Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2318582pxp; Mon, 21 Mar 2022 16:49:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy2QOgmUsPxxpl7wo84gH7A51chZTXFZBerzHOg0gAQwU8BZ+8sICNyRPhs9GR0ABtoycTL X-Received: by 2002:a17:902:e552:b0:14f:bfec:eb2c with SMTP id n18-20020a170902e55200b0014fbfeceb2cmr15207299plf.108.1647906548471; Mon, 21 Mar 2022 16:49:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647906548; cv=none; d=google.com; s=arc-20160816; b=Mm1I0HQlYW7x4s+xA3/+Dk/Ay6UrROLJtrXLhSQoHocqVVnfEBKDJExb3QhZw19xv9 gca1G2FwK+qwsJQvT9xS1q36OtOxL48KDA1rtHbu6hwyOCgrfA0IKmhMhbIpS3PR4T5T ouQEHQataxUUl+8qClOyivsqYZWav0c63pSCpNzsF8soo17WxgxyxCZAJnZFyPAHrtmT iRVdTPvTT4h6pRXTAOpBa872AtKmvgcA5MH6TpS/OEbIs/lZ6HiaG77oh0WBLXrj25EA LuItQdyYCglphQKCYeU1TwYbMY0F3TJLTdfMAyRkfPtF4Y3NsogYv4eX2UMCDc25D/xC ZJ6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=GO4RKzBldiOAEmJiMx6aLhvZMlZcwhA9ygIVn0/s/6U=; b=BMKvHOrc0Ww/PHZZyDvCVcuQriu8fw0yY41dRLAfsELy+lTfCuaR2ObP+WM+yfb0Vu ebQwrLgaaInPagTKTHhi4gGzugq1BQg8P2KHL1T1tEVaWW2fAEjjnHHgZ7iAlLb4yH/z 5sAvY/vcgmDEtEufRsX7EoH5yfJPUNuSjuSUO0aDsHZrHQ1X9QvaR57cZ02qp+tKDvrJ l3MCsQAiOJGySkPFPE+nSt9OpN9rp/Ux3xY0UvFo+4BNcAIFWFCki/ftU4EyFl3ktB3v Iquwscl3WcILXj15Stt/QqnP34PwkqAm+YZ3CZm89M6zY+8lvHXkS9kFOnci4OOIeoB6 ieTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=q3mJoo5Z; dkim=neutral (no key) header.i=@linutronix.de header.b=fwMnUpsZ; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id 10-20020a170902c10a00b00153b2d165dasi11552968pli.482.2022.03.21.16.49.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 16:49:08 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=q3mJoo5Z; dkim=neutral (no key) header.i=@linutronix.de header.b=fwMnUpsZ; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id AE60440660E; Mon, 21 Mar 2022 16:13:25 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232346AbiCUXOj (ORCPT + 99 others); Mon, 21 Mar 2022 19:14:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46566 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232623AbiCUXMy (ORCPT ); Mon, 21 Mar 2022 19:12:54 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70CE43A999B for ; Mon, 21 Mar 2022 15:59:46 -0700 (PDT) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1647903553; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=GO4RKzBldiOAEmJiMx6aLhvZMlZcwhA9ygIVn0/s/6U=; b=q3mJoo5ZuVD9zYf9Am9/ptnPyfpKmmm64dWqVRlQl6cqkWpUCCM21vU1tnN8qVNwItjH0V 61r/WVxbjIYSGabq+7Z8ONAoM/OtFDoP0auZUnlwO05B9iELp2wOIxcoCqgGEUyvya8FFF uX/SPYY/TkPopgaUWepZBjcpZxtktwTOKVSzsw6iFglDz7wwTrfdL6stM5Hs3FuPYIXtuj 6uEnllhyJJsA6U558260Gslj/WyPEsywd42ChO9qG7nZnmpeE9wKz0LG6zoSKAsYtGt1VW +SxZkP53RnYS6HvfD0cwJaIxoRkwzlyJKVoFHMi/FfADrc64pFkAB2VDOtKxFw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1647903553; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=GO4RKzBldiOAEmJiMx6aLhvZMlZcwhA9ygIVn0/s/6U=; b=fwMnUpsZjdgqJKw+Ax8eJawy5A70hRdp+mZfIL2cQXgF/SAIHubRvQIKRPYpcxNf7Gg24d bupB6o4Y7AfIt0DA== To: Andy Lutomirski , Bharata B Rao , Linux Kernel Mailing List Cc: linux-mm@kvack.org, the arch/x86 maintainers , "Kirill A. Shutemov" , Ingo Molnar , Borislav Petkov , Dave Hansen , Catalin Marinas , Will Deacon , shuah@kernel.org, Oleg Nesterov , ananth.narayan@amd.com Subject: Re: [RFC PATCH v0 0/6] x86/AMD: Userspace address tagging In-Reply-To: <6a5076ad-405e-4e5e-af55-fe2a6b01467d@www.fastmail.com> References: <20220310111545.10852-1-bharata@amd.com> <6a5076ad-405e-4e5e-af55-fe2a6b01467d@www.fastmail.com> Date: Mon, 21 Mar 2022 23:59:12 +0100 Message-ID: <87fsnac3pb.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 21 2022 at 15:29, Andy Lutomirski wrote: > On Thu, Mar 10, 2022, at 3:15 AM, Bharata B Rao wrote: >> This patchset makes use of Upper Address Ignore (UAI) feature available >> on upcoming AMD processors to provide user address tagging support for x86/AMD. >> >> UAI allows software to store a tag in the upper 7 bits of a logical >> address [63:57]. When enabled, the processor will suppress the >> traditional canonical address checks on the addresses. More information >> about UAI can be found in section 5.10 of 'AMD64 Architecture >> Programmer's Manual, Vol 2: System Programming' which is available from >> >> https://bugzilla.kernel.org/attachment.cgi?id=300549 > > I hate to be a pain, but I'm really not convinced that this feature is > suitable for Linux. There are a few reasons: Abusing bit 63 is not suitable for any OS in my opinion. > Right now, the concept that the high bit of an address determines > whether it's a user or a kernel address is fairly fundamental to the > x86_64 (and x86_32!) code. It may not be strictly necessary to > preserve this, but violating it would require substantial thought. > With UAI enabled, kernel and user addresses are, functionally, > interleaved. This makes things like access_ok checks, and more > generally anything that operates on a range of addresses, behave > potentially quite differently. A lot of auditing of existing code > would be needed to make it safe. Which might be finished ten years from now.... Seriously there is no justification for the bit 63 abuse. This has been pointed out by various people to AMD before this saw the public. Other vendors seem to have gotten the memo. The proper solution here is to issue an erratum and fix this nonsense in microcode for the already taped out silicon and get rid of it in the design of future ones completely. Anything else is just wishful thinking. Thanks, tglx