From f2a7ccde75b218fb4a32bc8a90e0d9907731c78c Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sat, 3 Nov 2018 03:09:03 -0400 Subject: [PATCH] add basic overview of part of the approach to MTE --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 32c069b..0674fdf 100644 --- a/README.md +++ b/README.md @@ -235,6 +235,16 @@ was a bit less important and if a core goal was finding latent bugs. * Errors other than ENOMEM from mmap, munmap, mprotect and mremap treated as fatal, which can help to detect memory management gone wrong elsewhere in the process. +* [future] Memory tagging for slab allocations via MTE on ARMv8.5+ + * random memory tags as the baseline, providing probabilistic protection + against various forms of memory corruption + * dedicated tag for free slots, set on free, for deterministic protection + against accessing freed memory + * store previous random tag within freed slab allocations, and increment it + to get the next tag for that slot to provide deterministic use-after-free + detection through multiple cycles of memory reuse + * guarantee distinct tags for adjacent memory allocations by incrementing + past matching values for deterministic detection of linear overflows # Randomness