From: Szabolcs Nagy <szabolcs.nagy@arm.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: Richard Earnshaw via Libc-alpha <libc-alpha@sourceware.org>,
Richard Earnshaw <rearnsha@arm.com>
Subject: Re: [PATCH v4 3/6] malloc: Basic support for memory tagging in the malloc() family
Date: Mon, 21 Dec 2020 14:31:40 +0000 [thread overview]
Message-ID: <20201221143139.GC720@arm.com> (raw)
In-Reply-To: <87sg7zw9tl.fsf@oldenburg2.str.redhat.com>
The 12/21/2020 14:46, Florian Weimer via Libc-alpha wrote:
> * Richard Earnshaw via Libc-alpha:
> > +/* Generate a new (random) tag value for PTR, set the tags for the
> > + memory to the new tag and initialize the memory contents to VAL.
> > + In practice this function will only be called with VAL=0, but we
> > + keep this parameter to maintain the same prototype as memset. */
> > +static void *
> > +__mtag_tag_new_memset (void *ptr, int val, size_t size)
> > +{
> > + return __libc_mtag_memset_with_tag (__libc_mtag_new_tag (ptr), val, size);
> > +}
>
> I would like to point out that random choice from all possible tag bits
> precludes some memory tagging applications. Some applications might
> want to unconditionally force certain tag bits on a load, to assert that
> the pointer refers to a specific kind of memory. If glibc malloc
> randomly assigns tag bits from entire range, this kind of memory type
> assertion is no longer eliable.
in the mte architecture we can control the set of tags
__libc_mtag_new_tag (irg instruction) may select from.
currently we set the MTE_ALLOWED_TAGS in aarch64 via
prctl such that all tags are allowed except 0.
i imagine if we have a usecase for using specific tags
somewhere then we would exclude those from the allowed
random tags.
(e.g. malloc metadata in heap memory is 0 tagged now
which is guaranteed to be different from the user
allocation tags, but we could reserve a special tag
for metadata and exclude that from the allowed tags.)
note that currently user code cannot easily use tagging:
the prctl settings are owned by the libc and cannot be
changed easily in a multithreaded process. suballocators
cannot retag heap memory unless they revert the tags
before calling free. and the PROT_MTE setting for most
variables are libc controlled (globals in elf objects
heap and stack). so only manually mmaped memory can use
tags in user code. we could reserve some tags for such
usage that are distinct from heap tags, but havent so
far.
since we haven't committed to a stable abi yet with the
tunables i think we have opportunity to change this if
necessary.
next prev parent reply other threads:[~2020-12-21 14:32 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-18 19:29 [PATCH v4 0/6] Memory tagging support Richard Earnshaw
2020-12-18 19:29 ` [PATCH v4 1/6] config: Allow memory tagging to be enabled when configuring glibc Richard Earnshaw
2020-12-21 12:40 ` Siddhesh Poyarekar
2020-12-18 19:29 ` [PATCH v4 2/6] elf: Add a tunable to control use of tagged memory Richard Earnshaw
2020-12-21 12:42 ` Siddhesh Poyarekar
2020-12-18 19:29 ` [PATCH v4 3/6] malloc: Basic support for memory tagging in the malloc() family Richard Earnshaw
2020-12-21 13:27 ` Siddhesh Poyarekar
2020-12-21 13:46 ` Florian Weimer
2020-12-21 14:31 ` Richard Earnshaw
2020-12-21 14:31 ` Szabolcs Nagy [this message]
2020-12-18 19:29 ` [PATCH v4 4/6] linux: Add compatibility definitions to sys/prctl.h for MTE Richard Earnshaw
2020-12-21 13:32 ` Siddhesh Poyarekar
2020-12-21 13:34 ` Richard Earnshaw
2020-12-21 13:38 ` Siddhesh Poyarekar
2020-12-21 13:39 ` Florian Weimer
2020-12-21 13:41 ` Siddhesh Poyarekar
2020-12-18 19:29 ` [PATCH v4 5/6] aarch64: Add sysv specific enabling code for memory tagging Richard Earnshaw
2020-12-21 12:27 ` Szabolcs Nagy
2020-12-21 13:36 ` Siddhesh Poyarekar
2020-12-18 19:29 ` [PATCH v4 6/6] aarch64: Add aarch64-specific files for memory tagging support Richard Earnshaw
2020-12-21 12:44 ` Szabolcs Nagy
2020-12-21 12:50 ` Richard Earnshaw
2020-12-18 20:18 ` [PATCH v4 0/6] Memory " H.J. Lu
2020-12-21 12:28 ` Siddhesh Poyarekar
2020-12-21 13:44 ` Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201221143139.GC720@arm.com \
--to=szabolcs.nagy@arm.com \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=rearnsha@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).