On Tue 2017-09-05 14:44:56, David Miller wrote: > From: Pavel Machek <pa...@ucw.cz> > Date: Mon, 4 Sep 2017 18:25:30 +0200 > > > Will gcc be able to compile code that uses these automatically? That > > does not sound easy to me. Can libc automatically use this in malloc() > > to prevent accessing freed data when buffers are overrun? > > > > Is this for benefit of JITs? > > Anything that can control mappings and the virtual address used to > access memory can use ADI. > > malloc() is of course one such case. It can map memory with ADI > enabled, and return buffer addresses to malloc() callers with the > proper virtual address bits set to satisfy the ADI key checks. > > And by induction anything using malloc() for it's memory allocation > gets ADI protection as well.
I see; that's actually quite a nice trick.
I guess it does not protect against stack-based overflows, but should
help against heap-based overflows, so it improves security a bit, too.
Nice, thanks for explanation.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature
