search for: mte

Hi everyone, I believe the ABI for exception unwinding on a stack tagged with MTE needs to be clarified -- hopefully we can start the discussion here? (Please feel free to add people to the thread that you think would be interested). I'll outline some possible approaches that I think seem good below, I know Evgenii and Peter have done a lot of investigation in this area for...

...Stephen and Ana (CCed) to Phabricator reviews. Zhaoshi From: Mitch Phillips <mitchp at google.com> Sent: Tuesday, July 14, 2020 19:10 To: Zhaoshi Zheng <zhaoshiz at quicinc.com> Cc: llvm-dev at lists.llvm.org; Stephen Long <steplong at quicinc.com> Subject: [EXT] Re: [llvm-dev] [MTE] Tagging Globals Hi Zhaoshi, Currently there's no global tagging instrumentation for MTE. We have a good idea about the implementation's design - but no patches are ready to be shared at this stage. If you'd like - I'd be more than happy to CC yourself and Stephen on any Phabrica...

Hi folks, ARM v8.5 introduces the Memory Tagging Extension (MTE), a hardware that allows for detection of memory safety bugs (buffer overflows, use-after-free, etc) with low overhead. So far, MTE support is implemented in the Scudo hardened allocator (compiler-rt/lib/scudo/standalone) for heap, and stack allocation is implemented in LLVM/Clang behind -fsanitize...

Hello, We're evaluating memory tagging (MTE) on some internal workloads. We noticed that stack variables are tagged by an instrumentation pass and heap objects are handled by the allocator (Scudo). How about global variables? We tried a simple case using -march=armv8a+memtag -fsanitize=memtag, but found no tagging: Are we missing anything...

...ve > an opt-in mechanism for such tagging.) Object sizes are reliable - but marking symbols explicitly allows us to have mixed tagged and untagged symbols in the same segment (think of a symbol we know is being used by non-compliant assembly, we can mark it with __attribute__((nosanitize("mte"))). IMO marking symbols in the dynamic symbol table gives us greater flexibility than indiscriminately tagging granule-aligned symbols that fall in the right segments. i think a design that prevents sharing is not acceptable. > Unfortunately shared memory isn't required to be tag ca...

...always PC-relative direct loads/stores. The `ldg` sequence in that example can only be used to get `&g` (and nothing else). There shouldn't be any `ldg`'s of arbitrary addresses (unless an attacker already has control of the instruction pointer, which means they've already bypassed MTE). >> >>> Does this mean that the value of array_end must have the same tag as >>> array[]. Then &array_end would have a different tag since it's a >>> different global? >> >> >> Yes, exactly. >> >>> For example you might assi...

...dev-bounces at lists.llvm.org> *On Behalf Of *Zhaoshi > Zheng via llvm-dev > *Sent:* Tuesday, July 14, 2020 21:34 > *To:* Mitch Phillips <mitchp at google.com> > *Cc:* llvm-dev at lists.llvm.org; Stephen Long <steplong at quicinc.com> > *Subject:* [EXT] Re: [llvm-dev] [MTE] Tagging Globals > > > > Thanks for the update, Phillips. > > > > Yes, please add me, Stephen and Ana (CCed) to Phabricator reviews. > > > > Zhaoshi > > > > *From:* Mitch Phillips <mitchp at google.com> > *Sent:* Tuesday, July 14, 2020 19:10...

...always PC-relative direct loads/stores. The `ldg` sequence in that example can only be used to get `&g` (and nothing else). There shouldn't be any `ldg`'s of arbitrary addresses (unless an attacker already has control of the instruction pointer, which means they've already bypassed MTE). Does this mean that the value of array_end must have the same tag as > array[]. Then &array_end would have a different tag since it's a > different global? > Yes, exactly. For example you might assign tag 1 to array, then tag 2 to array_end. > Which means that array_end has...

...> static int a[8]; > > static int *p = a - 5; > > ... > > p[10] = 1; > > should work (even if it's not valid in c it can be valid as > > a c extension or written in asm, so ELF should support it). > > > IMO this is exactly the kind of thing that MTE is trying to *prevent*. I > don't see why we would want to support something like this. sorry for the late answer, but i disagree. the compiler can generate such code for good reasons, and it can be useful in high level program code too. mte is not for interfering with pointer arithmetics...

Hello, I'm working on implementing hwasan instrumentation in GCC, and have just started discussing my current work-in-progress on the gcc-patches mailing list. (https://gcc.gnu.org/ml/gcc-patches/2019-09/msg00387.html -- the email that Kostya saw and added people to). I've gotten about as basic a user-space implementation as possible (using the interceptor ABI) up and running, and would

Thanks Florian. Tim you said: > Some cases can be undone by rematerialization, but not all, and it can involve a lot of effort which increases compile time. Do you have examples of cases where rematerialization is not possible? We are interested in learning about any previous attempts at trying to address the issue in RA. Have you tried it? Bardia Mahjour Compiler Optimizations IBM Toronto

...tency-sched-heuristic,+dit,+dotprod,-exynos-cheap-as-move,-exynosm1,-exynosm2,-exynosm3,-exynosm4,-falkor,+fmi,-force-32bit-jump-tables,+fp-armv8,-fp16fml,+fptoint,-fullfp16,-fuse-address,+fuse-aes,-fuse-arith-logic,-fuse-crypto-eor,-fuse-csel,-fuse-literals,+jsconv,-kryo,+lor,+lse,-lsl-fast,+mpam,-mte,+neon,-no-neg-immediates,+nv,+pa,+pan,+pan-rwv,+perfmon,-predictable-select-expensive,+predres,-rand,+ras,+rasv8_4,+rcpc,+rcpc-immo,+rdm,-reserve-x1,-reserve-x10,-reserve-x11,-reserve-x12,-reserve-x13,-reserve-x14,-reserve-x15,-reserve-x18,-reserve-x2,-reserve-x20,-reserve-x21,-reserve-x22,-reserve...

Hola: Me gustaría que me recomendarais paquetes o alguna forma de "hincarle el diente" para empezar a investigar en la siguiente cuestión. El proyecto trata de que, a partir de un numero grande de documentos pdf que contienen, básicamente, Notas Simples del Registro de la Propiedad deseamos extraer para cada uno de esos documentos una serie de ítems de información, a saber: -Finca

Dear all, I'm currently researching options for a MT asterisk gui/system for a small business centre that will have 12 units in it. Each unit will be configured for one extension. The system there will have a max of 12 concurrent calls to PSTN provided via an ADSL/SDSL link to our VoIP provider in the UK, using g.711, maybe g.729 dependant on networking costs. Fallback will be to 4 analogue

Hi, On Tue, 6 Oct 2020 at 18:31, David Blaikie <dblaikie at gmail.com> wrote: > > My 2c would be to push back a bit more on the "let's not have a machine readable format, but instead parse the human readable format" - it seems like that's going to make the human readable format/parsing fairly brittle/hard to change (I mean, having the parser in tree will help, for

...email a ak?ko?vek pr?lohy k nemu prilo?en? m??u obsahova? d?vern? alebo v?hradn? formul?cie alebo inform?cie, ktor? s? chr?nen? pr?vnym poriadkom. Je ur?en? v?hradne pre vyu?ite osobou alebo subjektom ktor?m bol adresovan?. Ak nie ste po?adovan?m pr?jemcom, alebo ste tento email dostali chybne, ozn?mte to pros?m okam?ite odosielate?ovi a tento email vyma?te. Ak?ko?vek neautorizovan?, priame alebo nepriame kop?rovanie, spr?stup?ovanie, distrib?cia alebo in? vyu?itie t?chto materi?lov alebo ich ?asti je zak?zan? a m??e by? pova?ovan? za nez?konn?. This e-mail, and any document attached hereby, may...

...9; ' <repeats 17 times>, "\000 0165365670", ' ' <repeats 17 times>, "\000", ' ' <repeats 60 times>, "563"... ptr = 0x0 len = 16 dcallno = 20 fh = (struct ast_iax2_full_hdr *) 0x15c4e04 mte = (struct ast_iax2_meta_trunk_entry *) 0x2a0340 dblbuf = "\0006y&#65533;&#65533;&#65533;&#65533;&#65533;\034\022Ik&#65533;\002H&#65533;m&#65533;\\\203BB&#65533;]&#65533;)šW\ak&#65533;cm: \000}f&#65533;&#65533;k&#65533;&#65533;...

Hello list. I'm trying to rebuild the 2.6.9.67.0.20.EL kernel, but it fails even without modifications. How did I try it? Created a (non-root) build environment (not a mock ) Installed the kernel.scr.rpm and did a rpmbuild -ba --target=`uname -m` kernel-2.6.spec 2> prep-err.log | tee prep-out.log The build failed at the end: Processing files: kernel-xenU-devel-2.6.9-67.0.20.EL Checking

Hi, folks! Does anyone knows how could I install some new packages on CentOS (4 and 5) using the cdrom media? Att: My HD doesn't have much space to copy cdrom content to build a filesystem repository. I hope this great tool will should ask me by each cdrom witch it need, isn't it? Thanks in advance. Adriano Vieira