[Buildroot] [PATCH] package/glibc: optional MTE support in glibc

[Buildroot] [PATCH] package/glibc: optional MTE support in glibc

[irgstg]

Adding option BR2_PACKAGE_GLIBC_MTE to configure glibc with MTE support.
When enabled, glibcs configuration process runs with `--enable-memory-tagging` [1].

MTE (Memory Tagging Extension) is an ISA extension which aims to improve security on ARMv8.5-A [2].
The linux kernel supports this feature via CONFIG_ARM64_MTE.
In order for glibc's MTE support to work properly, the running kernel has to support that.

dependencies:
 - supported on aarch64 only (BR2_aarch64)
 - requires binutils version 2.33.1 or newer (!B2_BINUTILS_VERSION_2_32_X)
 - requires at least linux 5.4 headers (BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4)

[1] https://sourceware.org/git/?p=glibc.git;a=blob;f=INSTALL;h=02dcf6b1ca3a4c43a17fdcae5e7dae8189c1c50b;hb=HEAD#l145
[2] https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/enhancing-memory-safety

Signed-off-by: irgstg@gmail.com <irgstg@gmail.com>
---
 package/glibc/Config.in | 12 ++++++++++++
 package/glibc/glibc.mk  |  1 +
 2 files changed, 13 insertions(+)

diff --git a/package/glibc/Config.in b/package/glibc/Config.in
index 5ecd058145..6d42aa6771 100644
--- a/package/glibc/Config.in
+++ b/package/glibc/Config.in
@@ -16,4 +16,16 @@ config BR2_PACKAGE_GLIBC_UTILS
 	  Enabling this option will compile and install the getconf,
 	  ldconfig, ldd and locale glibc utilities for the target.
 
+config BR2_PACKAGE_GLIBC_MTE
+	bool "Install glibc support for MTE"
+	depends on BR2_aarch64
+	depends on !BR2_BINUTILS_VERSION_2_32_X
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4
+	help
+	  Enabling this option will configure, compile
+	  and install glibc support for MTE (Memory Tagging Extension).
+	  Please be aware, in order for that to work properly,
+	  kernel support for MTE (CONFIG_ARM64_MTE), and a
+	  supported CPU are needed.
+
 endif # BR2_TOOLCHAIN_BUILDROOT_GLIBC
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index 3862e0624b..a44c2828f8 100644
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -124,6 +124,7 @@ define GLIBC_CONFIGURE_CMDS
 		--disable-werror \
 		--without-gd \
 		--enable-kernel=$(call qstrip,$(BR2_TOOLCHAIN_HEADERS_AT_LEAST)) \
+		$(if $(BR2_PACKAGE_GLIBC_MTE),--enable-memory-tagging) \
 		--with-headers=$(STAGING_DIR)/usr/include)
 	$(GLIBC_ADD_MISSING_STUB_H)
 endef
-- 
2.25.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/glibc: optional MTE support in glibc

[Thomas Petazzoni]

Hello,

Thanks a lot for your contribution! See below some comments.

On Sat, 30 Oct 2021 11:37:50 +0300
"irgstg@gmail.com" <irgstg@gmail.com> wrote:

> Adding option BR2_PACKAGE_GLIBC_MTE to configure glibc with MTE support.
> When enabled, glibcs configuration process runs with `--enable-memory-tagging` [1].
> 
> MTE (Memory Tagging Extension) is an ISA extension which aims to improve security on ARMv8.5-A [2].
> The linux kernel supports this feature via CONFIG_ARM64_MTE.
> In order for glibc's MTE support to work properly, the running kernel has to support that.

Could you wrap the lines of your commit log to 72 columns?

> dependencies:
>  - supported on aarch64 only (BR2_aarch64)
>  - requires binutils version 2.33.1 or newer (!B2_BINUTILS_VERSION_2_32_X)
>  - requires at least linux 5.4 headers (BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4)
> 
> [1] https://sourceware.org/git/?p=glibc.git;a=blob;f=INSTALL;h=02dcf6b1ca3a4c43a17fdcae5e7dae8189c1c50b;hb=HEAD#l145
> [2] https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/enhancing-memory-safety
> 
> Signed-off-by: irgstg@gmail.com <irgstg@gmail.com>

Could you resend with a real name ? We cannot accept anonymous
contributions.

> +config BR2_PACKAGE_GLIBC_MTE
> +	bool "Install glibc support for MTE"

Repeating that it's glibc related is not necessary, and making "MTE"
explicit seems useful. So perhaps:

	bool "enable Memory Tagging Extension (MTE) support"

> +	depends on BR2_aarch64
> +	depends on !BR2_BINUTILS_VERSION_2_32_X
> +	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4
> +	help
> +	  Enabling this option will configure, compile
> +	  and install glibc support for MTE (Memory Tagging Extension).
> +	  Please be aware, in order for that to work properly,
> +	  kernel support for MTE (CONFIG_ARM64_MTE), and a
> +	  supported CPU are needed.

Instead of just saying so, you could do this in glibc.mk:

ifeq ($(BR2_PACKAGE_GLIBC_MTE),y)
GLIBC_CONF_OPTS += --enable-memory-tagging
define GLIBC_LINUX_CONFIG_FIXUPS
	$(call KCONFIG_ENABLE_OPT,CONFIG_ARM64_MTE)
endef
endif

Of course, you need to add $(GLIBC_CONF_OPTS) inside
GLIBC_CONFIGURE_CMDS.

Other than that, it looks good to me.

Do we need special compiler options to make use of MTE ?

Best regards,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/glibc: optional MTE support in glibc

[R]

[-- Attachment #1.1: Type: text/plain, Size: 3054 bytes --]

Hi,
It has been a while... and I'm really sorry for that.
But I do think this can be useful - I took a look at the code a-bit
and haven't seen it supports compiling glibc with MTE.
May I continue to resolve your comments?
should it be in this thread or a new one is preferred?

Thanks :)

On Sun, Oct 31, 2021 at 7:52 PM Thomas Petazzoni <
thomas.petazzoni@bootlin.com> wrote:

> Hello,
>
> Thanks a lot for your contribution! See below some comments.
>
> On Sat, 30 Oct 2021 11:37:50 +0300
> "irgstg@gmail.com" <irgstg@gmail.com> wrote:
>
> > Adding option BR2_PACKAGE_GLIBC_MTE to configure glibc with MTE support.
> > When enabled, glibcs configuration process runs with
> `--enable-memory-tagging` [1].
> >
> > MTE (Memory Tagging Extension) is an ISA extension which aims to improve
> security on ARMv8.5-A [2].
> > The linux kernel supports this feature via CONFIG_ARM64_MTE.
> > In order for glibc's MTE support to work properly, the running kernel
> has to support that.
>
> Could you wrap the lines of your commit log to 72 columns?
>
> > dependencies:
> >  - supported on aarch64 only (BR2_aarch64)
> >  - requires binutils version 2.33.1 or newer
> (!B2_BINUTILS_VERSION_2_32_X)
> >  - requires at least linux 5.4 headers
> (BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4)
> >
> > [1]
> https://sourceware.org/git/?p=glibc.git;a=blob;f=INSTALL;h=02dcf6b1ca3a4c43a17fdcae5e7dae8189c1c50b;hb=HEAD#l145
> > [2]
> https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/enhancing-memory-safety
> >
> > Signed-off-by: irgstg@gmail.com <irgstg@gmail.com>
>
> Could you resend with a real name ? We cannot accept anonymous
> contributions.
>
> > +config BR2_PACKAGE_GLIBC_MTE
> > +     bool "Install glibc support for MTE"
>
> Repeating that it's glibc related is not necessary, and making "MTE"
> explicit seems useful. So perhaps:
>
>         bool "enable Memory Tagging Extension (MTE) support"
>
> > +     depends on BR2_aarch64
> > +     depends on !BR2_BINUTILS_VERSION_2_32_X
> > +     depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4
> > +     help
> > +       Enabling this option will configure, compile
> > +       and install glibc support for MTE (Memory Tagging Extension).
> > +       Please be aware, in order for that to work properly,
> > +       kernel support for MTE (CONFIG_ARM64_MTE), and a
> > +       supported CPU are needed.
>
> Instead of just saying so, you could do this in glibc.mk:
>
> ifeq ($(BR2_PACKAGE_GLIBC_MTE),y)
> GLIBC_CONF_OPTS += --enable-memory-tagging
> define GLIBC_LINUX_CONFIG_FIXUPS
>         $(call KCONFIG_ENABLE_OPT,CONFIG_ARM64_MTE)
> endef
> endif
>
> Of course, you need to add $(GLIBC_CONF_OPTS) inside
> GLIBC_CONFIGURE_CMDS.
>
> Other than that, it looks good to me.
>
> Do we need special compiler options to make use of MTE ?
>
> Best regards,
>
> Thomas
> --
> Thomas Petazzoni, co-owner and CEO, Bootlin
> Embedded Linux and Kernel engineering and training
> https://bootlin.com
>

[-- Attachment #1.2: Type: text/html, Size: 4420 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/glibc: optional MTE support in glibc

[Yann E. MORIN]

R, All,

[please do not top-post, but do reply in-line, like I do below]

On 2023-11-26 22:28 +0200, R spake thusly:
> It has been a while... and I'm really sorry for that.

No worries, we all have a life outside open source projects! ;-)

> But I do think this can be useful - I took a look at the code a-bit
> and haven't seen it supports compiling glibc with MTE.
> May I continue to resolve your comments?

Having MTE support looks interesting, so yes, you are welcome to
continue working on that!

> should it be in this thread or a new one is preferred?

If you want to reply to the comments, then just do so as a reply to
Thomas' email, and reply to individual comments there (like I'm doing
for your own mail).

If you want to resend a new patch which addresses Thomas' comments, then
send it as a new thread. Don;t forget to add a changelog, see the manual
for further details:

    https://buildroot.org/downloads/manual/manual.html#submitting-patches

Regards,
Yann E. MORIN.

> Thanks :)
> On Sun, Oct 31, 2021 at 7:52 PM Thomas Petazzoni < [1]thomas.petazzoni@bootlin.com> wrote:
> 
>   Hello,
> 
>   Thanks a lot for your contribution! See below some comments.
> 
>   On Sat, 30 Oct 2021 11:37:50 +0300
>   " [2]irgstg@gmail.com" < [3]irgstg@gmail.com> wrote:
> 
>   > Adding option BR2_PACKAGE_GLIBC_MTE to configure glibc with MTE support.
>   > When enabled, glibcs configuration process runs with `--enable-memory-tagging` [1].
>   >
>   > MTE (Memory Tagging Extension) is an ISA extension which aims to improve security on ARMv8.5-A [2].
>   > The linux kernel supports this feature via CONFIG_ARM64_MTE.
>   > In order for glibc's MTE support to work properly, the running kernel has to support that.
> 
>   Could you wrap the lines of your commit log to 72 columns?
> 
>   > dependencies:
>   >  - supported on aarch64 only (BR2_aarch64)
>   >  - requires binutils version 2.33.1 or newer (!B2_BINUTILS_VERSION_2_32_X)
>   >  - requires at least linux 5.4 headers (BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4)
>   >
>   > [1]
>   [4]https://sourceware.org/git/?p=glibc.git;a=blob;f=INSTALL;h=02dcf6b1ca3a4c43a17fdcae5e7dae8189c1c50b;hb=HEAD#l145
>   > [2] [5]https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/enhancing-memory-safety
>   >
>   > Signed-off-by: [6]irgstg@gmail.com < [7]irgstg@gmail.com>
> 
>   Could you resend with a real name ? We cannot accept anonymous
>   contributions.
> 
>   > +config BR2_PACKAGE_GLIBC_MTE
>   > +     bool "Install glibc support for MTE"
> 
>   Repeating that it's glibc related is not necessary, and making "MTE"
>   explicit seems useful. So perhaps:
> 
>           bool "enable Memory Tagging Extension (MTE) support"
> 
>   > +     depends on BR2_aarch64
>   > +     depends on !BR2_BINUTILS_VERSION_2_32_X
>   > +     depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_4
>   > +     help
>   > +       Enabling this option will configure, compile
>   > +       and install glibc support for MTE (Memory Tagging Extension).
>   > +       Please be aware, in order for that to work properly,
>   > +       kernel support for MTE (CONFIG_ARM64_MTE), and a
>   > +       supported CPU are needed.
> 
>   Instead of just saying so, you could do this in [8]glibc.mk:
> 
>   ifeq ($(BR2_PACKAGE_GLIBC_MTE),y)
>   GLIBC_CONF_OPTS += --enable-memory-tagging
>   define GLIBC_LINUX_CONFIG_FIXUPS
>           $(call KCONFIG_ENABLE_OPT,CONFIG_ARM64_MTE)
>   endef
>   endif
> 
>   Of course, you need to add $(GLIBC_CONF_OPTS) inside
>   GLIBC_CONFIGURE_CMDS.
> 
>   Other than that, it looks good to me.
> 
>   Do we need special compiler options to make use of MTE ?
> 
>   Best regards,
> 
>   Thomas
>   --
>   Thomas Petazzoni, co-owner and CEO, Bootlin
>   Embedded Linux and Kernel engineering and training
>   [9]https://bootlin.com
> 
> Links:
> 1. mailto:thomas.petazzoni@bootlin.com
> 2. mailto:irgstg@gmail.com
> 3. mailto:irgstg@gmail.com
> 4. https://sourceware.org/git/?p=glibc.git;a=blob;f=INSTALL;h=02dcf6b1ca3a4c43a17fdcae5e7dae8189c1c50b;hb=HEAD#l145
> 5. https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/enhancing-memory-safety
> 6. mailto:irgstg@gmail.com
> 7. mailto:irgstg@gmail.com
> 8. http://glibc.mk
> 9. https://bootlin.com

> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot


-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot