[PATCH] D152984: [scudo] Disable OddEvenTags by default.

Evgenii Stepanov via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Wed Jun 14 17:05:51 PDT 2023 

eugenis created this revision.
eugenis added reviewers: pcc, fmayer, hctim, cferris.
Herald added subscribers: yaneury, Chia-hungDuan, Enna1, cryptoad.
Herald added a project: All.
eugenis requested review of this revision.
Herald added a project: Sanitizers.
Herald added a subscriber: Sanitizers.

Scudo has zero-tagged headers between any two allocation that will catch
a linear buffer overflow of up to 16 bytes. OddEvenTags extends this
guarantee to one chunk of the given SizeClass at the cost of the reduced
entropy for all heap tags (i.e. lower chance to catch use-after-free and
large overflows).

Given that the first 16 bytes are already deterministic, I feel this is
a bad tradeoff.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D152984

Files:
  compiler-rt/lib/scudo/standalone/combined.h
  compiler-rt/lib/scudo/standalone/tests/combined_test.cpp


Index: compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
===================================================================
--- compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
+++ compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
@@ -641,6 +641,7 @@
 
 SCUDO_TYPED_TEST(ScudoCombinedTest, OddEven) {
   auto *Allocator = this->Allocator.get();
+  Allocator->setOption(scudo::Option::MemtagTuning, M_MEMTAG_TUNING_BUFFER_OVERFLOW);
 
   if (!Allocator->useMemoryTaggingTestOnly())
     return;
Index: compiler-rt/lib/scudo/standalone/combined.h
===================================================================
--- compiler-rt/lib/scudo/standalone/combined.h
+++ compiler-rt/lib/scudo/standalone/combined.h
@@ -166,7 +166,6 @@
     if (allocatorSupportsMemoryTagging<Config>() &&
         systemSupportsMemoryTagging())
       Primary.Options.set(OptionBit::UseMemoryTagging);
-    Primary.Options.set(OptionBit::UseOddEvenTags);
 
     QuarantineMaxChunkSize =
         static_cast<u32>(getFlags()->quarantine_max_chunk_size);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D152984.531577.patch
Type: text/x-patch
Size: 1053 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20230615/bfd2a519/attachment.bin>

More information about the llvm-commits mailing list