Integrate Hardened malloc into ROM

[Svirusx]

Hey, i'm trying to compile ROM GrapheneOS based for my Samsung S20 FE 5G as GSI. It boots only without Hardened malloc but i try to get it work with Hardened malloc and so much possible extra security settings like in real GrapheneOS for Pixels.

I'm getting all time: (log from pstore) [ 4.253501] [7: init: 1] init: [libfs_mgr]__mount(source=/d%v/blo#k/platform/soc/1d80000.ufshc/by-name/optics,ta2get=/optics(missing),type=ext4)=-1: No such file or directory [ 4.253506] [7: init: 1] init: [libfs_mgr]__mount return -1(source=iptics,target=/optics(missing),type=ext4,flags=1,options=barrier=1,discard): No such file or directory [ 4.253521] [7: init: 1] in)t: Failed0to mount optics, ig.orijg mount for no_fail partition [ 4.253834] [7: " init: 1] hnit8 Skipped settine INIT_AB_VERSION (not in rEcover9 Mode) [ 4.305822] Y6: init: 1] fatal allocator error: [ 4.305826] [6:   inIt: 1] faaled to allocate slab region [ 4.305831] [6: init: 1] [ 4.305858] [6: init: 1] hardened_malloc: fatal allocator error: failed to allocate slab region [ 4.305899] [: iniP: 1] libc: FAtal sigjal 6 (SIGABRT), code - (SI_QUEUE) in ti` 1 hinit), pid 1 (init) [ 4.307651] [6: init: 1] Kernel panic - not syncing: tTempted to kill init! exitcode=0x00007f00

I compiled too kernel based on https://github.com/anthraxx/linux-hardened/commits/4.19 Stock like kernel with commits from linux hardened: https://github.com/Svirusx/Nethunter-Kernel-S20_FE_5G/tree/Hardened_Kernel Removed more Samsung settings this one is like LineageOS kernel for S20 FE 5g https://github.com/Svirusx/Nethunter-Kernel-S20_FE_5G/tree/Hardened_Kernel_Cleaned Both my kernels boots fine with STOCK ROM and GrapheneOS GSI without Hardened Malloc.

Based on DivestOS patches which were extracted from GrapheneOS "https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/LineageOS-20.0/Patch.sh" Reverted patches which could make some problems with boots: (further same problem) 0002-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS) #XXX: some vendor blobs use sbrk 0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: some kernels do not have (working) getrandom 0002-Graphene_Bionic_Hardening-12.patch"; #Add XOR mangling mitigation for thread-local dtors (GrapheneOS) #XXX: patches from here on are known to cause boot issues 0002-Graphene_Bionic_Hardening-13.patch"; #Use a better pthread_attr junk filling pattern (GrapheneOS) 0002-Graphene_Bionic_Hardening-14.patch"; #Add guard page(s) between static_tls and stack (GrapheneOS) 0002-Graphene_Bionic_Hardening-15.patch"; #Move pthread_internal_t behind guard page (GrapheneOS) 0002-Graphene_Bionic_Hardening-16.patch"; #Add secondary stack randomization (GrapheneOS)

Anyone have idee what i could do wrong?

[thestinger]

You're missing the required kernel changes for 48-bit address space. Without that, you'd have to reduce the size of the class regions.

[Svirusx]

Thank you! i set in kernel defconfig: CONFIG_ARCH_MMAP_RND_BITS=33 CONFIG_ARM64_VA_BITS_48=y

I can now boot with Hardened Malloc without reverting any commit! I'm now busy with Nice to Have CTX profile match but this one is difficult. I have sniffed requests made by ROM which pass safetynet and GrapheneOs Sandboxed gapps requests looks same (props) but something in binary from request is another. I don't know of it would be possible to pass CTX profile match without editing gmscompat hmm anyway.. its only Nice to have for me.