Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
rdtsc 3 days ago

1988 called and wants it memory tagging back https://www.devever.net/~hl/ppcas !

But yeah this was support for a the longest time by IBM basically. It's nice to see it's getting more widespread.

bri3d 3 days ago | parent | next [-]

The problem with PowerPC AS tagging was that it relied entirely on the trap instruction. If you could control execution at all, you could skip the trap instruction and it did nothing. This implementation, by my reading, essentially adds a synchronous trap instruction after every single load and store, which builds a real security boundary (even compared to Android MTE, where reads would trap but writes were only checked at the next context switch).

rdtsc 2 days ago | parent [-]

Yeah, the security part wasn't baked into the hardware. It relied on the OS (it ran a virtualization layer of sorts) to enforce it via traps if it set those traps.

From https://www.devever.net/~hl/ppcas

> As such, they can principally be viewed as providing a performance enhancement for the IBM i operating system, which uses these instructions to keep track of pointer validity. It is the IBM i OS which enforces security invariants, for example by always following every pointer LQ with a TXER.

pyth0 3 days ago | parent | prev | next [-]

The big difference with this seems like it is an actual security mechanism to block "invalid" accesses where as the tagged memory extensions only provided pointer metadata and it was up to the OS to enforce invariants.

> Extensions provide no security. [...] The tagged memory extensions don't stop you from doing anything.

strcat 3 days ago | parent | prev | next [-]

SPARC ADI was a predecessor to ARM MTE. ARM MTE has been available and used in production for several years now. ADI is also 4 bit but with 64 byte granularity rather than 16 byte.

rdtsc 2 days ago | parent [-]

That's interesting. I had no idea about SPARC.

From https://lwn.net/Articles/710668/

> If a rogue app attempts to access ADI enabled data pages, its access is blocked and processor generates an exception.

Yeah that sounds closer to ARM MTE. Thanks for the pointer

sillywalk 3 days ago | parent | prev [-]

Nitpick: The AS/400 in 1988 didn't use the PowerPC. I believe it had it's own proprietary memory with tag bits included.

The first RS-64 with the PowerPC AS extensions came out in 1995.

rdtsc 2 days ago | parent [-]

You're right. That's a good point.