add basic overview of part of the approach to MTE
parent
1da51ddde1
commit
f2a7ccde75
10
README.md
10
README.md
|
@ -235,6 +235,16 @@ was a bit less important and if a core goal was finding latent bugs.
|
||||||
* Errors other than ENOMEM from mmap, munmap, mprotect and mremap treated
|
* Errors other than ENOMEM from mmap, munmap, mprotect and mremap treated
|
||||||
as fatal, which can help to detect memory management gone wrong elsewhere
|
as fatal, which can help to detect memory management gone wrong elsewhere
|
||||||
in the process.
|
in the process.
|
||||||
|
* [future] Memory tagging for slab allocations via MTE on ARMv8.5+
|
||||||
|
* random memory tags as the baseline, providing probabilistic protection
|
||||||
|
against various forms of memory corruption
|
||||||
|
* dedicated tag for free slots, set on free, for deterministic protection
|
||||||
|
against accessing freed memory
|
||||||
|
* store previous random tag within freed slab allocations, and increment it
|
||||||
|
to get the next tag for that slot to provide deterministic use-after-free
|
||||||
|
detection through multiple cycles of memory reuse
|
||||||
|
* guarantee distinct tags for adjacent memory allocations by incrementing
|
||||||
|
past matching values for deterministic detection of linear overflows
|
||||||
|
|
||||||
# Randomness
|
# Randomness
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue