Skip to content

Commit

Permalink
Scrub deallocations before reallocation.
Browse files Browse the repository at this point in the history
  • Loading branch information
mjp41 committed Mar 31, 2023
1 parent 1077be0 commit 5474107
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 2 deletions.
3 changes: 2 additions & 1 deletion CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -490,7 +490,8 @@ if(NOT SNMALLOC_HEADER_ONLY_LIBRARY)
random_larger_thresholds;
random_initial;
random_preserve;
random_extra_slab)
random_extra_slab;
scrub_free)


foreach (MITIGATION ${MITIGATIONS})
Expand Down
8 changes: 7 additions & 1 deletion src/snmalloc/ds_core/mitigations.h
Original file line number Diff line number Diff line change
Expand Up @@ -209,12 +209,18 @@ namespace snmalloc
* model.
*/
static constexpr mitigation::type pal_enforce_access{1 << 13};
/**
* If this mitigation is enabled, then deallocations are
* scrubbed before reallocation. This prevents data leaks
* by looking into uninitialised memory.
*/
static constexpr mitigation::type scrub_free{1 << 14};

constexpr mitigation::type full_checks = random_pagemap +
random_larger_thresholds + freelist_forward_edge + freelist_backward_edge +
freelist_teardown_validate + random_initial + random_preserve +
metadata_protection + random_extra_slab + reuse_LIFO + sanity_checks +
clear_meta + pal_enforce_access;
clear_meta + pal_enforce_access + scrub_free;

constexpr mitigation::type no_checks{0};

Expand Down
6 changes: 6 additions & 0 deletions src/snmalloc/mem/corealloc.h
Original file line number Diff line number Diff line change
Expand Up @@ -688,6 +688,12 @@ namespace snmalloc
is_start_of_object(entry.get_sizeclass(), address_cast(p)),
"Not deallocating start of an object");

if (mitigations(scrub_free))
{
Config::Pal::zero(
p.unsafe_ptr(), sizeclass_full_to_size(entry.get_sizeclass()));
}

auto cp = p.as_static<freelist::Object::T<>>();

auto& key = entropy.get_free_list_key();
Expand Down

0 comments on commit 5474107

Please sign in to comment.