From: Dave Martin <Dave.Martin@arm.com>
To: Will Deacon <will@kernel.org>
Cc: linux-arch@vger.kernel.org, linux-doc@vger.kernel.org,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Will Deacon <will.deacon@arm.com>,
linux-mm@kvack.org, Dave Hansen <dave.hansen@intel.com>,
Andrey Konovalov <andreyknvl@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v9 3/3] arm64: Relax Documentation/arm64/tagged-pointers.rst
Date: Wed, 21 Aug 2019 19:46:51 +0100 [thread overview]
Message-ID: <20190821184649.GD27757@arm.com> (raw)
In-Reply-To: <20190821173352.yqfgaozi7nfhcofg@willie-the-truck>
On Wed, Aug 21, 2019 at 06:33:53PM +0100, Will Deacon wrote:
> On Wed, Aug 21, 2019 at 05:47:30PM +0100, Catalin Marinas wrote:
> > From: Vincenzo Frascino <vincenzo.frascino@arm.com>
> >
> > On AArch64 the TCR_EL1.TBI0 bit is set by default, allowing userspace
> > (EL0) to perform memory accesses through 64-bit pointers with a non-zero
> > top byte. However, such pointers were not allowed at the user-kernel
> > syscall ABI boundary.
> >
> > With the Tagged Address ABI patchset, it is now possible to pass tagged
> > pointers to the syscalls. Relax the requirements described in
> > tagged-pointers.rst to be compliant with the behaviours guaranteed by
> > the AArch64 Tagged Address ABI.
> >
> > Cc: Will Deacon <will.deacon@arm.com>
> > Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>
> > Cc: Kevin Brodsky <kevin.brodsky@arm.com>
> > Acked-by: Andrey Konovalov <andreyknvl@google.com>
> > Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
> > Co-developed-by: Catalin Marinas <catalin.marinas@arm.com>
> > Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> > ---
> > Documentation/arm64/tagged-pointers.rst | 23 ++++++++++++++++-------
> > 1 file changed, 16 insertions(+), 7 deletions(-)
> >
> > diff --git a/Documentation/arm64/tagged-pointers.rst b/Documentation/arm64/tagged-pointers.rst
> > index 2acdec3ebbeb..04f2ba9b779e 100644
> > --- a/Documentation/arm64/tagged-pointers.rst
> > +++ b/Documentation/arm64/tagged-pointers.rst
> > @@ -20,7 +20,9 @@ Passing tagged addresses to the kernel
> > --------------------------------------
> >
> > All interpretation of userspace memory addresses by the kernel assumes
> > -an address tag of 0x00.
> > +an address tag of 0x00, unless the application enables the AArch64
> > +Tagged Address ABI explicitly
> > +(Documentation/arm64/tagged-address-abi.rst).
> >
> > This includes, but is not limited to, addresses found in:
> >
> > @@ -33,13 +35,15 @@ This includes, but is not limited to, addresses found in:
> > - the frame pointer (x29) and frame records, e.g. when interpreting
> > them to generate a backtrace or call graph.
> >
> > -Using non-zero address tags in any of these locations may result in an
> > -error code being returned, a (fatal) signal being raised, or other modes
> > -of failure.
> > +Using non-zero address tags in any of these locations when the
> > +userspace application did not enable the AArch64 Tagged Address ABI may
> > +result in an error code being returned, a (fatal) signal being raised,
> > +or other modes of failure.
> >
> > -For these reasons, passing non-zero address tags to the kernel via
> > -system calls is forbidden, and using a non-zero address tag for sp is
> > -strongly discouraged.
> > +For these reasons, when the AArch64 Tagged Address ABI is disabled,
> > +passing non-zero address tags to the kernel via system calls is
> > +forbidden, and using a non-zero address tag for sp is strongly
> > +discouraged.
> >
> > Programs maintaining a frame pointer and frame records that use non-zero
> > address tags may suffer impaired or inaccurate debug and profiling
> > @@ -59,6 +63,11 @@ be preserved.
> > The architecture prevents the use of a tagged PC, so the upper byte will
> > be set to a sign-extension of bit 55 on exception return.
> >
> > +This behaviour is maintained when the AArch64 Tagged Address ABI is
> > +enabled. In addition, with the exceptions above, the kernel will
> > +preserve any non-zero tags passed by the user via syscalls and stored in
> > +kernel data structures (e.g. ``set_robust_list()``, ``sigaltstack()``).
sigaltstack() is interesting, since we don't support tagged stacks.
Do we keep the ss_sp tag in the kernel, but squash it when delivering
a signal to the alternate stack?
(I can't remember whether this would be compatible with the
architectural tag checking semantics...)
> Hmm. I can see the need to provide this guarantee for things like
> set_robust_list(), but the problem is that the statement above is too broad
> and isn't strictly true: for example, mmap() doesn't propagate the tag of
> its address parameter into the VMA.
>
> So I think we need to nail this down a bit more, but I'm having a really
> hard time coming up with some wording :(
Time for some creative vagueness?
We can write a statement of our overall intent, along with examples of
a few cases where the tag should and should not be expected to emerge
intact.
There is no foolproof rule, unless we can rewrite history...
Cheers
---Dave
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-08-21 18:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-21 16:47 [PATCH v9 0/3] arm64 tagged address ABI Catalin Marinas
2019-08-21 16:47 ` [PATCH v9 1/3] mm: untag user pointers in mmap/munmap/mremap/brk Catalin Marinas
2019-08-21 16:47 ` [PATCH v9 2/3] arm64: Define Documentation/arm64/tagged-address-abi.rst Catalin Marinas
2019-08-21 16:57 ` Andrey Konovalov
2019-08-22 9:38 ` Kevin Brodsky
2019-08-21 17:35 ` Will Deacon
2019-08-22 14:17 ` [PATCH] arm64: Add tagged-address-abi.rst to index.rst Vincenzo Frascino
2019-08-21 16:47 ` [PATCH v9 3/3] arm64: Relax Documentation/arm64/tagged-pointers.rst Catalin Marinas
2019-08-21 17:33 ` Will Deacon
2019-08-21 18:46 ` Dave Martin [this message]
2019-08-22 15:55 ` Catalin Marinas
2019-08-22 16:37 ` Dave Martin
2019-08-23 16:19 ` Catalin Marinas
2019-08-23 16:32 ` Dave Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190821184649.GD27757@arm.com \
--to=dave.martin@arm.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@intel.com \
--cc=kevin.brodsky@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=szabolcs.nagy@arm.com \
--cc=vincenzo.frascino@arm.com \
--cc=will.deacon@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).