|
|
Subscribe / Log in / New account

Pointer tagging for x86 systems

Pointer tagging for x86 systems

Posted Mar 28, 2022 18:50 UTC (Mon) by farnz (subscriber, #17727)
In reply to: Pointer tagging for x86 systems by butlerm
Parent article: Pointer tagging for x86 systems

While you're right that constructing kernel addresses is trivial, the mitigation today is also trivial - if an address is passed to the kernel with its top bit set, then the called code should simply fail noisily because Something is Bad.

In the UAI world, a pointer with the top bit set could be a kernel address, but it could also be the case that the user is using bit 63 as a tag bit, and the CPU will ignore it on access - the kernel can't tell.

to post comments

Pointer tagging for x86 systems

Posted Mar 28, 2022 20:12 UTC (Mon) by bartoc (guest, #124262) [Link]

yeah, but since you need to ask the kernel to turn the feature on in the first place the kernel could presumably just say "yeah I know technically you could stash stuff in bit 63, but I'm not gunna let you do that. It could then tell userspace that only 6 bits were available. Sure, userspace could just ignore the kernel and set the 63rd bit, but it could do that already, unfortunately after UAI is enabled there won't be a noisy fault if the kernel dereferences such a pointer.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds