Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1309426iob; Sat, 14 May 2022 05:44:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwvpArIYiz4FqIjtzPiP2fsO3vEkzB9GuNl//tBVl9wiW4e2dzHmoFkFpPziWot8wjFVRRf X-Received: by 2002:a05:600c:3647:b0:393:fb6b:e778 with SMTP id y7-20020a05600c364700b00393fb6be778mr19088881wmq.71.1652532265826; Sat, 14 May 2022 05:44:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652532265; cv=none; d=google.com; s=arc-20160816; b=lXorjxccOE1ai+x76PVitPFLp2E4LboSKiXJgh3fhWSAKJVxtNbgShiLSE2rQ6pwer 81xCdFQJpc00Yv8SKUpJT5IjSc6QnaSt4jM69d+3wbSdYiCiJd1kJIaPYlotHdSDwH2V ptFJVFwcjZNfv/g928sPlR4or7bJ/Uwwo/bEa14+74XmPgk1kqYiqujydC/xkWfzjv4g Rb3WKjfutx8b35giecVSckvWniJ33ddnKcReyZ3SKlxhh4efZuQtoHADbAAN6UM+MshD u3ob34cbepsDRgGMPY/hqamMn6z7zORRMVCFI8+H2nbNueyn3LAgm0heTRNEulULWW9J qHfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=r2r8Dhwt+P9oHmhE2QNEFdOczht/CbbzdZrk8SRBVls=; b=mVK+8gPZQwTKp/MHtF6DCpkV3Eyffuwl1ppLmUsuo8CNAZF3htm1yvqkF9S8l5uQSF /4ic7veFnOqG1rRn+HMf57m/2GNb62NTSuhESDGUgizgUjGZd0uw5/CigAERJSuCmAqG yd7ZGXoAZL0THCVvEcydTZo4vR+BtYFIRGWGC+GwydqkwZ5noZnKJPii111VvdEhh6ub H5JvoTshoPV/PAqMqaBaliCpGJj97pTJylf9/RoNEvBbpoP1HEgmcSsFI1xaqmwfIM8S UMR0x1E/nCyYFBJGOb/TsTnKSHGlW8ni+lOsFeFmZADOP+9WnN2IgiUUDT0zNjfQac9k DvgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=zdsW6aQX; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=pDDJjVOG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v67-20020a1cac46000000b0038ec18da19bsi7737865wme.149.2022.05.14.05.43.25; Sat, 14 May 2022 05:44:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=zdsW6aQX; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=pDDJjVOG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230033AbiENKAf (ORCPT + 99 others); Sat, 14 May 2022 06:00:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42050 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231580AbiENKAd (ORCPT ); Sat, 14 May 2022 06:00:33 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CF2D3E0C5 for ; Sat, 14 May 2022 03:00:29 -0700 (PDT) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1652522427; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=r2r8Dhwt+P9oHmhE2QNEFdOczht/CbbzdZrk8SRBVls=; b=zdsW6aQXqr/phm3mkPZpI6reAnroeq6p5pd6LswaQwwdRUuDnFJEHmdTCVK/jBHN6tLl1m wYNCYjnMoJgZRZYf+TxyeZP+N29uTAoe5rrP17g5glsSr6UBmV/Sl/0flpLmcFpqjdrHtC MAFDwgRm54RyzZ8ltgG56002crsTNz4OOvvHTtuk0PZ2MRW1uJAgwtIHqLwlET4A0FphAi Z9EkOJXG1WeeW5sJpJd259t0tUh4dJ/B5q4kmism91bzcu4pZZXBUjRgkoRb8xrJMifsIT t/mUzFchBacEFcFWn4LlHdbBaprz+JRKSX+7qsuIj8mwX9ey8esB5oIgGzSnVg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1652522427; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=r2r8Dhwt+P9oHmhE2QNEFdOczht/CbbzdZrk8SRBVls=; b=pDDJjVOGt+lkMXz8zCE0A3goezFNggKNl1iLjY+BkZKKzMl/WjHOAMJkxiKxBKga5O1Iwz lcjcfOGvXBrrlLAg== To: "Kirill A. Shutemov" , Alexander Potapenko Cc: Dave Hansen , Peter Zijlstra , Dave Hansen , Andy Lutomirski , the arch/x86 maintainers , Dmitry Vyukov , "H . J . Lu" , Andi Kleen , Rick Edgecombe , Linux Memory Management List , LKML Subject: Re: [RFCv2 00/10] Linear Address Masking enabling In-Reply-To: <20220513230123.wmb4ia3r72snfpwj@black.fi.intel.com> References: <20220511022751.65540-1-kirill.shutemov@linux.intel.com> <20220511064943.GR76023@worktop.programming.kicks-ass.net> <20bada85-9203-57f4-2502-57a6fd11f3ea@intel.com> <875ymav8ul.ffs@tglx> <55176b79-90af-4a47-dc06-9f5f2f2c123d@intel.com> <20220513230123.wmb4ia3r72snfpwj@black.fi.intel.com> Date: Sat, 14 May 2022 12:00:27 +0200 Message-ID: <87ee0wsabo.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 14 2022 at 02:01, Kirill A. Shutemov wrote: > On Fri, May 13, 2022 at 01:07:43PM +0200, Alexander Potapenko wrote: >> On Thu, May 12, 2022 at 11:51 PM Dave Hansen wrote: >> > >> > On 5/12/22 12:39, Thomas Gleixner wrote: >> > >> It's OK for a debugging build that runs on one kind of hardware. But, >> > >> if we want LAM-using binaries to be portable, we have to do something >> > >> different. >> > >> >> > >> One of the stated reasons for adding LAM hardware is that folks want to >> > >> use sanitizers outside of debugging environments. To me, that means >> > >> that LAM is something that the same binary might run with or without. >> > > On/off yes, but is there an actual use case where such a mechanism would >> > > at start time dynamically chose the number of bits? >> > >> > I'd love to hear from folks doing the userspace side of this. Will >> > userspace be saying: "Give me all the bits you can!". Or, will it >> > really just be looking for 6 bits only, and it doesn't care whether it >> > gets 6 or 15, it will use only 6? >> >> (speaking more or less on behalf of the userspace folks here) >> I think it is safe to assume that in the upcoming year or two HWASan >> will be fine having just 6 bits for the tags on x86 machines. >> We are interested in running it on kernels with and without >> CONFIG_X86_5LEVEL=y, so U48 is not an option in some cases anyway. > > Just to be clear: LAM_U48 works on machine with 5-level paging enabled as > long as the process doesn't map anything above 47-bit. That's the whole point. If you use LAM_U48 in one thread for some obscure reason, you prevent the whole process from utilizing the full virtual address space. The other way round is also weird. If one thread manages to have a virtual address above bit 47 then you can't get U48 for the other anymore. Aside of that the whole per-thread approach can only ever work when an application is crafted carefully to handle it. Think about shared data structures with pointers inside. This surely can be made work, but is it something which is generally safe? No. Plus it comes with inconsistent behaviour in the kthread_use_mm() case. What could work is a mechanism which tells the loader that it should apply U48 and restrict the address space randomization to 47 bits, but anything else is going to create more problems than it solves. Thanks, tglx