On Tue 2017-09-05 14:44:56, David Miller wrote: > From: Pavel Machek <pavel@xxxxxx> > Date: Mon, 4 Sep 2017 18:25:30 +0200 > > > Will gcc be able to compile code that uses these automatically? That > > does not sound easy to me. Can libc automatically use this in malloc() > > to prevent accessing freed data when buffers are overrun? > > > > Is this for benefit of JITs? > > Anything that can control mappings and the virtual address used to > access memory can use ADI. > > malloc() is of course one such case. It can map memory with ADI > enabled, and return buffer addresses to malloc() callers with the > proper virtual address bits set to satisfy the ADI key checks. > > And by induction anything using malloc() for it's memory allocation > gets ADI protection as well. I see; that's actually quite a nice trick. I guess it does not protect against stack-based overflows, but should help against heap-based overflows, so it improves security a bit, too. Nice, thanks for explanation. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature