From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nsz@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1944)
	id 669D33852C56; Wed, 23 Nov 2022 14:46:49 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 669D33852C56
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1669214809;
	bh=6f9XZKbDh2KC8Su36i9GANRDwslSIxePg703GAM0sLM=;
	h=From:To:Subject:Date:From;
	b=BX1im2n7FnRDHWUuCKNmKC2FwVORvGAtXJFBNDZbltLWZVcKPJLaL5YzJcVriKz6F
	 it6W4wMn6ypHgsWUouGta9QIsO6ouE+EifshYeRqxo24LSZB/kMEj+bA3DksmC9hhd
	 coSFW2uAFq/Oz8EqtQGNVHbkwC7tQn5OxtZU1cHg=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Szabolcs Nagy <nsz@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/arm/morello/main] cheri: malloc: Disable pointer protection
X-Act-Checkin: glibc
X-Git-Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
X-Git-Refname: refs/heads/arm/morello/main
X-Git-Oldrev: cd345f5c03e504faca874e1da74bc966a379cedb
X-Git-Newrev: 0f2a4c9573e3c1f2e593f450cc27e6f4e6a84ddc
Message-Id: <20221123144649.669D33852C56@sourceware.org>
Date: Wed, 23 Nov 2022 14:46:49 +0000 (GMT)
List-Id: <glibc-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f2a4c9573e3c1f2e593f450cc27e6f4e6a84ddc

commit 0f2a4c9573e3c1f2e593f450cc27e6f4e6a84ddc
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date:   Wed Jul 7 14:21:40 2021 +0100

    cheri: malloc: Disable pointer protection
    
    Such arithmetic invalidates capabilities so this security measure does
    not work for CHERI.
    
    Note: the architecture makes it hard to corrupt pointers in malloc
    metadata, but not impossible: current allocation bounds include the
    metadata and capabilities are not revoked after free. These issues can
    be fixed by a capability aware malloc.

Diff:
---
 malloc/malloc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/malloc/malloc.c b/malloc/malloc.c
index bd3c76ed31..062ca0dc0a 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -341,8 +341,12 @@ Fatal glibc error: malloc assertion failure in %s: %s\n",
    It assumes a minimum page size of 4096 bytes (12 bits).  Systems with
    larger pages provide less entropy, although the pointer mangling
    still works.  */
+#ifdef __CHERI_PURE_CAPABILITY__
+#define PROTECT_PTR(pos, ptr) (ptr)
+#else
 #define PROTECT_PTR(pos, ptr) \
   ((__typeof (ptr)) ((((size_t) pos) >> 12) ^ ((size_t) ptr)))
+#endif
 #define REVEAL_PTR(ptr)  PROTECT_PTR (&ptr, ptr)
 
 /*