[PATCH] D70762: scudo: Add initial memory tagging support.
Mitch Phillips via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Nov 27 11:13:45 PST 2019
hctim added inline comments.
================
Comment at: compiler-rt/lib/scudo/standalone/combined.h:247
+ // faulting potentially large numbers of pages for large secondary
+ // allocations. We assume that guard pages are enough to protect these
+ // allocations.
----------------
In Chromium, ~11% of bugs are nonlinear (as determined with `Heap-buffer-*flow READ|WRITE {*}` over `Heap-buffer-*flow` with a fixed deterministic size).
The fixed size classes only go up to 24-byte allocations, so anything `24 < x <= [a page]` also land in this bucket - but we're also not counting wild SEGVs or UBSan errors that allow for attacker-controlled offsets...
I think it worth it to have a tagged secondary - although I underderstand there's some performance implications of this. Maybe guarded behind a runtime flag?
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D70762/new/
https://reviews.llvm.org/D70762
More information about the llvm-commits
mailing list