7d85
enable -Wundef
2023-06-10 14:58:33 -04:00
Daniel Micay
d5f9909eca
add missing include
2023-06-10 14:58:20 -04:00
Daniel Micay
5e1901e85d
silence unwanted tidy warning
2023-06-10 14:52:08 -04:00
Daniel Micay
462c2c5293
conditionally include bits/functexcept.h
2023-06-10 14:20:20 -04:00
Daniel Micay
8f3281ed6a
enable strict prototypes warning
2023-06-10 14:18:27 -04:00
Christian Göttsche
7d75acc62a
use strict prototype
...
h_malloc.c:83:21: error: function declaration isn’t a prototype [-Werror=strict-prototypes]
83 | static inline void *get_slab_region_end() {
| ^~~~~~~~~~~~~~~~~~~
2023-06-10 14:18:27 -04:00
Christian Göttsche
af866a7faa
support versioned Clang
...
make CC=clang-14
clang-14 -std=c17 -O3 -flto -fPIC -fvisibility=hidden -fno-plt -fstack-clash-protection -fstack-protector-strong -pipe -Wall -Wcast-qual -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -Wcast-align=strict -Wcast-qual -Wwrite-strings -Werror -march=native -Wmissing-prototypes -D_GNU_SOURCE -I include -DCONFIG_SEAL_METADATA=false -DZERO_ON_FREE=true -DWRITE_AFTER_FREE_CHECK=true -DSLOT_RANDOMIZE=true -DSLAB_CANARY=true -DSLAB_QUARANTINE_RANDOM_LENGTH=1 -DSLAB_QUARANTINE_QUEUE_LENGTH=1 -DCONFIG_EXTENDED_SIZE_CLASSES=true -DCONFIG_LARGE_SIZE_CLASSES=true -DGUARD_SLABS_INTERVAL=1 -DGUARD_SIZE_DIVISOR=2 -DREGION_QUARANTINE_RANDOM_LENGTH=256 -DREGION_QUARANTINE_QUEUE_LENGTH=1024 -DREGION_QUARANTINE_SKIP_THRESHOLD=33554432 -DFREE_SLABS_QUARANTINE_RANDOM_LENGTH=32 -DCONFIG_CLASS_REGION_SIZE=34359738368 -DN_ARENA=4 -DCONFIG_STATS=false -c -o out/chacha.o chacha.c
error: unknown warning option '-Wcast-align=strict'; did you mean '-Wcast-align'? [-Werror,-Wunknown-warning-option]
make: *** [Makefile:114: out/chacha.o] Error 1
2023-06-10 14:18:27 -04:00
Daniel Micay
64dad0a69f
drop legacy glibc support
2023-06-10 14:04:46 -04:00
Daniel Micay
95c4b40caf
update minimum dependency version list
2023-06-10 14:02:55 -04:00
Daniel Micay
cc70583beb
drop info on MPK with unsupported kernels
2023-06-10 13:59:56 -04:00
Daniel Micay
62a98efb13
update supported Android branch
2023-06-10 13:59:36 -04:00
Daniel Micay
d3152b8e8f
preserve errno for free calls
...
This is a future POSIX requirement recently implemented by musl and
glibc.
2023-02-17 13:07:26 -05:00
Daniel Micay
2e9daf3122
merge fprintf/fputs calls in malloc_info
2023-02-17 13:07:26 -05:00
Daniel Micay
6038030d0b
no need to check for -fstack-clash-protection
...
This is supported by the compiler versions listed as minimum
requirements in the README.
2023-02-17 13:07:26 -05:00
Daniel Micay
4d23fa37ad
enable Intel CET support
2023-02-17 13:07:26 -05:00
Daniel Micay
6d36e758f5
update copyright notice
2023-02-17 13:07:26 -05:00
Daniel Micay
cd9b875297
reorganize compiler switches
2023-02-17 13:07:24 -05:00
Daniel Micay
2250130c53
remove unnecessary UNUSED marker
2022-09-16 01:03:47 -04:00
Daniel Micay
72dba6765f
disable tidy identifier length lint
2022-09-16 00:57:08 -04:00
Daniel Micay
8f38bbdee6
add configuration for self-init
...
This needs to be disabled for compatibility with the exploit protection
compatibility mode on GrapheneOS. hardened_malloc shouldn't be trying to
initialize itself when exploit protection compatibility mode is enabled.
This has to be handled in our Bionic integration instead.
2022-09-14 03:41:31 -04:00
Daniel Micay
dd427cb3b8
arm64 page table / page size docs
2022-09-08 23:17:25 -04:00
Daniel Micay
b5dd9d11d9
raise class region size to 32GB for arm64 Android
2022-09-08 23:13:15 -04:00
Daniel Micay
72fb3576f5
Android 13 is now all we'll be supporting
2022-08-16 07:48:47 -04:00
Dmitry Muhomor
f8fec401c7
update Android.bp for Android 13
2022-08-16 07:46:44 -04:00
Daniel Micay
0d6d63cbe7
improve package installation for CI
2022-03-11 22:09:13 -05:00
dependabot[bot]
8fd31e4bc1
Bump actions/checkout from 2 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 13:44:16 -05:00
jvoisin
b511696c55
clean up includes and remove non-portable includes
...
This marginally increases the portability of hardened_malloc,
eg. on OSX.
2022-02-07 07:14:51 -05:00
jvoisin
943704de7c
Remove __pycache__ as well in make clean
2022-02-06 18:56:56 -05:00
jvoisin
04a86566c3
Don't depend on gcc_s
2022-01-28 14:59:58 -05:00
Daniel Micay
448170a412
fix case for non-macro constant
2022-01-21 23:59:37 -05:00
Daniel Micay
995ce07d45
add is_init likely/unlikely markers
2022-01-21 19:46:49 -05:00
Daniel Micay
c9d1abcd7e
explicitly mark fatal error conditions unlikely
2022-01-21 19:45:05 -05:00
Daniel Micay
8f0b252c33
mark more out-of-memory conditions as unlikely
2022-01-21 19:03:02 -05:00
Daniel Micay
3cffc1e1af
treat zero size malloc as unlikely
...
Calls to malloc with a zero size are extremely rare relative to normal
usage of the API. It's generally only done by inefficient C code with
open coded dynamic array implementations where they aren't handling zero
size as a special case for their usage of malloc/realloc. Efficient code
wouldn't be making these allocations. It doesn't make sense to optimize
for the performance of rare edge cases caused by inefficient code.
2022-01-21 18:27:04 -05:00
Daniel Micay
ae2524bf88
ignore environment for test Makefile variables
2022-01-21 16:24:49 -05:00
Daniel Micay
e28addda19
add back gitignore entries
2022-01-21 15:07:13 -05:00
Daniel Micay
9d89712386
remove extra newline
2022-01-21 15:06:29 -05:00
jvoisin
84eadd8568
Move memory corruption tests up a directory
2022-01-21 15:00:18 -05:00
Daniel Micay
0bbcc5d610
malloc.c was renamed to h_malloc.c
2022-01-19 16:42:12 -05:00
jvoisin
3fa30842ed
Use $(MAKE) instead of make in Makefiles
...
This will pass the correct flags to the make
invocations.
2022-01-17 16:21:00 -05:00
Daniel Micay
b3d78bd5f6
use static const for local constants
2022-01-16 21:02:17 -05:00
