From: Szabolcs Nagy <szabolcs.nagy@arm.com> To: Catalin Marinas <catalin.marinas@arm.com> Cc: linux-arm-kernel@lists.infradead.org, Will Deacon <will@kernel.org>, Vincenzo Frascino <vincenzo.frascino@arm.com>, Richard Earnshaw <Richard.Earnshaw@arm.com>, Kevin Brodsky <kevin.brodsky@arm.com>, Andrey Konovalov <andreyknvl@google.com>, Peter Collingbourne <pcc@google.com>, linux-mm@kvack.org, linux-arch@vger.kernel.org, nd@arm.com Subject: Re: [PATCH v3 23/23] arm64: mte: Add Memory Tagging Extension documentation Date: Tue, 5 May 2020 11:32:33 +0100 [thread overview] Message-ID: <20200505103232.GE23080@arm.com> (raw) In-Reply-To: <20200421142603.3894-24-catalin.marinas@arm.com> The 04/21/2020 15:26, Catalin Marinas wrote: > diff --git a/Documentation/arm64/memory-tagging-extension.rst b/Documentation/arm64/memory-tagging-extension.rst > new file mode 100644 > index 000000000000..f82dfbd70061 > --- /dev/null > +++ b/Documentation/arm64/memory-tagging-extension.rst > @@ -0,0 +1,260 @@ > +=============================================== > +Memory Tagging Extension (MTE) in AArch64 Linux > +=============================================== > + > +Authors: Vincenzo Frascino <vincenzo.frascino@arm.com> > + Catalin Marinas <catalin.marinas@arm.com> > + > +Date: 2020-02-25 > + > +This document describes the provision of the Memory Tagging Extension > +functionality in AArch64 Linux. > + > +Introduction > +============ > + > +ARMv8.5 based processors introduce the Memory Tagging Extension (MTE) > +feature. MTE is built on top of the ARMv8.0 virtual address tagging TBI > +(Top Byte Ignore) feature and allows software to access a 4-bit > +allocation tag for each 16-byte granule in the physical address space. > +Such memory range must be mapped with the Normal-Tagged memory > +attribute. A logical tag is derived from bits 59-56 of the virtual > +address used for the memory access. A CPU with MTE enabled will compare > +the logical tag against the allocation tag and potentially raise an > +exception on mismatch, subject to system registers configuration. > + > +Userspace Support > +================= > + > +When ``CONFIG_ARM64_MTE`` is selected and Memory Tagging Extension is > +supported by the hardware, the kernel advertises the feature to > +userspace via ``HWCAP2_MTE``. > + > +PROT_MTE > +-------- > + > +To access the allocation tags, a user process must enable the Tagged > +memory attribute on an address range using a new ``prot`` flag for > +``mmap()`` and ``mprotect()``: > + > +``PROT_MTE`` - Pages allow access to the MTE allocation tags. > + > +The allocation tag is set to 0 when such pages are first mapped in the > +user address space and preserved on copy-on-write. ``MAP_SHARED`` is > +supported and the allocation tags can be shared between processes. > + > +**Note**: ``PROT_MTE`` is only supported on ``MAP_ANONYMOUS`` and > +RAM-based file mappings (``tmpfs``, ``memfd``). Passing it to other > +types of mapping will result in ``-EINVAL`` returned by these system > +calls. > + > +**Note**: The ``PROT_MTE`` flag (and corresponding memory type) cannot > +be cleared by ``mprotect()``. i think there are some non-obvious madvise operations that may be worth documenting too for mte specific semantics. e.g. MADV_DONTNEED or MADV_FREE can presumably drop tags which means that existing pointers can no longer write to the memory which is a change of behaviour compared to the non-mte case. (affects most malloc implementations that will have to deal with this when implementing heap coloring) there might be other similar problems like MADV_WIPEONFORK that wont work as currently expected when mte is enabled. if such behaviour changes cause serious problems to existing software there may be a need to have a way to opt out from these changes (e.g. MADV_ flag variant that only affects the memory content but not the tags) or to make that the default behaviour. (but i can't tell how widely these are used in ways that can be expected to work with PROT_MTE) > +Tag Check Faults > +---------------- > + > +When ``PROT_MTE`` is enabled on an address range and a mismatch between > +the logical and allocation tags occurs on access, there are three > +configurable behaviours: > + > +- *Ignore* - This is the default mode. The CPU (and kernel) ignores the > + tag check fault. > + > +- *Synchronous* - The kernel raises a ``SIGSEGV`` synchronously, with > + ``.si_code = SEGV_MTESERR`` and ``.si_addr = <fault-address>``. The > + memory access is not performed. > + > +- *Asynchronous* - The kernel raises a ``SIGSEGV``, in the current > + thread, asynchronously following one or multiple tag check faults, > + with ``.si_code = SEGV_MTEAERR`` and ``.si_addr = 0``. > + > +**Note**: There are no *match-all* logical tags available for user > +applications. > + > +The user can select the above modes, per thread, using the > +``prctl(PR_SET_TAGGED_ADDR_CTRL, flags, 0, 0, 0)`` system call where > +``flags`` contain one of the following values in the ``PR_MTE_TCF_MASK`` > +bit-field: > + > +- ``PR_MTE_TCF_NONE`` - *Ignore* tag check faults > +- ``PR_MTE_TCF_SYNC`` - *Synchronous* tag check fault mode > +- ``PR_MTE_TCF_ASYNC`` - *Asynchronous* tag check fault mode > + > +Tag checking can also be disabled for a user thread by setting the > +``PSTATE.TCO`` bit with ``MSR TCO, #1``. > + > +**Note**: Signal handlers are always invoked with ``PSTATE.TCO = 0``, > +irrespective of the interrupted context. > + > +**Note**: Kernel accesses to user memory (e.g. ``read()`` system call) > +are only checked if the current thread tag checking mode is > +PR_MTE_TCF_SYNC.
WARNING: multiple messages have this Message-ID (diff)
From: Szabolcs Nagy <szabolcs.nagy@arm.com> To: Catalin Marinas <catalin.marinas@arm.com> Cc: linux-arch@vger.kernel.org, Richard Earnshaw <Richard.Earnshaw@arm.com>, nd@arm.com, Peter Collingbourne <pcc@google.com>, Andrey Konovalov <andreyknvl@google.com>, Kevin Brodsky <kevin.brodsky@arm.com>, linux-mm@kvack.org, Vincenzo Frascino <vincenzo.frascino@arm.com>, Will Deacon <will@kernel.org>, linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH v3 23/23] arm64: mte: Add Memory Tagging Extension documentation Date: Tue, 5 May 2020 11:32:33 +0100 [thread overview] Message-ID: <20200505103232.GE23080@arm.com> (raw) In-Reply-To: <20200421142603.3894-24-catalin.marinas@arm.com> The 04/21/2020 15:26, Catalin Marinas wrote: > diff --git a/Documentation/arm64/memory-tagging-extension.rst b/Documentation/arm64/memory-tagging-extension.rst > new file mode 100644 > index 000000000000..f82dfbd70061 > --- /dev/null > +++ b/Documentation/arm64/memory-tagging-extension.rst > @@ -0,0 +1,260 @@ > +=============================================== > +Memory Tagging Extension (MTE) in AArch64 Linux > +=============================================== > + > +Authors: Vincenzo Frascino <vincenzo.frascino@arm.com> > + Catalin Marinas <catalin.marinas@arm.com> > + > +Date: 2020-02-25 > + > +This document describes the provision of the Memory Tagging Extension > +functionality in AArch64 Linux. > + > +Introduction > +============ > + > +ARMv8.5 based processors introduce the Memory Tagging Extension (MTE) > +feature. MTE is built on top of the ARMv8.0 virtual address tagging TBI > +(Top Byte Ignore) feature and allows software to access a 4-bit > +allocation tag for each 16-byte granule in the physical address space. > +Such memory range must be mapped with the Normal-Tagged memory > +attribute. A logical tag is derived from bits 59-56 of the virtual > +address used for the memory access. A CPU with MTE enabled will compare > +the logical tag against the allocation tag and potentially raise an > +exception on mismatch, subject to system registers configuration. > + > +Userspace Support > +================= > + > +When ``CONFIG_ARM64_MTE`` is selected and Memory Tagging Extension is > +supported by the hardware, the kernel advertises the feature to > +userspace via ``HWCAP2_MTE``. > + > +PROT_MTE > +-------- > + > +To access the allocation tags, a user process must enable the Tagged > +memory attribute on an address range using a new ``prot`` flag for > +``mmap()`` and ``mprotect()``: > + > +``PROT_MTE`` - Pages allow access to the MTE allocation tags. > + > +The allocation tag is set to 0 when such pages are first mapped in the > +user address space and preserved on copy-on-write. ``MAP_SHARED`` is > +supported and the allocation tags can be shared between processes. > + > +**Note**: ``PROT_MTE`` is only supported on ``MAP_ANONYMOUS`` and > +RAM-based file mappings (``tmpfs``, ``memfd``). Passing it to other > +types of mapping will result in ``-EINVAL`` returned by these system > +calls. > + > +**Note**: The ``PROT_MTE`` flag (and corresponding memory type) cannot > +be cleared by ``mprotect()``. i think there are some non-obvious madvise operations that may be worth documenting too for mte specific semantics. e.g. MADV_DONTNEED or MADV_FREE can presumably drop tags which means that existing pointers can no longer write to the memory which is a change of behaviour compared to the non-mte case. (affects most malloc implementations that will have to deal with this when implementing heap coloring) there might be other similar problems like MADV_WIPEONFORK that wont work as currently expected when mte is enabled. if such behaviour changes cause serious problems to existing software there may be a need to have a way to opt out from these changes (e.g. MADV_ flag variant that only affects the memory content but not the tags) or to make that the default behaviour. (but i can't tell how widely these are used in ways that can be expected to work with PROT_MTE) > +Tag Check Faults > +---------------- > + > +When ``PROT_MTE`` is enabled on an address range and a mismatch between > +the logical and allocation tags occurs on access, there are three > +configurable behaviours: > + > +- *Ignore* - This is the default mode. The CPU (and kernel) ignores the > + tag check fault. > + > +- *Synchronous* - The kernel raises a ``SIGSEGV`` synchronously, with > + ``.si_code = SEGV_MTESERR`` and ``.si_addr = <fault-address>``. The > + memory access is not performed. > + > +- *Asynchronous* - The kernel raises a ``SIGSEGV``, in the current > + thread, asynchronously following one or multiple tag check faults, > + with ``.si_code = SEGV_MTEAERR`` and ``.si_addr = 0``. > + > +**Note**: There are no *match-all* logical tags available for user > +applications. > + > +The user can select the above modes, per thread, using the > +``prctl(PR_SET_TAGGED_ADDR_CTRL, flags, 0, 0, 0)`` system call where > +``flags`` contain one of the following values in the ``PR_MTE_TCF_MASK`` > +bit-field: > + > +- ``PR_MTE_TCF_NONE`` - *Ignore* tag check faults > +- ``PR_MTE_TCF_SYNC`` - *Synchronous* tag check fault mode > +- ``PR_MTE_TCF_ASYNC`` - *Asynchronous* tag check fault mode > + > +Tag checking can also be disabled for a user thread by setting the > +``PSTATE.TCO`` bit with ``MSR TCO, #1``. > + > +**Note**: Signal handlers are always invoked with ``PSTATE.TCO = 0``, > +irrespective of the interrupted context. > + > +**Note**: Kernel accesses to user memory (e.g. ``read()`` system call) > +are only checked if the current thread tag checking mode is > +PR_MTE_TCF_SYNC. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-05-05 10:32 UTC|newest] Thread overview: 166+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-04-21 14:25 [PATCH v3 00/23] arm64: Memory Tagging Extension user-space support Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 01/23] arm64: alternative: Allow alternative_insn to always issue the first instruction Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-27 16:57 ` Dave Martin 2020-04-27 16:57 ` Dave Martin 2020-04-28 11:43 ` Catalin Marinas 2020-04-28 11:43 ` Catalin Marinas 2020-04-29 10:26 ` Dave Martin 2020-04-29 10:26 ` Dave Martin 2020-04-29 14:04 ` Catalin Marinas 2020-04-29 14:04 ` Catalin Marinas 2020-04-29 14:04 ` Catalin Marinas 2020-05-04 14:47 ` Catalin Marinas 2020-05-04 14:47 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 02/23] arm64: mte: system register definitions Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 03/23] arm64: mte: CPU feature detection and initial sysreg configuration Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 04/23] arm64: mte: Use Normal Tagged attributes for the linear map Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 05/23] arm64: mte: Assembler macros and default architecture for .S files Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 06/23] arm64: mte: Tags-aware clear_page() implementation Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 07/23] arm64: mte: Tags-aware copy_page() implementation Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 08/23] arm64: Tags-aware memcmp_pages() implementation Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 09/23] arm64: mte: Add specific SIGSEGV codes Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 10/23] arm64: mte: Handle synchronous and asynchronous tag check faults Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-23 10:38 ` Catalin Marinas 2020-04-23 10:38 ` Catalin Marinas 2020-04-27 16:58 ` Dave Martin 2020-04-27 16:58 ` Dave Martin 2020-04-28 13:43 ` Catalin Marinas 2020-04-28 13:43 ` Catalin Marinas 2020-04-29 10:26 ` Dave Martin 2020-04-29 10:26 ` Dave Martin 2020-04-21 14:25 ` [PATCH v3 11/23] mm: Introduce arch_calc_vm_flag_bits() Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 12/23] arm64: mte: Add PROT_MTE support to mmap() and mprotect() Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 13/23] mm: Introduce arch_validate_flags() Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 14/23] arm64: mte: Validate the PROT_MTE request via arch_validate_flags() Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 15/23] mm: Allow arm64 mmap(PROT_MTE) on RAM-based files Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 16/23] arm64: mte: Allow user control of the tag check mode via prctl() Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 17/23] arm64: mte: Allow user control of the generated random tags " Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-21 14:25 ` [PATCH v3 18/23] arm64: mte: Restore the GCR_EL1 register after a suspend Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-23 15:23 ` Lorenzo Pieralisi 2020-04-23 15:23 ` Lorenzo Pieralisi 2020-04-21 14:25 ` [PATCH v3 19/23] arm64: mte: Add PTRACE_{PEEK,POKE}MTETAGS support Catalin Marinas 2020-04-21 14:25 ` Catalin Marinas 2020-04-24 23:28 ` Peter Collingbourne 2020-04-24 23:28 ` [PATCH v3 19/23] arm64: mte: Add PTRACE_{PEEK, POKE}MTETAGS support Peter Collingbourne 2020-04-24 23:28 ` [PATCH v3 19/23] arm64: mte: Add PTRACE_{PEEK,POKE}MTETAGS support Peter Collingbourne 2020-04-29 10:27 ` Kevin Brodsky 2020-04-29 10:27 ` Kevin Brodsky 2020-04-29 15:24 ` Catalin Marinas 2020-04-29 15:24 ` Catalin Marinas 2020-04-29 16:46 ` Dave Martin 2020-04-29 16:46 ` Dave Martin 2020-04-30 10:21 ` Catalin Marinas 2020-04-30 10:21 ` Catalin Marinas 2020-05-04 16:40 ` Dave Martin 2020-05-04 16:40 ` Dave Martin 2020-05-05 18:03 ` Luis Machado 2020-05-05 18:03 ` Luis Machado 2020-05-12 19:05 ` Luis Machado 2020-05-12 19:05 ` Luis Machado 2020-05-13 10:48 ` Catalin Marinas 2020-05-13 10:48 ` Catalin Marinas 2020-05-13 12:52 ` Luis Machado 2020-05-13 12:52 ` Luis Machado 2020-05-13 14:11 ` Catalin Marinas 2020-05-13 14:11 ` Catalin Marinas 2020-05-13 15:09 ` Luis Machado 2020-05-13 15:09 ` Luis Machado 2020-05-13 16:45 ` Luis Machado 2020-05-13 16:45 ` Luis Machado 2020-05-13 17:11 ` Catalin Marinas 2020-05-13 17:11 ` Catalin Marinas 2020-05-18 16:47 ` Dave Martin 2020-05-18 16:47 ` Dave Martin 2020-05-18 17:12 ` Luis Machado 2020-05-18 17:12 ` Luis Machado 2020-05-19 16:10 ` Catalin Marinas 2020-05-19 16:10 ` Catalin Marinas 2020-04-21 14:26 ` [PATCH v3 20/23] fs: Allow copy_mount_options() to access user-space in a single pass Catalin Marinas 2020-04-21 14:26 ` Catalin Marinas 2020-04-21 15:29 ` Al Viro 2020-04-21 15:29 ` Al Viro 2020-04-21 16:45 ` Catalin Marinas 2020-04-21 16:45 ` Catalin Marinas 2020-04-27 16:56 ` Dave Martin 2020-04-27 16:56 ` Dave Martin 2020-04-28 14:06 ` Catalin Marinas 2020-04-28 14:06 ` Catalin Marinas 2020-04-29 10:28 ` Dave Martin 2020-04-29 10:28 ` Dave Martin 2020-04-28 18:16 ` Kevin Brodsky 2020-04-28 18:16 ` Kevin Brodsky 2020-04-28 19:40 ` Catalin Marinas 2020-04-28 19:40 ` Catalin Marinas 2020-04-29 11:58 ` Catalin Marinas 2020-04-29 11:58 ` Catalin Marinas 2020-04-28 19:36 ` Catalin Marinas 2020-04-28 19:36 ` Catalin Marinas 2020-04-29 10:26 ` Dave Martin 2020-04-29 10:26 ` Dave Martin 2020-04-29 13:52 ` Catalin Marinas 2020-04-29 13:52 ` Catalin Marinas 2020-05-04 16:40 ` Dave Martin 2020-05-04 16:40 ` Dave Martin 2020-04-21 14:26 ` [PATCH v3 21/23] arm64: mte: Check the DT memory nodes for MTE support Catalin Marinas 2020-04-21 14:26 ` Catalin Marinas 2020-04-24 13:57 ` Catalin Marinas 2020-04-24 13:57 ` Catalin Marinas 2020-04-24 16:17 ` Catalin Marinas 2020-04-24 16:17 ` Catalin Marinas 2020-04-27 11:14 ` Suzuki K Poulose 2020-04-27 11:14 ` Suzuki K Poulose 2020-04-21 14:26 ` [PATCH v3 22/23] arm64: mte: Kconfig entry Catalin Marinas 2020-04-21 14:26 ` Catalin Marinas 2020-04-21 14:26 ` [PATCH v3 23/23] arm64: mte: Add Memory Tagging Extension documentation Catalin Marinas 2020-04-21 14:26 ` Catalin Marinas 2020-04-29 16:47 ` Dave Martin 2020-04-29 16:47 ` Dave Martin 2020-04-30 16:23 ` Catalin Marinas 2020-04-30 16:23 ` Catalin Marinas 2020-05-04 16:46 ` Dave Martin 2020-05-04 16:46 ` Dave Martin 2020-05-11 16:40 ` Catalin Marinas 2020-05-11 16:40 ` Catalin Marinas 2020-05-13 15:48 ` Dave Martin 2020-05-13 15:48 ` Dave Martin 2020-05-14 11:37 ` Catalin Marinas 2020-05-14 11:37 ` Catalin Marinas 2020-05-15 10:38 ` Catalin Marinas 2020-05-15 10:38 ` Catalin Marinas 2020-05-15 11:14 ` Szabolcs Nagy 2020-05-15 11:14 ` Szabolcs Nagy 2020-05-15 11:27 ` Catalin Marinas 2020-05-15 11:27 ` Catalin Marinas 2020-05-15 12:04 ` Szabolcs Nagy 2020-05-15 12:04 ` Szabolcs Nagy 2020-05-15 12:13 ` Catalin Marinas 2020-05-15 12:13 ` Catalin Marinas 2020-05-15 12:53 ` Szabolcs Nagy 2020-05-15 12:53 ` Szabolcs Nagy 2020-05-18 16:52 ` Dave Martin 2020-05-18 16:52 ` Dave Martin 2020-05-18 17:13 ` Catalin Marinas 2020-05-18 17:13 ` Catalin Marinas 2020-05-05 10:32 ` Szabolcs Nagy [this message] 2020-05-05 10:32 ` Szabolcs Nagy 2020-05-05 17:30 ` Catalin Marinas 2020-05-05 17:30 ` Catalin Marinas
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200505103232.GE23080@arm.com \ --to=szabolcs.nagy@arm.com \ --cc=Richard.Earnshaw@arm.com \ --cc=andreyknvl@google.com \ --cc=catalin.marinas@arm.com \ --cc=kevin.brodsky@arm.com \ --cc=linux-arch@vger.kernel.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-mm@kvack.org \ --cc=nd@arm.com \ --cc=pcc@google.com \ --cc=vincenzo.frascino@arm.com \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.