mte: disable slab canaries when MTE is on

Canary with the "0" value is now reserved to support re-enabling slab canaries if MTE is turned off at runtime.
2024-10-01 01:36:01 -04:00 · 2023-10-26 10:19:20 +03:00 · 2023-10-26 10:19:20 +03:00 · 597d0c3064
commit 597d0c3064
parent d80e2f232c
1 changed files with 24 additions and 0 deletions
--- a/h_malloc.c
+++ b/h_malloc.c
@ -484,19 +484,43 @@ static void set_slab_canary_value(UNUSED struct slab_metadata *metadata, UNUSED
        0x00ffffffffffffffUL;

    metadata->canary_value = get_random_u64(rng) & canary_mask;
+#ifdef HAS_ARM_MTE
+    if (unlikely(metadata->canary_value == 0)) {
+        metadata->canary_value = 0x100;
+    }
+#endif
 #endif
 }

 static void set_canary(UNUSED const struct slab_metadata *metadata, UNUSED void *p, UNUSED size_t size) {
 #if SLAB_CANARY
+#ifdef HAS_ARM_MTE
+    if (likely(is_memtag_enabled())) {
+        return;
+    }
+#endif
+
    memcpy((char *)p + size - canary_size, &metadata->canary_value, canary_size);
 #endif
 }

 static void check_canary(UNUSED const struct slab_metadata *metadata, UNUSED const void *p, UNUSED size_t size) {
 #if SLAB_CANARY
+#ifdef HAS_ARM_MTE
+    if (likely(is_memtag_enabled())) {
+        return;
+    }
+#endif
+
    u64 canary_value;
    memcpy(&canary_value, (const char *)p + size - canary_size, canary_size);
+
+#ifdef HAS_ARM_MTE
+    if (unlikely(canary_value == 0)) {
+        return;
+    }
+#endif
+
    if (unlikely(canary_value != metadata->canary_value)) {
        fatal_error("canary corrupted");
    }