From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nsz@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1944)
 id 50B7F3857B9A; Fri,  5 Aug 2022 19:35:35 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 50B7F3857B9A
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Szabolcs Nagy <nsz@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/arm/morello/main] cheri: malloc: Disable pointer protection
X-Act-Checkin: glibc
X-Git-Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
X-Git-Refname: refs/heads/arm/morello/main
X-Git-Oldrev: 0205012984bc65f70d6324d9bc2338b7b23f4533
X-Git-Newrev: b3d26f52f7084c1f008b3c746c01db4f122f7879
Message-Id: <20220805193535.50B7F3857B9A@sourceware.org>
Date: Fri,  5 Aug 2022 19:35:35 +0000 (GMT)
X-BeenThere: glibc-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-cvs mailing list <glibc-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-cvs/>
List-Help: <mailto:glibc-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2022 19:35:35 -0000

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b3d26f52f7084c1f008b3c746c01db4f122f7879

commit b3d26f52f7084c1f008b3c746c01db4f122f7879
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date:   Wed Jul 7 14:21:40 2021 +0100

    cheri: malloc: Disable pointer protection
    
    Such arithmetic invalidates capabilities so this security measure does
    not work for CHERI.
    
    Note: the architecture makes it hard to corrupt pointers in malloc
    metadata, but not impossible: current allocation bounds include the
    metadata and capabilities are not revoked after free. These issues can
    be fixed by a capability aware malloc.

Diff:
---
 malloc/malloc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/malloc/malloc.c b/malloc/malloc.c
index bd3c76ed31..062ca0dc0a 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -341,8 +341,12 @@ Fatal glibc error: malloc assertion failure in %s: %s\n",
    It assumes a minimum page size of 4096 bytes (12 bits).  Systems with
    larger pages provide less entropy, although the pointer mangling
    still works.  */
+#ifdef __CHERI_PURE_CAPABILITY__
+#define PROTECT_PTR(pos, ptr) (ptr)
+#else
 #define PROTECT_PTR(pos, ptr) \
   ((__typeof (ptr)) ((((size_t) pos) >> 12) ^ ((size_t) ptr)))
+#endif
 #define REVEAL_PTR(ptr)  PROTECT_PTR (&ptr, ptr)
 
 /*