Twitter | Pretraživanje | |
John Regehr 19. ruj
memory tagging should be a game changer for C and C++; get with the program, and !!
Prikaz fotografije · Reply Retweet Označi sa "sviđa mi se"
Gok 19. ruj
Odgovor korisniku/ci @johnregehr
I'm going to be that jerkface and predict that MTE won't do all that much. It's a pretty weak mitigation that requires a lot of work to adopt.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
The Doge Mocenigo
It is not (only) a (weak) mitigation - it is a tool to discover bugs and vulnerabilities in the field. Testing - including smart fuzzing - does not find all memory access defects. But if MTE information is collected IN THE FIELD you find these defects and with absolute precision
14:08 - 19. ruj 2019.
Reply Retweet Označi sa "sviđa mi se" More
Gok 19. ruj
Odgovor korisniku/ci @DogeMocenigo @johnregehr
If that was really the goal you could just opportunistically deploy (HW)Asan, which is more precise and doesn’t require replacing billions of devices.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
The Doge Mocenigo 19. ruj
Odgovor korisniku/ci @Gok @johnregehr
Replacing? One deploys it on new devices only. Asan has a huge performance/overhead impact. HWasan’s is still large. The MTE has a very small impact in memory overhead (IIRC 3-5%) and a similar one in performance. There is a good reason we chose to do that (and GOOG is onboard).
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"