cheri: malloc: Disable pointer protection

Such arithmetic invalidates capabilities so this security measure does not work for CHERI. Note: the architecture makes it hard to corrupt pointers in malloc metadata, but not impossible: current allocation bounds include the metadata and capabilities are not revoked after free. These issues can be fixed by a capability aware malloc.
author: Szabolcs Nagy <szabolcs.nagy@arm.com> 2021-07-07 14:21:40 +0100
committer: Szabolcs Nagy <szabolcs.nagy@arm.com> 2022-08-05 19:45:19 +0100
commit: b3d26f52f7084c1f008b3c746c01db4f122f7879 (patch)
tree: d111fc92953b9c425f032b88a5100b9bb32aecaa
parent: 0205012984bc65f70d6324d9bc2338b7b23f4533 (diff)
download: glibc-b3d26f52f7084c1f008b3c746c01db4f122f7879.zip
glibc-b3d26f52f7084c1f008b3c746c01db4f122f7879.tar.gz
glibc-b3d26f52f7084c1f008b3c746c01db4f122f7879.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/malloc/malloc.c b/malloc/malloc.c
index bd3c76e..062ca0d 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -341,8 +341,12 @@ Fatal glibc error: malloc assertion failure in %s: %s\n",
    It assumes a minimum page size of 4096 bytes (12 bits).  Systems with
    larger pages provide less entropy, although the pointer mangling
    still works.  */
+#ifdef __CHERI_PURE_CAPABILITY__
+#define PROTECT_PTR(pos, ptr) (ptr)
+#else
 #define PROTECT_PTR(pos, ptr) \
   ((__typeof (ptr)) ((((size_t) pos) >> 12) ^ ((size_t) ptr)))
+#endif
 #define REVEAL_PTR(ptr)  PROTECT_PTR (&ptr, ptr)
 
 /*
author	Szabolcs Nagy <szabolcs.nagy@arm.com>	2021-07-07 14:21:40 +0100
committer	Szabolcs Nagy <szabolcs.nagy@arm.com>	2022-08-05 19:45:19 +0100
commit	b3d26f52f7084c1f008b3c746c01db4f122f7879 (patch)
tree	d111fc92953b9c425f032b88a5100b9bb32aecaa
parent	0205012984bc65f70d6324d9bc2338b7b23f4533 (diff)
download	glibc-b3d26f52f7084c1f008b3c746c01db4f122f7879.zip glibc-b3d26f52f7084c1f008b3c746c01db4f122f7879.tar.gz glibc-b3d26f52f7084c1f008b3c746c01db4f122f7879.tar.bz2