One Line Summary

Abstract

SPARC M7 and later processors protect memory in hardware by using a tag. Any tagged memory can only be accessed by presenting the correct tag value. This feature, Application Data Integrity (ADI), can prevent buffer overflows, wild memory writes and other invalid accesses to memory either by a malicious attacker or through a programming error.

A task can enable ADI on a memory page and set a tag on any number of cacheline sized blocks of memory addresses on the page. Once a tag has been set on an address range, a task must use this tag to access this memory. MMU validates the tag before allowing the access. If the tag presented by a task does not match the tag on the memory, kernel delivers SIGSEGV to the offending task and the offending task can be terminated. For example, a task can set tag on memory area vulnerable to buffer overflow. Any attempts to access invalid memory through buffer overflow will be blocked. Any critical memory sections protected with a tag also are protected against a wild read/write that does not present a matching tag.

This talk will discuss the hardware aspect of this feature, explore the suitability of the proposed userspace API to access this feature, and the kernel implementation. This talk will be of interest to application developers that want to explore using hardware to protect their application against exploits and provide feedback on the API, and to kernel developers who want to understand kernel implementation of this feature and are interested in using it to protect kernel memory in future.

Speaker

• Khalid Aziz

  Oracle Corp
  Biography

  Khalid Aziz is a kernel developer at Oracle. He holds a Master’s degree in Computer Science from Colorado State University and has worked for Bell Labs and Hewlett Packard before joining Oracle. He has been a Linux kernel developer for the last 15 years. He has contributed to I/O subsystem, ia64 and sparc support, kexec, and memory management subsystem.