[PATCH] arm64: mte: allow async MTE to be upgraded to sync on a per-CPU basis

Peter Collingbourne pcc at google.com
Thu Jun 3 10:49:24 PDT 2021 

On Thu, Jun 3, 2021 at 6:01 AM Vincenzo Frascino
<vincenzo.frascino at arm.com> wrote:
>
> Hi Peter,
>
> On 6/3/21 12:24 AM, Peter Collingbourne wrote:
> > On some CPUs the performance of MTE in synchronous mode is the same
> > as that of asynchronous mode. This makes it worthwhile to enable
> > synchronous mode on those CPUs when asynchronous mode is requested,
> > in order to gain the error detection benefits of synchronous mode
> > without the performance downsides. Therefore, make it possible for CPUs
> > to opt into upgrading to synchronous mode via a new mte-prefer-sync
> > device tree attribute.
> >
>
> I had a look at your patch and I think that there are few points that are worth
> mentioning:
> 1) The approach you are using is per-CPU hence we might end up with a system
> that has some PE configured as sync and some configured as async. We currently
> support only a system wide setting.

This is the intent. On e.g. a big/little system this means that we
would effectively have sampling of sync MTE faults at a higher rate
than a pure userspace implementation could achieve, at zero cost.

> 2) async and sync have slightly different semantics (e.g. in sync mode the
> access does not take place and it requires emulation) this means that a mixed
> configuration affects the ABI.

We considered the ABI question and think that is somewhat academic.
While it's true that we would prevent the first access from succeeding
(and, more visibly, use SEGV_MTESERR in the signal rather than
SEGV_MTEAERR) I'm not aware of a reasonable way that a userspace
program could depend on the access succeeding. While it's slightly
more plausible that there could be a dependency on the signal type, we
don't depend on that in Android, at least not in a way that would lead
to worse outcomes if we get MTESERR instead of MTEAERR (it would lead
to better outcomes, in the form of a more accurate/detailed crash
report, which is what motivates this change). I also checked glibc and
they don't appear to have any dependencies on the signal type, or
indeed have any detailed crash reporting at all as far as I can tell.
Furthermore, basically nobody has hardware at the moment so I don't
think we would be breaking any actual users by doing this.

> 3) In your patch you use DT to enforce sync mode on a CPU, probably it is better
> to have an MIDR scheme to mark these CPUs.

Okay, so in your scheme we would say that e.g. all Cortex-A510 CPUs
should be subject to this treatment. Can we guarantee that all
Cortex-A510 CPUs would have the same performance for sync and async or
could the system designer tweak some aspect of the system such that
they could get different performance? The possibility of the latter is
what led me to specify the information via DT.

Peter

More information about the linux-arm-kernel mailing list