Some near-term arm64 hardening patches
Some near-term arm64 hardening patches
Posted Nov 19, 2019 13:28 UTC (Tue) by xnox (guest, #63320)Parent article: Some near-term arm64 hardening patches
What is used to sign the pointers?
Posted Nov 19, 2019 14:30 UTC (Tue)
by Paf (subscriber, #91811)
[Link] (3 responses)
The question of what’s used for signing and where it’s kept is still interesting, though.
Posted Nov 19, 2019 17:53 UTC (Tue)
by brouhaha (subscriber, #1698)
[Link] (2 responses)
Despite 2^64 being a rather big number (over 18 million TiB), I am still reminded of all the times that people have in the past abused the high bits of addresses thinking that they will never be needed for actual addresses. Two notable examples are IBM mainframes and the Motorola MC68000, both of which originally only used the low 24 bits of addresses, so the high parts were often used for other stuff, which caused huge problems when they expanded the address size (to 31 bits for System/370-XA and MC68012, 32 bits for MC68020).
Posted Nov 20, 2019 1:01 UTC (Wed)
by Paf (subscriber, #91811)
[Link]
Then, yes, you’re absolutely right, it’s not that large a space at all.
Posted Nov 20, 2019 11:31 UTC (Wed)
by james (subscriber, #1325)
[Link]
(Also, early ARM used the top six bits of the program counter for status flags and the bottom two bits for mode flags, making it faster to save state when handling interrupts.)
Some near-term arm64 hardening patches
No, since that’s some pretty large fraction of 2^64.
Some near-term arm64 hardening patches
Some near-term arm64 hardening patches
Some near-term arm64 hardening patches
I am still reminded of all the times that people have in the past abused the high bits of addresses thinking that they will never be needed for actual addresses. Two notable examples are IBM mainframes and the Motorola MC68000 [...]
You're missing a much more up-to-date example, ARM64 itself, which has had pointer tagging built in from the beginning.
The kernel configures the translation tables so that translations made
via TTBR0 (i.e. userspace mappings) have the top byte (bits 63:56) of
the virtual address ignored by the translation hardware. This frees up
this byte for application use.
-- https://www.kernel.org/doc/Documentation/arm64/tagged-pointers.txt