Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2367161pxb;
        Thu, 11 Feb 2021 10:29:58 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxdSkg22U6iDc7721S0MbsVljKBbFfJVGOanRU7mRQBQFNwErDiLAsTgRKuyRz588hegmeh
X-Received: by 2002:a05:6402:1ad1:: with SMTP id ba17mr9708624edb.243.1613068198387;
        Thu, 11 Feb 2021 10:29:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1613068198; cv=none;
        d=google.com; s=arc-20160816;
        b=HWsP4KD5wKri3wR87b53LQueYzhcH3TLZEr6060FNxhULHIUULfRcKjmht/ow89njd
         gol5vti5Xi3UGaAs02TNHakrteXpoMmgcvRR/QhuZF2QPTJRM7QZJYONbu/QMAdKJcuT
         BYoLOB/lj5i78aU2jOrmg/LMMVlxA52GjQWlq/+oqVLluyKEyp4RKeL5EVwgwKEenbAF
         sl48j+QUuuVZ2Y1Y4QS06fkYdy4LPS23NSkTKmV2my573PjIlMMFESOHDx91aXtazozX
         nmV5lnCkeTYWDZwneQThVDVHa6tAdl/75niqSXXSHeoX7M5QdFvf9piamJ2Ly04xEHeb
         yxlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=mW59II95HuRfe6jJ0YZ1WEIKqlQyjqmRAu8/dkY6szc=;
        b=tDHC3cfkf+21rfH/sCpEtJeonpL6PHn7XibVK2kJ4TkYF+XkCSj9OTxzJDVSfJLIj1
         hB7pgJlbkt7A6gMbZg9HJJkZEeSWuXygN5hNHXlU35ddVHNlhgA7t3IKbk3+lBHxB6Ul
         TuQJ3TbdsfAeXs9cIDIfwrPxTqwG97rbifbLk8RK3TEkydhFGWt7xUGFL1wEzAgBZO/G
         mfnVEjrmx6DePui9kZq1nKYPlSXlM/D/jMcz+/9BjAT3XCJcbx8qLsw5mNWdXxOw4whe
         7Y4Tj4EN9nFAotpSOyiJinWg8SlqOEd7AHEk5Hb3iV7LhSQPfRHW8WoRvYC5aYJPUNa5
         t1Gw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l13si4579800ejg.121.2021.02.11.10.29.35;
        Thu, 11 Feb 2021 10:29:58 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231516AbhBKS3I (ORCPT <rfc822;loserzhuang@gmail.com>
        + 99 others); Thu, 11 Feb 2021 13:29:08 -0500
Received: from mail.kernel.org ([198.145.29.99]:55276 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231499AbhBKS1g (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 11 Feb 2021 13:27:36 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id C2E5764E15;
        Thu, 11 Feb 2021 18:26:52 +0000 (UTC)
Date:   Thu, 11 Feb 2021 18:26:50 +0000
From:   Catalin Marinas <catalin.marinas@arm.com>
To:     Dave Hansen <dave.hansen@intel.com>
Cc:     "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>, x86@kernel.org,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Alexander Potapenko <glider@google.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Will Deacon <will@kernel.org>,
        "H . J . Lu" <hjl.tools@gmail.com>,
        Andi Kleen <ak@linux.intel.com>, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
Subject: Re: [RFC 1/9] mm, arm64: Update PR_SET/GET_TAGGED_ADDR_CTRL interface
Message-ID: <20210211182649.GB5238@arm.com>
References: <20210205151631.43511-1-kirill.shutemov@linux.intel.com>
 <20210205151631.43511-2-kirill.shutemov@linux.intel.com>
 <20210211165748.GA5238@arm.com>
 <03b0f7d0-6b67-c48c-9250-ff4eadc221f2@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <03b0f7d0-6b67-c48c-9250-ff4eadc221f2@intel.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Dave,

On Thu, Feb 11, 2021 at 09:06:12AM -0800, Dave Hansen wrote:
> I noticed there are some ELF bits for ARM's BTI feature:
> 
> 	GNU_PROPERTY_AARCH64_FEATURE_1_BTI
> 
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/elf.h#n453
> 
> There's been talk of needing a similar set of bits on x86 for tagged
> pointers (LAM).  Do you have any plans to do something similar (ELF
> property bits) for any of the pointer tagging features?

Not at the moment but see below.

Tagged addresses were supported on arm64 from day 0, though they were
not used much (I think some JITs attempted to encode pointer types in
the top byte). Until recently, we haven't allowed such tagged pointers
as syscall arguments.

The need for wider use of tagged pointers and the syscall ABI relaxation
came from the ASan/HWASan work on LLVM and the subsequent Memory Tagging
Extensions (MTE). With the latter, the user code doesn't need to be
recompiled, only the right heap allocator to be loaded. So you could do
an LD_PRELOAD to override malloc/free to return tagged pointers (I did
this in the past to run a standard Debian + LTP testing). So we decided
that it's easier for the C library to invoke a prctl() if needed rather
than having some ELF property.

MTE also requires additional control (like synchronous/asynchronous tag
checking) which we added to the same prctl() to be done in a single
call. That's, again, the decision of the C library together with using
mmap(PROT_MTE) for the heap regions.

That said, since HWASan requires code instrumentation, it would have
been nice if some GNU property was present as not to mix&match such
objects. I guess since it's mostly a debug feature, people didn't
bother but it would probably fall apart if you mix it with MTE.

With MTE, at some point we may deploy stack tagging which requires
instrumentation of the function prologue/epilogue and mapping the stack
with PROT_MTE. That's not widely used at the moment since such
instructions are undef on previous CPU implementations. We may end up
with an ELF annotation to distinguish such objects but I think that's
still up for discussion.

The reason for the BTI property was static binaries that needed PROT_BTI
on their exec sections to be set by the kernel. MTE did not have such
need (the C library would pass PROT_MTE explicitly on heap allocations)
and neither did the top-byte-ignore feature.

For the LAM feature, if the code is identical (e.g. it's the C library
deciding whether malloc() returns tagged pointers), I don't see much use
for an ELF annotation. However, if the plan is for something similar to
HWASan with different code generation, it may be safer to just add a
GNU note.

-- 
Catalin