GrapheneOS based on Android 10 will now inherit Scudo as the allocator for legacy 32-bit processes, which aren't covered by hardened_malloc due to the non-traditional design with a dedicated metadata region and size class regions without any address space reuse between them.
Conversation
Replying to
Scudo provides a much more traditional allocator design with inline metadata and weaker security properties. It's a nice improvement over jemalloc sacrificing some performance and particularly memory usage for stronger security properties. There's primarily overlap between the...
1
3
... compile-time optional features of hardened_malloc and the security features of Scudo.
There's little overlap with the strong baseline security properties of hardened_malloc which is essentially OpenBSD malloc taken to the extreme by not having 32-bit support as a constraint.
1
1
The only code it shares with OpenBSD malloc is the borrowed linear hash table implementation, but it's heavily inspired by OpenBSD's approach to fully avoiding inline metadata. It takes over organization of the address space from the OS to have dedicated regions for metadata and
1
1
each size class along with making features like enforced guards between each slab incredibly cheap and able to be the default. Medium sized allocations have 1 allocation per slab, so each has guard pages, and every large allocation has randomly sized guards proportional to size.
1
2
Our previous plan was to make another port of OpenBSD malloc to cover 32-bit processes until multiarch support is finally removed. OpenBSD malloc has design advantages over Scudo, but it's also missing some of the features of Scudo, and we'd need to extend it to match those.
1
2
Not going to be spending all that time focused on 32-bit since multiarch support is explicitly on the way out with an official timeline for phasing out support for 32-bit apps. Better to focus on the future and leave it as it is. Many other reasons 64-bit ARM is better anyway.
2
Replying to
when it will happen that GrapheneOS will be available to other brand not just only to Google pixels?
1
Replying to
It's available for any device with AOSP support if you port over the device-specific changes and build it from source. Recommend reading grapheneos.org/faq#device-sup. We have no plans to support devices with weaker security than the strong baseline set by Pixels.
1
2
Show replies