From: Catalin Marinas <catalin.marinas@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: linux-arch@vger.kernel.org, Richard Earnshaw <Richard.Earnshaw@arm.com>, Szabolcs Nagy <szabolcs.nagy@arm.com>, Marc Zyngier <maz@kernel.org>, Kevin Brodsky <kevin.brodsky@arm.com>, linux-mm@kvack.org, Andrey Konovalov <andreyknvl@google.com>, Vincenzo Frascino <vincenzo.frascino@arm.com>, Will Deacon <will@kernel.org> Subject: [PATCH 00/22] arm64: Memory Tagging Extension user-space support Date: Wed, 11 Dec 2019 18:40:05 +0000 [thread overview] Message-ID: <20191211184027.20130-1-catalin.marinas@arm.com> (raw) Hi, This series proposes the initial user-space support for the ARMv8.5 Memory Tagging Extension [1]. The patches are also available on this branch: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux devel/mte Short description extracted from the MTE whitepaper [2]: MTE aims to increase the memory safety of code written in unsafe languages without requiring source changes, and in some cases, without requiring recompilation. The Arm Memory Tagging Extension implements lock and key access to memory. Locks can be set on memory and keys provided during memory access. If the key matches the lock, the access is permitted. If it does not match, an error is reported. Memory locations are tagged by adding four bits of metadata to each 16 bytes of physical memory. This is the Tag Granule. Tagging memory implements the lock. Pointers, and therefore virtual addresses, are modified to contain the key. In order to implement the key bits without requiring larger pointers MTE uses the Top Byte Ignore (TBI) feature of the ARMv8-A Architecture. When TBI is enabled, the top byte of a virtual address is ignored when using it as an input for address translation. This allows the top byte to store metadata. The rough outline of this series, apart from some clean-up patches: 1. Enable detection of the MTE feature by the kernel. 2. Switch the linear map to use the Normal-Tagged memory attribute so that the kernel can read/write the tags in memory (a.k.a. allocation tags). 3. Handle tags in {clear,copy}_page() and memcmp_pages(). 4. User tag fault exception handling and SIGSEGV injection. 5. PROT_MTE support to enable tag checks/accesses in user-space, together with new arch_calc_vm_flag_bits() and arch_validate_flags() hooks. 6. User control of tag check fault mode and tag exclusion via prctl(), built on top of the PR_{SET,GET}_TAGGED_ADDR_CTRL. 7. Documentation of the user ABI with a C example (though such MTE enabling and allocation tagging is expected to live in a C library). For libc people interested in MTE, I suggest reading the last patch with the ABI documentation. Missing bits before upstreaming: - Swap support. Currently ARM64_MTE (default n) selects ARCH_NO_SWAP. The SPARC ADI hooks for the similar feature are not sufficient for correct (no races) saving and restoring of the MTE metadata in swapped pages. A separate patch series will be posted once implemented. - Related to the above is suspend to disk. - ptrace() support to be able to access the tags in memory of a different process, something like {PEEK,POKE}_TAG. - coredump (user) currently does not contain the tags. - kselftests (work in progress) - Clarify whether mmap(tagged_addr, PROT_MTE) pre-tags the memory with the tag given in the tagged_addr hint. Strong justification is required for this as it would force arm64 to disable the zero page. - Clarify with the hardware architects whether CPUID checking is sufficient or additional description via FDT or ACPI is required. [1] https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/enhancing-memory-safety [2] https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Arm_Memory_Tagging_Extension_Whitepaper.pdf Catalin Marinas (13): kbuild: Add support for 'as-instr' to be used in Kconfig files arm64: alternative: Allow alternative_insn to always issue the first instruction arm64: Use macros instead of hard-coded constants for MAIR_EL1 arm64: mte: Use Normal Tagged attributes for the linear map arm64: mte: Assembler macros and default architecture for .S files arm64: Tags-aware memcmp_pages() implementation mm: Introduce arch_calc_vm_flag_bits() arm64: mte: Add PROT_MTE support to mmap() and mprotect() mm: Introduce arch_validate_flags() arm64: mte: Validate the PROT_MTE request via arch_validate_flags() mm: Allow arm64 mmap(PROT_MTE) on RAM-based files arm64: mte: Allow user control of the tag check mode via prctl() arm64: mte: Allow user control of the excluded tags via prctl() Dave Martin (1): mm: Reserve asm-generic prot flags 0x10 and 0x20 for arch use Vincenzo Frascino (8): arm64: mte: system register definitions arm64: mte: CPU feature detection and initial sysreg configuration arm64: mte: Tags-aware clear_page() implementation arm64: mte: Tags-aware copy_page() implementation arm64: mte: Add specific SIGSEGV codes arm64: mte: Handle synchronous and asynchronous tag check faults arm64: mte: Kconfig entry arm64: mte: Add Memory Tagging Extension documentation Documentation/arm64/cpu-feature-registers.rst | 4 + Documentation/arm64/elf_hwcaps.rst | 4 + Documentation/arm64/index.rst | 1 + .../arm64/memory-tagging-extension.rst | 229 ++++++++++++++++++ arch/arm64/Kconfig | 32 +++ arch/arm64/include/asm/alternative.h | 8 +- arch/arm64/include/asm/assembler.h | 16 ++ arch/arm64/include/asm/cpucaps.h | 5 +- arch/arm64/include/asm/cpufeature.h | 6 + arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/asm/kvm_arm.h | 3 +- arch/arm64/include/asm/memory.h | 17 +- arch/arm64/include/asm/mman.h | 78 ++++++ arch/arm64/include/asm/mte.h | 11 + arch/arm64/include/asm/page.h | 4 +- arch/arm64/include/asm/pgtable-prot.h | 2 + arch/arm64/include/asm/pgtable.h | 7 +- arch/arm64/include/asm/processor.h | 4 + arch/arm64/include/asm/sysreg.h | 70 ++++++ arch/arm64/include/asm/thread_info.h | 4 +- arch/arm64/include/uapi/asm/hwcap.h | 2 + arch/arm64/include/uapi/asm/mman.h | 14 ++ arch/arm64/include/uapi/asm/ptrace.h | 1 + arch/arm64/kernel/cpufeature.c | 59 +++++ arch/arm64/kernel/cpuinfo.c | 2 + arch/arm64/kernel/entry.S | 17 ++ arch/arm64/kernel/process.c | 141 ++++++++++- arch/arm64/kernel/ptrace.c | 2 +- arch/arm64/kernel/signal.c | 8 + arch/arm64/lib/Makefile | 2 + arch/arm64/lib/clear_page.S | 7 +- arch/arm64/lib/copy_page.S | 23 ++ arch/arm64/lib/mte.S | 46 ++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/cmppages.c | 26 ++ arch/arm64/mm/dump.c | 4 + arch/arm64/mm/fault.c | 9 +- arch/arm64/mm/mmu.c | 22 +- arch/arm64/mm/proc.S | 31 ++- fs/proc/task_mmu.c | 3 + include/linux/mm.h | 8 + include/linux/mman.h | 20 +- include/uapi/asm-generic/mman-common.h | 2 + include/uapi/asm-generic/siginfo.h | 9 +- include/uapi/linux/prctl.h | 9 + mm/mmap.c | 9 + mm/mprotect.c | 8 + mm/shmem.c | 3 + mm/util.c | 2 +- scripts/Kconfig.include | 4 + 50 files changed, 958 insertions(+), 42 deletions(-) create mode 100644 Documentation/arm64/memory-tagging-extension.rst create mode 100644 arch/arm64/include/asm/mman.h create mode 100644 arch/arm64/include/asm/mte.h create mode 100644 arch/arm64/include/uapi/asm/mman.h create mode 100644 arch/arm64/lib/mte.S create mode 100644 arch/arm64/mm/cmppages.c
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com> To: linux-arm-kernel@lists.infradead.org Cc: Will Deacon <will@kernel.org>, Marc Zyngier <maz@kernel.org>, Vincenzo Frascino <vincenzo.frascino@arm.com>, Szabolcs Nagy <szabolcs.nagy@arm.com>, Richard Earnshaw <Richard.Earnshaw@arm.com>, Kevin Brodsky <kevin.brodsky@arm.com>, Andrey Konovalov <andreyknvl@google.com>, linux-mm@kvack.org, linux-arch@vger.kernel.org Subject: [PATCH 00/22] arm64: Memory Tagging Extension user-space support Date: Wed, 11 Dec 2019 18:40:05 +0000 [thread overview] Message-ID: <20191211184027.20130-1-catalin.marinas@arm.com> (raw) Message-ID: <20191211184005.VqjEkm78mn2xEhNLPcGejPTYc6L5GBBqWtFG6gn5nOY@z> (raw) Hi, This series proposes the initial user-space support for the ARMv8.5 Memory Tagging Extension [1]. The patches are also available on this branch: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux devel/mte Short description extracted from the MTE whitepaper [2]: MTE aims to increase the memory safety of code written in unsafe languages without requiring source changes, and in some cases, without requiring recompilation. The Arm Memory Tagging Extension implements lock and key access to memory. Locks can be set on memory and keys provided during memory access. If the key matches the lock, the access is permitted. If it does not match, an error is reported. Memory locations are tagged by adding four bits of metadata to each 16 bytes of physical memory. This is the Tag Granule. Tagging memory implements the lock. Pointers, and therefore virtual addresses, are modified to contain the key. In order to implement the key bits without requiring larger pointers MTE uses the Top Byte Ignore (TBI) feature of the ARMv8-A Architecture. When TBI is enabled, the top byte of a virtual address is ignored when using it as an input for address translation. This allows the top byte to store metadata. The rough outline of this series, apart from some clean-up patches: 1. Enable detection of the MTE feature by the kernel. 2. Switch the linear map to use the Normal-Tagged memory attribute so that the kernel can read/write the tags in memory (a.k.a. allocation tags). 3. Handle tags in {clear,copy}_page() and memcmp_pages(). 4. User tag fault exception handling and SIGSEGV injection. 5. PROT_MTE support to enable tag checks/accesses in user-space, together with new arch_calc_vm_flag_bits() and arch_validate_flags() hooks. 6. User control of tag check fault mode and tag exclusion via prctl(), built on top of the PR_{SET,GET}_TAGGED_ADDR_CTRL. 7. Documentation of the user ABI with a C example (though such MTE enabling and allocation tagging is expected to live in a C library). For libc people interested in MTE, I suggest reading the last patch with the ABI documentation. Missing bits before upstreaming: - Swap support. Currently ARM64_MTE (default n) selects ARCH_NO_SWAP. The SPARC ADI hooks for the similar feature are not sufficient for correct (no races) saving and restoring of the MTE metadata in swapped pages. A separate patch series will be posted once implemented. - Related to the above is suspend to disk. - ptrace() support to be able to access the tags in memory of a different process, something like {PEEK,POKE}_TAG. - coredump (user) currently does not contain the tags. - kselftests (work in progress) - Clarify whether mmap(tagged_addr, PROT_MTE) pre-tags the memory with the tag given in the tagged_addr hint. Strong justification is required for this as it would force arm64 to disable the zero page. - Clarify with the hardware architects whether CPUID checking is sufficient or additional description via FDT or ACPI is required. [1] https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/enhancing-memory-safety [2] https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Arm_Memory_Tagging_Extension_Whitepaper.pdf Catalin Marinas (13): kbuild: Add support for 'as-instr' to be used in Kconfig files arm64: alternative: Allow alternative_insn to always issue the first instruction arm64: Use macros instead of hard-coded constants for MAIR_EL1 arm64: mte: Use Normal Tagged attributes for the linear map arm64: mte: Assembler macros and default architecture for .S files arm64: Tags-aware memcmp_pages() implementation mm: Introduce arch_calc_vm_flag_bits() arm64: mte: Add PROT_MTE support to mmap() and mprotect() mm: Introduce arch_validate_flags() arm64: mte: Validate the PROT_MTE request via arch_validate_flags() mm: Allow arm64 mmap(PROT_MTE) on RAM-based files arm64: mte: Allow user control of the tag check mode via prctl() arm64: mte: Allow user control of the excluded tags via prctl() Dave Martin (1): mm: Reserve asm-generic prot flags 0x10 and 0x20 for arch use Vincenzo Frascino (8): arm64: mte: system register definitions arm64: mte: CPU feature detection and initial sysreg configuration arm64: mte: Tags-aware clear_page() implementation arm64: mte: Tags-aware copy_page() implementation arm64: mte: Add specific SIGSEGV codes arm64: mte: Handle synchronous and asynchronous tag check faults arm64: mte: Kconfig entry arm64: mte: Add Memory Tagging Extension documentation Documentation/arm64/cpu-feature-registers.rst | 4 + Documentation/arm64/elf_hwcaps.rst | 4 + Documentation/arm64/index.rst | 1 + .../arm64/memory-tagging-extension.rst | 229 ++++++++++++++++++ arch/arm64/Kconfig | 32 +++ arch/arm64/include/asm/alternative.h | 8 +- arch/arm64/include/asm/assembler.h | 16 ++ arch/arm64/include/asm/cpucaps.h | 5 +- arch/arm64/include/asm/cpufeature.h | 6 + arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/asm/kvm_arm.h | 3 +- arch/arm64/include/asm/memory.h | 17 +- arch/arm64/include/asm/mman.h | 78 ++++++ arch/arm64/include/asm/mte.h | 11 + arch/arm64/include/asm/page.h | 4 +- arch/arm64/include/asm/pgtable-prot.h | 2 + arch/arm64/include/asm/pgtable.h | 7 +- arch/arm64/include/asm/processor.h | 4 + arch/arm64/include/asm/sysreg.h | 70 ++++++ arch/arm64/include/asm/thread_info.h | 4 +- arch/arm64/include/uapi/asm/hwcap.h | 2 + arch/arm64/include/uapi/asm/mman.h | 14 ++ arch/arm64/include/uapi/asm/ptrace.h | 1 + arch/arm64/kernel/cpufeature.c | 59 +++++ arch/arm64/kernel/cpuinfo.c | 2 + arch/arm64/kernel/entry.S | 17 ++ arch/arm64/kernel/process.c | 141 ++++++++++- arch/arm64/kernel/ptrace.c | 2 +- arch/arm64/kernel/signal.c | 8 + arch/arm64/lib/Makefile | 2 + arch/arm64/lib/clear_page.S | 7 +- arch/arm64/lib/copy_page.S | 23 ++ arch/arm64/lib/mte.S | 46 ++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/cmppages.c | 26 ++ arch/arm64/mm/dump.c | 4 + arch/arm64/mm/fault.c | 9 +- arch/arm64/mm/mmu.c | 22 +- arch/arm64/mm/proc.S | 31 ++- fs/proc/task_mmu.c | 3 + include/linux/mm.h | 8 + include/linux/mman.h | 20 +- include/uapi/asm-generic/mman-common.h | 2 + include/uapi/asm-generic/siginfo.h | 9 +- include/uapi/linux/prctl.h | 9 + mm/mmap.c | 9 + mm/mprotect.c | 8 + mm/shmem.c | 3 + mm/util.c | 2 +- scripts/Kconfig.include | 4 + 50 files changed, 958 insertions(+), 42 deletions(-) create mode 100644 Documentation/arm64/memory-tagging-extension.rst create mode 100644 arch/arm64/include/asm/mman.h create mode 100644 arch/arm64/include/asm/mte.h create mode 100644 arch/arm64/include/uapi/asm/mman.h create mode 100644 arch/arm64/lib/mte.S create mode 100644 arch/arm64/mm/cmppages.c
next reply other threads:[~2019-12-11 18:40 UTC|newest] Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-12-11 18:40 Catalin Marinas [this message] 2019-12-11 18:40 ` [PATCH 00/22] arm64: Memory Tagging Extension user-space support Catalin Marinas 2019-12-11 18:40 ` [PATCH 01/22] mm: Reserve asm-generic prot flags 0x10 and 0x20 for arch use Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 19:26 ` Arnd Bergmann 2019-12-11 19:26 ` Arnd Bergmann 2019-12-11 18:40 ` [PATCH 02/22] kbuild: Add support for 'as-instr' to be used in Kconfig files Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-12 5:03 ` Masahiro Yamada 2019-12-12 5:03 ` Masahiro Yamada 2019-12-11 18:40 ` [PATCH 03/22] arm64: alternative: Allow alternative_insn to always issue the first instruction Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 04/22] arm64: Use macros instead of hard-coded constants for MAIR_EL1 Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 05/22] arm64: mte: system register definitions Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 06/22] arm64: mte: CPU feature detection and initial sysreg configuration Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 07/22] arm64: mte: Use Normal Tagged attributes for the linear map Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 08/22] arm64: mte: Assembler macros and default architecture for .S files Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 09/22] arm64: mte: Tags-aware clear_page() implementation Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 10/22] arm64: mte: Tags-aware copy_page() implementation Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 11/22] arm64: Tags-aware memcmp_pages() implementation Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 12/22] arm64: mte: Add specific SIGSEGV codes Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 19:31 ` Arnd Bergmann 2019-12-11 19:31 ` Arnd Bergmann 2019-12-12 9:34 ` Catalin Marinas 2019-12-12 9:34 ` Catalin Marinas 2019-12-12 18:26 ` Eric W. Biederman 2019-12-12 18:26 ` Eric W. Biederman 2019-12-17 17:48 ` Catalin Marinas 2019-12-17 17:48 ` Catalin Marinas 2019-12-17 20:06 ` Eric W. Biederman 2019-12-17 20:06 ` Eric W. Biederman 2019-12-11 18:40 ` [PATCH 13/22] arm64: mte: Handle synchronous and asynchronous tag check faults Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-14 1:43 ` Peter Collingbourne 2019-12-14 1:43 ` Peter Collingbourne 2019-12-17 18:01 ` Catalin Marinas 2019-12-17 18:01 ` Catalin Marinas 2019-12-20 1:36 ` [PATCH] arm64: mte: Do not service syscalls after async tag fault Peter Collingbourne 2019-12-20 1:36 ` Peter Collingbourne 2020-02-12 11:09 ` Catalin Marinas 2020-02-18 21:59 ` Peter Collingbourne 2020-02-19 16:16 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 14/22] mm: Introduce arch_calc_vm_flag_bits() Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 15/22] arm64: mte: Add PROT_MTE support to mmap() and mprotect() Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2020-01-21 22:06 ` Peter Collingbourne 2019-12-11 18:40 ` [PATCH 16/22] mm: Introduce arch_validate_flags() Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 17/22] arm64: mte: Validate the PROT_MTE request via arch_validate_flags() Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 18/22] mm: Allow arm64 mmap(PROT_MTE) on RAM-based files Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 19/22] arm64: mte: Allow user control of the tag check mode via prctl() Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-19 20:32 ` Peter Collingbourne 2019-12-19 20:32 ` Peter Collingbourne 2019-12-20 1:48 ` [PATCH] arm64: mte: Clear SCTLR_EL1.TCF0 on exec Peter Collingbourne 2019-12-20 1:48 ` Peter Collingbourne 2020-02-12 17:03 ` Catalin Marinas 2019-12-27 14:34 ` [PATCH 19/22] arm64: mte: Allow user control of the tag check mode via prctl() Kevin Brodsky 2019-12-27 14:34 ` Kevin Brodsky 2020-02-12 11:45 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 20/22] arm64: mte: Allow user control of the excluded tags " Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-16 14:20 ` Kevin Brodsky 2019-12-16 14:20 ` Kevin Brodsky 2019-12-16 17:30 ` Peter Collingbourne 2019-12-16 17:30 ` Peter Collingbourne 2019-12-17 17:56 ` Catalin Marinas 2019-12-17 17:56 ` Catalin Marinas 2020-06-22 17:17 ` Catalin Marinas 2020-06-22 19:00 ` Peter Collingbourne 2020-06-23 16:42 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 21/22] arm64: mte: Kconfig entry Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-11 18:40 ` [PATCH 22/22] arm64: mte: Add Memory Tagging Extension documentation Catalin Marinas 2019-12-11 18:40 ` Catalin Marinas 2019-12-24 15:03 ` Kevin Brodsky 2019-12-24 15:03 ` Kevin Brodsky 2019-12-13 18:05 ` [PATCH 00/22] arm64: Memory Tagging Extension user-space support Peter Collingbourne 2019-12-13 18:05 ` Peter Collingbourne 2020-02-13 11:23 ` Catalin Marinas
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20191211184027.20130-1-catalin.marinas@arm.com \ --to=catalin.marinas@arm.com \ --cc=Richard.Earnshaw@arm.com \ --cc=andreyknvl@google.com \ --cc=kevin.brodsky@arm.com \ --cc=linux-arch@vger.kernel.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-mm@kvack.org \ --cc=maz@kernel.org \ --cc=szabolcs.nagy@arm.com \ --cc=vincenzo.frascino@arm.com \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).