add basic overview of part of the approach to MTE

2024-10-01 01:36:01 -04:00 · 2018-11-03 03:09:03 -04:00 · 2018-11-03 03:09:03 -04:00 · f2a7ccde75
commit f2a7ccde75
parent 1da51ddde1
1 changed files with 10 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -235,6 +235,16 @@ was a bit less important and if a core goal was finding latent bugs.
    * Errors other than ENOMEM from mmap, munmap, mprotect and mremap treated
      as fatal, which can help to detect memory management gone wrong elsewhere
      in the process.
+* [future] Memory tagging for slab allocations via MTE on ARMv8.5+
+    * random memory tags as the baseline, providing probabilistic protection
+      against various forms of memory corruption
+    * dedicated tag for free slots, set on free, for deterministic protection
+      against accessing freed memory
+    * store previous random tag within freed slab allocations, and increment it
+      to get the next tag for that slot to provide deterministic use-after-free
+      detection through multiple cycles of memory reuse
+    * guarantee distinct tags for adjacent memory allocations by incrementing
+      past matching values for deterministic detection of linear overflows

 # Randomness