From: Catalin Marinas <catalin.marinas@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org,
Richard Earnshaw <Richard.Earnshaw@arm.com>,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Marc Zyngier <maz@kernel.org>,
Kevin Brodsky <kevin.brodsky@arm.com>,
linux-mm@kvack.org, Andrey Konovalov <andreyknvl@google.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Will Deacon <will@kernel.org>
Subject: [PATCH 00/22] arm64: Memory Tagging Extension user-space support
Date: Wed, 11 Dec 2019 18:40:05 +0000 [thread overview]
Message-ID: <20191211184027.20130-1-catalin.marinas@arm.com> (raw)
Hi,
This series proposes the initial user-space support for the ARMv8.5
Memory Tagging Extension [1]. The patches are also available on this
branch:
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux devel/mte
Short description extracted from the MTE whitepaper [2]:
MTE aims to increase the memory safety of code written in unsafe
languages without requiring source changes, and in some cases, without
requiring recompilation. The Arm Memory Tagging Extension implements
lock and key access to memory. Locks can be set on memory and keys
provided during memory access. If the key matches the lock, the access
is permitted. If it does not match, an error is reported. Memory
locations are tagged by adding four bits of metadata to each 16 bytes
of physical memory. This is the Tag Granule. Tagging memory implements
the lock. Pointers, and therefore virtual addresses, are modified to
contain the key. In order to implement the key bits without requiring
larger pointers MTE uses the Top Byte Ignore (TBI) feature of the
ARMv8-A Architecture. When TBI is enabled, the top byte of a virtual
address is ignored when using it as an input for address translation.
This allows the top byte to store metadata.
The rough outline of this series, apart from some clean-up patches:
1. Enable detection of the MTE feature by the kernel.
2. Switch the linear map to use the Normal-Tagged memory attribute so
that the kernel can read/write the tags in memory (a.k.a. allocation
tags).
3. Handle tags in {clear,copy}_page() and memcmp_pages().
4. User tag fault exception handling and SIGSEGV injection.
5. PROT_MTE support to enable tag checks/accesses in user-space,
together with new arch_calc_vm_flag_bits() and arch_validate_flags()
hooks.
6. User control of tag check fault mode and tag exclusion via prctl(),
built on top of the PR_{SET,GET}_TAGGED_ADDR_CTRL.
7. Documentation of the user ABI with a C example (though such MTE
enabling and allocation tagging is expected to live in a C library).
For libc people interested in MTE, I suggest reading the last patch with
the ABI documentation.
Missing bits before upstreaming:
- Swap support. Currently ARM64_MTE (default n) selects ARCH_NO_SWAP.
The SPARC ADI hooks for the similar feature are not sufficient for
correct (no races) saving and restoring of the MTE metadata in swapped
pages. A separate patch series will be posted once implemented.
- Related to the above is suspend to disk.
- ptrace() support to be able to access the tags in memory of a
different process, something like {PEEK,POKE}_TAG.
- coredump (user) currently does not contain the tags.
- kselftests (work in progress)
- Clarify whether mmap(tagged_addr, PROT_MTE) pre-tags the memory with
the tag given in the tagged_addr hint. Strong justification is
required for this as it would force arm64 to disable the zero page.
- Clarify with the hardware architects whether CPUID checking is
sufficient or additional description via FDT or ACPI is required.
[1] https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/enhancing-memory-safety
[2] https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Arm_Memory_Tagging_Extension_Whitepaper.pdf
Catalin Marinas (13):
kbuild: Add support for 'as-instr' to be used in Kconfig files
arm64: alternative: Allow alternative_insn to always issue the first
instruction
arm64: Use macros instead of hard-coded constants for MAIR_EL1
arm64: mte: Use Normal Tagged attributes for the linear map
arm64: mte: Assembler macros and default architecture for .S files
arm64: Tags-aware memcmp_pages() implementation
mm: Introduce arch_calc_vm_flag_bits()
arm64: mte: Add PROT_MTE support to mmap() and mprotect()
mm: Introduce arch_validate_flags()
arm64: mte: Validate the PROT_MTE request via arch_validate_flags()
mm: Allow arm64 mmap(PROT_MTE) on RAM-based files
arm64: mte: Allow user control of the tag check mode via prctl()
arm64: mte: Allow user control of the excluded tags via prctl()
Dave Martin (1):
mm: Reserve asm-generic prot flags 0x10 and 0x20 for arch use
Vincenzo Frascino (8):
arm64: mte: system register definitions
arm64: mte: CPU feature detection and initial sysreg configuration
arm64: mte: Tags-aware clear_page() implementation
arm64: mte: Tags-aware copy_page() implementation
arm64: mte: Add specific SIGSEGV codes
arm64: mte: Handle synchronous and asynchronous tag check faults
arm64: mte: Kconfig entry
arm64: mte: Add Memory Tagging Extension documentation
Documentation/arm64/cpu-feature-registers.rst | 4 +
Documentation/arm64/elf_hwcaps.rst | 4 +
Documentation/arm64/index.rst | 1 +
.../arm64/memory-tagging-extension.rst | 229 ++++++++++++++++++
arch/arm64/Kconfig | 32 +++
arch/arm64/include/asm/alternative.h | 8 +-
arch/arm64/include/asm/assembler.h | 16 ++
arch/arm64/include/asm/cpucaps.h | 5 +-
arch/arm64/include/asm/cpufeature.h | 6 +
arch/arm64/include/asm/hwcap.h | 1 +
arch/arm64/include/asm/kvm_arm.h | 3 +-
arch/arm64/include/asm/memory.h | 17 +-
arch/arm64/include/asm/mman.h | 78 ++++++
arch/arm64/include/asm/mte.h | 11 +
arch/arm64/include/asm/page.h | 4 +-
arch/arm64/include/asm/pgtable-prot.h | 2 +
arch/arm64/include/asm/pgtable.h | 7 +-
arch/arm64/include/asm/processor.h | 4 +
arch/arm64/include/asm/sysreg.h | 70 ++++++
arch/arm64/include/asm/thread_info.h | 4 +-
arch/arm64/include/uapi/asm/hwcap.h | 2 +
arch/arm64/include/uapi/asm/mman.h | 14 ++
arch/arm64/include/uapi/asm/ptrace.h | 1 +
arch/arm64/kernel/cpufeature.c | 59 +++++
arch/arm64/kernel/cpuinfo.c | 2 +
arch/arm64/kernel/entry.S | 17 ++
arch/arm64/kernel/process.c | 141 ++++++++++-
arch/arm64/kernel/ptrace.c | 2 +-
arch/arm64/kernel/signal.c | 8 +
arch/arm64/lib/Makefile | 2 +
arch/arm64/lib/clear_page.S | 7 +-
arch/arm64/lib/copy_page.S | 23 ++
arch/arm64/lib/mte.S | 46 ++++
arch/arm64/mm/Makefile | 1 +
arch/arm64/mm/cmppages.c | 26 ++
arch/arm64/mm/dump.c | 4 +
arch/arm64/mm/fault.c | 9 +-
arch/arm64/mm/mmu.c | 22 +-
arch/arm64/mm/proc.S | 31 ++-
fs/proc/task_mmu.c | 3 +
include/linux/mm.h | 8 +
include/linux/mman.h | 20 +-
include/uapi/asm-generic/mman-common.h | 2 +
include/uapi/asm-generic/siginfo.h | 9 +-
include/uapi/linux/prctl.h | 9 +
mm/mmap.c | 9 +
mm/mprotect.c | 8 +
mm/shmem.c | 3 +
mm/util.c | 2 +-
scripts/Kconfig.include | 4 +
50 files changed, 958 insertions(+), 42 deletions(-)
create mode 100644 Documentation/arm64/memory-tagging-extension.rst
create mode 100644 arch/arm64/include/asm/mman.h
create mode 100644 arch/arm64/include/asm/mte.h
create mode 100644 arch/arm64/include/uapi/asm/mman.h
create mode 100644 arch/arm64/lib/mte.S
create mode 100644 arch/arm64/mm/cmppages.c
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2019-12-11 18:40 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-11 18:40 Catalin Marinas [this message]
2019-12-11 18:40 ` [PATCH 01/22] mm: Reserve asm-generic prot flags 0x10 and 0x20 for arch use Catalin Marinas
2019-12-11 19:26 ` Arnd Bergmann
2019-12-11 18:40 ` [PATCH 02/22] kbuild: Add support for 'as-instr' to be used in Kconfig files Catalin Marinas
2019-12-12 5:03 ` Masahiro Yamada
2019-12-11 18:40 ` [PATCH 03/22] arm64: alternative: Allow alternative_insn to always issue the first instruction Catalin Marinas
2019-12-11 18:40 ` [PATCH 04/22] arm64: Use macros instead of hard-coded constants for MAIR_EL1 Catalin Marinas
2019-12-11 18:40 ` [PATCH 05/22] arm64: mte: system register definitions Catalin Marinas
2019-12-11 18:40 ` [PATCH 06/22] arm64: mte: CPU feature detection and initial sysreg configuration Catalin Marinas
2019-12-11 18:40 ` [PATCH 07/22] arm64: mte: Use Normal Tagged attributes for the linear map Catalin Marinas
2019-12-11 18:40 ` [PATCH 08/22] arm64: mte: Assembler macros and default architecture for .S files Catalin Marinas
2019-12-11 18:40 ` [PATCH 09/22] arm64: mte: Tags-aware clear_page() implementation Catalin Marinas
2019-12-11 18:40 ` [PATCH 10/22] arm64: mte: Tags-aware copy_page() implementation Catalin Marinas
2019-12-11 18:40 ` [PATCH 11/22] arm64: Tags-aware memcmp_pages() implementation Catalin Marinas
2019-12-11 18:40 ` [PATCH 12/22] arm64: mte: Add specific SIGSEGV codes Catalin Marinas
2019-12-11 19:31 ` Arnd Bergmann
2019-12-12 9:34 ` Catalin Marinas
2019-12-12 18:26 ` Eric W. Biederman
2019-12-17 17:48 ` Catalin Marinas
2019-12-17 20:06 ` Eric W. Biederman
2019-12-11 18:40 ` [PATCH 13/22] arm64: mte: Handle synchronous and asynchronous tag check faults Catalin Marinas
2019-12-14 1:43 ` Peter Collingbourne
2019-12-17 18:01 ` Catalin Marinas
2019-12-20 1:36 ` [PATCH] arm64: mte: Do not service syscalls after async tag fault Peter Collingbourne
2020-02-12 11:09 ` Catalin Marinas
2020-02-18 21:59 ` Peter Collingbourne
2020-02-19 16:16 ` Catalin Marinas
2019-12-11 18:40 ` [PATCH 14/22] mm: Introduce arch_calc_vm_flag_bits() Catalin Marinas
2019-12-11 18:40 ` [PATCH 15/22] arm64: mte: Add PROT_MTE support to mmap() and mprotect() Catalin Marinas
2020-01-21 22:06 ` Peter Collingbourne
2019-12-11 18:40 ` [PATCH 16/22] mm: Introduce arch_validate_flags() Catalin Marinas
2019-12-11 18:40 ` [PATCH 17/22] arm64: mte: Validate the PROT_MTE request via arch_validate_flags() Catalin Marinas
2019-12-11 18:40 ` [PATCH 18/22] mm: Allow arm64 mmap(PROT_MTE) on RAM-based files Catalin Marinas
2019-12-11 18:40 ` [PATCH 19/22] arm64: mte: Allow user control of the tag check mode via prctl() Catalin Marinas
2019-12-19 20:32 ` Peter Collingbourne
2019-12-20 1:48 ` [PATCH] arm64: mte: Clear SCTLR_EL1.TCF0 on exec Peter Collingbourne
2020-02-12 17:03 ` Catalin Marinas
2019-12-27 14:34 ` [PATCH 19/22] arm64: mte: Allow user control of the tag check mode via prctl() Kevin Brodsky
2020-02-12 11:45 ` Catalin Marinas
2019-12-11 18:40 ` [PATCH 20/22] arm64: mte: Allow user control of the excluded tags " Catalin Marinas
2019-12-16 14:20 ` Kevin Brodsky
2019-12-16 17:30 ` Peter Collingbourne
2019-12-17 17:56 ` Catalin Marinas
[not found] ` <20200622171716.GC10226@gaia>
[not found] ` <CAMn1gO5rhOG1W+nVe103v=smvARcFFp_Ct9XqH2Ca4BUMfpDdg@mail.gmail.com>
2020-06-23 16:42 ` Catalin Marinas
2019-12-11 18:40 ` [PATCH 21/22] arm64: mte: Kconfig entry Catalin Marinas
2019-12-11 18:40 ` [PATCH 22/22] arm64: mte: Add Memory Tagging Extension documentation Catalin Marinas
2019-12-24 15:03 ` Kevin Brodsky
2019-12-13 18:05 ` [PATCH 00/22] arm64: Memory Tagging Extension user-space support Peter Collingbourne
2020-02-13 11:23 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191211184027.20130-1-catalin.marinas@arm.com \
--to=catalin.marinas@arm.com \
--cc=Richard.Earnshaw@arm.com \
--cc=andreyknvl@google.com \
--cc=kevin.brodsky@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-mm@kvack.org \
--cc=maz@kernel.org \
--cc=szabolcs.nagy@arm.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).