cheri: malloc: Disable pointer protection

Such arithmetic invalidates capabilities so this security measure does not work for CHERI. Note: the architecture makes it hard to corrupt pointers in malloc metadata, but not impossible: current allocation bounds include the metadata and capabilities are not revoked after free. These issues can be fixed by a capability aware malloc.
author: Szabolcs Nagy <szabolcs.nagy@arm.com> 2021-07-07 14:21:40 +0100
committer: Szabolcs Nagy <szabolcs.nagy@arm.com> 2022-11-22 14:31:25 +0000
commit: 0f2a4c9573e3c1f2e593f450cc27e6f4e6a84ddc (patch)
tree: 79b9c2f3d0e2284fc2dc941b040704a55956eb3e /malloc/malloc.c
parent: cd345f5c03e504faca874e1da74bc966a379cedb (diff)
download: glibc-0f2a4c9573e3c1f2e593f450cc27e6f4e6a84ddc.tar.xz
glibc-0f2a4c9573e3c1f2e593f450cc27e6f4e6a84ddc.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/malloc/malloc.c b/malloc/malloc.c
index bd3c76ed31..062ca0dc0a 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -341,8 +341,12 @@ Fatal glibc error: malloc assertion failure in %s: %s\n",
    It assumes a minimum page size of 4096 bytes (12 bits).  Systems with
    larger pages provide less entropy, although the pointer mangling
    still works.  */
+#ifdef __CHERI_PURE_CAPABILITY__
+#define PROTECT_PTR(pos, ptr) (ptr)
+#else
 #define PROTECT_PTR(pos, ptr) \
   ((__typeof (ptr)) ((((size_t) pos) >> 12) ^ ((size_t) ptr)))
+#endif
 #define REVEAL_PTR(ptr)  PROTECT_PTR (&ptr, ptr)
 
 /*
author	Szabolcs Nagy <szabolcs.nagy@arm.com>	2021-07-07 14:21:40 +0100
committer	Szabolcs Nagy <szabolcs.nagy@arm.com>	2022-11-22 14:31:25 +0000
commit	0f2a4c9573e3c1f2e593f450cc27e6f4e6a84ddc (patch)
tree	79b9c2f3d0e2284fc2dc941b040704a55956eb3e /malloc/malloc.c
parent	cd345f5c03e504faca874e1da74bc966a379cedb (diff)
download	glibc-0f2a4c9573e3c1f2e593f450cc27e6f4e6a84ddc.tar.xz glibc-0f2a4c9573e3c1f2e593f450cc27e6f4e6a84ddc.zip