Re: [PATCH] arm64: mte: Document that user PSTATE.TCO is ignored by kernel uaccess

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

* Re: [PATCH] arm64: mte: Document that user PSTATE.TCO is ignored by kernel uaccess
       [not found] <20201026121656.26096-1-catalin.marinas@arm.com>
@ 2020-10-26 12:26 ` Vincenzo Frascino
  2020-10-26 13:14 ` Will Deacon
  1 sibling, 0 replies; 5+ messages in thread
From: Vincenzo Frascino @ 2020-10-26 12:26 UTC (permalink / raw)
  To: Catalin Marinas, linux-arm-kernel, Will Deacon
  Cc: Szabolcs Nagy, andreyknvl, Branislav Rankov, pcc



On 10/26/20 12:16 PM, Catalin Marinas wrote:
> On exception entry, the kernel explicitly resets the PSTATE.TCO (tag
> check override) so that any kernel memory accesses will be checked (the
> bit is restored on exception return). This has the side-effect that the
> uaccess routines will not honour the PSTATE.TCO that may have been set
> by the user prior to a syscall.
> 
> There is no issue in practice since PSTATE.TCO is expected to be used
> only for brief periods in specific routines (e.g. garbage collection).
> To control the tag checking mode of the uaccess routines, the user will
> have to invoke a corresponding prctl() call.
> 
> Document the kernel behaviour w.r.t. PSTATE.TCO accordingly.
> 
> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> Fixes: df9d7a22dd21 ("arm64: mte: Add Memory Tagging Extension documentation")
> Cc: Will Deacon <will@kernel.org>
> Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>

It is a good thing that we are documenting this explicitly since it might be
confusing to the user why the kernel behaves in a certain way.

Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>

> ---
>  Documentation/arm64/memory-tagging-extension.rst | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/arm64/memory-tagging-extension.rst b/Documentation/arm64/memory-tagging-extension.rst
> index 034d37c605e8..648f8e8d480b 100644
> --- a/Documentation/arm64/memory-tagging-extension.rst
> +++ b/Documentation/arm64/memory-tagging-extension.rst
> @@ -102,7 +102,9 @@ applications.
>  system call) are not checked if the user thread tag checking mode is
>  ``PR_MTE_TCF_NONE`` or ``PR_MTE_TCF_ASYNC``. If the tag checking mode is
>  ``PR_MTE_TCF_SYNC``, the kernel makes a best effort to check its user
> -address accesses, however it cannot always guarantee it.
> +address accesses, however it cannot always guarantee it. The user
> +``PSTATE.TCO`` bit is ignored by the kernel accesses to user addresses,
> +its value assumed 0.
>  
>  Excluding Tags in the ``IRG``, ``ADDG`` and ``SUBG`` instructions
>  -----------------------------------------------------------------
> 

-- 
Regards,
Vincenzo

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] arm64: mte: Document that user PSTATE.TCO is ignored by kernel uaccess
       [not found] <20201026121656.26096-1-catalin.marinas@arm.com>
  2020-10-26 12:26 ` [PATCH] arm64: mte: Document that user PSTATE.TCO is ignored by kernel uaccess Vincenzo Frascino
@ 2020-10-26 13:14 ` Will Deacon
  2020-10-26 14:18   ` Catalin Marinas
  1 sibling, 1 reply; 5+ messages in thread
From: Will Deacon @ 2020-10-26 13:14 UTC (permalink / raw)
  To: Catalin Marinas
  Cc: Branislav Rankov, Szabolcs Nagy, andreyknvl, Vincenzo Frascino,
	pcc, linux-arm-kernel

On Mon, Oct 26, 2020 at 12:16:56PM +0000, Catalin Marinas wrote:
> On exception entry, the kernel explicitly resets the PSTATE.TCO (tag
> check override) so that any kernel memory accesses will be checked (the
> bit is restored on exception return). This has the side-effect that the
> uaccess routines will not honour the PSTATE.TCO that may have been set
> by the user prior to a syscall.
> 
> There is no issue in practice since PSTATE.TCO is expected to be used
> only for brief periods in specific routines (e.g. garbage collection).
> To control the tag checking mode of the uaccess routines, the user will
> have to invoke a corresponding prctl() call.
> 
> Document the kernel behaviour w.r.t. PSTATE.TCO accordingly.
> 
> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> Fixes: df9d7a22dd21 ("arm64: mte: Add Memory Tagging Extension documentation")
> Cc: Will Deacon <will@kernel.org>
> Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>
> ---
>  Documentation/arm64/memory-tagging-extension.rst | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/arm64/memory-tagging-extension.rst b/Documentation/arm64/memory-tagging-extension.rst
> index 034d37c605e8..648f8e8d480b 100644
> --- a/Documentation/arm64/memory-tagging-extension.rst
> +++ b/Documentation/arm64/memory-tagging-extension.rst
> @@ -102,7 +102,9 @@ applications.
>  system call) are not checked if the user thread tag checking mode is
>  ``PR_MTE_TCF_NONE`` or ``PR_MTE_TCF_ASYNC``. If the tag checking mode is
>  ``PR_MTE_TCF_SYNC``, the kernel makes a best effort to check its user
> -address accesses, however it cannot always guarantee it.
> +address accesses, however it cannot always guarantee it. The user
> +``PSTATE.TCO`` bit is ignored by the kernel accesses to user addresses,
> +its value assumed 0.

nit, but the wording feels a bit odd to me here. How about:

  Kernel accesses to user addresses are always performed with an effective
  PSTATE.TCO value of zero, regardless of the user configuration.

?

Will

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] arm64: mte: Document that user PSTATE.TCO is ignored by kernel uaccess
  2020-10-26 13:14 ` Will Deacon
@ 2020-10-26 14:18   ` Catalin Marinas
  2020-10-27 11:33     ` Szabolcs Nagy
  0 siblings, 1 reply; 5+ messages in thread
From: Catalin Marinas @ 2020-10-26 14:18 UTC (permalink / raw)
  To: Will Deacon
  Cc: Branislav Rankov, Szabolcs Nagy, andreyknvl, Vincenzo Frascino,
	pcc, linux-arm-kernel

On Mon, Oct 26, 2020 at 01:14:15PM +0000, Will Deacon wrote:
> On Mon, Oct 26, 2020 at 12:16:56PM +0000, Catalin Marinas wrote:
> > On exception entry, the kernel explicitly resets the PSTATE.TCO (tag
> > check override) so that any kernel memory accesses will be checked (the
> > bit is restored on exception return). This has the side-effect that the
> > uaccess routines will not honour the PSTATE.TCO that may have been set
> > by the user prior to a syscall.
> > 
> > There is no issue in practice since PSTATE.TCO is expected to be used
> > only for brief periods in specific routines (e.g. garbage collection).
> > To control the tag checking mode of the uaccess routines, the user will
> > have to invoke a corresponding prctl() call.
> > 
> > Document the kernel behaviour w.r.t. PSTATE.TCO accordingly.
> > 
> > Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> > Fixes: df9d7a22dd21 ("arm64: mte: Add Memory Tagging Extension documentation")
> > Cc: Will Deacon <will@kernel.org>
> > Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>
> > ---
> >  Documentation/arm64/memory-tagging-extension.rst | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> > 
> > diff --git a/Documentation/arm64/memory-tagging-extension.rst b/Documentation/arm64/memory-tagging-extension.rst
> > index 034d37c605e8..648f8e8d480b 100644
> > --- a/Documentation/arm64/memory-tagging-extension.rst
> > +++ b/Documentation/arm64/memory-tagging-extension.rst
> > @@ -102,7 +102,9 @@ applications.
> >  system call) are not checked if the user thread tag checking mode is
> >  ``PR_MTE_TCF_NONE`` or ``PR_MTE_TCF_ASYNC``. If the tag checking mode is
> >  ``PR_MTE_TCF_SYNC``, the kernel makes a best effort to check its user
> > -address accesses, however it cannot always guarantee it.
> > +address accesses, however it cannot always guarantee it. The user
> > +``PSTATE.TCO`` bit is ignored by the kernel accesses to user addresses,
> > +its value assumed 0.
> 
> nit, but the wording feels a bit odd to me here. How about:
> 
>   Kernel accesses to user addresses are always performed with an effective
>   PSTATE.TCO value of zero, regardless of the user configuration.

That's better. Thanks.

-- 
Catalin

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] arm64: mte: Document that user PSTATE.TCO is ignored by kernel uaccess
  2020-10-26 14:18   ` Catalin Marinas
@ 2020-10-27 11:33     ` Szabolcs Nagy
  2020-10-27 11:44       ` Catalin Marinas
  0 siblings, 1 reply; 5+ messages in thread
From: Szabolcs Nagy @ 2020-10-27 11:33 UTC (permalink / raw)
  To: Catalin Marinas
  Cc: Branislav Rankov, nd, Will Deacon, andreyknvl, Vincenzo Frascino,
	pcc, linux-arm-kernel

The 10/26/2020 14:18, Catalin Marinas wrote:
> On Mon, Oct 26, 2020 at 01:14:15PM +0000, Will Deacon wrote:
> > On Mon, Oct 26, 2020 at 12:16:56PM +0000, Catalin Marinas wrote:
> > > On exception entry, the kernel explicitly resets the PSTATE.TCO (tag
> > > check override) so that any kernel memory accesses will be checked (the
> > > bit is restored on exception return). This has the side-effect that the
> > > uaccess routines will not honour the PSTATE.TCO that may have been set
> > > by the user prior to a syscall.
> > > 
> > > There is no issue in practice since PSTATE.TCO is expected to be used
> > > only for brief periods in specific routines (e.g. garbage collection).
> > > To control the tag checking mode of the uaccess routines, the user will
> > > have to invoke a corresponding prctl() call.
> > > 
> > > Document the kernel behaviour w.r.t. PSTATE.TCO accordingly.
> > > 
> > > Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> > > Fixes: df9d7a22dd21 ("arm64: mte: Add Memory Tagging Extension documentation")
> > > Cc: Will Deacon <will@kernel.org>
> > > Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>
> > > ---
> > >  Documentation/arm64/memory-tagging-extension.rst | 4 +++-
> > >  1 file changed, 3 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/Documentation/arm64/memory-tagging-extension.rst b/Documentation/arm64/memory-tagging-extension.rst
> > > index 034d37c605e8..648f8e8d480b 100644
> > > --- a/Documentation/arm64/memory-tagging-extension.rst
> > > +++ b/Documentation/arm64/memory-tagging-extension.rst
> > > @@ -102,7 +102,9 @@ applications.
> > >  system call) are not checked if the user thread tag checking mode is
> > >  ``PR_MTE_TCF_NONE`` or ``PR_MTE_TCF_ASYNC``. If the tag checking mode is
> > >  ``PR_MTE_TCF_SYNC``, the kernel makes a best effort to check its user
> > > -address accesses, however it cannot always guarantee it.
> > > +address accesses, however it cannot always guarantee it. The user
> > > +``PSTATE.TCO`` bit is ignored by the kernel accesses to user addresses,
> > > +its value assumed 0.
> > 
> > nit, but the wording feels a bit odd to me here. How about:
> > 
> >   Kernel accesses to user addresses are always performed with an effective
> >   PSTATE.TCO value of zero, regardless of the user configuration.
> 
> That's better. Thanks.

looks good.
i assume this means a signal handler will also have tco=0.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] arm64: mte: Document that user PSTATE.TCO is ignored by kernel uaccess
  2020-10-27 11:33     ` Szabolcs Nagy
@ 2020-10-27 11:44       ` Catalin Marinas
  0 siblings, 0 replies; 5+ messages in thread
From: Catalin Marinas @ 2020-10-27 11:44 UTC (permalink / raw)
  To: Szabolcs Nagy
  Cc: Branislav Rankov, nd, Will Deacon, andreyknvl, Vincenzo Frascino,
	pcc, linux-arm-kernel

On Tue, Oct 27, 2020 at 11:33:24AM +0000, Szabolcs Nagy wrote:
> The 10/26/2020 14:18, Catalin Marinas wrote:
> > On Mon, Oct 26, 2020 at 01:14:15PM +0000, Will Deacon wrote:
> > > On Mon, Oct 26, 2020 at 12:16:56PM +0000, Catalin Marinas wrote:
> > > > On exception entry, the kernel explicitly resets the PSTATE.TCO (tag
> > > > check override) so that any kernel memory accesses will be checked (the
> > > > bit is restored on exception return). This has the side-effect that the
> > > > uaccess routines will not honour the PSTATE.TCO that may have been set
> > > > by the user prior to a syscall.
> > > > 
> > > > There is no issue in practice since PSTATE.TCO is expected to be used
> > > > only for brief periods in specific routines (e.g. garbage collection).
> > > > To control the tag checking mode of the uaccess routines, the user will
> > > > have to invoke a corresponding prctl() call.
> > > > 
> > > > Document the kernel behaviour w.r.t. PSTATE.TCO accordingly.
> > > > 
> > > > Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> > > > Fixes: df9d7a22dd21 ("arm64: mte: Add Memory Tagging Extension documentation")
> > > > Cc: Will Deacon <will@kernel.org>
> > > > Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>
> > > > ---
> > > >  Documentation/arm64/memory-tagging-extension.rst | 4 +++-
> > > >  1 file changed, 3 insertions(+), 1 deletion(-)
> > > > 
> > > > diff --git a/Documentation/arm64/memory-tagging-extension.rst b/Documentation/arm64/memory-tagging-extension.rst
> > > > index 034d37c605e8..648f8e8d480b 100644
> > > > --- a/Documentation/arm64/memory-tagging-extension.rst
> > > > +++ b/Documentation/arm64/memory-tagging-extension.rst
> > > > @@ -102,7 +102,9 @@ applications.
> > > >  system call) are not checked if the user thread tag checking mode is
> > > >  ``PR_MTE_TCF_NONE`` or ``PR_MTE_TCF_ASYNC``. If the tag checking mode is
> > > >  ``PR_MTE_TCF_SYNC``, the kernel makes a best effort to check its user
> > > > -address accesses, however it cannot always guarantee it.
> > > > +address accesses, however it cannot always guarantee it. The user
> > > > +``PSTATE.TCO`` bit is ignored by the kernel accesses to user addresses,
> > > > +its value assumed 0.
> > > 
> > > nit, but the wording feels a bit odd to me here. How about:
> > > 
> > >   Kernel accesses to user addresses are always performed with an effective
> > >   PSTATE.TCO value of zero, regardless of the user configuration.
> > 
> > That's better. Thanks.
> 
> looks good.
> i assume this means a signal handler will also have tco=0.

Yes, it's already documented that signal handlers are always invoked
with PSTATE.TCO=0.

-- 
Catalin

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-10-27 11:46 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20201026121656.26096-1-catalin.marinas@arm.com>
2020-10-26 12:26 ` [PATCH] arm64: mte: Document that user PSTATE.TCO is ignored by kernel uaccess Vincenzo Frascino
2020-10-26 13:14 ` Will Deacon
2020-10-26 14:18   ` Catalin Marinas
2020-10-27 11:33     ` Szabolcs Nagy
2020-10-27 11:44       ` Catalin Marinas

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).