The kernel’s bcopy, memcpy, copyin, and copyout routines are capability-unaware and will not preserve tag bits.
New cheri_bcopy, cheri_memcpy, copyincap, and copyoutcap are used in situations where preserving tags is desirable – such as copying in or out of CHERI trusted stacks.
Clearing tag bits across conventional IPC, system call arguments, and so on is important in preventing the accidental leaking of rights between address space where only data copies are intended.
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?