From: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>
To: Siddhesh Poyarekar <siddhesh@gotplt.org>,
"H.J. Lu" <hjl.tools@gmail.com>
Cc: GNU C Library <libc-alpha@sourceware.org>,
Richard Earnshaw <rearnsha@arm.com>
Subject: Re: [PATCH v3 2/8] elf: Add a tunable to control use of tagged memory
Date: Fri, 27 Nov 2020 10:49:06 +0000 [thread overview]
Message-ID: <57c23ee2-a2f6-316b-3427-507ecbb27cbc@foss.arm.com> (raw)
In-Reply-To: <605f0816-8a64-1d64-044a-beb5c5ca37bd@foss.arm.com>
On 27/11/2020 10:40, Richard Earnshaw wrote:
> On 27/11/2020 02:45, Siddhesh Poyarekar wrote:
>> On 11/26/20 10:49 PM, H.J. Lu wrote:
>>> The first few questions are
>>
>> OK this is a good start:
>>
>>> 1. Where should binary markers be checked?
>>
>> At early startup alongside the cpu features resolution. We enable
>> tagging if the CPU supports MTE and the marker is set.
>
> I think that's backwards. The default should be to assume that a binary
> supports tagging and it should only be disabled if the binary explicitly
> says that it is incompatible.
>
> Requiring a tag to be set before you enable tagging will
> a) Force a complete recompile of all binaries
> b) Result in binaries being incorrectly marked as tagging compatible
> when they aren't (because they won't really be audited until they start
> failing). They will then have to be rebuilt again without the tag.
>
> Given b) it then seems obvious that the right way to do this is just to
> mark binaries that are known not to work; after they've been audited to
> make sure that the reason they don't work is legitimate.
>
>>
>>> 2. How should binary marker checking work together with tunables?
>>
>> The presence of a binary marker enables tagging and a tunable should not
>> be able to disable it. The exception would be systemwide tunables[1]
>> where administrators could set sweeping policies for their systems,
>> including disabling tagging systemwide if needed.
>>
>> If binary marker is not present, tunables behave the way it is proposed
>> in the patchset.
>>
>> Siddhesh
>>
>> [1] Vapourware alert!
>
> R.
>
Sorry, I meant to add that if this is to be considered a security
feature it should be an active decision to disable it for a specific
binary, not an active decision to enable it. What's more, the marker
then can be used to quickly find binaries that are tagging unsafe when
targetting things for audit purposes.
R.
next prev parent reply other threads:[~2020-11-27 10:49 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-23 15:42 [PATCH v3 0/8] Memory tagging support Richard Earnshaw
2020-11-23 15:42 ` [PATCH v3 1/8] config: Allow memory tagging to be enabled when configuring glibc Richard Earnshaw
2020-11-25 15:05 ` Siddhesh Poyarekar
2020-11-25 15:09 ` Richard Earnshaw (lists)
2020-11-25 15:10 ` Siddhesh Poyarekar
2020-11-25 15:12 ` Adhemerval Zanella
2020-11-25 16:11 ` Richard Earnshaw (lists)
2020-11-25 16:40 ` Adhemerval Zanella
2020-11-23 15:42 ` [PATCH v3 2/8] elf: Add a tunable to control use of tagged memory Richard Earnshaw
2020-11-25 15:08 ` Siddhesh Poyarekar
2020-11-25 16:35 ` H.J. Lu
2020-11-25 16:53 ` Siddhesh Poyarekar
2020-11-25 16:58 ` Richard Earnshaw
2020-11-25 17:12 ` Siddhesh Poyarekar
2020-11-25 17:24 ` Richard Earnshaw
2020-11-25 17:48 ` Siddhesh Poyarekar
2020-11-25 19:06 ` H.J. Lu
2020-11-26 0:47 ` Siddhesh Poyarekar
2020-11-26 14:15 ` Richard Earnshaw
2020-11-26 15:27 ` Siddhesh Poyarekar
2020-11-26 15:48 ` Richard Earnshaw
2020-11-26 15:50 ` H.J. Lu
2020-11-26 16:28 ` Richard Earnshaw
2020-11-26 16:51 ` H.J. Lu
2020-11-26 16:59 ` Richard Earnshaw
2020-11-26 17:06 ` H.J. Lu
2020-11-26 17:20 ` Szabolcs Nagy
2020-11-26 17:31 ` H.J. Lu
2020-11-26 17:56 ` Richard Earnshaw
2020-11-26 18:06 ` H.J. Lu
2020-11-26 18:06 ` Szabolcs Nagy
2020-11-26 18:09 ` H.J. Lu
2020-11-26 18:25 ` Andreas Schwab
2020-11-27 10:34 ` Szabolcs Nagy
2020-11-27 11:08 ` Florian Weimer
2020-11-27 2:59 ` Siddhesh Poyarekar
2020-11-27 10:32 ` Szabolcs Nagy
2020-11-27 11:14 ` Siddhesh Poyarekar
2020-11-26 16:04 ` Siddhesh Poyarekar
2020-11-26 16:19 ` H.J. Lu
2020-11-26 17:13 ` Siddhesh Poyarekar
2020-11-26 17:19 ` H.J. Lu
2020-11-27 2:45 ` Siddhesh Poyarekar
2020-11-27 10:40 ` Richard Earnshaw
2020-11-27 10:49 ` Richard Earnshaw [this message]
2020-11-27 11:32 ` Siddhesh Poyarekar
2020-11-27 11:51 ` Richard Earnshaw
2020-11-27 11:27 ` Siddhesh Poyarekar
2020-11-27 12:24 ` Richard Earnshaw
2020-11-27 14:54 ` H.J. Lu
2020-11-27 17:02 ` Szabolcs Nagy
2020-11-27 18:41 ` H.J. Lu
2020-11-27 14:52 ` H.J. Lu
2020-11-27 16:08 ` Richard Earnshaw
2020-11-27 18:37 ` H.J. Lu
2020-11-30 6:28 ` Siddhesh Poyarekar
2020-11-26 16:10 ` Szabolcs Nagy
2020-11-23 15:42 ` [PATCH v3 3/8] malloc: Basic support for memory tagging in the malloc() family Richard Earnshaw
2020-11-25 14:58 ` Florian Weimer
2020-11-25 17:32 ` Richard Earnshaw
2020-11-23 15:42 ` [PATCH v3 4/8] malloc: Clean up commentary Richard Earnshaw
2020-11-23 15:42 ` [PATCH v3 5/8] malloc: support MALLOC_CHECK_ in conjunction with _MTAG_ENABLE Richard Earnshaw
2020-11-23 15:42 ` [PATCH v3 6/8] linux: Add compatibility definitions to sys/prctl.h for MTE Richard Earnshaw
2020-11-25 15:26 ` Siddhesh Poyarekar
2020-11-23 15:42 ` [PATCH v3 7/8] aarch64: Add sysv specific enabling code for memory tagging Richard Earnshaw
2020-11-23 16:53 ` Szabolcs Nagy
2020-11-23 17:33 ` Richard Earnshaw (lists)
2020-11-25 15:34 ` Siddhesh Poyarekar
2020-11-25 16:06 ` Richard Earnshaw
2020-11-25 16:20 ` Siddhesh Poyarekar
2020-11-25 16:23 ` Siddhesh Poyarekar
2020-11-23 15:42 ` [PATCH v3 8/8] aarch64: Add aarch64-specific files for memory tagging support Richard Earnshaw
2020-12-16 15:26 ` Szabolcs Nagy
2020-11-24 10:12 ` [PATCH v3 0/8] Memory " Szabolcs Nagy
2020-11-25 14:49 ` Siddhesh Poyarekar
2020-11-25 15:48 ` Richard Earnshaw
2020-11-25 16:17 ` Siddhesh Poyarekar
2020-11-25 15:45 ` H.J. Lu
2020-12-17 3:57 ` DJ Delorie
2020-12-17 11:31 ` Richard Earnshaw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57c23ee2-a2f6-316b-3427-507ecbb27cbc@foss.arm.com \
--to=richard.earnshaw@foss.arm.com \
--cc=hjl.tools@gmail.com \
--cc=libc-alpha@sourceware.org \
--cc=rearnsha@arm.com \
--cc=siddhesh@gotplt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).