diff options
author | Evgenii Stepanov <eugenis@google.com> | 2021-06-24 22:21:37 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-06-24 22:21:37 +0000 |
commit | d7dc376eb94fc0182c75d35e610b48e6eb68d7a0 (patch) | |
tree | 4b400ff3b5f666e3ed1e03c379dde2ed427e8b1f | |
parent | 394cfd4d979fdeea886c8df222fbf0784d525b4b (diff) | |
parent | a44aa2e1381c9de60d287f27ac59751e7a8cc999 (diff) | |
download | bionic-d7dc376eb94fc0182c75d35e610b48e6eb68d7a0.tar.gz |
Add definition of M_MEMTAG_TUNING. am: a44aa2e138
Original change: https://googleplex-android-review.googlesource.com/c/platform/bionic/+/15097261
Change-Id: I47dd4396b2b9ec3a053344ed0b091a6187b839d7
-rw-r--r-- | libc/include/malloc.h | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/libc/include/malloc.h b/libc/include/malloc.h index bae1f6823..f7beb2c10 100644 --- a/libc/include/malloc.h +++ b/libc/include/malloc.h @@ -170,7 +170,45 @@ int malloc_info(int __must_be_zero, FILE* __fp) __INTRODUCED_IN(23); * Available since API level 28. */ #define M_PURGE (-101) -/* + + +/** + * mallopt() option to tune the allocator's choice of memory tags to + * make it more likely that a certain class of memory errors will be + * detected. This is only relevant if MTE is enabled in this process + * and ignored otherwise. The value argument should be one of the + * M_MEMTAG_TUNING_* flags. + * NOTE: This is only available in scudo. + * + * Available since API level 31. + */ +#define M_MEMTAG_TUNING (-102) + +/** + * When passed as a value of M_MEMTAG_TUNING mallopt() call, enables + * deterministic detection of linear buffer overflow and underflow + * bugs by assigning distinct tag values to adjacent allocations. This + * mode has a slightly reduced chance to detect use-after-free bugs + * because only half of the possible tag values are available for each + * memory location. + * + * Please keep in mind that MTE can not detect overflow within the + * same tag granule (16-byte aligned chunk), and can miss small + * overflows even in this mode. Such overflow can not be the cause of + * a memory corruption, because the memory within one granule is never + * used for multiple allocations. + */ +#define M_MEMTAG_TUNING_BUFFER_OVERFLOW 0 + +/** + * When passed as a value of M_MEMTAG_TUNING mallopt() call, enables + * independently randomized tags for uniform ~93% probability of + * detecting both spatial (buffer overflow) and temporal (use after + * free) bugs. + */ +#define M_MEMTAG_TUNING_UAF 1 + +/** * mallopt() option for per-thread memory initialization tuning. * The value argument should be one of: * 1: Disable automatic heap initialization and, where possible, memory tagging, @@ -210,7 +248,7 @@ int malloc_info(int __must_be_zero, FILE* __fp) __INTRODUCED_IN(23); * should not be zero-initialized, any other value indicates to initialize heap * memory to zero. * - * Note that this memory mitigations is only implemented in scudo and therefore + * Note that this memory mitigation is only implemented in scudo and therefore * this will have no effect when using another allocator (such as jemalloc on * Android Go devices). * @@ -222,6 +260,7 @@ int malloc_info(int __must_be_zero, FILE* __fp) __INTRODUCED_IN(23); * mallopt() option to change the heap tagging state. May be called at any * time, including when multiple threads are running. * The value must be one of the M_HEAP_TAGGING_LEVEL_ constants. + * NOTE: This is only available in scudo. * * Available since API level 31. */ |