Git-Mirrors/hardened_malloc
1
0
Fork 0
mirror of https://github.com/GrapheneOS/hardened_malloc.git synced 2025-02-08 02:55:24 -05:00
Code Issues Packages Projects Releases Wiki Activity
723 Commits 4 Branches 788 Tags
Commit Graph

723 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
b1d9571fec remove trailing whitespace 2024102100 2024102000 2024101900 2024101801 2024101800 2024101701 2024101700 2024101600 13 2024101200-caimito 2024101200-redfin 2024101200 2024-10-12 03:23:52 -04:00
Daniel Micay
e03579253a preserve PROT_MTE when releasing memory 2024-10-12 03:19:16 -04:00
Daniel Micay
9739cb4690 use wrapper for calling memory_map_mte 2024-10-12 03:19:03 -04:00
Daniel Micay
aa950244f8 reuse code for memory_map_mte 
This drops the separate error message since that doesn't seem useful.
 2024-10-12 03:18:36 -04:00
Daniel Micay
6402e2b0d4 reduce probability hint for is_memtag_enabled 2024-10-12 03:17:44 -04:00
Daniel Micay
e86192e7fe remove redundant warning switches for Android 
Android already enables -Wall and -Wextra in the global soong build
settings.
 2024-10-09 19:57:15 -04:00
Julien Voisin
6ce663a8bd Fix -Wimplicit-function-declaration error with gcc 14. 
```
malloc_info.c: In function 'leak_memory':
malloc_info.c:12:12: error: implicit declaration of function 'malloc' [-Wimplicit-function-declaration]
   12 |     (void)!malloc(1024 * 1024 * 1024);
      |            ^~~~~~
malloc_info.c:10:1: note: include '<stdlib.h>' or provide a declaration of 'malloc'
    9 | #include "../util.h"
  +++ |+#include <stdlib.h>
   10 |
malloc_info.c:12:12: warning: incompatible implicit declaration of built-in function 'malloc' [-Wbuiltin-declaration-mismatch]
   12 |     (void)!malloc(1024 * 1024 * 1024);
      |            ^~~~~~
```

Taken from https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/72971/

Co-authored-by: @mio
2024100800-caimito 2024100800-redfin 2024100800 		2024-10-03 23:44:15 -04:00
maade93791
9ca9d2d925 android: use more basic CPU target for memtag 
This is required for hardened_malloc to work in microdroid on MTE-enabled devices (currently, 8th
and 9th generation Pixels) since PVMFW only supports ARMv8 cores.

https://android.googlesource.com/platform/packages/modules/Virtualization/+/refs/tags/android-15.0.0_r1/pvmfw/platform.dts#100
2024091700-caimito 2024091700-redfin 2024091700 2024092900-caimito 2024092900-redfin 2024092900 2024091900-redfin 2024091900 2024091900-caimito 		2024-09-09 19:22:23 -04:00
Daniel Micay
3f07acfab1 update libdivide to 5.1 2024082000-redfin 2024082000 2024082200-redfin 2024082200 2024083100-caimito 2024083100-redfin 2024083100 2024090400-caimito 2024090400-redfin 2024090400 2024080500-redfin 2024080500 2024080600 2024080600-redfin 2024-08-05 02:25:55 -04:00
Daniel Micay
749640c274 update copyright notice 2024030800 2024030300-redfin 2024030300 2024032100-redfin 2024032100 2024030900 2024031400 2024030600 2024030700 2024031100 2024040200-redfin 2024040200 2024040300-redfin 2024040300 2024040900-redfin 2024040900 2024042000-redfin 2024042000 2024042100-redfin 2024042100 2024042200 2024050300-redfin 2024050300 2024050700-redfin 2024050700 2024050900-redfin 2024050900 2024070201 2024070200 2024062700 2024051500-redfin 2024051500 2024052100 2024052100-redfin 2024022800-redfin 2024022800 2024022600-redfin 2024022600 2024022300-redfin 2024022300 2024053100-redfin 2024053100 2024060400-redfin 2024060400 2024060500-redfin 2024060500 2024073100-redfin 2024073100 2024080100-redfin 2024080100 2024072800-redfin 2024072800 2024080200-redfin 2024080200 2024070900-redfin 2024070900 2024061200 2024062000 2024071200-redfin 2024071200 2024061300 2024061400 2024071600-redfin 2024071600 2024-02-15 02:57:33 -05:00
Dmitry Muhomor
7268189933 mte: use tag 0 for freed slots, stop reserving tag 15 2024020500-redfin 2024020500 2024012600-redfin 2024012600 2024-01-23 12:56:54 -05:00
Dmitry Muhomor
3c1f40aff0 amend memory tagging README section 
Memory tagging is enabled by default in bionic, but can be disabled at any point.
Memory tagging can't be re-enabled after it's disabled.
 2024-01-23 12:56:54 -05:00
Dmitry Muhomor
5fbbdc2ef8 memtag_test: add test for MADV_DONTNEED behavior 2024-01-23 12:56:54 -05:00
Dmitry Muhomor
7d2151e40c mte: remove util.h dependency from arm_mte.h 
It's needed for including arm_mte.h into memtag_test.cc
 2024-01-23 12:56:54 -05:00
Dmitry Muhomor
4756716904 memtag_test: move SEGV code checks to device-side binary 2024-01-23 12:56:54 -05:00
Daniel Micay
a3bf742c3e remove trailing whitespace 2024011600-redfin 2024011600 2024011300-redfin 2024011300 2024010400-redfin 2024010400 2024-01-03 14:44:08 -05:00
Julien Voisin
53a45b4661 Improve a bit the formulation of the MTE documentation 2024-01-03 13:40:42 -05:00
Daniel Micay
abe54dba27 update memory tagging documentation 2024-01-03 12:22:56 -05:00
Dmitry Muhomor
365ee6900d android: restore the default SIGABRT handler in fatal_error() 
async_safe_fatal() calls abort() at the end, which can be intercepted by a custom SIGABRT handler.

In particular, crashlytics installs such a handler and tries to fork() after catching SIGABRT.

hardened_malloc uses pthread_atfork() to register fork handlers. These handlers try to lock internal
hardened_malloc mutexes. If at least one of those mutexes is already locked, which is usually the
case, thread that called fatai_error() gets deadlocked, while the other threads (if there are any)
continue to run.
2023123100-redfin 2023123100 		2023-12-31 11:21:28 -05:00
Christian Göttsche
7093fdc482 README: add note about AppArmor constraint on Debian 2023123000-redfin 2023123000 2023-12-14 09:06:32 -05:00
jvoisin
61821b02c8 Clarify a bit why a particular magic number was chosen 2023121200-redfin 2023121200 2023120800 2023120701 2023120700 2023120400-shusky 2023120400 2023112900-shusky 2023112900 2023112600-shusky 2023112600 2023-11-16 14:25:54 -05:00
Daniel Micay
3c274731ba Revert "use safe_flag for -fstack-clash-protection" 
This reverts commit 4171bd164e2ec4cf2546daa2b0f6f95af0d782df.
 2023-11-14 16:19:33 -05:00
Daniel Micay
4171bd164e use safe_flag for -fstack-clash-protection 2023-11-08 14:21:04 -05:00
jvoisin
352c083f65 Run the testsuite on multiple compiler versions 2023110700-shusky 2023110700 2023-11-05 17:58:32 -05:00
Dmitry Muhomor
88b3c1acf9 memtag_test: fix sporadic failures of overflow/underflow tests 2023-11-01 17:33:20 -04:00
Daniel Micay
f793a3edf6 update README now that MTE is implemented 2023103100-shusky 2023103100 2023103000-shusky 2023103000 2023-10-30 14:23:48 -04:00
Dmitry Muhomor
fd75fc1ba8 mte: add scudo to CREDITS file 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
72dc236d5f mte: add untag_pointer() variant for const pointers 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
be08eeee2d mte: update comment about skipped tag array update in deallocate_small() 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
25f0fe9c69 remove an always-true sizeof(u8) assert 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
c75cb4c3f3 mte: refactor tag_and_clear_slab_slot() 
Explicitly call is_memtag_enabled() before calling tag_and_clear_slab_slot() to make it clearer that
memory is not zeroed when MTE is disabled.
 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
b560431c01 mte: note why 0 tag is excluded 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
009f2dad76 mte: note alignment requirements of arm_mte_tag_and_clear_mem() 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
03883eb2ce mte: rename arm_mte_store_tags_and_clear() to arm_mte_tag_and_clear_mem() 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
7a6dbd8152 mte: add comment about the reserved slab canary value 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
f16ef601d4 memtag_test: improve capturing of test results 
Using debuggerd + logcat parsing is unreliable and slow, print SEGV signal code to stderr instead.
 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
155800526a memtag_test: improve tag_distinctness test 
- check that tag distinctess checks are actually reached (it was previously verified manually by
looking at the now-removed printf output)
- check that only non-reserved tags are used
- check that all of non-reserved tags are used
- print tag usage statistics at the end of run
 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
28d5d394cf memtag_test: remove usages of rand() 
It didn't work correctly due to not being seeded and its usage wasn't necessary.
 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
577d9583eb mte: add licensing info for code that was copied from scudo 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
93aa9eefe4 mte: make h_malloc_disable_memory_tagging() thread-safe 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
01a199e19e mte: move is_memtag_enabled to read-only allocator data 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
576328b1b4 android: add MTE tests 
To run them, connect an MTE-enabled device via adb and execute `atest HMallocTest:MemtagTest`.

Since these tests are not deterministic (and neither is hardened_malloc itself), it's better to run
them multiple times, e.g. `atest --iterations 30 HMallocTest:MemtagTest`.

There are also CTS tests that are useful for checking correctness of the Android integration:
`atest CtsTaggingHostTestCases`
 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
5137d2da4d android: enable MTE on devices that declare having it 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
f042a6b9b0 android: add function for disabling MTE at runtime 
On Android, MTE is always enabled in Zygote, and is disabled after fork for apps that didn't opt-in
to MTE.

Depends on the slab canary adjustments in the previous commit.
 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
001fc86585 mte: disable slab canaries when MTE is on 
Canary with the "0" value is now reserved to support re-enabling slab canaries if MTE is turned off
at runtime.
 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
70c91f4c3e mte: disable write-after-free check for slab allocations when MTE is on 
Freed slab memory is tagged with a reserved tag value that is never used for live allocations.
 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
e3686ae457 add support for Arm MTE memory tagging 
- tag slab allocations with [1..14] tags
- tag freed slab allocations with the "15" tag value to detect accesses to freed slab memory
- when generating tag value for a slab slot, always exclude most recent tag value for that slot
(to make use-after-free detection more reliable) and most recent tag values of its immediate
neighbors (to detect linear overflows and underflows)
 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
19a46e0f96 add helper functions for using u8 array as u4 array 2023-10-30 14:20:53 -04:00
Dmitry Muhomor
8d5c631224 android: implement fatal_error() via async_safe_fatal() 
async_safe_fatal() performs the following steps:
- logs the error message to stderr and logcat
- passes error message to debuggerd via android_set_abort_message(). debuggerd then saves the error
message in the crash report file ("tombstone")
- calls abort()
2024031300-coral 2024031300-sunfish 2025012100-sunfish 2025012100-coral 2024040100-coral 2024040100-sunfish 2025012701-sunfish 2025012701-coral 2024050800-coral 2024050800-sunfish 2024070401-coral 2024070401-sunfish 2024070400-coral 2024070400-sunfish 2024021100-coral 2024021100-sunfish 2023122200-sunfish 2024010700-sunfish 2024010700-coral 2023122200-coral 2023110900-coral 2023110900-sunfish 2023102300-shusky 2023102300 2023101300 2023101100 2023100900 2023100800 2023100300-felix 2023100300-tangorpro 2023100300-coral 2023100300 2023100100-felix 2023100100-tangorpro 2023100100-coral 2023100100 2024052200-coral 2024052200-sunfish 2024052300-coral 2024052300-sunfish 2024061700-coral 2024061700-sunfish 2024080800-coral 2024080800-sunfish 2024060600-coral 2024060600-sunfish 		2023-09-28 13:47:11 -04:00
Christian Göttsche
903cba5a84 test: add regression test for missing init() in realloc() 12 2023-09-27 19:19:19 -04:00