PatrykMis
commented
10 months ago Is async mode not better for this use?
As synchronous mode prioritizes accuracy of bug detection over performance, it is most useful during development or as part of a continuous integration system. In these situations, the precise bug detection capability is more important than the performance overhead.
On other hand, ASYNC mode is optimized for performance over accuracy of bug reports. The information about where the bug occurred is less precise, but ASYNC mode provides a low overhead detection mechanism for memory safety bugs. It is useful for production systems when performance is more important than detailed bug information.
Source: https://community.arm.com/arm-community-blogs/b/operating-systems-blog/posts/new-mte-user-guide
Worth reading: https://discuss.grapheneos.org/d/8439-mte-support-status-for-grapheneos/3
chenxiaolong
While BCR itself has no native code, the system media codecs do and we've run into memory corruption issues in the past (eg. the FLAC encoder can sometimes segfault if audio buffer timestamps are not set correctly).
Enabling MTE won't really make a difference security-wise for BCR. We never parse any untrusted inputs. But it might help catch potential issues in the media stack.