[PATCH] D93731: [wip] scudo: Support memory tagging in the secondary allocator.
Peter Collingbourne via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Dec 22 13:49:58 PST 2020
pcc created this revision.
pcc added reviewers: eugenis, hctim, cryptoad.
Herald added a subscriber: jfb.
pcc requested review of this revision.
Herald added a project: Sanitizers.
Herald added a subscriber: Sanitizers.
This patch enhances the secondary allocator to be able to detect
use-after-free, buffer overflow and (on hardware supporting
memory tagging) buffer underflow.
Use-after-free detection is implemented by setting memory page
protection to PROT_NONE on free. Because this must be done immediately
rather than after the memory has been quarantined, we no longer use the
combined allocator quarantine for secondary allocations. Instead, a
quarantine has been added to the secondary allocator cache.
Buffer overflow detection is implemented by aligning the allocation
to the right of the writable pages, so that any overflows will
spill into the guard page to the right of the allocation, which
will have PROT_NONE page protection. Because this would require the
secondary allocator to produce a header at the correct position,
the responsibility for ensuring chunk alignment has been moved to
the secondary allocator.
Buffer underflow detection has been implemented on hardware supporting
memory tagging by tagging the memory region between the start of the
mapping and the start of the allocation with a non-zero tag. Due to
the cost of pre-tagging secondary allocations, the allocation itself
uses a tag of 0.
TODO:
- Add Fuchsia implementation of setMemoryPermission()
Depends on D93730 <https://reviews.llvm.org/D93730>
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D93731
Files:
compiler-rt/lib/scudo/standalone/allocator_config.h
compiler-rt/lib/scudo/standalone/combined.h
compiler-rt/lib/scudo/standalone/common.h
compiler-rt/lib/scudo/standalone/fuchsia.cpp
compiler-rt/lib/scudo/standalone/linux.cpp
compiler-rt/lib/scudo/standalone/memtag.h
compiler-rt/lib/scudo/standalone/secondary.h
compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
compiler-rt/lib/scudo/standalone/tests/secondary_test.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D93731.313427.patch
Type: text/x-patch
Size: 37004 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201222/f791e816/attachment-0001.bin>
More information about the llvm-commits
mailing list