From: Dave Martin <Dave.Martin@arm.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arch@vger.kernel.org, linux-doc@vger.kernel.org,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Will Deacon <will.deacon@arm.com>,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Will Deacon <will@kernel.org>,
Dave Hansen <dave.hansen@intel.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v9 3/3] arm64: Relax Documentation/arm64/tagged-pointers.rst
Date: Thu, 22 Aug 2019 17:37:23 +0100 [thread overview]
Message-ID: <20190822163723.GF27757@arm.com> (raw)
In-Reply-To: <20190822155531.GB55798@arrakis.emea.arm.com>
On Thu, Aug 22, 2019 at 04:55:32PM +0100, Catalin Marinas wrote:
> On Wed, Aug 21, 2019 at 07:46:51PM +0100, Dave P Martin wrote:
> > On Wed, Aug 21, 2019 at 06:33:53PM +0100, Will Deacon wrote:
> > > On Wed, Aug 21, 2019 at 05:47:30PM +0100, Catalin Marinas wrote:
> > > > @@ -59,6 +63,11 @@ be preserved.
> > > > The architecture prevents the use of a tagged PC, so the upper byte will
> > > > be set to a sign-extension of bit 55 on exception return.
> > > >
> > > > +This behaviour is maintained when the AArch64 Tagged Address ABI is
> > > > +enabled. In addition, with the exceptions above, the kernel will
> > > > +preserve any non-zero tags passed by the user via syscalls and stored in
> > > > +kernel data structures (e.g. ``set_robust_list()``, ``sigaltstack()``).
> >
> > sigaltstack() is interesting, since we don't support tagged stacks.
>
> We should support tagged SP with the new ABI as they'll be required for
> MTE. sigaltstack() and clone() are the two syscalls that come to mind
> here.
>
> > Do we keep the ss_sp tag in the kernel, but squash it when delivering
> > a signal to the alternate stack?
>
> We don't seem to be doing any untagging, so we just just use whatever
> the caller asked for. We may need a small test to confirm.
If we want to support tagged SP, then I guess we shouldn't be squashing
the tag anywhere. A test for that would be sensible to have.
> That said, on_sig_stack() probably needs some untagging as it does user
> pointer arithmetics with potentially different tags.
Good point.
> > > Hmm. I can see the need to provide this guarantee for things like
> > > set_robust_list(), but the problem is that the statement above is too broad
> > > and isn't strictly true: for example, mmap() doesn't propagate the tag of
> > > its address parameter into the VMA.
> > >
> > > So I think we need to nail this down a bit more, but I'm having a really
> > > hard time coming up with some wording :(
> >
> > Time for some creative vagueness?
> >
> > We can write a statement of our overall intent, along with examples of
> > a few cases where the tag should and should not be expected to emerge
> > intact.
> >
> > There is no foolproof rule, unless we can rewrite history...
>
> I would expect the norm to be the preservation of tags with a few
> exceptions. The only ones I think where we won't preserve the tags are
> mmap, mremap, brk (apart from the signal stuff already mentioned in the
> current tagged-pointers.rst doc).
>
> So I can remove this paragraph altogether and add a note in part 3 of
> the tagged-address-abi.rst document that mmap/mremap/brk do not preserve
> the tag information.
Deleting text is always a good idea ;)
There are other cases like (non-)propagation of the tag to si_addr
when a fault is reported via a signal, but I think we already have
appropriate wording to cover that.
Cheers
---Dave
WARNING: multiple messages have this Message-ID (diff)
From: Dave Martin <Dave.Martin@arm.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arch@vger.kernel.org, linux-doc@vger.kernel.org,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Will Deacon <will.deacon@arm.com>,
linux-mm@kvack.org, Dave Hansen <dave.hansen@intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v9 3/3] arm64: Relax Documentation/arm64/tagged-pointers.rst
Date: Thu, 22 Aug 2019 17:37:23 +0100 [thread overview]
Message-ID: <20190822163723.GF27757@arm.com> (raw)
Message-ID: <20190822163723.qjAOhh_x_sz55wlLR8AM0cmoYr7mlsn_Nr0h9hserXU@z> (raw)
In-Reply-To: <20190822155531.GB55798@arrakis.emea.arm.com>
On Thu, Aug 22, 2019 at 04:55:32PM +0100, Catalin Marinas wrote:
> On Wed, Aug 21, 2019 at 07:46:51PM +0100, Dave P Martin wrote:
> > On Wed, Aug 21, 2019 at 06:33:53PM +0100, Will Deacon wrote:
> > > On Wed, Aug 21, 2019 at 05:47:30PM +0100, Catalin Marinas wrote:
> > > > @@ -59,6 +63,11 @@ be preserved.
> > > > The architecture prevents the use of a tagged PC, so the upper byte will
> > > > be set to a sign-extension of bit 55 on exception return.
> > > >
> > > > +This behaviour is maintained when the AArch64 Tagged Address ABI is
> > > > +enabled. In addition, with the exceptions above, the kernel will
> > > > +preserve any non-zero tags passed by the user via syscalls and stored in
> > > > +kernel data structures (e.g. ``set_robust_list()``, ``sigaltstack()``).
> >
> > sigaltstack() is interesting, since we don't support tagged stacks.
>
> We should support tagged SP with the new ABI as they'll be required for
> MTE. sigaltstack() and clone() are the two syscalls that come to mind
> here.
>
> > Do we keep the ss_sp tag in the kernel, but squash it when delivering
> > a signal to the alternate stack?
>
> We don't seem to be doing any untagging, so we just just use whatever
> the caller asked for. We may need a small test to confirm.
If we want to support tagged SP, then I guess we shouldn't be squashing
the tag anywhere. A test for that would be sensible to have.
> That said, on_sig_stack() probably needs some untagging as it does user
> pointer arithmetics with potentially different tags.
Good point.
> > > Hmm. I can see the need to provide this guarantee for things like
> > > set_robust_list(), but the problem is that the statement above is too broad
> > > and isn't strictly true: for example, mmap() doesn't propagate the tag of
> > > its address parameter into the VMA.
> > >
> > > So I think we need to nail this down a bit more, but I'm having a really
> > > hard time coming up with some wording :(
> >
> > Time for some creative vagueness?
> >
> > We can write a statement of our overall intent, along with examples of
> > a few cases where the tag should and should not be expected to emerge
> > intact.
> >
> > There is no foolproof rule, unless we can rewrite history...
>
> I would expect the norm to be the preservation of tags with a few
> exceptions. The only ones I think where we won't preserve the tags are
> mmap, mremap, brk (apart from the signal stuff already mentioned in the
> current tagged-pointers.rst doc).
>
> So I can remove this paragraph altogether and add a note in part 3 of
> the tagged-address-abi.rst document that mmap/mremap/brk do not preserve
> the tag information.
Deleting text is always a good idea ;)
There are other cases like (non-)propagation of the tag to si_addr
when a fault is reported via a signal, but I think we already have
appropriate wording to cover that.
Cheers
---Dave
WARNING: multiple messages have this Message-ID (diff)
From: Dave Martin <Dave.Martin@arm.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arch@vger.kernel.org, linux-doc@vger.kernel.org,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Will Deacon <will.deacon@arm.com>,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Will Deacon <will@kernel.org>,
Dave Hansen <dave.hansen@intel.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v9 3/3] arm64: Relax Documentation/arm64/tagged-pointers.rst
Date: Thu, 22 Aug 2019 17:37:23 +0100 [thread overview]
Message-ID: <20190822163723.GF27757@arm.com> (raw)
In-Reply-To: <20190822155531.GB55798@arrakis.emea.arm.com>
On Thu, Aug 22, 2019 at 04:55:32PM +0100, Catalin Marinas wrote:
> On Wed, Aug 21, 2019 at 07:46:51PM +0100, Dave P Martin wrote:
> > On Wed, Aug 21, 2019 at 06:33:53PM +0100, Will Deacon wrote:
> > > On Wed, Aug 21, 2019 at 05:47:30PM +0100, Catalin Marinas wrote:
> > > > @@ -59,6 +63,11 @@ be preserved.
> > > > The architecture prevents the use of a tagged PC, so the upper byte will
> > > > be set to a sign-extension of bit 55 on exception return.
> > > >
> > > > +This behaviour is maintained when the AArch64 Tagged Address ABI is
> > > > +enabled. In addition, with the exceptions above, the kernel will
> > > > +preserve any non-zero tags passed by the user via syscalls and stored in
> > > > +kernel data structures (e.g. ``set_robust_list()``, ``sigaltstack()``).
> >
> > sigaltstack() is interesting, since we don't support tagged stacks.
>
> We should support tagged SP with the new ABI as they'll be required for
> MTE. sigaltstack() and clone() are the two syscalls that come to mind
> here.
>
> > Do we keep the ss_sp tag in the kernel, but squash it when delivering
> > a signal to the alternate stack?
>
> We don't seem to be doing any untagging, so we just just use whatever
> the caller asked for. We may need a small test to confirm.
If we want to support tagged SP, then I guess we shouldn't be squashing
the tag anywhere. A test for that would be sensible to have.
> That said, on_sig_stack() probably needs some untagging as it does user
> pointer arithmetics with potentially different tags.
Good point.
> > > Hmm. I can see the need to provide this guarantee for things like
> > > set_robust_list(), but the problem is that the statement above is too broad
> > > and isn't strictly true: for example, mmap() doesn't propagate the tag of
> > > its address parameter into the VMA.
> > >
> > > So I think we need to nail this down a bit more, but I'm having a really
> > > hard time coming up with some wording :(
> >
> > Time for some creative vagueness?
> >
> > We can write a statement of our overall intent, along with examples of
> > a few cases where the tag should and should not be expected to emerge
> > intact.
> >
> > There is no foolproof rule, unless we can rewrite history...
>
> I would expect the norm to be the preservation of tags with a few
> exceptions. The only ones I think where we won't preserve the tags are
> mmap, mremap, brk (apart from the signal stuff already mentioned in the
> current tagged-pointers.rst doc).
>
> So I can remove this paragraph altogether and add a note in part 3 of
> the tagged-address-abi.rst document that mmap/mremap/brk do not preserve
> the tag information.
Deleting text is always a good idea ;)
There are other cases like (non-)propagation of the tag to si_addr
when a fault is reported via a signal, but I think we already have
appropriate wording to cover that.
Cheers
---Dave
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-08-22 16:37 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-21 16:47 [PATCH v9 0/3] arm64 tagged address ABI Catalin Marinas
2019-08-21 16:47 ` Catalin Marinas
2019-08-21 16:47 ` Catalin Marinas
2019-08-21 16:47 ` Catalin Marinas
2019-08-21 16:47 ` [PATCH v9 1/3] mm: untag user pointers in mmap/munmap/mremap/brk Catalin Marinas
2019-08-21 16:47 ` Catalin Marinas
2019-08-21 16:47 ` Catalin Marinas
2019-08-21 16:47 ` [PATCH v9 2/3] arm64: Define Documentation/arm64/tagged-address-abi.rst Catalin Marinas
2019-08-21 16:47 ` Catalin Marinas
2019-08-21 16:47 ` Catalin Marinas
2019-08-21 16:57 ` Andrey Konovalov
2019-08-21 16:57 ` Andrey Konovalov
2019-08-21 16:57 ` Andrey Konovalov
2019-08-22 9:38 ` Kevin Brodsky
2019-08-22 9:38 ` Kevin Brodsky
2019-08-22 9:38 ` Kevin Brodsky
2019-08-21 17:35 ` Will Deacon
2019-08-21 17:35 ` Will Deacon
2019-08-21 17:35 ` Will Deacon
2019-08-22 14:17 ` [PATCH] arm64: Add tagged-address-abi.rst to index.rst Vincenzo Frascino
2019-08-21 16:47 ` [PATCH v9 3/3] arm64: Relax Documentation/arm64/tagged-pointers.rst Catalin Marinas
2019-08-21 16:47 ` Catalin Marinas
2019-08-21 16:47 ` Catalin Marinas
2019-08-21 17:33 ` Will Deacon
2019-08-21 17:33 ` Will Deacon
2019-08-21 17:33 ` Will Deacon
2019-08-21 18:46 ` Dave Martin
2019-08-21 18:46 ` Dave Martin
2019-08-21 18:46 ` Dave Martin
2019-08-22 15:55 ` Catalin Marinas
2019-08-22 15:55 ` Catalin Marinas
2019-08-22 15:55 ` Catalin Marinas
2019-08-22 16:37 ` Dave Martin [this message]
2019-08-22 16:37 ` Dave Martin
2019-08-22 16:37 ` Dave Martin
2019-08-23 16:19 ` Catalin Marinas
2019-08-23 16:19 ` Catalin Marinas
2019-08-23 16:19 ` Catalin Marinas
2019-08-23 16:32 ` Dave Martin
2019-08-23 16:32 ` Dave Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190822163723.GF27757@arm.com \
--to=dave.martin@arm.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@intel.com \
--cc=kevin.brodsky@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=szabolcs.nagy@arm.com \
--cc=vincenzo.frascino@arm.com \
--cc=will.deacon@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.