GrapheneOS [Unofficial]

https://grapheneos.social/@GrapheneOS/111369816784502180

Our latest release has hardware memory tagging (MTE) support for hardened_malloc enabled by default for 8th generation Pixels which added support for it.

We also want to enable Clang's stack allocation MTE and Chromium's MTE support for Vanadium soon.

hardened_malloc sets random memory tags for each slab allocation which includes everything 128k and below. This provides probabilistic memory safety for the heap. It also excludes certain tags to provide multiple deterministic guarantees preventing classes of memory corruption.

hardened_malloc excludes default zero tag, a reserved free tag, current or previous (if free) tag of neighboring allocations and previous tag used for the last allocation in the same slot. Excluding neighboring tags means small and linear underflows/overflows are always detected.

Use-after-free is always detected until a new allocation with same random tag is made in the same slot. hardened_malloc has a per-size-class slab allocation quarantine with 2 parts (randomized and first-in-first-out) to delay reuse of the slot at the cost of wasting some memory.

Since previous tag is also excluded in addition to the reserved free tag, use-after-free is guaranteed to be detected for a cycle through both quarantines, an additional allocation cycle and then another round through both quarantines before there's a chance the same tag is used.