Conversation

GrapheneOS uses our hardened_malloc allocator (github.com/GrapheneOS/har) with all the optional security features enabled. The optional slab quarantine features inherently need to use a substantial amount of memory in order to delay reuse of slab allocations as long as possible.

github.com

GitHub - GrapheneOS/hardened_malloc: Hardened allocator designed for modern systems. It has...

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-base...

Replying to

Is CONFIG_SEAL_METADATA used in GrapheneOS too?

Daniel Micay

@DanielMicay

Replying to

@sir_jollyroger

It's a hardware-based feature not available for on arm64. ARMv8.4 memory tagging is a drastically more useful feature that's going to provide that minor functionality along with far more useful protection of the data itself. 16-byte granularity memory protection with 4-bit tags.

1:02 AM · Mar 22, 2021Twitter Web App

Replying to

CONFIG_SEAL_METADATA doesn't have significant benefits. It was mostly a proof of concept for the x86_64 MPK feature. ARMv8.4 MTE is far more useful since it can be used to catch all accesses of free memory, all sequential heap overflows and a high chance for other corruption.

Replying to

That's good to know! Are there any upcoming snapdragon CPUs that will support ARMv8.4? Perhaps it might even make it into the Pixel 6.

Show replies