From: Luis Machado <luis.machado@linaro.org>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arm-kernel@lists.infradead.org,
Will Deacon <will@kernel.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Richard Earnshaw <Richard.Earnshaw@arm.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
Peter Collingbourne <pcc@google.com>,
linux-mm@kvack.org, linux-arch@vger.kernel.org,
Alan Hayward <Alan.Hayward@arm.com>,
Omair Javaid <omair.javaid@linaro.org>
Subject: Re: [PATCH v3 19/23] arm64: mte: Add PTRACE_{PEEK,POKE}MTETAGS support
Date: Wed, 13 May 2020 12:09:14 -0300 [thread overview]
Message-ID: <eec9ddae-8aa0-6cd1-9a23-16b06bb457c5@linaro.org> (raw)
In-Reply-To: <20200513141147.GD2719@gaia>
On 5/13/20 11:11 AM, Catalin Marinas wrote:
> On Wed, May 13, 2020 at 09:52:52AM -0300, Luis Machado wrote:
>> On 5/13/20 7:48 AM, Catalin Marinas wrote:
>>> On Tue, May 12, 2020 at 04:05:15PM -0300, Luis Machado wrote:
>>>> On 4/21/20 11:25 AM, Catalin Marinas wrote:
>>>>> Add support for bulk setting/getting of the MTE tags in a tracee's
>>>>> address space at 'addr' in the ptrace() syscall prototype. 'data' points
>>>>> to a struct iovec in the tracer's address space with iov_base
>>>>> representing the address of a tracer's buffer of length iov_len. The
>>>>> tags to be copied to/from the tracer's buffer are stored as one tag per
>>>>> byte.
>>>>>
>>>>> On successfully copying at least one tag, ptrace() returns 0 and updates
>>>>> the tracer's iov_len with the number of tags copied. In case of error,
>>>>> either -EIO or -EFAULT is returned, trying to follow the ptrace() man
>>>>> page.
>>>>>
>>>>> Note that the tag copying functions are not performance critical,
>>>>> therefore they lack optimisations found in typical memory copy routines.
>>>>>
>>>>> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
>>>>> Cc: Will Deacon <will@kernel.org>
>>>>> Cc: Alan Hayward <Alan.Hayward@arm.com>
>>>>> Cc: Luis Machado <luis.machado@linaro.org>
>>>>> Cc: Omair Javaid <omair.javaid@linaro.org>
>>>>
>>>> I started working on MTE support for GDB and I'm wondering if we've already
>>>> defined a way to check for runtime MTE support (as opposed to a HWCAP2-based
>>>> check) in a traced process.
>>>>
>>>> Originally we were going to do it via empty-parameter ptrace calls, but you
>>>> had mentioned something about a proc-based method, if I'm not mistaken.
>>>
>>> We could expose more information via proc_pid_arch_status() but that
>>> would be the tagged address ABI and tag check fault mode and intended
>>> for human consumption mostly. We don't have any ptrace interface that
>>> exposes HWCAPs. Since the gdbserver runs on the same machine as the
>>> debugged process, it can check the HWCAPs itself, they are the same for
>>> all processes.
>>
>> Sorry, I think i haven't made it clear. I already have access to HWCAP2 both
>> from GDB's and gdbserver's side. But HWCAP2 only indicates the availability
>> of a particular feature in a CPU, it doesn't necessarily means the traced
>> process is actively using MTE, right?
>
> Right, but "actively" is not well defined either. The only way to tell
> whether a process is using MTE is to look for any PROT_MTE mappings. You
> can access these via /proc/<pid>/maps. In theory, one can use MTE
> without enabling the tagged address ABI or even tag checking (i.e. no
> prctl() call).
>
I see the problem. I was hoping for a more immediate form of runtime
check. One debuggers would validate and enable all the tag checks and
register access at process attach/startup.
With that said, checking for PROT_MTE in /proc/<pid>/maps may still be
useful, but a process with no immediate PROT_MTE maps doesn't mean such
process won't attempt to use PROT_MTE later on. I'll have to factor that
in, but I think it'll work.
I guess HWCAP2_MTE will be useful after all. We can just assume that
whenever we have HWCAP2_MTE, we can fetch MTE registers and check for
PROT_MTE.
>> So GDB/gdbserver would need runtime checks to be able to tell if a process
>> is using MTE, in which case the tools will pay attention to tags and
>> additional MTE-related registers (sctlr and gcr) we plan to make available
>> to userspace.
>
> I'm happy to expose GCR_EL1.Excl and the SCTLR_EL1.TCF0 bits via ptrace
> as a thread state. The tags, however, are a property of the memory range
> rather than a per-thread state. That's what makes it different from
> other register-based features like SVE.
That's my understanding as well. I'm assuming, based on our previous
discussion, that we'll have those couple registers under a regset (maybe
NT_ARM_MTE).
>
>> The original proposal was to have GDB send PTRACE_PEEKMTETAGS with a NULL
>> address and check the result. Then GDB would be able to decide if the
>> process is using MTE or not.
>
> We don't store this information in the kernel as a bool and I don't
> think it would be useful either. I think gdb, when displaying memory,
> should attempt to show tags as well if the corresponding range was
> mapped with PROT_MTE. Just probing whether a thread ever used MTE
> doesn't help since you need to be more precise on which address supports
> tags.
Thanks for making this clear. Checking with ptrace won't work then. It
seems like /proc/<pid>/maps is the way to go.
>
>>> BTW, in my pre-v4 patches (hopefully I'll post v4 this week), I changed
>>> the ptrace tag access slightly to return an error (and no tags copied)
>>> if the page has not been mapped with PROT_MTE. The other option would
>>> have been read-as-zero/write-ignored as per the hardware behaviour.
>>> Either option is fine by me but I thought the write-ignored part would
>>> be more confusing for the debugger. If you have any preference here,
>>> please let me know.
>>
>> I think erroring out is a better alternative, as long as the debugger can
>> tell what the error means, like, for example, "this particular address
>> doesn't make use of tags".
>
> And you could use this for probing whether the range has tags or not.
> With my current patches it returns -EFAULT but happy to change this to
> -EOPNOTSUPP or -EINVAL. Note that it only returns an error if no tags
> copied. If gdb asks for a range of two pages and only the first one has
> PROT_MTE, it will return 0 and set the number of tags copied equivalent
> to the first page. A subsequent call would return an error.
>
> In my discussion with Dave on the documentation patch, I thought retries
> wouldn't be needed but in the above case it may be useful to get an
> error code. That's unless we change the interface to return an error and
> also update the user iovec structure.
>
Let me think about this for a bit. I'm trying to factor in the
/proc/<pid>/maps contents. If debuggers know which pages have PROT_MTE
set, then we can teach the tools not to PEEK/POKE tags from/to those
memory ranges, which simplifies the error handling a bit.
next prev parent reply other threads:[~2020-05-13 15:10 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-21 14:25 [PATCH v3 00/23] arm64: Memory Tagging Extension user-space support Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 01/23] arm64: alternative: Allow alternative_insn to always issue the first instruction Catalin Marinas
2020-04-27 16:57 ` Dave Martin
2020-04-28 11:43 ` Catalin Marinas
2020-04-29 10:26 ` Dave Martin
2020-04-29 14:04 ` Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 02/23] arm64: mte: system register definitions Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 03/23] arm64: mte: CPU feature detection and initial sysreg configuration Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 04/23] arm64: mte: Use Normal Tagged attributes for the linear map Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 05/23] arm64: mte: Assembler macros and default architecture for .S files Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 06/23] arm64: mte: Tags-aware clear_page() implementation Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 07/23] arm64: mte: Tags-aware copy_page() implementation Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 08/23] arm64: Tags-aware memcmp_pages() implementation Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 09/23] arm64: mte: Add specific SIGSEGV codes Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 10/23] arm64: mte: Handle synchronous and asynchronous tag check faults Catalin Marinas
2020-04-23 10:38 ` Catalin Marinas
2020-04-27 16:58 ` Dave Martin
2020-04-28 13:43 ` Catalin Marinas
2020-04-29 10:26 ` Dave Martin
2020-04-21 14:25 ` [PATCH v3 11/23] mm: Introduce arch_calc_vm_flag_bits() Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 12/23] arm64: mte: Add PROT_MTE support to mmap() and mprotect() Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 13/23] mm: Introduce arch_validate_flags() Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 14/23] arm64: mte: Validate the PROT_MTE request via arch_validate_flags() Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 15/23] mm: Allow arm64 mmap(PROT_MTE) on RAM-based files Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 16/23] arm64: mte: Allow user control of the tag check mode via prctl() Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 17/23] arm64: mte: Allow user control of the generated random tags " Catalin Marinas
2020-04-21 14:25 ` [PATCH v3 18/23] arm64: mte: Restore the GCR_EL1 register after a suspend Catalin Marinas
2020-04-23 15:23 ` Lorenzo Pieralisi
2020-04-21 14:25 ` [PATCH v3 19/23] arm64: mte: Add PTRACE_{PEEK,POKE}MTETAGS support Catalin Marinas
2020-04-24 23:28 ` Peter Collingbourne
2020-04-29 10:27 ` Kevin Brodsky
2020-04-29 15:24 ` Catalin Marinas
2020-04-29 16:46 ` Dave Martin
2020-04-30 10:21 ` Catalin Marinas
2020-05-04 16:40 ` Dave Martin
2020-05-05 18:03 ` Luis Machado
2020-05-12 19:05 ` Luis Machado
2020-05-13 10:48 ` Catalin Marinas
2020-05-13 12:52 ` Luis Machado
2020-05-13 14:11 ` Catalin Marinas
2020-05-13 15:09 ` Luis Machado [this message]
2020-05-13 16:45 ` Luis Machado
2020-05-13 17:11 ` Catalin Marinas
2020-05-18 16:47 ` Dave Martin
2020-05-18 17:12 ` Luis Machado
2020-05-19 16:10 ` Catalin Marinas
2020-04-21 14:26 ` [PATCH v3 20/23] fs: Allow copy_mount_options() to access user-space in a single pass Catalin Marinas
2020-04-21 15:29 ` Al Viro
2020-04-21 16:45 ` Catalin Marinas
2020-04-27 16:56 ` Dave Martin
2020-04-28 14:06 ` Catalin Marinas
2020-04-29 10:28 ` Dave Martin
2020-04-28 18:16 ` Kevin Brodsky
2020-04-28 19:40 ` Catalin Marinas
2020-04-29 11:58 ` Catalin Marinas
2020-04-28 19:36 ` Catalin Marinas
2020-04-29 10:26 ` Dave Martin
2020-04-29 13:52 ` Catalin Marinas
2020-05-04 16:40 ` Dave Martin
2020-04-21 14:26 ` [PATCH v3 21/23] arm64: mte: Check the DT memory nodes for MTE support Catalin Marinas
2020-04-24 13:57 ` Catalin Marinas
2020-04-24 16:17 ` Catalin Marinas
2020-04-27 11:14 ` Suzuki K Poulose
2020-04-21 14:26 ` [PATCH v3 22/23] arm64: mte: Kconfig entry Catalin Marinas
2020-04-21 14:26 ` [PATCH v3 23/23] arm64: mte: Add Memory Tagging Extension documentation Catalin Marinas
2020-04-29 16:47 ` Dave Martin
2020-04-30 16:23 ` Catalin Marinas
2020-05-04 16:46 ` Dave Martin
2020-05-11 16:40 ` Catalin Marinas
2020-05-13 15:48 ` Dave Martin
2020-05-14 11:37 ` Catalin Marinas
2020-05-15 10:38 ` Catalin Marinas
2020-05-15 11:14 ` Szabolcs Nagy
2020-05-15 11:27 ` Catalin Marinas
2020-05-15 12:04 ` Szabolcs Nagy
2020-05-15 12:13 ` Catalin Marinas
2020-05-15 12:53 ` Szabolcs Nagy
2020-05-18 16:52 ` Dave Martin
2020-05-18 17:13 ` Catalin Marinas
2020-05-05 10:32 ` Szabolcs Nagy
2020-05-05 17:30 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eec9ddae-8aa0-6cd1-9a23-16b06bb457c5@linaro.org \
--to=luis.machado@linaro.org \
--cc=Alan.Hayward@arm.com \
--cc=Richard.Earnshaw@arm.com \
--cc=andreyknvl@google.com \
--cc=catalin.marinas@arm.com \
--cc=kevin.brodsky@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-mm@kvack.org \
--cc=omair.javaid@linaro.org \
--cc=pcc@google.com \
--cc=szabolcs.nagy@arm.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).