diff options
author | Kostya Kortchinsky <kostyak@google.com> | 2017-12-05 17:08:29 +0000 |
---|---|---|
committer | Kostya Kortchinsky <kostyak@google.com> | 2017-12-05 17:08:29 +0000 |
commit | ebc7f4959ad5b862f4e3e40dc3fdb900b0a3ace2 (patch) | |
tree | 750a72d18ffb2f96f1d7818a79c8f99bb556bd26 /lib/scudo/scudo_allocator.h | |
parent | fb8b6179b308d48cc41430de90763b6616b84542 (diff) |
[scudo] Get rid of the thread local PRNG & header salt
Summary:
It was deemed that the salt in the chunk header didn't improve security
significantly (and could actually decrease it). The initial idea was that the
same chunk would different headers on different allocations, allowing for less
predictability. The issue is that gathering the same chunk header with different
salts can give information about the other "secrets" (cookie, pointer), and that
if an attacker leaks a header, they can reuse it anyway for that same chunk
anyway since we don't enforce the salt value.
So we get rid of the salt in the header. This means we also get rid of the
thread local Prng, and that we don't need a global Prng anymore as well. This
makes everything faster.
We reuse those 8 bits to store the `ClassId` of a chunk now (0 for a secondary
based allocation). This way, we get some additional speed gains:
- `ClassId` is computed outside of the locked block;
- `getActuallyAllocatedSize` doesn't need the `GetSizeClass` call;
- same for `deallocatePrimary`;
We add a sanity check at init for this new field (all sanity checks are moved
in their own function, `init` was getting crowded).
Reviewers: alekseyshl, flowerhack
Reviewed By: alekseyshl
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D40796
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319791 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/scudo/scudo_allocator.h')
-rw-r--r-- | lib/scudo/scudo_allocator.h | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/scudo/scudo_allocator.h b/lib/scudo/scudo_allocator.h index a517058ab..a561247de 100644 --- a/lib/scudo/scudo_allocator.h +++ b/lib/scudo/scudo_allocator.h @@ -39,16 +39,15 @@ enum ChunkState : u8 { typedef u64 PackedHeader; struct UnpackedHeader { u64 Checksum : 16; - u64 SizeOrUnusedBytes : 19; // Size for Primary backed allocations, amount of + u64 ClassId : 8; + u64 SizeOrUnusedBytes : 20; // Size for Primary backed allocations, amount of // unused bytes in the chunk for Secondary ones. - u64 FromPrimary : 1; u64 State : 2; // available, allocated, or quarantined u64 AllocType : 2; // malloc, new, new[], or memalign u64 Offset : 16; // Offset from the beginning of the backend // allocation to the beginning of the chunk // itself, in multiples of MinAlignment. See // comment about its maximum value and in init(). - u64 Salt : 8; }; typedef atomic_uint64_t AtomicPackedHeader; |