The Arm64 memory tagging extension in Linux

Posted Oct 16, 2020 2:33 UTC (Fri) by songmaster (subscriber, #1748)
In reply to: The Arm64 memory tagging extension in Linux by mm7323
Parent article: The Arm64 memory tagging extension in Linux

Also the STE instruction only sets the tag for one 16-byte granule. If an address is a pointer to a structure that may be tens to thousands of bytes in size, presumably the code would have to loop through the whole structure setting the same tag for every granule that belongs to it. Not a problem for code that only uses malloc() which should take care of that, but some programs use their own allocators. I guess they shouldn’t break as long as they’re using malloc() to begin with, but unless they are made aware of this the advantage would be reduced.

to post comments

The Arm64 memory tagging extension in Linux

Posted Oct 16, 2020 2:57 UTC (Fri) by mm7323 (subscriber, #87386) [Link]

Yes, it sounds like there is some overhead initialising memory too, though there is a STZGM instruction to set tags while zeroing blocks of memory.

Elsewhere I read that if the compiler is modified to use MTE on each stack frame, things like char path[PATH_MAX] on the stack can have excessive overhead as it requires tagging in the function prologue, but paths will typically be shorter than PATH_MAX.

PATH_MAX is kinda broken anyway, but it's an example where large stack buffers may have increased cost.

Security is rarely free, but still usually worthwhile.