Hi Okash My 2 cents on this.. Static analyzers can flag use-after-free stack object issues although it is not guaranteed to catch all issues.
Another factor to consider is that BL31 typically runs out of SRAM and it does seem unlikely the hardware implements tag memory for SRAM. So it could be that MTE2 for BL31 would remain an FVP only feature or only for those platforms which allows BL31 to run out of DDR.
So, given the above situation, value in enabling MTE2 for BL31 seems limited.
Best Regards Soby Mathew
-----Original Message----- From: Okash Khawaja via TF-A tf-a@lists.trustedfirmware.org Sent: 07 April 2022 11:41 To: Manish Badarkhe Manish.Badarkhe@arm.com Cc: tf-a@lists.trustedfirmware.org Subject: [TF-A] Re: Status of MTE for bl31
Hi Manish,
Thanks for confirming. Regarding benefit of MTE in BL31, it will basically add guards against stack overflows and use-after-free bugs related to objects allocated on stack. Regarding stack overflow, TF-A already has stack canaries. MTE protection will be stronger than canaries. So MTE adds a marginal benefit here. Regarding use-after-free of stack objects, I'm not sure if TF-A has adequate protections. On the down side, MTE adds performance overhead and increases code size. We probably need some numbers to see the overhead of MTE.
It will be good to know what the community thinks are the benefits of MTE are on balance.
Thanks, Okash
On Thu, Apr 7, 2022 at 9:21 AM Manish Badarkhe Manish.Badarkhe@arm.com wrote:
Hi Okash,
Introduced build option [1] limits to MTE1 that supports MTE related instructions, but does not offer any functional usage in terms of detecting tag check faults. That's why memory is not configured as normal tagged (which is an MTE2 feature) in BL31, and support for MTE2 for BL31 is a topic for technical debt.
re-a/+/fd32deeed9914a33341c821e18a1ced29bbe2185
Thanks, Manish Badarkhe
From: Okash Khawaja okash@google.com Date: Tuesday, 5 April 2022 at 16:13 To: Manish Badarkhe Manish.Badarkhe@arm.com Cc: tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org Subject: Re: [TF-A] Status of MTE for bl31
Hi Manish,
That's another question I wanted to follow up with. Is there any real benefit
of MTE for BL31 given that it doesn't allocate memory dynamically. I guess stack tagging is the only use of MTE in BL31?
The concern in the original email is whether the support is incomplete. Can
you confirm?
Thanks,
Okash
On Tue, Apr 5, 2022 at 3:27 PM Manish Badarkhe
Manish.Badarkhe@arm.com wrote:
Hi Okash,
Could you please let us know the real use case/requirement where you want
MTE to be available at EL3?
Thanks, Manish Badarkhe
From: Okash Khawaja via TF-A tf-a@lists.trustedfirmware.org Date: Friday, 1 April 2022 at 19:51 To: tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org Subject: [TF-A] Status of MTE for bl31
Hi,
I wanted to check the status of MTE support for bl31 itself. It seems like the support was added [1] for clang and armclang but I couldn't find the memory attribute to map pages as tag checked [2]. Is there something I missed?
Thanks, Okash
[1] https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmwa re-a/+/fd32deeed9914a33341c821e18a1ced29bbe2185
[2] https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmwa re-a/+/refs/tags/v2.6/lib/xlat_tables_v2/aarch64/xlat_tables_arch.c#25 4 -- TF-A mailing list -- tf-a@lists.trustedfirmware.org To unsubscribe send an email to tf-a-leave@lists.trustedfirmware.org
-- TF-A mailing list -- tf-a@lists.trustedfirmware.org To unsubscribe send an email to tf-a-leave@lists.trustedfirmware.org