retag the first 16 byte granule upon free

struct · Dec 22, 2023 · 31b50a1 · 31b50a1
1 parent 6d4baff
commit 31b50a1
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -86,6 +86,7 @@ When enabled, the `CPU_PIN` feature will restrict allocations from a given zone
 * `PROTECT_FREE_BIG_ZONES` Marks big zones on the free list as `PROT_NONE` when not in use
 * `BIG_ZONE_META_DATA_GUARD` Enables guard pages for big zone meta data
 * `BIG_ZONE_GUARD` Enables guard pages for big zone user pages
+* `ARM_MTE` Enables support for the ARM v8.5a Memory Tagging Extension
 
 ## Building
 
@@ -125,7 +126,7 @@ The Makefile targets are very simple:
 
 ## Android
 
-To build Android libraries for x86_64 and ARM64 architectures just `cd` into the `android/jni` directory and run `ndk-build`.
+To build Android libraries for the ARM64 architecture just `cd` into the `android/jni` directory and run `ndk-build`.
 
 For those of you on an M1 based Mac you can still build IsoAlloc with the following command:
 `arch -x86_64 /bin/bash -c $ANDROID_NDK_HOME/build/ndk-build`

diff --git a/src/iso_alloc.c b/src/iso_alloc.c
@@ -1418,6 +1418,16 @@ INTERNAL_HIDDEN void _iso_free_from_zone(void *p, iso_alloc_zone_t *zone, bool p
     }
 #endif
 
+#if ARM_MTE
+    if(_root->arm_mte_enabled == true) {
+        /* We want to catch immediate use-after-free without waiting
+         * for chunks to be free'd from the quarantine so we set a new
+         * random tag for the first 16 byte granule at this address */
+        p = iso_mte_create_tag(p, 0x0);
+        iso_mte_set_tag(p);
+    }
+#endif
+
     LOCK_ROOT();
     _iso_free_internal_unlocked(p, permanent, zone);
     UNLOCK_ROOT();