← Back to context

Comment by pizlonator

5 months ago

MTE and CHERI are so different that it’s hard and maybe not even possible to do both at the same time (you might not have enough spare bits in a CHERI 128 bit ptr for the MTE tag)

They also imply a very different system architecture.

30 comments

pizlonator

Reply
leoc  5 months ago

Sure, I'm not suggesting that Apple might actually do both at the same time. They could however implement the less burdensome one now while intending to replace it with the the all-singing-all-dancing alternative down the line.

  • pizlonator  5 months ago

    Gotcha. My point about different systems architectures makes me think it’s unlikely that you’d want to do that

quotemstr  5 months ago

> MTE and CHERI are so different that it’s hard and maybe not even possible to do both at the same time (you might not have enough spare bits in a CHERI 128 bit ptr for the MTE tag)

Why would you need MTE if you have CHERI?

  • bri3d  5 months ago

    Why would you need CHERI if you have working mitigations that don't demand a second bus?

    I think it's two halves of the same coin and Apple chose the second half of the coin.

    The two systems are largely orthogonal; I think if Apple chose to go from one to the other it will be a generational change rather than an incremental one. The advantage of MTE/MIE is you can do it incrementally by just changing the high bits the allocator supplies; CHERI requires a fundamental paradigm shift. Apple love paradigm shifts but there's no indication they're going to do one here; if they do, it will be a separate effort.

  • pizlonator  5 months ago

    Not saying you’d want both. Just answering why MTE isn’t a path to CHERI

    But here’s a reason to do both: CHERI’s UAF story isn’t great. Adding MTE means you get a probabilistic story at least