fix android build, add random mmap addr hint

Author: struct

Makefile

@@ -120,8 +120,9 @@ EXPERIMENTAL = -DEXPERIMENTAL=0
 DEBUG_LOG_FLAGS = -DDEBUG=1 -DLEAK_DETECTOR=1 -DMEM_USAGE=1
 
 ## On Android we use prctl to name mappings so they are
-## visible in /proc/pid/maps
-NAMED_MAPPINGS = -DNAMED_MAPPINGS=1
+## visible in /proc/pid/maps - But the Android build does
+## not use this Makefile. You want to modify Android.mk
+NAMED_MAPPINGS = -DNAMED_MAPPINGS=0
 
 UNAME := $(shell uname)
 ifeq ($(UNAME), Darwin)

android/jni/Android.mk

@@ -1,14 +1,14 @@
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 
-APP_CFLAGS := -DTHREAD_SUPPORT=1 -pthread -DTHREAD_ZONE_CACHE=1 			\
+LOCAL_CFLAGS := -DTHREAD_SUPPORT=1 -pthread -DTHREAD_ZONE_CACHE=1 			\
 	-DPRE_POPULATE_PAGES=0 -DSMALL_MEM_STARTUP=0 -DSANITIZE_CHUNKS=0 		\
 	-DFUZZ_MODE=0 -DPERM_FREE_REALLOC=0 -DDISABLE_CANARY=0 -Werror 			\
 	-pedantic -Wno-pointer-arith -Wno-gnu-zero-variadic-macro-arguments 	\
 	-Wno-format-pedantic -DMALLOC_HOOK=1  -fvisibility=hidden -std=c11  	\
 	-DALLOC_SANITY=0 -DUNINIT_READ_SANITY=0 -DCPU_PIN=0 -DEXPERIMENTAL=0 	\
 	-DUAF_PTR_PAGE=0 -DVERIFY_BIT_SLOT_CACHE=0 -DNAMED_MAPPINGS=1 -fPIC 	\
-	-DNAMED_MAPPING=1  -shared  -DDEBUG=1 -DLEAK_DETECTOR=1 -DMEM_USAGE=1   \
+	-shared  -DDEBUG=1 -DLEAK_DETECTOR=1 -DMEM_USAGE=1  				 	\
 	-g -ggdb3 -fno-omit-frame-pointer
 
 LOCAL_SRC_FILES := ../../src/iso_alloc.c ../../src/iso_alloc_printf.c	../../src/iso_alloc_random.c \

include/iso_alloc_internal.h

@@ -185,6 +185,26 @@
 
 #define ALIGNMENT 8
 
+#if NAMED_MAPPINGS
+#define SAMPLED_ALLOC_NAME "isoalloc sampled allocation"
+#define BIG_ZONE_UD_NAME "isoalloc big zone user data"
+#define BIG_ZONE_MD_NAME "isoalloc big zone metadata"
+#define GUARD_PAGE_NAME "guard page"
+#define ROOT_NAME "isoalloc root"
+#define ZONE_BITMAP_NAME "isoalloc zone bitmap"
+#define INTERNAL_UZ_NAME "internal isoalloc user zone"
+#define CUSTOM_UZ_NAME "custom isoalloc user zone"
+#else
+#define SAMPLED_ALLOC_NAME ""
+#define BIG_ZONE_UD_NAME ""
+#define BIG_ZONE_MD_NAME ""
+#define GUARD_PAGE_NAME ""
+#define ROOT_NAME ""
+#define ZONE_BITMAP_NAME ""
+#define INTERNAL_UZ_NAME ""
+#define CUSTOM_UZ_NAME ""
+#endif
+
 #define WHICH_BIT(bit_slot) \
     (bit_slot & (BITS_PER_QWORD - 1))
 

src/iso_alloc.c

@@ -254,7 +254,7 @@ INTERNAL_HIDDEN INLINE void iso_clear_user_chunk(uint8_t *p, size_t size) {
 
 INTERNAL_HIDDEN void *create_guard_page(void *p) {
     if(p == NULL) {
-        p = mmap_rw_pages(g_page_size, false, "guard page");
+        p = mmap_rw_pages(g_page_size, false, GUARD_PAGE_NAME);
 
         if(p == NULL) {
             LOG_AND_ABORT("Could not allocate guard page");
@@ -268,19 +268,28 @@ INTERNAL_HIDDEN void *create_guard_page(void *p) {
     return p;
 }
 
+
 INTERNAL_HIDDEN void *mmap_rw_pages(size_t size, bool populate, const char *name) {
-    size = ROUND_UP_PAGE(size);
+#if !ENABLE_ASAN
+    /* Produce a random page address as a hint for mmap */
+    uint64_t hint = ROUND_DOWN_PAGE(rand_uint64());
+    hint &= 0x3FFFFFFFF000;
+    void *p = (void *) hint;
+#else
     void *p = NULL;
+#endif
+
+    size = ROUND_UP_PAGE(size);
 
     /* Only Linux supports MAP_POPULATE */
 #if __linux__ && PRE_POPULATE_PAGES
     if(populate == true) {
-        p = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_POPULATE, -1, 0);
+        p = mmap(p, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_POPULATE, -1, 0);
     } else {
-        p = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+        p = mmap(p, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
     }
 #else
-    p = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+    p = mmap(p, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
 #endif
 
     if(p == MAP_FAILED) {
@@ -309,7 +318,7 @@ INTERNAL_HIDDEN iso_alloc_root *iso_alloc_new_root(void) {
 
     size_t _root_size = sizeof(iso_alloc_root) + (g_page_size << 1);
 
-    p = (void *) mmap_rw_pages(_root_size, true, "isoalloc root");
+    p = (void *) mmap_rw_pages(_root_size, true, ROOT_NAME);
 
     if(p == NULL) {
         LOG_AND_ABORT("Cannot allocate pages for root");
@@ -595,7 +604,7 @@ INTERNAL_HIDDEN iso_alloc_zone *_iso_new_zone(size_t size, bool internal) {
 
     /* All of the following fields are immutable
      * and should not change once they are set */
-    void *p = mmap_rw_pages(new_zone->bitmap_size + (_root->system_page_size << 1), true, "isoalloc zone bitmap");
+    void *p = mmap_rw_pages(new_zone->bitmap_size + (_root->system_page_size << 1), true, ZONE_BITMAP_NAME);
 
     void *bitmap_pages_guard_below = p;
     new_zone->bitmap_start = (p + _root->system_page_size);
@@ -612,9 +621,9 @@ INTERNAL_HIDDEN iso_alloc_zone *_iso_new_zone(size_t size, bool internal) {
     char *name;
 
     if(internal == true) {
-        name = "internal isoalloc user zone";
+        name = INTERNAL_UZ_NAME;
     } else {
-        name = "custom isoalloc user zone";
+        name = CUSTOM_UZ_NAME;
     }
 
     /* All user pages use MAP_POPULATE. This might seem like we are asking
@@ -873,14 +882,14 @@ INTERNAL_HIDDEN void *_iso_big_alloc(size_t size) {
     if(big == NULL) {
         /* User data is allocated separately from big zone meta
          * data to prevent an attacker from targeting it */
-        void *user_pages = mmap_rw_pages((_root->system_page_size << BIG_ZONE_USER_PAGE_COUNT_SHIFT) + size, false, "isoalloc big zone user data");
+        void *user_pages = mmap_rw_pages((_root->system_page_size << BIG_ZONE_USER_PAGE_COUNT_SHIFT) + size, false, BIG_ZONE_UD_NAME);
 
         if(user_pages == NULL) {
             UNLOCK_BIG_ZONE();
             return NULL;
         }
 
-        void *p = mmap_rw_pages((_root->system_page_size * BIG_ZONE_META_DATA_PAGE_COUNT), false, "isoalloc big zone metadata");
+        void *p = mmap_rw_pages((_root->system_page_size * BIG_ZONE_META_DATA_PAGE_COUNT), false, BIG_ZONE_MD_NAME);
 
         /* The first page before meta data is a guard page */
         create_guard_page(p);

src/iso_alloc_sanity.c

@@ -220,7 +220,7 @@ INTERNAL_HIDDEN void *_iso_alloc_sample(size_t size) {
     }
 
     sane_alloc->orig_size = size;
-    void *p = mmap_rw_pages(g_page_size * 3, false);
+    void *p = mmap_rw_pages(g_page_size * 3, false, SAMPLED_ALLOC_NAME);
 
     if(p == NULL) {
         LOG_AND_ABORT("Cannot allocate pages for sampled allocation");

src/malloc_hook.c

@@ -70,9 +70,15 @@ EXTERNAL_API void *memalign(size_t alignment, size_t s) {
     return iso_alloc(s);
 }
 
+#if __ANDROID__
+EXTERNAL_API size_t malloc_usable_size(const void *ptr) {
+    return iso_chunksz((void *)ptr);
+}
+#else
 EXTERNAL_API size_t malloc_usable_size(void *ptr) {
     return iso_chunksz(ptr);
 }
+#endif
 
 static void *libc_malloc(size_t s, const void *caller) {
     return iso_alloc(s);