Set the top bit for tagged pointers.

Some applications may incorrectly assume that a "negative" pointer indicates error. By setting the top bit in TBI mode, we catch these cases as well. Although they don't directly indicate incompatibility with MTE (as MTE uses the 2nd-highest nibble) - this ensures we catch HWASan errors as well as reserve the bits for future MTE expansion. Bug: 154272452 Test: Boot flame, device boots successfully. Change-Id: I94a6821a82ce7ead59e6ca2dd113a5a50ee9e56b
2020-04-17 15:00:37 -07:00 · 2020-04-17 15:00:37 -07:00 · b125ca48de
parent 23ec1421b5
commit b125ca48de
1 changed files with 5 additions and 4 deletions
--- a/libc/bionic/malloc_tagged_pointers.h
+++ b/libc/bionic/malloc_tagged_pointers.h
@ -43,10 +43,11 @@
 // is also deliberately different from the standard pattern-init tag (0xAA), as
 // to be distinguishable from an uninitialized-pointer access. The first and
 // second nibbles are also deliberately designed to be the bitset-mirror of each
-// other (0b1100, 0b0011) in order to reduce incidental matches. Users must not
-// rely on the implementation-defined value of this pointer tag, as it may
-// change.
-static constexpr uintptr_t POINTER_TAG = 0x3C;
+// other (0b1011, 0b0100) in order to reduce incidental matches. We also ensure
+// that the top bit is set, as this catches incorrect code that assumes that a
+// "negative" pointer indicates error. Users must not rely on the
+// implementation-defined value of this pointer tag, as it may change.
+static constexpr uintptr_t POINTER_TAG = 0xB4;
 static constexpr unsigned UNTAG_SHIFT = 40;
 static constexpr unsigned CHECK_SHIFT = 48;
 static constexpr unsigned TAG_SHIFT = 56;