From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60075.outbound.protection.outlook.com [40.107.6.75]) by sourceware.org (Postfix) with ESMTPS id 8D0153851C27 for ; Wed, 3 Jun 2020 15:03:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 8D0153851C27 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0VwjdygZ9AqWhyuLB59p2rbnVY0uGMo0g77h95Ay7I8=; b=52ezsdd1zuszyras6Kr/ZQILb22/jDPlp/mw+H6yXidVGIMDOJvG2RUOLw55O7sQEg3CO5GyWMPjcztXZ1bDVkZtM9jRp7gp+Sotl1pktzfq35S5rDj5P0PdFFTmcHnXyCjlgjJOnDEDz7oBlfi+TIbk4+fEiPoQoaFXM+xtchA= Received: from AM5PR0101CA0013.eurprd01.prod.exchangelabs.com (2603:10a6:206:16::26) by AM4PR08MB2660.eurprd08.prod.outlook.com (2603:10a6:205:c::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.25; Wed, 3 Jun 2020 15:03:31 +0000 Received: from AM5EUR03FT023.eop-EUR03.prod.protection.outlook.com (2603:10a6:206:16:cafe::c0) by AM5PR0101CA0013.outlook.office365.com (2603:10a6:206:16::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Wed, 3 Jun 2020 15:03:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT023.mail.protection.outlook.com (10.152.16.169) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Wed, 3 Jun 2020 15:03:30 +0000 Received: ("Tessian outbound 9eabd37e4fee:v57"); Wed, 03 Jun 2020 15:03:30 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 5abd074c705f150d X-CR-MTA-TID: 64aa7808 Received: from c6f45b76b0e3.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 019DD817-1151-4203-8CA8-87F6D80F4540.1; Wed, 03 Jun 2020 15:03:25 +0000 Received: from EUR02-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id c6f45b76b0e3.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 03 Jun 2020 15:03:25 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d2l2Hc9yZip1GnjOVXQL/+m6wfcULeYShe6sP6IkIdLLzB8lfUl4sWV5X1RED0FnpYb/XmX0qeotfg9vk2Y8uqZ+GyQjsU1R247y1RUYmVJIhTyJ87VvkvKBW8amCZ3pa0tbubtQUrMlXXer4Kkt3NRiDWS1ykb7LnesbB1+sxFM9vkcMWvH5iq1UTgJw6r8dqBxT/pZAYG2OKUZbQzeb1DLZW/c+b3Y/+qk/qANcwU4BYhLEU5YwYKASAT72j8JLYics5QSs97+xBRXzycV6z7urKEuDN0Pptyqv/hAXsyhxXEEtRrgZeDPxrNz+r+jzWv22z/3VabzZl7DoRqYJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0VwjdygZ9AqWhyuLB59p2rbnVY0uGMo0g77h95Ay7I8=; b=gP+5Ig1Pb6gUKQs6kYQhbPm5vWgucYxXwLGS9C+ZQ+CHJXAWVTHna1X/wWejFTNDMy+GCJgHNmFzPIeXzGNF7uFx57ENNoWtKV6stJNNLxDSeUS3ZqWEVCqdjkQHd78aHSnOal76B/X8PF8BEJohRhBGLJ9cTvqM5vYx26q5v1ybfSSN3hzuf25SKibXmcXHzPxYWNUKF+bVv4RVbh7TSVTsuSJ96NtMtEi5HWrCZYfBUt0aqbYWToI1Oubaigoc+5VW03r+N98n77x4S3sGE7sdA2aLJs4FRlJbL6qHjyCdAfBV7yOw9tPPFw7vidYKZMPqC6Y8Rpxnw8HlCGbU6w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0VwjdygZ9AqWhyuLB59p2rbnVY0uGMo0g77h95Ay7I8=; b=52ezsdd1zuszyras6Kr/ZQILb22/jDPlp/mw+H6yXidVGIMDOJvG2RUOLw55O7sQEg3CO5GyWMPjcztXZ1bDVkZtM9jRp7gp+Sotl1pktzfq35S5rDj5P0PdFFTmcHnXyCjlgjJOnDEDz7oBlfi+TIbk4+fEiPoQoaFXM+xtchA= Authentication-Results-Original: linaro.org; dkim=none (message not signed) header.d=none;linaro.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB4358.eurprd08.prod.outlook.com (2603:10a6:20b:b6::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.19; Wed, 3 Jun 2020 15:03:23 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::49fd:6ded:4da7:8862]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::49fd:6ded:4da7:8862%7]) with mapi id 15.20.3066.018; Wed, 3 Jun 2020 15:03:23 +0000 Date: Wed, 3 Jun 2020 16:03:16 +0100 From: Szabolcs Nagy To: Adhemerval Zanella Cc: libc-alpha@sourceware.org Subject: Re: [PATCH] aarch64: MTE compatible strchrnul Message-ID: <20200603150315.GF21536@arm.com> References: <87img8xuby.fsf@oldenburg2.str.redhat.com> <87blm0w81j.fsf@arm.com> <87img8uszs.fsf@oldenburg2.str.redhat.com> <04f67459-9c4e-da69-0323-c3d535cedc68@linaro.org> <20200603145331.GE21536@arm.com> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200603145331.GE21536@arm.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-ClientProxiedBy: SN4PR0501CA0050.namprd05.prod.outlook.com (2603:10b6:803:41::27) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from arm.com (217.140.106.54) by SN4PR0501CA0050.namprd05.prod.outlook.com (2603:10b6:803:41::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.8 via Frontend Transport; Wed, 3 Jun 2020 15:03:21 +0000 X-Originating-IP: [217.140.106.54] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 6aa97dde-dcb2-48d7-65c8-08d807cf4764 X-MS-TrafficTypeDiagnostic: AM6PR08MB4358:|AM4PR08MB2660: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:10000;OLM:10000; X-Forefront-PRVS: 04238CD941 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: TReAxUQekbbRpQAAZ6P07GUQe506sgkFz1/L2MbELcfb+penlbonYXU/hpto/Kie++hAJdaVLqH5blJ+bL9Wq6gnRDfXBPWi42DKOjM/Jew9877byLuJEsezWNu56uPk6RS/EICQJNAg9BK/EgqOj79nAa/N+ANz0FwM1lC+ldWBk87ybWOjgiExiQvvMUZo7DZm5sIIvREG4uixHhomvQaDBpmSK0v3yAfWdvpWrE0dj5agp59xxgxmo/XVrUIM0KLVnQWEtSyPMXbRgP8OkGxqmV65sgdBn4eLeQzqtMvh5mzPVmOccEPGOdsTOIapfAkfghneZdpga4NiiVPHZfd2a6zgFTAjen9AUkmFt2QE7rGB0hZ4gOZp+U8FE8Oq X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(376002)(136003)(366004)(396003)(346002)(52116002)(6666004)(5660300002)(8886007)(7696005)(66556008)(53546011)(66946007)(66476007)(1076003)(26005)(16526019)(186003)(2906002)(8936002)(6916009)(4326008)(44832011)(8676002)(316002)(478600001)(55016002)(36756003)(33656002)(2616005)(86362001)(956004)(156123004); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: BQ4bop1v4XX/F+ESP6rUT3a7LZiKyuR3uZ6/WhP58c4Cy+HHZFmihcIFTQBBYxa5tdgBZISCLsyZ92tkVeGix2YkhBonwQX9siCm98zNXAP8o9NrjlaO4hsZMcpSUyjY5QNXXlLW4Q7GhgRuwhKhW8bez50clrUc1AN7a66IjwceF0rgjl/HQxKGjwaB1BSlFdtssZRdo3DkcEn8Nh0t8mFCPj2L0iuRd1t84PglFbEG+NPSikB7Y0Y+P5piQEmaAnd6qTKFT5ya32MDip4NJSMui5sWLNKYXrJi52xp3giTjxL6mCS/Vhu5ScwYBlgu/IJt6CH6OHKr/DozDyACbO540Brp46R/i4ie4+0AVOXRdTAB3GxG4EwC0OyCByghPyvjAWheCRn/Z0xLLW3LkD3SgMIhh7xI3IuVipSY+9F53ELlxuLj8aFyEE0EwBjngKcPPNyQ0j8Zk3O3+kX5UzVfmcpa8em3w/KhfxTVP1+8k+yieBQCxd0nyebwTQXj X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4358 Original-Authentication-Results: linaro.org; dkim=none (message not signed) header.d=none;linaro.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT023.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(136003)(376002)(346002)(46966005)(7696005)(33656002)(186003)(8886007)(6666004)(55016002)(70586007)(53546011)(36756003)(8936002)(356005)(82310400002)(47076004)(2906002)(81166007)(70206006)(86362001)(26005)(478600001)(82740400003)(16526019)(1076003)(6862004)(316002)(956004)(2616005)(8676002)(336012)(36906005)(5660300002)(44832011)(4326008)(156123004); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: b4b41eb8-ee39-4424-d5ae-08d807cf4287 X-Forefront-PRVS: 04238CD941 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 8YggBj6FXFCEHZxph/HMi46AjHEHMPyHx/ufIJBd5PBVHE3z7r0M9YJ9/ClJ2EQan5Lf06hy6+BFHvey9OO7SvddJ2EvSY+Y3ezRPKhWlLSvxPNJmWWoQK7Md9i3ArFjTLe7CSFweq4rvPVU7JJpXOc3DGACDEWZommXEAlt8ucp/2r9Gjy3+4VSk/3THIpg+jAkbPRX8GzPzJa+9zr1Lv6XyOmCvbGPXgidNMUY2y+nqnlBDiCnyCdOJLoEDi6dW+F9/7g2EVOfNea2mOvSniNg6kPiT+BQ4GWp5o90eVEZYN/FN2klwtgNG5tsOiqNdBxvyF3RiJBJBze7ngkyJ9uISYHrGhHUX5JGqBlPHLk9WxEuNV+UjZ+14nL2DQXmNvcDDUQklyPO0MNcMa8TNpnP5dq2f68ACYypnTfUZEM= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2020 15:03:30.9668 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6aa97dde-dcb2-48d7-65c8-08d807cf4764 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR08MB2660 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2020 15:03:34 -0000 The 06/03/2020 15:53, Szabolcs Nagy wrote: > The 06/03/2020 11:33, Adhemerval Zanella via Libc-alpha wrote: > > On 03/06/2020 11:24, Florian Weimer via Libc-alpha wrote: > > > * Andrea Corallo: > > >> Florian Weimer writes: > > >>> As a very high-level comment, I would expect some sort of markup in the > > >>> file that this implementation is now MTE-safe, similar to what we have > > >>> for executable stacks. > > >>> > > >>> Or do you plan to handle that in some other fashion? > > >>> > > >>> Thanks, > > >>> Florian > > >> > > >> Hi Florian, > > >> > > >> Now the only markup is the comment on the top of the file stating the > > >> MTE compatibility of the routine. > > >> > > >> I'm not aware of how this marking is done for executable stacks, perhaps > > >> could you give an hook on where to look for? > > > > > > Typically, the -z noexecstack flag or a special .note.GNU-stack section > > > is used for that. > > > > > >> Just to make sure we are one the same page wanted to add: these > > >> functions are supposed to be backward compatible with what they are > > >> replacing, so I'm not sure a marking is necessary. > > > > > > It's MTE that isn't backwards-compatible without such markup. > > > > Afaiu there is no need to add any marking for MTE, the main difference > > it enforce 16-byte granularity read. I think you are confusing with > > BTI, which does require the GNU note. > > in principle existing binaries may not be mte safe: > > (1) the top byte may be used by user code, > (2) page size granularity may be assumed for memory protection. > > so it is a valid question if we want to mark binaries that > are mte-safe to make mte an opt-in feature. > > the problem is that then we cannot use heap tagging for debugging > heap corruption problems in existing binaries. so even if we > apply an mte markup we have to allow the user to override that. > > we probably don't want heap tagging on by default since there > is an overhead so in the end it will be a user choice if mte > is enabled or not. > > the difference compared to noexecstack is that the runtime can > fall back to executable stack if there are non-marked binaries, > but with mte once it's on the runtime cannot fall back, just > reject incompatible binaries (and it has to be on very early: > before malloc calls are made). this is not entirely true: (2) can be fixed at runtime by keeping tags but turning tag checks off (it's a per thread setting so a bit tricky to do across all threads), but (1) cannot be fixed at runtime: if there are tagged pointers already being passed around we cannot get rid of them, so we have to reject the incompatible library. we could have separate markup for problems (1) and (2) but neither of them is easily discoverable by the compiler (well conforming c code is not supposed to do either), so i don't know how the markup would be added to object files in a reliable way. > > i don't know if it makes sense to introduce an object markup just > for aborting / rejecting loading libraries when the user asked > for mte. --