android_bionic

Commit Graph

Author	SHA1	Message	Date
Peter Collingbourne	f1ed31ffe1	Increase the size of the shadow call stack guard region to 16MB. Increasing the size of the guard region helps with the security of SCS, but it's blocked on landing [1], which in turn is blocked on landing [2]. Once those two CLs land we will be able to land this one. [1] https://android-review.googlesource.com/c/platform/frameworks/av/+/837745 [2] https://android-review.googlesource.com/c/platform/bionic/+/818973 Bug: 118642754 Change-Id: I35409cbb6bfcd77e632567dd755376e345cfe67b	2019-01-31 14:37:34 -08:00
Peter Collingbourne	734beec3d4	Allocate a small guard region around the shadow call stack. This lets us do two things: 1) Make setjmp and longjmp compatible with shadow call stack. To avoid leaking the shadow call stack address into memory, only the lower log2(SCS_SIZE) bits of x18 are stored to jmp_buf. This requires allocating an additional guard page so that we're guaranteed to be able to allocate a sufficiently aligned SCS. 2) SCS overflow detection. Overflows now result in a SIGSEGV instead of corrupting the allocation that comes after it. Change-Id: I04d6634f96162bf625684672a87fba8b402b7fd1 Test: bionic-unit-tests	2018-11-16 14:37:08 -08:00
Elliott Hughes	04303f5a8a	Add semaphore tests, fix sem_destroy. Bug: https://code.google.com/p/android/issues/detail?id=76088 Change-Id: I4a0561b23e90312384d40a1c804ca64ee98f4066	2014-09-19 17:37:06 -07:00

Author

SHA1

Message

Date

Peter Collingbourne

f1ed31ffe1

Increase the size of the shadow call stack guard region to 16MB.

Increasing the size of the guard region helps with the security of SCS,
but it's blocked on landing [1], which in turn is blocked on landing
[2]. Once those two CLs land we will be able to land this one.

[1] https://android-review.googlesource.com/c/platform/frameworks/av/+/837745
[2] https://android-review.googlesource.com/c/platform/bionic/+/818973

Bug: 118642754
Change-Id: I35409cbb6bfcd77e632567dd755376e345cfe67b

2019-01-31 14:37:34 -08:00

Peter Collingbourne

734beec3d4

Allocate a small guard region around the shadow call stack.

This lets us do two things:

1) Make setjmp and longjmp compatible with shadow call stack.
   To avoid leaking the shadow call stack address into memory, only the
   lower log2(SCS_SIZE) bits of x18 are stored to jmp_buf. This requires
   allocating an additional guard page so that we're guaranteed to be
   able to allocate a sufficiently aligned SCS.

2) SCS overflow detection. Overflows now result in a SIGSEGV instead
   of corrupting the allocation that comes after it.

Change-Id: I04d6634f96162bf625684672a87fba8b402b7fd1
Test: bionic-unit-tests

2018-11-16 14:37:08 -08:00

Elliott Hughes

04303f5a8a

Add semaphore tests, fix sem_destroy.

Bug: https://code.google.com/p/android/issues/detail?id=76088
Change-Id: I4a0561b23e90312384d40a1c804ca64ee98f4066

2014-09-19 17:37:06 -07:00

3 Commits