Set the top bit for tagged pointers.
Some applications may incorrectly assume that a "negative" pointer
indicates error. By setting the top bit in TBI mode, we catch these
cases as well. Although they don't directly indicate incompatibility
with MTE (as MTE uses the 2nd-highest nibble) - this ensures we catch
HWASan errors as well as reserve the bits for future MTE expansion.
Bug: 154272452
Test: Boot flame, device boots successfully.
Change-Id: I94a6821a82ce7ead59e6ca2dd113a5a50ee9e56b
Merged-In: I94a6821a82ce7ead59e6ca2dd113a5a50ee9e56b
diff --git a/libc/bionic/malloc_tagged_pointers.h b/libc/bionic/malloc_tagged_pointers.h
index 212459b..de3cc2e 100644
--- a/libc/bionic/malloc_tagged_pointers.h
+++ b/libc/bionic/malloc_tagged_pointers.h
@@ -43,10 +43,11 @@
// is also deliberately different from the standard pattern-init tag (0xAA), as
// to be distinguishable from an uninitialized-pointer access. The first and
// second nibbles are also deliberately designed to be the bitset-mirror of each
-// other (0b1100, 0b0011) in order to reduce incidental matches. Users must not
-// rely on the implementation-defined value of this pointer tag, as it may
-// change.
-static constexpr uintptr_t POINTER_TAG = 0x3C;
+// other (0b1011, 0b0100) in order to reduce incidental matches. We also ensure
+// that the top bit is set, as this catches incorrect code that assumes that a
+// "negative" pointer indicates error. Users must not rely on the
+// implementation-defined value of this pointer tag, as it may change.
+static constexpr uintptr_t POINTER_TAG = 0xB4;
static constexpr unsigned UNTAG_SHIFT = 40;
static constexpr unsigned CHECK_SHIFT = 48;
static constexpr unsigned TAG_SHIFT = 56;