[PATCH v9 29/29] arm64: mte: Add Memory Tagging Extension documentation
szabolcs.nagy at arm.com
Tue Sep 22 11:52:49 EDT 2020
The 09/17/2020 10:02, Catalin Marinas wrote:
> On Thu, Sep 17, 2020 at 09:11:08AM +0100, Will Deacon wrote:
> > On Fri, Sep 04, 2020 at 11:30:29AM +0100, Catalin Marinas wrote:
> > > From: Vincenzo Frascino <vincenzo.frascino at arm.com>
> > > Acked-by: Szabolcs Nagy <szabolcs.nagy at arm.com>
> > I'm taking this to mean that Szabolcs is happy with the proposed ABI --
> > please shout if that's not the case!
> I think Szabolcs is still on holiday. To summarise the past threads,
> AFAICT he's happy with this per-thread control ABI but the discussion
> went on whether to expand it in the future (with a new bit) to
> synchronise the tag checking mode across all threads of a process. This
> adds some complications for the kernel as it needs an IPI to the other
> CPUs to set SCTLR_EL1 and it's also racy with multiple threads
> requesting different modes.
> Now, in the glibc land, if the tag check mode is controlled via
> environment variables, the dynamic loader can set this at process start
> while still in single-threaded mode and not touch it at run-time. The
> MTE checking can still be enabled at run-time, per mapped memory range
> via the PROT_MTE flag. This approach doesn't require any additional
> changes to the current patches. But it's for Szabolcs to confirm once
> he's back.
my thinking now is that for PROT_MTE use outside
of libc we will need a way to enable tag checks
early so user code does not have to worry about
tag check settings across threads (coordinating
the setting at runtime seems problematic, same
for the irg exclusion set).
if we add a kernel level opt-in mechanism for tag
checks later (e.g. elf marking) or if the settings
are exclusively owned by early libc code then i
think the proposed abi is ok (this is our current
agreement and works as long as no late runtime
change is needed to the settings).
i'm now wondering about the default tag check mode:
it may be better to enable sync tag checks in the
kernel. it's not clear to me what would break with
that. this is probably late to discuss now and libc
would need ways to override the default no matter
what, but i'd like to know if somebody sees problems
or risks with unconditional sync tag checks turned on
(sorry i don't remember if we went through this before).
i assume it would have no effect on a process that
never uses PROT_MTE.
More information about the linux-arm-kernel