search for: memtag

Displaying 7 results from an estimated 7 matches for "memtag".

2020 Jul 15
2
[MTE] Tagging Globals
Hello, We're evaluating memory tagging (MTE) on some internal workloads. We noticed that stack variables are tagged by an instrumentation pass and heap objects are handled by the allocator (Scudo). How about global variables? We tried a simple case using -march=armv8a+memtag -fsanitize=memtag, but found no tagging: Are we missing anything or tagging globals is still in progress? int global_array[16]; int main(int argc, char **argv) { global_array[1] = 0; return global_array[argc + 16]; // BOOM } clang++ -O1 --target=aarch64-linux -march=armv8.5a+memtag -fsanit...
2020 Jul 15
2
[MTE] Tagging Globals
...sts.llvm.org>> wrote: Hello, We’re evaluating memory tagging (MTE) on some internal workloads. We noticed that stack variables are tagged by an instrumentation pass and heap objects are handled by the allocator (Scudo). How about global variables? We tried a simple case using -march=armv8a+memtag -fsanitize=memtag, but found no tagging: Are we missing anything or tagging globals is still in progress? int global_array[16]; int main(int argc, char **argv) { global_array[1] = 0; return global_array[argc + 16]; // BOOM } clang++ -O1 --target=aarch64-linux -march=armv8.5a+memtag -fsanit...
2020 Jul 15
2
[MTE] Tagging Globals
...ting memory tagging (MTE) on some internal workloads. > > > > We noticed that stack variables are tagged by an instrumentation pass and > heap objects are handled by the allocator (Scudo). > > > > How about global variables? We tried a simple case using > -march=armv8a+memtag -fsanitize=memtag, but found no tagging: > > > > Are we missing anything or tagging globals is still in progress? > > > > *int global_array[16];* > > > > *int main(int argc, char **argv) {* > > * global_array[1] = 0;* > > * return global_array[argc...
2020 Sep 17
4
[MTE] Globals Tagging - Discussion
..., a hardware that allows for detection of memory safety bugs (buffer overflows, use-after-free, etc) with low overhead. So far, MTE support is implemented in the Scudo hardened allocator (compiler-rt/lib/scudo/standalone) for heap, and stack allocation is implemented in LLVM/Clang behind -fsanitize=memtag <https://llvm.org/docs/MemTagSanitizer.html>. As part of a holistic MTE implementation, global memory should also be properly tagged. HWASan <http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html> (a software-only implementation of MTE) has a schema that uses static ta...
2020 Sep 18
2
[MTE] Globals Tagging - Discussion
...lows for detection of memory safety bugs (buffer overflows, > use-after-free, etc) with low overhead. So far, MTE support is implemented > in the Scudo hardened allocator (compiler-rt/lib/scudo/standalone) for > heap, and stack allocation is implemented in LLVM/Clang behind > -fsanitize=memtag. > > > > > > As part of a holistic MTE implementation, global memory should also be > properly tagged. HWASan (a software-only implementation of MTE) has a > schema that uses static tags, however these can be trivially determined by > an attacker with access to the ELF fi...
2020 Sep 21
2
[MTE] Globals Tagging - Discussion
..., a hardware that allows for detection of memory safety bugs (buffer overflows, use-after-free, etc) with low overhead. So far, MTE support is implemented in the Scudo hardened allocator (compiler-rt/lib/scudo/standalone) for heap, and stack allocation is implemented in LLVM/Clang behind -fsanitize=memtag. >>> > >>> > >>> > As part of a holistic MTE implementation, global memory should also be properly tagged. HWASan (a software-only implementation of MTE) has a schema that uses static tags, however these can be trivially determined by an attacker with access to t...
2020 Oct 09
3
[MTE] Globals Tagging - Discussion
...ory safety bugs (buffer overflows, > > use-after-free, etc) with low overhead. So far, MTE support is > implemented > > in the Scudo hardened allocator (compiler-rt/lib/scudo/standalone) for > > heap, and stack allocation is implemented in LLVM/Clang behind > > -fsanitize=memtag <https://llvm.org/docs/MemTagSanitizer.html>. > > > > As part of a holistic MTE implementation, global memory should also be > > properly tagged. HWASan > > <http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html> > (a > > software-only i...