On Mon, 14 Jan 2019 at 01:11, Richard Henderson <richard.hender...@linaro.org> wrote: > > Based-on: 20190110124951.15473-1-richard.hender...@linaro.org > aka the TBID patch set, which itself is based on the BTI patch set. > > The full tree is available at > > https://github.org/rth7680/qemu.git tgt-arm-mte > > This extension isl also spelled MTE in the ARM. > > This patch set only attempts to implement linux-user emulation. > For system emulation, I still miss the new cache flushing insns (easy) > and the out-of-band physical memory for the allocation tags (harder). > > From a few mis-steps in writing the test cases for the extension, > I might suggest that some future kernel's userland ABI for this have > TCR.TCMA0 = 1, so that legacy code that is *not* MTE aware can use > a frame pointer without accidentally tripping left over stack tags. > (As seen in patch 5, SP+OFF is unchecked per the ISA but FP+OFF is not.) > > OTOH, depending on the application, that does make it easier for an > attack vector to clean the tag off the top of a pointer to bypass > store checking. So, tricky.
I'm working through review of this, but feel free to rebase on current master (which has now got a pile of your other patches in it, since I've just merged target-arm.next) without waiting for me to finish going through it. thanks -- PMM
