Ubuntu
glibc package

[FFe] Include Memory Tagging Extension support in the arm64 glibc build

Bug #2006739 reported by Steve Capper
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

[Proposed changes]

Enable memory tagging support in the arm64 build of glibc. Memory tagging is a security feature in some ARM64 CPUs to detect memory safety issues by adding tags to small memory regions, allowing runtime checking of pointer provenance.

Even when included in the build, this feature is disabled by default and can be enabled using tunables:
https://www.gnu.org/software/libc/manual/html_node/Memory-Related-Tunables.html

This has been enabled in Debian unstable since December 2011.

The actual code change can be seen there:
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/glibc/commit/?id=3e6f5fb8e0bc4094a4d73159bf5865130f019290

[Rationale]

I believe this change falls under the HWE umbrella. Additionally, I believe the risks are minimal due to the feature being disabled by default, and having been deployed in Debian for a while.

[Original report]

Hello,
For Debian Bookworm, Memory Tagging Extension (MTE) support is enabled in glibc:
https://sources.debian.org/src/glibc/2.35-3/debian/sysdeps/arm64.mk/

Would it be possible to please do a similar thing for the Ubuntu package?

For more information, please see:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995269

===

glibc 2.33 onwards has support for 'Memory Tagging Extension' on
arm64. Could you please enable this feature (by setting
--enable-memory-tagging in the config).

The effect is to add colouring bits into heap pointers so that typical
illegal accesses (either temporally or spatially) can be detected and
faulted. Glibc just has the userspace heap tagging - there is also
corresponding kernel support.

The functionality operates on arm ISA 8.5 or later, which has extra
instructions to manipulate the tag bits in pointers.

The details are explained in
https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Arm_Memory_Tagging_Extension_Whitepaper.pdf

The implementation has been designed so that it is safe to enable in
distros (which makes a change!). ifunc and HWCAP are used to link
MTE-ready versions of relevant functions on hardware supporting
ARMv8.5 instruction set or later. On eailer hardware things will work
just as they do now.

Here is the (trivial) patch:
diff -u debian/sysdeps/arm64.mk~ debian/sysdeps/arm64.mk
--- debian/sysdeps/arm64.mk~ 2021-08-24 14:31:06.000000000 +0000
+++ debian/sysdeps/arm64.mk 2021-09-28 19:43:58.782118977 +0000
@@ -1,2 +1,2 @@
 # configuration options for all flavours
-extra_config_options = --enable-multi-arch --enable-static-pie
+extra_config_options = --enable-multi-arch --enable-static-pie --enable-memory-tagging

--
Wookey

See original description

CVE References

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in glibc (Ubuntu):
status: New → Confirmed
Simon Chopin (schopin)
summary: - Please enable Memory Tagging Extension in Ubuntu glibc
+ [FFe] Include Memory Tagging Extension support in the arm64 glibc build
Simon Chopin (schopin)
description: updated
Changed in glibc (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → Medium
description: updated
Revision history for this message
Steve Langasek (vorlon) wrote :

FFe granted.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glibc - 2.37-0ubuntu2

---------------
glibc (2.37-0ubuntu2) lunar; urgency=medium

  * d/p/u/lp2007599*.patch: add tunables for s390x (LP: #2007599)
  * d/p/any/local-ldso-disable-hwcap: fix compilation error (LP: #2006485)
  * d/sysdeps/arm64.mk: enable Memory Tagging Extension (MTE) checking on arm64
    (LP: #2006739)
  * d/control: declare a Breaks on older cyrus-imapd (LP: #2011326)
  * d/control: Fix missing version bumps that could cause issues on upgrades
  * Cherry-pick patches from upstream maintenance branch:
    - 0001-cdefs-Limit-definition-of-fortification-macros.patch
    - 0002-LoongArch-Add-new-relocation-types.patch
    - 0003-Use-64-bit-time_t-interfaces-in-strftime-and-strptim.patch
    - 0004-Account-for-grouping-in-printf-width-bug-30068.patch
    - 0005-NEWS-Document-CVE-2023-25139.patch
    - 0006-elf-Smoke-test-ldconfig-p-against-system-etc-ld.so.c.patch
    - 0007-stdlib-Undo-post-review-change-to-16adc58e73f3-BZ-27.patch
    - 0008-elf-Restore-ldconfig-libc6-implicit-soname-logic-BZ-.patch

 -- Simon Chopin <email address hidden> Thu, 16 Mar 2023 09:44:01 +0100

Changed in glibc (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.