add named mappings for Android using prctl

Author: struct

Makefile

@@ -119,6 +119,10 @@ EXPERIMENTAL = -DEXPERIMENTAL=0
 ## In a release build you probably want them all to be 0
 DEBUG_LOG_FLAGS = -DDEBUG=1 -DLEAK_DETECTOR=1 -DMEM_USAGE=1
 
+## On Android we use prctl to name mappings so they are
+## visible in /proc/pid/maps
+NAMED_MAPPINGS = -DNAMED_MAPPINGS=1
+
 UNAME := $(shell uname)
 ifeq ($(UNAME), Darwin)
 OS_FLAGS = -framework Security
@@ -135,7 +139,7 @@ COMMON_CFLAGS = -Wall -Iinclude/ $(THREAD_SUPPORT) $(PRE_POPULATE_PAGES) $(START
 BUILD_ERROR_FLAGS = -Werror -pedantic -Wno-pointer-arith -Wno-gnu-zero-variadic-macro-arguments -Wno-format-pedantic
 CFLAGS = $(COMMON_CFLAGS) $(SECURITY_FLAGS) $(BUILD_ERROR_FLAGS) $(HOOKS) $(HEAP_PROFILER) -fvisibility=hidden \
 	-std=c11 $(SANITIZER_SUPPORT) $(ALLOC_SANITY) $(UNINIT_READ_SANITY) $(CPU_PIN) $(EXPERIMENTAL) $(UAF_PTR_PAGE) \
-	$(VERIFY_BIT_SLOT_CACHE)
+	$(VERIFY_BIT_SLOT_CACHE) $(NAMED_MAPPINGS)
 CXXFLAGS = $(COMMON_CFLAGS) -DCPP_SUPPORT=1 -std=c++17 $(SANITIZER_SUPPORT) $(HOOKS)
 EXE_CFLAGS = -fPIE
 GDB_FLAGS = -g -ggdb3 -fno-omit-frame-pointer

include/iso_alloc_internal.h

@@ -7,7 +7,7 @@
 #define _GNU_SOURCE 1
 #endif
 
-#if !__x86_64__
+#if !__aarch64__ && !__x86_64__
 #pragma message "IsoAlloc is untested and unsupported on 32 bit platforms"
 #endif
 
@@ -59,6 +59,11 @@
 #include <stdatomic.h>
 #endif
 
+#if __linux__ || __ANDROID__
+#include <sys/prctl.h>
+#endif
+
+
 #if defined(CPU_PIN) && defined(_GNU_SOURCE) && defined(__linux__)
 #include <sched.h>
 #endif
@@ -129,6 +134,16 @@
 #define OK 0
 #define ERR -1
 
+#ifdef __ANDROID__
+#ifndef PR_SET_VMA
+#define PR_SET_VMA 0x53564d41
+#endif
+
+#ifndef PR_SET_VMA_ANON_NAME
+#define PR_SET_VMA_ANON_NAME 0
+#endif
+#endif
+
 #define LIKELY(x) __builtin_expect(!!(x), 1)
 #define UNLIKELY(x) __builtin_expect(!!(x), 0)
 
@@ -507,7 +522,7 @@ INTERNAL_HIDDEN void _iso_alloc_protect_root(void);
 INTERNAL_HIDDEN void _iso_alloc_unprotect_root(void);
 INTERNAL_HIDDEN void _unmap_zone(iso_alloc_zone *zone);
 INTERNAL_HIDDEN void *create_guard_page(void *p);
-INTERNAL_HIDDEN void *mmap_rw_pages(size_t size, bool populate);
+INTERNAL_HIDDEN void *mmap_rw_pages(size_t size, bool populate, const char *name);
 INTERNAL_HIDDEN void *_iso_big_alloc(size_t size);
 INTERNAL_HIDDEN void *_iso_alloc(iso_alloc_zone *zone, size_t size);
 INTERNAL_HIDDEN void *_iso_alloc_bitslot_from_zone(bit_slot_t bitslot, iso_alloc_zone *zone);
@@ -525,6 +540,7 @@ INTERNAL_HIDDEN uint64_t __iso_alloc_mem_usage(void);
 INTERNAL_HIDDEN uint64_t rand_uint64(void);
 INTERNAL_HIDDEN size_t _iso_alloc_print_stats();
 INTERNAL_HIDDEN size_t _iso_chunk_size(void *p);
+INTERNAL_HIDDEN int32_t name_mapping(void *p, size_t sz, const char *name);
 INTERNAL_HIDDEN int8_t *_fmt(uint64_t n, uint32_t base);
 INTERNAL_HIDDEN void _iso_alloc_printf(int32_t fd, const char *f, ...);
 INTERNAL_HIDDEN void _initialize_profiler(void);

src/iso_alloc.c

@@ -254,7 +254,7 @@ INTERNAL_HIDDEN INLINE void iso_clear_user_chunk(uint8_t *p, size_t size) {
 
 INTERNAL_HIDDEN void *create_guard_page(void *p) {
     if(p == NULL) {
-        p = mmap_rw_pages(g_page_size, false);
+        p = mmap_rw_pages(g_page_size, false, "guard page");
 
         if(p == NULL) {
             LOG_AND_ABORT("Could not allocate guard page");
@@ -268,7 +268,7 @@ INTERNAL_HIDDEN void *create_guard_page(void *p) {
     return p;
 }
 
-INTERNAL_HIDDEN void *mmap_rw_pages(size_t size, bool populate) {
+INTERNAL_HIDDEN void *mmap_rw_pages(size_t size, bool populate, const char *name) {
     size = ROUND_UP_PAGE(size);
     void *p = NULL;
 
@@ -288,6 +288,10 @@ INTERNAL_HIDDEN void *mmap_rw_pages(size_t size, bool populate) {
         return NULL;
     }
 
+    if(name != NULL) {
+        name_mapping(p, size, name);
+    }
+
     return p;
 }
 
@@ -305,7 +309,7 @@ INTERNAL_HIDDEN iso_alloc_root *iso_alloc_new_root(void) {
 
     size_t _root_size = sizeof(iso_alloc_root) + (g_page_size << 1);
 
-    p = (void *) mmap_rw_pages(_root_size, true);
+    p = (void *) mmap_rw_pages(_root_size, true, "isoalloc root");
 
     if(p == NULL) {
         LOG_AND_ABORT("Cannot allocate pages for root");
@@ -340,11 +344,12 @@ INTERNAL_HIDDEN void iso_alloc_initialize_global_root(void) {
     _root->zones_size = ROUND_UP_PAGE(_root->zones_size);
 
     /* Allocate memory with guard pages to hold zone data */
-    void *p = mmap_rw_pages(_root->zones_size, false);
+    void *p = mmap_rw_pages(_root->zones_size, false, NULL);
     create_guard_page(p);
     create_guard_page((void *) (uintptr_t)(p + _root->zones_size) - g_page_size);
 
     _root->zones = (void *) (p + g_page_size);
+    name_mapping(p, _root->zones_size, "isoalloc zone metadata");
 
     for(int64_t i = 0; i < _default_zone_count; i++) {
         if((_iso_new_zone(default_zones[i], true)) == NULL) {
@@ -543,6 +548,13 @@ __attribute__((destructor(LAST_DTOR))) void iso_alloc_dtor(void) {
     UNLOCK_ROOT();
 }
 
+INTERNAL_HIDDEN int32_t name_mapping(void *p, size_t sz, const char *name) {
+#if NAMED_MAPPINGS && __ANDROID__
+    return prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, p, sz, name);
+#endif
+    return 0;
+}
+
 INTERNAL_HIDDEN iso_alloc_zone *iso_new_zone(size_t size, bool internal) {
     LOCK_ROOT();
     iso_alloc_zone *zone = _iso_new_zone(size, internal);
@@ -583,7 +595,7 @@ INTERNAL_HIDDEN iso_alloc_zone *_iso_new_zone(size_t size, bool internal) {
 
     /* All of the following fields are immutable
      * and should not change once they are set */
-    void *p = mmap_rw_pages(new_zone->bitmap_size + (_root->system_page_size << 1), true);
+    void *p = mmap_rw_pages(new_zone->bitmap_size + (_root->system_page_size << 1), true, "isoalloc zone bitmap");
 
     void *bitmap_pages_guard_below = p;
     new_zone->bitmap_start = (p + _root->system_page_size);
@@ -597,10 +609,18 @@ INTERNAL_HIDDEN iso_alloc_zone *_iso_new_zone(size_t size, bool internal) {
     madvise(new_zone->bitmap_start, new_zone->bitmap_size, MADV_WILLNEED);
     madvise(new_zone->bitmap_start, new_zone->bitmap_size, MADV_SEQUENTIAL);
 
+    char *name;
+
+    if(internal == true) {
+        name = "internal isoalloc user zone";
+    } else {
+        name = "custom isoalloc user zone";
+    }
+
     /* All user pages use MAP_POPULATE. This might seem like we are asking
      * the kernel to commit a lot of memory for us that we may never use
      * but when we call create_canary_chunks() that will happen anyway */
-    p = mmap_rw_pages(ZONE_USER_SIZE + (_root->system_page_size << 1), true);
+    p = mmap_rw_pages(ZONE_USER_SIZE + (_root->system_page_size << 1), true, name);
 
     void *user_pages_guard_below = p;
     new_zone->user_pages_start = (p + _root->system_page_size);
@@ -853,14 +873,14 @@ INTERNAL_HIDDEN void *_iso_big_alloc(size_t size) {
     if(big == NULL) {
         /* User data is allocated separately from big zone meta
          * data to prevent an attacker from targeting it */
-        void *user_pages = mmap_rw_pages((_root->system_page_size << BIG_ZONE_USER_PAGE_COUNT_SHIFT) + size, false);
+        void *user_pages = mmap_rw_pages((_root->system_page_size << BIG_ZONE_USER_PAGE_COUNT_SHIFT) + size, false, "isoalloc big zone user data");
 
         if(user_pages == NULL) {
             UNLOCK_BIG_ZONE();
             return NULL;
         }
 
-        void *p = mmap_rw_pages((_root->system_page_size * BIG_ZONE_META_DATA_PAGE_COUNT), false);
+        void *p = mmap_rw_pages((_root->system_page_size * BIG_ZONE_META_DATA_PAGE_COUNT), false, "isoalloc big zone metadata");
 
         /* The first page before meta data is a guard page */
         create_guard_page(p);