Daniel Micay on Twitter: "You can see that there's a large reserved region for slabs, with sub-regions for each size class, and high entropy random gaps between them: https://t.co/2t0aTUSb3g Metadata for both slabs and large allocations is fully in a separate reserved region: https://t.co/6LUiKfp0bc" / Twitter

Here's an example of what the address space looks like in the AndroidHardening builds with github.com/AndroidHardeni: gist.github.com/thestinger/426 This is a debug build with memory mappings labels enabled. This is with -DGUARD_SLABS_INTERVAL=1 for adding a guard slab after every slab.

gist.github.com

netd_maps.txt

GitHub Gist: instantly share code, notes, and snippets.

1

2

9

Daniel Micay

@DanielMicay

You can see that there's a large reserved region for slabs, with sub-regions for each size class, and high entropy random gaps between them: gist.github.com/thestinger/426 Metadata for both slabs and large allocations is fully in a separate reserved region:

gist.github.com

netd_maps.txt

GitHub Gist: instantly share code, notes, and snippets.

4:12 AM · Mar 24, 2019Twitter Web Client

Replying to

Here's an active large allocation, showing the random gaps around it: gist.github.com/thestinger/426 Here's a large allocation that was freed, resulting in it being turned into a fresh PROT_NONE mapping until it's pushed out of the virtual memory quarantine:

gist.github.com

netd_maps.txt

GitHub Gist: instantly share code, notes, and snippets.

1

Conversation