Bug#995269: glibc-source: Please enable MTE (heap) checking on arm64
Package: glibc-source
Severity: wishlist
Tags: patch
glibc 2.33 onwards has support for 'Memory Tagging Extension' on
arm64. Could you please enable this feature (by setting
--enable-memory-tagging in the config).
The effect is to add colouring bits into heap pointers so that typical
illegal accesses (either temporally or spatially) can be detected and
faulted. Glibc just has the userspace heap tagging - there is also
corresponding kernel support.
The functionality operates on arm ISA 8.5 or later, which has extra
instructions to manipulate the tag bits in pointers.
The details are explained in
https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Arm_Memory_Tagging_Extension_Whitepaper.pdf
The implementation has been designed so that it is safe to enable in
distros (which makes a change!). ifunc and HWCAP are used to link
MTE-ready versions of relevant functions on hardware supporting
ARMv8.5 instruction set or later. On eailer hardware things will work
just as they do now.
Here is the (trivial) patch:
diff -u debian/sysdeps/arm64.mk~ debian/sysdeps/arm64.mk
--- debian/sysdeps/arm64.mk~ 2021-08-24 14:31:06.000000000 +0000
+++ debian/sysdeps/arm64.mk 2021-09-28 19:43:58.782118977 +0000
@@ -1,2 +1,2 @@
# configuration options for all flavours
-extra_config_options = --enable-multi-arch --enable-static-pie
+extra_config_options = --enable-multi-arch --enable-static-pie --enable-memory-tagging
--
Wookey
Reply to: