[PATCH v1 4/4] arm64/mte: Add userspace interface for enabling asymmetric mode
Evgenii Stepanov
eugenis at google.com
Wed Mar 2 12:58:48 PST 2022
On Wed, Mar 2, 2022 at 11:33 AM Mark Brown <broonie at kernel.org> wrote:
>
> On Wed, Mar 02, 2022 at 10:44:31AM -0800, Evgenii Stepanov wrote:
> > On Wed, Mar 2, 2022 at 5:10 AM Mark Brown <broonie at kernel.org> wrote:
> > > On Wed, Mar 02, 2022 at 11:44:53AM +0000, Catalin Marinas wrote:
> > > > On Tue, Mar 01, 2022 at 04:52:01PM -0800, Evgenii Stepanov wrote:
>
> > > > > Extending PR_MTE_TCF_MASK seems bad for backward compatibility. User
> > > > > code may do "flags =& ~PR_MTE_TCF_MASK" to disable MTE; when compiled
> > > > > against an old version of the header this would fail to remove the ASYMM
> > > > > bit.
>
> > > > But if the app is compiled against an old version, it wouldn't set
> > > > MTE_CTRL_TCF_ASYMM either as it doesn't have the definition.
>
> > Libraries within a single process can be built against different
> > header versions. In our case, this is libc vs the app: we expect to
> > set all 3 mode bits when an app asks for "async" to enable the
> > mte_tcf_preferred logic. Even if the app is built against an older NDK
> > and unaware of the Asymm mode existence!
>
> I can't see how we can resolve that case in the kernel except by adding
> a specific call to disable all MTE modes which would obviously only be
> useful for future proofing given that no existing applications would
> support it.
One option would be to introduce a new, future-proofed prctl with a
wider mask, and throw in a few extra reserved bits just in case. Then
have the legacy prctl always clear MTE_CTRL_TCF_ASYMM.
> We would have been fine if we'd kept the original ABI that
> only allowed applications to request one mode at once but that ship
> sailed. libc could arrange to know if the application was built against
> a new enough NDK to have the new flag and not enable asymmetric mode if
> it wasn't though.
Yes, that's a valid option, as well. But now that I think about it,
this is not the only pitfall with using the raw prctl in an Android
app. I'm inclined to just declare this case unsupported and have the
apps go through mallopt.
More information about the linux-arm-kernel
mailing list