[PATCH v9 29/29] arm64: mte: Add Memory Tagging Extension documentation
szabolcs.nagy at arm.com
Wed Sep 23 05:10:08 EDT 2020
The 09/22/2020 17:55, Catalin Marinas wrote:
> On Tue, Sep 22, 2020 at 04:52:49PM +0100, Szabolcs Nagy wrote:
> > if we add a kernel level opt-in mechanism for tag checks later (e.g.
> > elf marking) or if the settings are exclusively owned by early libc
> > code then i think the proposed abi is ok (this is our current
> > agreement and works as long as no late runtime change is needed to the
> > settings).
> In the Android case, run-time changes to the tag checking mode I think
> are expected (usually via signal handlers), though per-thread.
ok that works, but does not help allocators or
runtimes that don't own the signal handlers.
> > i'm now wondering about the default tag check mode: it may be better
> > to enable sync tag checks in the kernel. it's not clear to me what
> > would break with that. this is probably late to discuss now and libc
> > would need ways to override the default no matter what, but i'd like
> > to know if somebody sees problems or risks with unconditional sync tag
> > checks turned on (sorry i don't remember if we went through this
> > before). i assume it would have no effect on a process that never uses
> > PROT_MTE.
> I don't think it helps much. We already have a requirement that to be
> able to pass tagged pointers to kernel syscalls, the user needs a
> prctl(PR_TAGGED_ADDR_ENABLE) call (code already in mainline). Using
> PROT_MTE without tagged pointers won't be of much use. So if we are to
> set different tag check defaults, we should also enable the tagged addr
> ABI automatically.
> That said, I still have a preference for MTE and tagged addr ABI to be
> explicitly requested by the (human) user either via environment
> variables or marked in an ELF note as "safe with/using tags". Given the
> recent mremap() issue we caused in glibc, I'm worried that other things
> may break with enabling the tagged addr ABI everywhere.
> Another aspect is that sync mode by default in a distro where glibc is
> MTE-aware will lead to performance regressions. That's another case in
> favour of the user explicitly asking for tag checking.
ok this all makes sense to me.
> Anyway, I'm open to having a debate on changing the defaults.
More information about the linux-arm-kernel