5eefcd39b4
the design / implementation is fairly complete now
2019-08-18 06:24:21 -04:00
2288b3a754
add information on stats
2019-08-18 06:21:39 -04:00
f4afedb137
add links to size class section from configuration
2019-08-18 05:48:29 -04:00
ac70e2c250
use full sentences to describe compile options
2019-08-18 05:47:13 -04:00
d0b466beb8
elaborate on the cost of GUARD_SLABS_INTERVAL
2019-08-18 05:46:20 -04:00
7a8c57d0f5
stop marking MPK support 'extremely experimental'
2019-08-18 05:37:42 -04:00
c4fc025fde
clarify ZERO_ON_FREE / WRITE_AFTER_FREE_CHECK
2019-08-18 05:35:48 -04:00
58b56f10ea
avoid -shared-libgcc due to old Clang versions
2019-08-18 04:53:51 -04:00
125efe99db
fix wording in note about malloc_object_size
2019-08-18 02:51:32 -04:00
77b242ea3f
enable misc tidy checks
2019-08-18 02:43:49 -04:00
d37657e125
enable llvm-include-order tidy check
2019-08-18 02:39:55 -04:00
3c67708c3a
reorder clang-tidy checks parameters
2019-08-18 02:34:51 -04:00
2ad74515b1
enable -Werror for Android build system
2019-08-18 02:31:05 -04:00
abece7656b
add enabled-by-default option to use -Werror
2019-08-18 02:28:23 -04:00
c70745ab15
Makefile: add check target depending on tidy
2019-08-18 02:20:06 -04:00
7d4d2ef0fb
treat clang-tidy warnings as errors for automation
2019-08-18 02:18:04 -04:00
8133444f43
move clang-tidy configuration to .clang-tidy
2019-08-18 02:12:18 -04:00
8f9f2521a0
disable sanitizer recovery in UBSan debug builds
...
This makes it harder to miss that an error occurred and avoids spamming
output. There should never be a single error, so it doesn't make sense
to gather as many errors as possible when a single error is already a
serious issue that would need to be fixed.
2019-08-18 02:00:13 -04:00
d8ebdea05f
handle CONFIG_SEAL_METADATA option like the others
2019-08-18 01:56:20 -04:00
defd55f302
provide link to Bionic integration commit
2019-08-18 01:44:40 -04:00
04f69d9f0d
update supported Android branches
2019-08-18 01:41:56 -04:00
995d0580d1
remove extra spaces inserted by vim joinspaces
2019-08-18 01:39:22 -04:00
8d2df1deb8
use CC as CXX to make sure LTO is compatible
2019-08-18 01:28:59 -04:00
1bc201c4c1
use -Wcast-align if -Wcast-align=strict is missing
2019-08-18 01:15:54 -04:00
cc8c4459e1
make safe_flag treat unknown warnings as missing
2019-08-18 01:15:54 -04:00
b6b910f032
add table of contents to README
2019-08-18 01:15:54 -04:00
24de5aab05
still need to finish up initial malloc_object_size
2019-08-18 01:15:54 -04:00
71e4577367
fix some inconsistencies in the tagging examples
2019-08-13 21:44:16 -04:00
75e86914aa
respect existing CFLAGS, CPPFLAGS and LDFLAGS
2019-07-29 13:52:55 -04:00
90d12fb340
override local default to -fstack-protector-strong
...
This is a no-op on a toolchain compiled with the basic mitigations
enabled by default, so this is generally a no-op anywhere this project
is likely to be deployed. SSP has a very low performance cost so there's
little reason to avoid it, even though it also has zero value for this
code in practice. It would be great if one of the more modern approaches
was widely adopted, but unfortunately SSP is as good as it gets for
portable options. It doesn't provide any protection against external
writes to the stack data which is all that's really needed here.
ShadowCallStack is a great option for arm64, but it's substantially more
difficult to protect return addresses well on x86_64 due to the design of
the ISA and ABI.
2019-07-19 11:53:55 -04:00
77743e5a36
use -fstack-clash-protection for completeness
...
This is a no-op for the current code and will likely remain that way so
there's no benefit but also no performance cost.
2019-07-19 11:18:49 -04:00
3ed6e546c8
OS integration guide
2019-07-18 07:22:29 -04:00
d80919fa1e
substantially raise the arbitrary arena limit
2019-07-12 03:43:33 -04:00
410e9efb93
extend configuration sanity checks
2019-07-11 17:09:48 -04:00
7bcfa500be
remove note about lack of sanity checks for config
2019-07-11 15:50:45 -04:00
72a08f88fb
supports Debian oldstable due to Buster release
2019-07-10 18:08:14 -04:00
a32e26b8e9
avoid trying to use mremap outside of Linux
2019-07-05 21:59:44 -04:00
934ab4cb59
explain extended size classes impact on quarantine
2019-07-05 17:57:41 -04:00
060f74b993
extended size classes now go up to 128k not 64k
2019-07-05 17:55:25 -04:00
4d4277319a
clarifications to randomization documentation
2019-06-23 19:20:16 -04:00
a579257a26
update libdivide to 1.1
2019-06-23 00:39:35 -04:00
bb65d088dc
drop default class region size to 32GiB
2019-06-19 01:00:22 -04:00
706c1970b5
add GitHub funding metadata
2019-06-18 22:54:49 -04:00
dba11c0091
fix warning with glibc from cfree
2019-06-18 22:50:10 -04:00
539d4f0d37
add extended size classes to offset test
2019-06-18 15:51:28 -04:00
bc75c4db7b
realloc: use copy_size to check for canaries
...
This avoids unnecessarily copying the canary when doing a realloc from a
small size to a large size. It also avoids trying to copy a non-existent
canary out of a zero-size allocation, which are memory protected.
2019-06-17 00:28:10 -04:00
37474e117c
limit precision for fragmentation in table
2019-06-12 13:29:04 -04:00
12525f2861
work around old glibc releases without threads.h
2019-06-06 08:10:57 -04:00
5449f4a94e
use safe_flag for -fno-plt
...
This isn't supported by the ancient Clang release in Debian Stable.
2019-06-06 07:33:39 -04:00
64a1f59020
note about getrandom with syscall whitelists
2019-06-02 22:24:25 -04:00
