Arm Memory Tagging Extension Ready For Linux 5.10
While the Linux 5.9 kernel isn't even being released until later today, the ARM64 architectural changes have already been mailed in ahead of the opening of the Linux 5.10 merge window.
Most notable with the ARM64 architecture additions in Linux 5.10 is the Memory Tagging Extension (MTE) now being wired up and ready for user-space usage. MTE ended up slightly missing the Linux 5.9 target but is a useful security addition new to ARMv8.5-A. Memory Tagging Extension allows protecting against possible memory safety violations by providing lock and key access to memory and checking those keys against a given lock otherwise an error is raised.
The ARMv8.5 MTE support is ready for Linux 5.10 while the kernel support for making use of it is expected for Linux 5.11.
The ARM64 code in Linux 5.10 is also bringing enhancements to Pointer Authentication as another security feature. There is also ASID pinning, memory management updates, support for prefetchable PCI BARs, and other code cleanups going into this next kernel.
The early ARM64 pull request for Linux 5.10 can be found on the kernel mailing list.
Also worth mentioning with this code is it contains "Ghostbusters" as a rewrite of ARM64 Spectre mitigations.
Most notable with the ARM64 architecture additions in Linux 5.10 is the Memory Tagging Extension (MTE) now being wired up and ready for user-space usage. MTE ended up slightly missing the Linux 5.9 target but is a useful security addition new to ARMv8.5-A. Memory Tagging Extension allows protecting against possible memory safety violations by providing lock and key access to memory and checking those keys against a given lock otherwise an error is raised.
The ARMv8.5 MTE support is ready for Linux 5.10 while the kernel support for making use of it is expected for Linux 5.11.
The ARM64 code in Linux 5.10 is also bringing enhancements to Pointer Authentication as another security feature. There is also ASID pinning, memory management updates, support for prefetchable PCI BARs, and other code cleanups going into this next kernel.
The early ARM64 pull request for Linux 5.10 can be found on the kernel mailing list.
Also worth mentioning with this code is it contains "Ghostbusters" as a rewrite of ARM64 Spectre mitigations.
4 Comments