p < q is only defined if they point into the same thing, I think?
This Tweet was deleted by the Tweet author. Learn more
Conversation
It's only required to work within objects. I also don't think typical uses of pointer authentication will impact anything other than pointers not directly available to C without compiler intrinsics (return addresses) and function pointers. It won't be used for most regular data.
1
I believe people are working on making malloc produce authenticated pointers.
1
Verifying that pointers passed to free and realloc were created by malloc doesn't seem particularly useful. Maybe I'm misunderstanding how it would be used. I also don't find this to be a particularly compelling feature. ARMv8.5 MTE (memory tagging) is a great feature though.
I'd have preferred if they'd implemented hardware-based shadow stacks rather than pointer authentication. It would be much better for the primary use case. A very weak probabilistic mitigation competing for the same bits as memory tagging and ASLR just isn't all that compelling.
Each allocation has a different tag, preventing heap overflows from corrupting nearby allocations. Mitigates common browser exploitation technique
1
It sounds like you're talking about ARMv8.5 memory tagging, not pointer authentication. I wrote up some documentation on how malloc implementations can leverage features like ARMv8.5 MTE at github.com/AndroidHardeni. I think it's a much more compelling feature than ARMv8.3 PAC.
1
1
Show replies