[webkit-changes] [WebKit/WebKit] 86ccfc: [libpas] Implement primary support for MTE but dis...

Fri, 10 Oct 2025 15:58:32 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 86ccfc6070011fd57b91c71ca82fda9560960781
      
https://github.com/WebKit/WebKit/commit/86ccfc6070011fd57b91c71ca82fda9560960781
  Author: Marcus Plutowski <[email protected]>
  Date:   2025-10-10 (Fri, 10 Oct 2025)

  Changed paths:
    M Source/WTF/wtf/WTFConfig.cpp
    M Source/WTF/wtf/WTFConfig.h
    M Source/bmalloc/CMakeLists.txt
    M Source/bmalloc/bmalloc.xcodeproj/project.pbxproj
    M Source/bmalloc/bmalloc/BPlatform.h
    M Source/bmalloc/bmalloc/Gigacage.cpp
    M Source/bmalloc/bmalloc/GigacageConfig.h
    M Source/bmalloc/bmalloc/SystemHeap.cpp
    M Source/bmalloc/bmalloc/VMAllocate.cpp
    M Source/bmalloc/bmalloc/VMAllocate.h
    M Source/bmalloc/libpas/libpas.xcodeproj/project.pbxproj
    M Source/bmalloc/libpas/src/libpas/jit_heap_config.h
    M Source/bmalloc/libpas/src/libpas/pas_allocation_result.c
    M Source/bmalloc/libpas/src/libpas/pas_allocation_result.h
    M Source/bmalloc/libpas/src/libpas/pas_bitfit_page_inlines.h
    M Source/bmalloc/libpas/src/libpas/pas_config.h
    M 
Source/bmalloc/libpas/src/libpas/pas_create_basic_heap_page_caches_with_reserved_memory.c
    M Source/bmalloc/libpas/src/libpas/pas_fast_megapage_table.c
    M Source/bmalloc/libpas/src/libpas/pas_fast_megapage_table.h
    M Source/bmalloc/libpas/src/libpas/pas_get_allocation_size.h
    M Source/bmalloc/libpas/src/libpas/pas_get_heap.h
    M Source/bmalloc/libpas/src/libpas/pas_heap_config_utils.h
    M Source/bmalloc/libpas/src/libpas/pas_heap_config_utils_inlines.h
    M Source/bmalloc/libpas/src/libpas/pas_heap_ref.c
    M Source/bmalloc/libpas/src/libpas/pas_immortal_heap.c
    M Source/bmalloc/libpas/src/libpas/pas_large_free_heap_helpers.c
    M Source/bmalloc/libpas/src/libpas/pas_large_heap.c
    M Source/bmalloc/libpas/src/libpas/pas_large_map.c
    M Source/bmalloc/libpas/src/libpas/pas_large_sharing_pool.c
    M Source/bmalloc/libpas/src/libpas/pas_local_allocator.h
    M Source/bmalloc/libpas/src/libpas/pas_local_allocator_inlines.h
    M Source/bmalloc/libpas/src/libpas/pas_megapage_cache.c
    A Source/bmalloc/libpas/src/libpas/pas_mte.c
    A Source/bmalloc/libpas/src/libpas/pas_mte.h
    A Source/bmalloc/libpas/src/libpas/pas_mte_config.c
    A Source/bmalloc/libpas/src/libpas/pas_mte_config.h
    M Source/bmalloc/libpas/src/libpas/pas_page_base_config.h
    M Source/bmalloc/libpas/src/libpas/pas_page_base_config_utils.h
    M Source/bmalloc/libpas/src/libpas/pas_page_header_table.c
    M Source/bmalloc/libpas/src/libpas/pas_page_header_table.h
    M Source/bmalloc/libpas/src/libpas/pas_page_malloc.c
    M Source/bmalloc/libpas/src/libpas/pas_platform.h
    M 
Source/bmalloc/libpas/src/libpas/pas_probabilistic_guard_malloc_allocator.c
    M Source/bmalloc/libpas/src/libpas/pas_root.c
    M Source/bmalloc/libpas/src/libpas/pas_scavenger.c
    M Source/bmalloc/libpas/src/libpas/pas_segregated_page_inlines.h
    M 
Source/bmalloc/libpas/src/libpas/pas_small_medium_bootstrap_heap_page_provider.c
    M Source/bmalloc/libpas/src/libpas/pas_thread_local_cache.h
    M Source/bmalloc/libpas/src/libpas/pas_try_reallocate.h
    M Source/bmalloc/libpas/src/libpas/pas_utility_heap_config.h
    M Source/bmalloc/libpas/src/libpas/pas_utils.h
    M Source/bmalloc/libpas/src/libpas/pas_zero_memory.h
    M Tools/Scripts/webkitpy/style/checker.py

  Log Message:
  -----------
  [libpas] Implement primary support for MTE but disabled
https://bugs.webkit.org/show_bug.cgi?id=299488
rdar://161273712

Reviewed by Daniel Liu

As announced on September 9th, the SoCs used in the next generation of
iPhones will include support for ARM'S Memory Tagging Extension
functionality. As part of Apple's MIE (Memory Integrity Enforcement)
feature, libpas should thus implement support for MTE and related
memory-safety functionality to ensure that WebKit is up to par with the
new memory safety standards set by the rest of the system.

In particular, this patch ensures that when possible we allocate memory
with backing MTE tag pages and tag allocations made within them prior to
returning allocation memory to the caller. Not all memory can be tagged
this way: in particular, objects >= 32K and objects which may be
referenced via compact pointers cannot be MTE tagged. There are other
exceptions as well, depending on process/object-type/platform.
It also implements a variety of hardening strategies to further
strengthen the feature and prevent certain well-known kinds of attacks.

To begin with, we will land this feature disabled behind
PAS_USE_OPENSOURCE_MTE. A later patch will enable it in stages.

Canonical link: https://commits.webkit.org/301336@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to