[MTE] Change scudo init order to get correct PROT_MTE pages.

scudo_malloc_* for fill contents in __libc_init_scudo calls scudo's
initializers. We haven't told Scudo whether we want MTE-capable (i.e.
mapped with PROT_MTE) size class regions yet, which happens in
SetDefaultHeapTaggingLevel. This can lead to inconsistent mappings,
where processes without ELF notes get the base region with PROT_MTE
(which is undesirable because the performance implications are not
known).

Make sure that scudo is informed of whether regions need to be mapped
PROT_MTE or not by hoising the tagging level up.

Bug: 135772972
Bug: 172365548
Test: On FVP - 'adb shell MEMTAG_OPTIONS=off sanitizer-status' should
have no PROT_MTE mappings (validation by looking for no 'mt' under
'VmFlags:' in /proc/smaps').

Change-Id: Idad64479c4a9459cb40dd211fe942437f8ca16fd

1 files changed, 5 insertions, 1 deletions

diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
index f2c3f1c68..01cd2e591 100644
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp
@@ -87,6 +87,11 @@ static void arc4random_fork_handler() {
 }
 
 void __libc_init_scudo() {
+  // Heap tagging level *must* be set before interacting with Scudo, otherwise
+  // the primary will be mapped with PROT_MTE even if MTE is is not enabled in
+  // this process.
+  SetDefaultHeapTaggingLevel();
+
 // TODO(b/158870657) make this unconditional when all devices support SCUDO.
 #if defined(USE_SCUDO)
 #if defined(SCUDO_PATTERN_FILL_CONTENTS)
@@ -95,7 +100,6 @@ void __libc_init_scudo() {
   scudo_malloc_set_zero_contents(1);
 #endif
 #endif
-  SetDefaultHeapTaggingLevel();
 }
 
 __BIONIC_WEAK_FOR_NATIVE_BRIDGE