Finished up the unified metadata region for my hardened allocator:
github.com/AndroidHardeni
It avoids reusing metadata address space for other purposes and vice versa along with having high entropy random guard regions. It will use Memory Protection Keys or memory tagging too.
Conversation
Replying to
The only other allocator state becomes read-only before main:
github.com/AndroidHardeni
Similarly, each slab allocation size class has a reserved memory region with high entropy guard regions around it. Only large multi-page allocations are mixed and each one has random guards.
1
1
The test/offset.c utility shows off size class regions:
github.com/AndroidHardeni
Output with glibc as a simple baseline:
gist.github.com/thestinger/b4d
More interesting output with my hardened allocator:
gist.github.com/thestinger/eea
It's specifically designed for 64-bit architectures.
1
1
1
It reserves a massive PROT_NONE region for all slab allocations, divided up into isolated regions for each size class. It determines slab allocation size based on address range and the offset from the randomized class region base provides the slab metadata index and bitmap index.