Bug 298803

Summary: [libpas] Implement primary support for MTE
Product: WebKit Reporter: Marcus Plutowski <marcus_plutowski>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: REOPENED    
Severity: Normal CC: commit-queue, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 299465    
Bug Blocks:    

Marcus Plutowski
Reported 2025-09-12 16:38:43 PDT
rdar://160499929 As announced on September 9th, the SoCs used in the next generation of iPhones will include support for ARM'S Memory Tagging Extension functionality. As part of Apple's MIE (Memory Integrity Enforcement) feature, libpas should implement support for MTE and related memory-safety functionality to ensure that WebKit is up to par with the new memory safety standards set by the rest of the system. To do so, libpas should, when possible, allocate pages with backing MTE memory and, prior to returning allocations to the caller, tag them so that only valid pointers can access them (up to the standard probabilistic bound), as well as doing the necessary work to clean up tags and pre-empt certain attacker strategies with standard hardening measures.
Attachments
Add attachment proposed patch, testcase, etc.
Marcus Plutowski
Comment 1 2025-09-12 16:51:21 PDT
Pull request: https://github.com/WebKit/WebKit/pull/50687
EWS
Comment 2 2025-09-24 09:36:04 PDT
Committed 300469@main (d3acbe4f9624): <https://commits.webkit.org/300469@main> Reviewed commits have been landed. Closing PR #50687 and removing active labels.
WebKit Commit Bot
Comment 3 2025-09-24 12:30:05 PDT
Re-opened since this is blocked by bug 299465
Marcus Plutowski
Comment 4 2025-09-24 14:27:09 PDT
<rdar://problem/161273712>
Marcus Plutowski
Comment 5 2025-09-24 14:27:53 PDT
Pull request: https://github.com/WebKit/WebKit/pull/51283
Note You need to log in before you can comment on or make changes to this bug.