From 001fc865855aad7933bd2230a55267cd4ab5cdb9 Mon Sep 17 00:00:00 2001 From: Dmitry Muhomor Date: Thu, 26 Oct 2023 10:19:20 +0300 Subject: [PATCH] mte: disable slab canaries when MTE is on Canary with the "0" value is now reserved to support re-enabling slab canaries if MTE is turned off at runtime. --- h_malloc.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/h_malloc.c b/h_malloc.c index fc36ad7..9a3a732 100644 --- a/h_malloc.c +++ b/h_malloc.c @@ -484,19 +484,43 @@ static void set_slab_canary_value(UNUSED struct slab_metadata *metadata, UNUSED 0x00ffffffffffffffUL; metadata->canary_value = get_random_u64(rng) & canary_mask; +#ifdef HAS_ARM_MTE + if (unlikely(metadata->canary_value == 0)) { + metadata->canary_value = 0x100; + } +#endif #endif } static void set_canary(UNUSED const struct slab_metadata *metadata, UNUSED void *p, UNUSED size_t size) { #if SLAB_CANARY +#ifdef HAS_ARM_MTE + if (likely(is_memtag_enabled())) { + return; + } +#endif + memcpy((char *)p + size - canary_size, &metadata->canary_value, canary_size); #endif } static void check_canary(UNUSED const struct slab_metadata *metadata, UNUSED const void *p, UNUSED size_t size) { #if SLAB_CANARY +#ifdef HAS_ARM_MTE + if (likely(is_memtag_enabled())) { + return; + } +#endif + u64 canary_value; memcpy(&canary_value, (const char *)p + size - canary_size, canary_size); + +#ifdef HAS_ARM_MTE + if (unlikely(canary_value == 0)) { + return; + } +#endif + if (unlikely(canary_value != metadata->canary_value)) { fatal_error("canary corrupted"); }