emo/hardened_malloc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: emo:d3152b8e8ff5070f69e7c991d34f32a429e6a894
Branches Tags
emo:master
...
compare: emo:2d302f7d85944bcaa1ce6419a4c51732f76daaa6
Branches Tags
emo:master

11 Commits
d3152b8e8f ... 2d302f7d85

Author SHA1 Message Date
Daniel Micay
2d302f7d85 enable -Wundef 2023-06-10 14:58:33 -04:00
Daniel Micay
d5f9909eca add missing include 2023-06-10 14:58:20 -04:00
Daniel Micay
5e1901e85d silence unwanted tidy warning 2023-06-10 14:52:08 -04:00
Daniel Micay
462c2c5293 conditionally include bits/functexcept.h 2023-06-10 14:20:20 -04:00
Daniel Micay
8f3281ed6a enable strict prototypes warning 2023-06-10 14:18:27 -04:00
Christian Göttsche
7d75acc62a use strict prototype 
h_malloc.c:83:21: error: function declaration isn’t a prototype [-Werror=strict-prototypes]
       83 | static inline void *get_slab_region_end() {
          |                     ^~~~~~~~~~~~~~~~~~~
 2023-06-10 14:18:27 -04:00
Christian Göttsche
af866a7faa support versioned Clang 
make CC=clang-14
    clang-14  -std=c17 -O3 -flto -fPIC -fvisibility=hidden -fno-plt -fstack-clash-protection -fstack-protector-strong -pipe -Wall -Wcast-qual -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -Wcast-align=strict -Wcast-qual -Wwrite-strings -Werror -march=native -Wmissing-prototypes  -D_GNU_SOURCE -I include -DCONFIG_SEAL_METADATA=false -DZERO_ON_FREE=true -DWRITE_AFTER_FREE_CHECK=true -DSLOT_RANDOMIZE=true -DSLAB_CANARY=true -DSLAB_QUARANTINE_RANDOM_LENGTH=1 -DSLAB_QUARANTINE_QUEUE_LENGTH=1 -DCONFIG_EXTENDED_SIZE_CLASSES=true -DCONFIG_LARGE_SIZE_CLASSES=true -DGUARD_SLABS_INTERVAL=1 -DGUARD_SIZE_DIVISOR=2 -DREGION_QUARANTINE_RANDOM_LENGTH=256 -DREGION_QUARANTINE_QUEUE_LENGTH=1024 -DREGION_QUARANTINE_SKIP_THRESHOLD=33554432  -DFREE_SLABS_QUARANTINE_RANDOM_LENGTH=32 -DCONFIG_CLASS_REGION_SIZE=34359738368  -DN_ARENA=4 -DCONFIG_STATS=false  -c -o out/chacha.o chacha.c
    error: unknown warning option '-Wcast-align=strict'; did you mean '-Wcast-align'? [-Werror,-Wunknown-warning-option]
    make: *** [Makefile:114: out/chacha.o] Error 1
 2023-06-10 14:18:27 -04:00
Daniel Micay
64dad0a69f drop legacy glibc support 2023-06-10 14:04:46 -04:00
Daniel Micay
95c4b40caf update minimum dependency version list 2023-06-10 14:02:55 -04:00
Daniel Micay
cc70583beb drop info on MPK with unsupported kernels 2023-06-10 13:59:56 -04:00
Daniel Micay
62a98efb13 update supported Android branch 2023-06-10 13:59:36 -04:00
7 changed files with 22 additions and 31 deletions
Show Stats Expand all files Collapse all files

2
.clang-tidy
View File

@ -1,2 +1,2 @@
Checks: 'bugprone-*,-bugprone-easily-swappable-parameters,-bugprone-macro-parentheses,-bugprone-too-small-loop-variable,cert-*,clang-analyzer-*,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-diagnostic-constant-logical-operand,readability-*,-readability-function-cognitive-complexity,-readability-identifier-length,-readability-inconsistent-declaration-parameter-name,-readability-magic-numbers,-readability-named-parameter,llvm-include-order,misc-*' Checks: 'bugprone-*,-bugprone-easily-swappable-parameters,-bugprone-macro-parentheses,-bugprone-too-small-loop-variable,cert-*,-cert-err33-c,clang-analyzer-*,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-diagnostic-constant-logical-operand,readability-*,-readability-function-cognitive-complexity,-readability-identifier-length,-readability-inconsistent-declaration-parameter-name,-readability-magic-numbers,-readability-named-parameter,llvm-include-order,misc-*'
WarningsAsErrors: '*' WarningsAsErrors: '*'

7
Makefile
View File

@ -14,13 +14,14 @@ endif
OUT := out$(SUFFIX) OUT := out$(SUFFIX)
define safe_flag define safe_flag
$(shell $(CC) $(if $(filter clang,$(CC)),-Werror=unknown-warning-option) -E $1 - </dev/null >/dev/null 2>&1 && echo $1 || echo $2) $(shell $(CC) $(if $(filter clang%,$(CC)),-Werror=unknown-warning-option) -E $1 - </dev/null >/dev/null 2>&1 && echo $1 || echo $2)
endef endef
CPPFLAGS := $(CPPFLAGS) -D_GNU_SOURCE -I include CPPFLAGS := $(CPPFLAGS) -D_GNU_SOURCE -I include
SHARED_FLAGS := -pipe -O3 -flto -fPIC -fvisibility=hidden -fno-plt \ SHARED_FLAGS := -pipe -O3 -flto -fPIC -fvisibility=hidden -fno-plt \
-fstack-clash-protection $(call safe_flag,-fcf-protection) -fstack-protector-strong \ -fstack-clash-protection $(call safe_flag,-fcf-protection) -fstack-protector-strong \
-Wall -Wextra $(call safe_flag,-Wcast-align=strict,-Wcast-align) -Wcast-qual -Wwrite-strings -Wall -Wextra $(call safe_flag,-Wcast-align=strict,-Wcast-align) -Wcast-qual -Wwrite-strings \
-Wundef
ifeq ($(CONFIG_WERROR),true) ifeq ($(CONFIG_WERROR),true)
SHARED_FLAGS += -Werror SHARED_FLAGS += -Werror
@ -34,7 +35,7 @@ ifeq ($(CONFIG_UBSAN),true)
SHARED_FLAGS += -fsanitize=undefined -fno-sanitize-recover=undefined SHARED_FLAGS += -fsanitize=undefined -fno-sanitize-recover=undefined
endif endif
CFLAGS := $(CFLAGS) -std=c17 $(SHARED_FLAGS) -Wmissing-prototypes CFLAGS := $(CFLAGS) -std=c17 $(SHARED_FLAGS) -Wmissing-prototypes -Wstrict-prototypes
CXXFLAGS := $(CXXFLAGS) -std=c++17 -fsized-deallocation $(SHARED_FLAGS) CXXFLAGS := $(CXXFLAGS) -std=c++17 -fsized-deallocation $(SHARED_FLAGS)
LDFLAGS := $(LDFLAGS) -Wl,-O1,--as-needed,-z,defs,-z,relro,-z,now,-z,nodlopen,-z,text LDFLAGS := $(LDFLAGS) -Wl,-O1,--as-needed,-z,defs,-z,relro,-z,now,-z,nodlopen,-z,text

21
README.md
View File

@ -65,12 +65,14 @@ used instead as this allocator fundamentally doesn't support that environment.
## Dependencies ## Dependencies
Debian stable (currently Debian 11) determines the most ancient set of Debian stable (currently Debian 12) determines the most ancient set of
supported dependencies: supported dependencies:
* glibc 2.31 * glibc 2.36
* Linux 5.10 * Linux 6.1
* Clang 11.0.1 or GCC 10.2.1 * Clang 14.0.6 or GCC 12.2.0
For Android, the Linux GKI 5.10, 5.15 and 6.1 branches are supported.
However, using more recent releases is highly recommended. Older versions of However, using more recent releases is highly recommended. Older versions of
the dependencies may be compatible at the moment but are not tested and will the dependencies may be compatible at the moment but are not tested and will
@ -81,16 +83,7 @@ there will be custom integration offering better performance in the future
along with other hardening for the C standard library implementation. along with other hardening for the C standard library implementation.
For Android, only the current generation, actively developed maintenance branch of the Android For Android, only the current generation, actively developed maintenance branch of the Android
Open Source Project will be supported, which currently means `android13-release`. The `12.1` Open Source Project will be supported, which currently means `android13-qpr2-release`.
branch is temporarily supported while we finish migrating to Android 13. If you want us to
continue supporting it you'll need to provide GrapheneOS with developers and funding.
The Linux kernel's implementation of Memory Protection Keys was severely broken
before Linux 5.0. The `CONFIG_SEAL_METADATA` feature should only be enabled for
use on kernels newer than 5.0 or longterm branches with a backport of the [fix
for the
issue](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a31e184e4f69965c99c04cc5eb8a4920e0c63737).
This issue was discovered and reported by the hardened\_malloc project.
## Testing ## Testing

16
h_malloc.c
View File

@ -80,7 +80,7 @@ static union {
char padding[PAGE_SIZE]; char padding[PAGE_SIZE];
} ro __attribute__((aligned(PAGE_SIZE))); } ro __attribute__((aligned(PAGE_SIZE)));
static inline void *get_slab_region_end() { static inline void *get_slab_region_end(void) {
return atomic_load_explicit(&ro.slab_region_end, memory_order_acquire); return atomic_load_explicit(&ro.slab_region_end, memory_order_acquire);
} }
@ -1808,24 +1808,18 @@ EXPORT int h_malloc_trim(UNUSED size_t pad) {
EXPORT void h_malloc_stats(void) {} EXPORT void h_malloc_stats(void) {}
#if defined(__GLIBC__) || defined(__ANDROID__)
// glibc mallinfo is broken and replaced with mallinfo2 // glibc mallinfo is broken and replaced with mallinfo2
#if defined(__GLIBC__) #if defined(__GLIBC__)
EXPORT struct mallinfo h_mallinfo(void) { EXPORT struct mallinfo h_mallinfo(void) {
return (struct mallinfo){0}; return (struct mallinfo){0};
} }
#if __GLIBC_PREREQ(2, 33)
#define HAVE_MALLINFO2
#endif
#endif
#if defined(HAVE_MALLINFO2) || defined(__ANDROID__)
#ifndef __GLIBC__
EXPORT struct mallinfo h_mallinfo(void) {
struct mallinfo info = {0};
#else
EXPORT struct mallinfo2 h_mallinfo2(void) { EXPORT struct mallinfo2 h_mallinfo2(void) {
struct mallinfo2 info = {0}; struct mallinfo2 info = {0};
#else
EXPORT struct mallinfo h_mallinfo(void) {
struct mallinfo info = {0};
#endif #endif
#if CONFIG_STATS #if CONFIG_STATS

4
new.cc
View File

@ -1,4 +1,8 @@
// needed with libstdc++ but not libc++
#if __has_include(<bits/functexcept.h>)
#include <bits/functexcept.h> #include <bits/functexcept.h>
#endif
#include <new> #include <new>
#include "h_malloc.h" #include "h_malloc.h"

2
test/mallinfo2.c
View File

@ -9,7 +9,6 @@
static void print_mallinfo2(void) { static void print_mallinfo2(void) {
#if defined(__GLIBC__) #if defined(__GLIBC__)
#if __GLIBC_PREREQ(2, 33)
struct mallinfo2 info = mallinfo2(); struct mallinfo2 info = mallinfo2();
printf("mallinfo2:\n"); printf("mallinfo2:\n");
printf("arena: %zu\n", (size_t)info.arena); printf("arena: %zu\n", (size_t)info.arena);
@ -23,7 +22,6 @@ static void print_mallinfo2(void) {
printf("fordblks: %zu\n", (size_t)info.fordblks); printf("fordblks: %zu\n", (size_t)info.fordblks);
printf("keepcost: %zu\n", (size_t)info.keepcost); printf("keepcost: %zu\n", (size_t)info.keepcost);
#endif #endif
#endif
} }
OPTNONE int main(void) { OPTNONE int main(void) {

1
util.h
View File

@ -1,6 +1,7 @@
#ifndef UTIL_H #ifndef UTIL_H
#define UTIL_H #define UTIL_H
#include <stdbool.h>
#include <stddef.h> #include <stddef.h>
#include <stdint.h> #include <stdint.h>