[all-commits] [llvm/llvm-project] 7a0da8: scudo: Support memory tagging in the secondary all...

pcc via All-commits all-commits at lists.llvm.org
Mon Feb 22 14:36:03 PST 2021


  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 7a0da8894348e55d06403ec3af35fb65f97e31fa
      https://github.com/llvm/llvm-project/commit/7a0da8894348e55d06403ec3af35fb65f97e31fa
  Author: Peter Collingbourne <peter at pcc.me.uk>
  Date:   2021-02-22 (Mon, 22 Feb 2021)

  Changed paths:
    M compiler-rt/lib/scudo/standalone/allocator_config.h
    M compiler-rt/lib/scudo/standalone/combined.h
    M compiler-rt/lib/scudo/standalone/common.h
    M compiler-rt/lib/scudo/standalone/fuchsia.cpp
    M compiler-rt/lib/scudo/standalone/linux.cpp
    M compiler-rt/lib/scudo/standalone/memtag.h
    M compiler-rt/lib/scudo/standalone/primary64.h
    M compiler-rt/lib/scudo/standalone/secondary.h
    M compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
    M compiler-rt/lib/scudo/standalone/tests/secondary_test.cpp
    M compiler-rt/lib/scudo/standalone/tsd_exclusive.h
    M compiler-rt/lib/scudo/standalone/tsd_shared.h

  Log Message:
  -----------
  scudo: Support memory tagging in the secondary allocator.

This patch enhances the secondary allocator to be able to detect buffer
overflow, and (on hardware supporting memory tagging) use-after-free
and buffer underflow.

Use-after-free detection is implemented by setting memory page
protection to PROT_NONE on free. Because this must be done immediately
rather than after the memory has been quarantined, we no longer use the
combined allocator quarantine for secondary allocations. Instead, a
quarantine has been added to the secondary allocator cache.

Buffer overflow detection is implemented by aligning the allocation
to the right of the writable pages, so that any overflows will
spill into the guard page to the right of the allocation, which
will have PROT_NONE page protection. Because this would require the
secondary allocator to produce a header at the correct position,
the responsibility for ensuring chunk alignment has been moved to
the secondary allocator.

Buffer underflow detection has been implemented on hardware supporting
memory tagging by tagging the memory region between the start of the
mapping and the start of the allocation with a non-zero tag. Due to
the cost of pre-tagging secondary allocations and the memory bandwidth
cost of tagged accesses, the allocation itself uses a tag of 0 and
only the first four pages have memory tagging enabled.

Differential Revision: https://reviews.llvm.org/D93731




More information about the All-commits mailing list