Companies Intel and AMDjointly develops enhanced ChkTag instruction set (x86 Memory Tagging), which will be standardized for a unified implementation in x86 processors from various manufacturers. In its capabilities, ChkTag resembles the MTE (MemTag), already included in ARM processors, also allows you to block the exploitation of vulnerabilities caused by accessing already freed memory blocks, buffer overflows, or accessing memory before initialization.
ChkTag offers new processor instructions that allow you to bind tags to areas in memory at the hardware level and organize checks for correct use pointers. It is stated that the use of these instructions by compilers will ensure safe operation of memory without reducing application performance. At the same time, applications using ChkTag will remain compatible with older processors that do not have hardware support for ChkTag, which will simplify the implementation of protection.
The implemented protection method comes down to creating a tag for each memory block, which acts as a kind of key for accessing this memory (for example, in the MTE implementation, a tag is created for every 16 bytes 4-bit tag). The tag is generated by the application for the allocated memory area using special CPU instructions and then stored in the top unused bits of the pointer and in a reserved and application-unavailable area of linear/virtual memory. When accessing memory using a tagged pointer, the processor checks that the tag associated with the pointer matches the tags associated with the memory blocks, and allows access only if the tags match.
ChkTag technology was developed as part of a joint effort between Intel and AMD in the EAG (x86 Ecosystem Advisory Group), formed a year ago to collaborate on ensuring compatibility between x86 platforms, standardizing interfaces for Intel and AMD products, simplifying software development for x86 systems, and identifying developer needs for architectural extensions. In addition to Intel and AMD, the group members include Linus Torvalds, creator of the Linux kernel, Tim Sweeney, founder of Epic Games and one of the key developers of the Unreal Engine game engine, as well as representatives from Broadcom, Dell, Google, Hewlett Packard, Lenovo, Meta, Microsoft, Oracle and Red Hat.
In addition to ChkTag, Intel and AMD have also standardized and unified implementations of the interrupt handling model FRED (Flexible Return and Event Delivery), set of vector instructions AVX10