From: Matthew Wilcox <willy@infradead.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Hansen <dave.hansen@intel.com>,
Peter Zijlstra <peterz@infradead.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
x86@kernel.org, Alexander Potapenko <glider@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
"H . J . Lu" <hjl.tools@gmail.com>,
Andi Kleen <ak@linux.intel.com>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [RFCv2 00/10] Linear Address Masking enabling
Date: Fri, 13 May 2022 15:43:17 +0100 [thread overview]
Message-ID: <Yn5uhco0kKN5wNdn@casper.infradead.org> (raw)
In-Reply-To: <87zgjmtpf8.ffs@tglx>
On Thu, May 12, 2022 at 11:24:27PM +0200, Thomas Gleixner wrote:
> On Thu, May 12 2022 at 21:39, Thomas Gleixner wrote:
> > On Thu, May 12 2022 at 10:22, Dave Hansen wrote:
> >> One of the stated reasons for adding LAM hardware is that folks want to
> >> use sanitizers outside of debugging environments. To me, that means
> >> that LAM is something that the same binary might run with or without.
> >
> > On/off yes, but is there an actual use case where such a mechanism would
> > at start time dynamically chose the number of bits?
>
> This would need cooperation from the application because it has to tell
> the magic facility whether it intends to utilize the large VA space on a
> 5-level paging system or not.
Taking a step back ...
Consider an application like 'grep'. It operates on streams of data,
and has a fairly bounded amount of virtual memory that it will use.
Let's say it's 1GB (*handwave*). So it has 33 bits of address space that
it can use for "security" of one form or another. ASLR is one thing which
is vying for bits, and now ASAN is another. Somehow it is supposed to
tell the kernel "I want to use 6 bits for ASAN and 27 bits for ASLR".
Or "I want to use 15 bits for ASAN and 18 bits for ASLR".
So how does grep make that decision? How does it find out what the
kernel supports? Deciding which tradeoff is more valuable to grep is
clearly not something the kernel can help with, but I do think that the
kernel needs to have an API to query what's available.
Something like Libreoffice or Firefox is obviously going to be much more
complex; it doesn't really have a bounded amount of virtual memory to
work with. But if we can't even solve this problem for applications
with bounded address space, we stand no chance of solving it for hard
cases.
next prev parent reply other threads:[~2022-05-13 15:28 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-11 2:27 [RFCv2 00/10] Linear Address Masking enabling Kirill A. Shutemov
2022-05-11 2:27 ` [PATCH] x86: Implement Linear Address Masking support Kirill A. Shutemov
2022-05-12 13:01 ` David Laight
2022-05-12 14:07 ` Matthew Wilcox
2022-05-12 15:06 ` Thomas Gleixner
2022-05-12 15:33 ` David Laight
2022-05-12 14:35 ` Peter Zijlstra
2022-05-12 17:00 ` Kirill A. Shutemov
2022-05-11 2:27 ` [RFCv2 01/10] x86/mm: Fix CR3_ADDR_MASK Kirill A. Shutemov
2022-05-11 2:27 ` [RFCv2 02/10] x86: CPUID and CR3/CR4 flags for Linear Address Masking Kirill A. Shutemov
2022-05-11 2:27 ` [RFCv2 03/10] x86: Introduce userspace API to handle per-thread features Kirill A. Shutemov
2022-05-12 12:02 ` Thomas Gleixner
2022-05-12 12:04 ` [PATCH] x86/prctl: Remove pointless task argument Thomas Gleixner
2022-05-13 14:09 ` [RFCv2 03/10] x86: Introduce userspace API to handle per-thread features Alexander Potapenko
2022-05-13 17:34 ` Edgecombe, Rick P
2022-05-13 23:09 ` Kirill A. Shutemov
2022-05-13 23:50 ` Edgecombe, Rick P
2022-05-14 8:37 ` Thomas Gleixner
2022-05-14 23:06 ` Edgecombe, Rick P
2022-05-15 9:02 ` Thomas Gleixner
2022-05-15 18:24 ` Edgecombe, Rick P
2022-05-15 19:38 ` Thomas Gleixner
2022-05-15 22:01 ` Edgecombe, Rick P
2022-05-11 2:27 ` [RFCv2 04/10] x86/mm: Introduce X86_THREAD_LAM_U48 and X86_THREAD_LAM_U57 Kirill A. Shutemov
2022-05-11 7:02 ` Peter Zijlstra
2022-05-12 12:24 ` Thomas Gleixner
2022-05-12 14:37 ` Peter Zijlstra
2022-05-11 2:27 ` [RFCv2 05/10] x86/mm: Provide untagged_addr() helper Kirill A. Shutemov
2022-05-11 7:21 ` Peter Zijlstra
2022-05-11 7:45 ` Peter Zijlstra
2022-05-12 13:06 ` Thomas Gleixner
2022-05-12 14:23 ` Peter Zijlstra
2022-05-12 15:16 ` Thomas Gleixner
2022-05-12 23:14 ` Thomas Gleixner
2022-05-13 10:14 ` David Laight
2022-05-11 2:27 ` [RFCv2 06/10] x86/uaccess: Remove tags from the address before checking Kirill A. Shutemov
2022-05-12 13:02 ` David Laight
2022-05-11 2:27 ` [RFCv2 07/10] x86/mm: Handle tagged memory accesses from kernel threads Kirill A. Shutemov
2022-05-11 7:23 ` Peter Zijlstra
2022-05-12 13:30 ` Thomas Gleixner
2022-05-11 2:27 ` [RFCv2 08/10] x86/mm: Make LAM_U48 and mappings above 47-bits mutually exclusive Kirill A. Shutemov
2022-05-12 13:36 ` Thomas Gleixner
2022-05-13 23:22 ` Kirill A. Shutemov
2022-05-14 8:37 ` Thomas Gleixner
2022-05-18 8:43 ` Bharata B Rao
2022-05-18 17:08 ` Kirill A. Shutemov
2022-05-11 2:27 ` [RFCv2 09/10] x86/mm: Add userspace API to enable Linear Address Masking Kirill A. Shutemov
2022-05-11 7:26 ` Peter Zijlstra
2022-05-12 14:46 ` Thomas Gleixner
2022-05-11 14:15 ` H.J. Lu
2022-05-12 14:21 ` Thomas Gleixner
2022-05-11 2:27 ` [RFCv2 10/10] x86: Expose thread features status in /proc/$PID/arch_status Kirill A. Shutemov
2022-05-11 6:49 ` [RFCv2 00/10] Linear Address Masking enabling Peter Zijlstra
2022-05-12 15:42 ` Thomas Gleixner
2022-05-12 16:56 ` Kirill A. Shutemov
2022-05-12 19:31 ` Thomas Gleixner
2022-05-12 23:21 ` Thomas Gleixner
2022-05-12 17:22 ` Dave Hansen
2022-05-12 19:39 ` Thomas Gleixner
2022-05-12 21:24 ` Thomas Gleixner
2022-05-13 14:43 ` Matthew Wilcox [this message]
2022-05-13 22:59 ` Kirill A. Shutemov
2022-05-12 21:51 ` Dave Hansen
2022-05-12 22:10 ` H.J. Lu
2022-05-12 23:35 ` Thomas Gleixner
2022-05-13 0:08 ` H.J. Lu
2022-05-13 0:46 ` Dave Hansen
2022-05-13 1:27 ` Thomas Gleixner
2022-05-13 3:05 ` Dave Hansen
2022-05-13 8:28 ` Thomas Gleixner
2022-05-13 22:48 ` Kirill A. Shutemov
2022-05-13 9:14 ` Catalin Marinas
2022-05-13 9:26 ` Thomas Gleixner
2022-05-13 0:46 ` Thomas Gleixner
2022-05-13 11:07 ` Alexander Potapenko
2022-05-13 11:28 ` David Laight
2022-05-13 12:26 ` Alexander Potapenko
2022-05-13 14:26 ` David Laight
2022-05-13 15:28 ` Alexander Potapenko
2022-05-13 23:01 ` Kirill A. Shutemov
2022-05-14 10:00 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yn5uhco0kKN5wNdn@casper.infradead.org \
--to=willy@infradead.org \
--cc=ak@linux.intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hjl.tools@gmail.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).