search for: memtag

Hello, We're evaluating memory tagging (MTE) on some internal workloads. We noticed that stack variables are tagged by an instrumentation pass and heap objects are handled by the allocator (Scudo). How about global variables? We tried a simple case using -march=armv8a+memtag -fsanitize=memtag, but found no tagging: Are we missing anything or tagging globals is still in progress? int global_array[16]; int main(int argc, char **argv) { global_array[1] = 0; return global_array[argc + 16]; // BOOM } clang++ -O1 --target=aarch64-linux -march=armv8.5a+memtag -fsanit...

...sts.llvm.org>> wrote: Hello, We’re evaluating memory tagging (MTE) on some internal workloads. We noticed that stack variables are tagged by an instrumentation pass and heap objects are handled by the allocator (Scudo). How about global variables? We tried a simple case using -march=armv8a+memtag -fsanitize=memtag, but found no tagging: Are we missing anything or tagging globals is still in progress? int global_array[16]; int main(int argc, char **argv) { global_array[1] = 0; return global_array[argc + 16]; // BOOM } clang++ -O1 --target=aarch64-linux -march=armv8.5a+memtag -fsanit...

...ting memory tagging (MTE) on some internal workloads. > > > > We noticed that stack variables are tagged by an instrumentation pass and > heap objects are handled by the allocator (Scudo). > > > > How about global variables? We tried a simple case using > -march=armv8a+memtag -fsanitize=memtag, but found no tagging: > > > > Are we missing anything or tagging globals is still in progress? > > > > *int global_array[16];* > > > > *int main(int argc, char **argv) {* > > * global_array[1] = 0;* > > * return global_array[argc...

..., a hardware that allows for detection of memory safety bugs (buffer overflows, use-after-free, etc) with low overhead. So far, MTE support is implemented in the Scudo hardened allocator (compiler-rt/lib/scudo/standalone) for heap, and stack allocation is implemented in LLVM/Clang behind -fsanitize=memtag <https://llvm.org/docs/MemTagSanitizer.html>. As part of a holistic MTE implementation, global memory should also be properly tagged. HWASan <http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html> (a software-only implementation of MTE) has a schema that uses static ta...

...lows for detection of memory safety bugs (buffer overflows, > use-after-free, etc) with low overhead. So far, MTE support is implemented > in the Scudo hardened allocator (compiler-rt/lib/scudo/standalone) for > heap, and stack allocation is implemented in LLVM/Clang behind > -fsanitize=memtag. > > > > > > As part of a holistic MTE implementation, global memory should also be > properly tagged. HWASan (a software-only implementation of MTE) has a > schema that uses static tags, however these can be trivially determined by > an attacker with access to the ELF fi...

..., a hardware that allows for detection of memory safety bugs (buffer overflows, use-after-free, etc) with low overhead. So far, MTE support is implemented in the Scudo hardened allocator (compiler-rt/lib/scudo/standalone) for heap, and stack allocation is implemented in LLVM/Clang behind -fsanitize=memtag. >>> > >>> > >>> > As part of a holistic MTE implementation, global memory should also be properly tagged. HWASan (a software-only implementation of MTE) has a schema that uses static tags, however these can be trivially determined by an attacker with access to t...

...ory safety bugs (buffer overflows, > > use-after-free, etc) with low overhead. So far, MTE support is > implemented > > in the Scudo hardened allocator (compiler-rt/lib/scudo/standalone) for > > heap, and stack allocation is implemented in LLVM/Clang behind > > -fsanitize=memtag <https://llvm.org/docs/MemTagSanitizer.html>. > > > > As part of a holistic MTE implementation, global memory should also be > > properly tagged. HWASan > > <http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html> > (a > > software-only i...