From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nsz@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1944)
	id 74B183865C2C; Wed, 26 Oct 2022 15:18:21 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 74B183865C2C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1666797502;
	bh=1U8/qq+tvEGehjQbY7c1l2Uo7yVTwMbvQdXpTDYU7JU=;
	h=From:To:Subject:Date:From;
	b=JeDMV3D67rujg2vGN43A3vmUedbJpfDTx0So3cReucMWpgQG3NFKI9JffKhMlQ/Q8
	 cYX05FjxB8mQvIqcJSHn4S8UsJ2A7DEWLIz3l8wvxvGnvz05XJIrTOm9wCpVzeE7J1
	 /TfUpEoT5M4Oov8P0wC2c7deTfPlUh48Xr0YNI0Q=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Szabolcs Nagy <nsz@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/arm/morello/main] cheri: malloc: Disable pointer protection
X-Act-Checkin: glibc
X-Git-Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
X-Git-Refname: refs/heads/arm/morello/main
X-Git-Oldrev: 9e285f1d642b5ea89710ef1882b89caa9fa2f6e4
X-Git-Newrev: 5440678ee1801698f97c52e227aaeff7a84e4516
Message-Id: <20221026151822.74B183865C2C@sourceware.org>
Date: Wed, 26 Oct 2022 15:18:21 +0000 (GMT)
List-Id: <glibc-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5440678ee1801698f97c52e227aaeff7a84e4516

commit 5440678ee1801698f97c52e227aaeff7a84e4516
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date:   Wed Jul 7 14:21:40 2021 +0100

    cheri: malloc: Disable pointer protection
    
    Such arithmetic invalidates capabilities so this security measure does
    not work for CHERI.
    
    Note: the architecture makes it hard to corrupt pointers in malloc
    metadata, but not impossible: current allocation bounds include the
    metadata and capabilities are not revoked after free. These issues can
    be fixed by a capability aware malloc.

Diff:
---
 malloc/malloc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/malloc/malloc.c b/malloc/malloc.c
index bd3c76ed31..062ca0dc0a 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -341,8 +341,12 @@ Fatal glibc error: malloc assertion failure in %s: %s\n",
    It assumes a minimum page size of 4096 bytes (12 bits).  Systems with
    larger pages provide less entropy, although the pointer mangling
    still works.  */
+#ifdef __CHERI_PURE_CAPABILITY__
+#define PROTECT_PTR(pos, ptr) (ptr)
+#else
 #define PROTECT_PTR(pos, ptr) \
   ((__typeof (ptr)) ((((size_t) pos) >> 12) ^ ((size_t) ptr)))
+#endif
 #define REVEAL_PTR(ptr)  PROTECT_PTR (&ptr, ptr)
 
 /*