Daniel Micay on Twitter: "@johnregehr It's also getting much better in ARMv8.5 with hardware enforced memory tagging support (MTE) rather than needing to add a bunch of instrumentation to cover all the accesses, etc. LLVM has support for it landed, just need to wait ages for the hardware now. https://t.co/mebmfzfaDx" / Twitter

This Tweet was deleted by the Tweet author. Learn more

Replying to

It's also getting much better in ARMv8.5 with hardware enforced memory tagging support (MTE) rather than needing to add a bunch of instrumentation to cover all the accesses, etc. LLVM has support for it landed, just need to wait ages for the hardware now.

Quote Tweet

Daniel Micay

@DanielMicay

Oct 17, 2018

Generating and setting memory tags for each allocation will become an important responsibility of the malloc implementation for ARMv8.5 MTE. The existing Top Byte Ignore (TBI) was already usable for this use case, but required lots of instrumentation: arxiv.org/ftp/arxiv/pape.

Show this thread

5:39 AM · Oct 18, 2018Twitter Web Client

Replying to

and

There are clever things that can be done with it in memory allocators and elsewhere beyond just using random tags.

@lazytyped

linked a nice post about using SPARC ADI (essentially the same thing, but ARM might offer more granularity) as a ROP mitigation: lazytyped.blogspot.com/2017/09/adi-vs.

1

3

Replying to

and

ARMv8.5 also adds Branch Target Indicators (BTI) for a form of coarse-grained CFI: developer.arm.com/products/archi It prevents an indirect branch to anything but a matching BTI instruction. It's too bad that it doesn't have a way to encode types into it. Still nice to see CFI support.

3

10

Conversation