hardened_malloc

Author	SHA1	Message	Date
Daniel Micay	ac70e2c250	use full sentences to describe compile options	2019-08-18 05:47:13 -04:00
Daniel Micay	d0b466beb8	elaborate on the cost of GUARD_SLABS_INTERVAL	2019-08-18 05:46:20 -04:00
Daniel Micay	7a8c57d0f5	stop marking MPK support 'extremely experimental'	2019-08-18 05:37:42 -04:00
Daniel Micay	c4fc025fde	clarify ZERO_ON_FREE / WRITE_AFTER_FREE_CHECK	2019-08-18 05:35:48 -04:00
Daniel Micay	58b56f10ea	avoid -shared-libgcc due to old Clang versions	2019-08-18 04:53:51 -04:00
Daniel Micay	125efe99db	fix wording in note about malloc_object_size	2019-08-18 02:51:32 -04:00
Daniel Micay	77b242ea3f	enable misc tidy checks	2019-08-18 02:43:49 -04:00
Daniel Micay	d37657e125	enable llvm-include-order tidy check	2019-08-18 02:39:55 -04:00
Daniel Micay	3c67708c3a	reorder clang-tidy checks parameters	2019-08-18 02:34:51 -04:00
Daniel Micay	2ad74515b1	enable -Werror for Android build system	2019-08-18 02:31:05 -04:00
Daniel Micay	abece7656b	add enabled-by-default option to use -Werror	2019-08-18 02:28:23 -04:00
Daniel Micay	c70745ab15	Makefile: add check target depending on tidy	2019-08-18 02:20:06 -04:00
Daniel Micay	7d4d2ef0fb	treat clang-tidy warnings as errors for automation	2019-08-18 02:18:04 -04:00
Daniel Micay	8133444f43	move clang-tidy configuration to .clang-tidy	2019-08-18 02:12:18 -04:00
Daniel Micay	8f9f2521a0	disable sanitizer recovery in UBSan debug builds This makes it harder to miss that an error occurred and avoids spamming output. There should never be a single error, so it doesn't make sense to gather as many errors as possible when a single error is already a serious issue that would need to be fixed.	2019-08-18 02:00:13 -04:00
Daniel Micay	d8ebdea05f	handle CONFIG_SEAL_METADATA option like the others	2019-08-18 01:56:20 -04:00
Daniel Micay	defd55f302	provide link to Bionic integration commit	2019-08-18 01:44:40 -04:00
Daniel Micay	04f69d9f0d	update supported Android branches	2019-08-18 01:41:56 -04:00
Daniel Micay	995d0580d1	remove extra spaces inserted by vim joinspaces	2019-08-18 01:39:22 -04:00
Daniel Micay	8d2df1deb8	use CC as CXX to make sure LTO is compatible	2019-08-18 01:28:59 -04:00
Daniel Micay	1bc201c4c1	use -Wcast-align if -Wcast-align=strict is missing	2019-08-18 01:15:54 -04:00
Daniel Micay	cc8c4459e1	make safe_flag treat unknown warnings as missing	2019-08-18 01:15:54 -04:00
Daniel Micay	b6b910f032	add table of contents to README	2019-08-18 01:15:54 -04:00
Daniel Micay	24de5aab05	still need to finish up initial malloc_object_size	2019-08-18 01:15:54 -04:00
Daniel Micay	71e4577367	fix some inconsistencies in the tagging examples	2019-08-13 21:44:16 -04:00
Patrick Schleizer	75e86914aa	respect existing CFLAGS, CPPFLAGS and LDFLAGS	2019-07-29 13:52:55 -04:00
Daniel Micay	90d12fb340	override local default to -fstack-protector-strong This is a no-op on a toolchain compiled with the basic mitigations enabled by default, so this is generally a no-op anywhere this project is likely to be deployed. SSP has a very low performance cost so there's little reason to avoid it, even though it also has zero value for this code in practice. It would be great if one of the more modern approaches was widely adopted, but unfortunately SSP is as good as it gets for portable options. It doesn't provide any protection against external writes to the stack data which is all that's really needed here. ShadowCallStack is a great option for arm64, but it's substantially more difficult to protect return addresses well on x86_64 due to the design of the ISA and ABI.	2019-07-19 11:53:55 -04:00
Daniel Micay	77743e5a36	use -fstack-clash-protection for completeness This is a no-op for the current code and will likely remain that way so there's no benefit but also no performance cost.	2019-07-19 11:18:49 -04:00
Daniel Micay	3ed6e546c8	OS integration guide	2019-07-18 07:22:29 -04:00
Daniel Micay	d80919fa1e	substantially raise the arbitrary arena limit	2019-07-12 03:43:33 -04:00
Daniel Micay	410e9efb93	extend configuration sanity checks	2019-07-11 17:09:48 -04:00
Daniel Micay	7bcfa500be	remove note about lack of sanity checks for config	2019-07-11 15:50:45 -04:00
Daniel Micay	72a08f88fb	supports Debian oldstable due to Buster release	2019-07-10 18:08:14 -04:00
Daniel Micay	a32e26b8e9	avoid trying to use mremap outside of Linux	2019-07-05 21:59:44 -04:00
Daniel Micay	934ab4cb59	explain extended size classes impact on quarantine	2019-07-05 17:57:41 -04:00
Daniel Micay	060f74b993	extended size classes now go up to 128k not 64k	2019-07-05 17:55:25 -04:00
Daniel Micay	4d4277319a	clarifications to randomization documentation	2019-06-23 19:20:16 -04:00
Daniel Micay	a579257a26	update libdivide to 1.1	2019-06-23 00:39:35 -04:00
Daniel Micay	bb65d088dc	drop default class region size to 32GiB	2019-06-19 01:00:22 -04:00
Daniel Micay	706c1970b5	add GitHub funding metadata	2019-06-18 22:54:49 -04:00
Daniel Micay	dba11c0091	fix warning with glibc from cfree	2019-06-18 22:50:10 -04:00
Daniel Micay	539d4f0d37	add extended size classes to offset test	2019-06-18 15:51:28 -04:00
Daniel Micay	bc75c4db7b	realloc: use copy_size to check for canaries This avoids unnecessarily copying the canary when doing a realloc from a small size to a large size. It also avoids trying to copy a non-existent canary out of a zero-size allocation, which are memory protected.	2019-06-17 00:28:10 -04:00
Daniel Micay	37474e117c	limit precision for fragmentation in table	2019-06-12 13:29:04 -04:00
Daniel Micay	12525f2861	work around old glibc releases without threads.h	2019-06-06 08:10:57 -04:00
Daniel Micay	5449f4a94e	use safe_flag for -fno-plt This isn't supported by the ancient Clang release in Debian Stable.	2019-06-06 07:33:39 -04:00
Daniel Micay	64a1f59020	note about getrandom with syscall whitelists	2019-06-02 22:24:25 -04:00
Daniel Micay	b40ba9754b	add malloc_info test	2019-05-05 08:37:55 -04:00
Daniel Micay	f6f4402ff3	expand test gitignore	2019-05-05 08:37:55 -04:00
Daniel Micay	2ae0ed4674	add large array growth test	2019-05-05 08:37:55 -04:00

1 2 3 4 5 ...

468 Commits