NAME
malloc_revoke_enabled,
malloc_revoke_quarantine_force_flush,
malloc_revoke,
malloc_is_revoking —
malloc revocation status and
control
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include
<sys/errno.h>
#include <stdlib.h>
int
malloc_revoke_quarantine_force_flush(void);
void
malloc_revoke(void);
#include
<malloc_np.h>
bool
malloc_revoke_enabled(void);
bool
malloc_is_revoking(void);
DESCRIPTION
On systems which support heap temporal safety through a quarantine and sweep mechanism (such as CHERI systems), these interfaces permit control and monitoring of quarantined heap memory. On other systems, these interfaces are stubs.
The
malloc_revoke_quarantine_force_flush()
triggers a full flush of the quarantine and scan of memory to ensure that
all references to memory previously quarantined by
free(3) or
realloc(3) are revoked upon successful return. The deprecated
malloc_revoke()
does the same, but does not return a status value.
The
malloc_revoke_enabled()
function and its deprecated form
malloc_is_revoking()
return the state of revocation in the current process. An array of system
wide and implementation-specific knobs control this state during process
startup.
RETURN VALUES
If the current process has malloc()
quarantining enabled malloc_revoke_enabled() returns
otherwise
malloc_revoke_quarantine_force_flush()
returns on success and an error code on failure. If quarantine is not
implemented or is disabled it returns
SEE ALSO
AUTHORS
This software and this manual page were developed by SRI International, the University of Cambridge Computer Laboratory (Department of Computer Science and Technology), and Capabilities Limited under contract (FA8750-24-C-B047) (“DEC”).
HISTORY
malloc_revoke_quarantine_force_flush() and
malloc_revoke_enabled() were introduced in CheriBSD
25.02.
malloc_revoke() was present as a stub in
CheriBSD 22.05 where it had no effect. A working implementation was first
added in CheriBSD 23.11. As of CheriBSD 25.02
malloc_revoke() and
malloc_is_revoking() are deprecated.
BUGS
The malloc_revoke() function provides no
indication of success or failure even if it is unimplemented.