Git-Mirrors/hardened_malloc
1
0
Fork 0
mirror of https://github.com/GrapheneOS/hardened_malloc.git synced 2025-05-24 08:51:14 -04:00
Code Issues Projects Releases Packages Wiki Activity

mte: use tag 0 for freed slots, stop reserving tag 15

Browse source
This commit is contained in:
Dmitry Muhomor 2024-01-23 19:50:26 +02:00 committed by Daniel Micay
parent 3c1f40aff0
commit 7268189933
4 changed files with 17 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

5
h_malloc.c
View file

@ -574,9 +574,8 @@ static void *tag_and_clear_slab_slot(struct slab_metadata *metadata, void *slot_
// is constructed.
u8 *slot_tags = metadata->arm_mte_tags;
// Tag exclusion mask. 0 tag is always excluded to detect accesses to slab memory via untagged
// pointers. Moreover, 0 tag is excluded in bionic via PR_MTE_TAG_MASK prctl
u64 tem = (1 << 0) | (1 << RESERVED_TAG);
// tag exclusion mask
u64 tem = (1 << RESERVED_TAG);
// current or previous tag of left neighbor or 0 if there's no left neighbor or if it was never used
tem |= (1 << u4_arr_get(slot_tags, slot_idx));