Page MenuHomePhabricator

scudo: Interleave odd and even tags for adjacent blocks.
ClosedPublic

Authored by pcc on Jul 22 2020, 1:57 PM.

Details

Summary

This guarantees that we will detect a buffer overflow or underflow
that overwrites an adjacent block. This spatial guarantee is similar
to the temporal guarantee that we provide for immediate use-after-free.

Enabling odd/even tags involves a tradeoff between use-after-free
detection and buffer overflow detection. Odd/even tags make it more
likely for buffer overflows to be detected by increasing the size of
the guaranteed "red zone" around the allocation, but on the other
hand use-after-free is less likely to be detected because the tag
space for any particular chunk is cut in half. Therefore we introduce
a tuning setting to control whether odd/even tags are enabled.

Diff Detail

Event Timeline

pcc created this revision.Jul 22 2020, 1:57 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 22 2020, 1:57 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
pcc updated this revision to Diff 279986.Jul 22 2020, 5:46 PM
pcc edited the summary of this revision. (Show Details)

Add a tuning setting

vitalybuka added inline comments.
compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
496

in a separate patch, could you fix this?
somewhere in the begining

template  <class Base>
class TestAllocator : public Base {
  TestAllocator() {
    reset();
    // maybe releaseToOS();
  }
  ~TestAllocator() {
      unmapTestOnly();
  }
};

and then replace everywhere with

`
  TestAllocator<scudo::Allocator<scudo::AndroidConfig>> Allocator;
  ....
  useAllocator(Allocator);
pcc marked 2 inline comments as done.
pcc added inline comments.
compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
496

Seems mostly reasonable to me, see D84454. The allocator objects are too large to go on the stack, so I kept them on the heap.

eugenis accepted this revision.Jul 23 2020, 2:20 PM

LGTM

This revision is now accepted and ready to land.Jul 23 2020, 2:20 PM
This revision was automatically updated to reflect the committed changes.
pcc marked an inline comment as done.