From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40086.outbound.protection.outlook.com [40.107.4.86]) by sourceware.org (Postfix) with ESMTPS id 6F55C3861862 for ; Mon, 21 Dec 2020 14:32:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 6F55C3861862 Received: from AM6P191CA0099.EURP191.PROD.OUTLOOK.COM (2603:10a6:209:8a::40) by PR3PR08MB5786.eurprd08.prod.outlook.com (2603:10a6:102:85::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.29; Mon, 21 Dec 2020 14:32:27 +0000 Received: from AM5EUR03FT057.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:8a:cafe::c5) by AM6P191CA0099.outlook.office365.com (2603:10a6:209:8a::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.29 via Frontend Transport; Mon, 21 Dec 2020 14:32:27 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;sourceware.org; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT057.mail.protection.outlook.com (10.152.17.44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.22 via Frontend Transport; Mon, 21 Dec 2020 14:32:25 +0000 Received: ("Tessian outbound 8b6e0bb22f1c:v71"); Mon, 21 Dec 2020 14:32:22 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 2cab817ba9c8892f X-CR-MTA-TID: 64aa7808 Received: from 50f8cec9e4e2.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 6C0EEB44-6616-4603-B3C8-16954AE4CE5D.1; Mon, 21 Dec 2020 14:31:44 +0000 Received: from FRA01-PR2-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 50f8cec9e4e2.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 21 Dec 2020 14:31:44 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WFrEadW689PFz457LzpEdxQNzpifev+llFr8OPpbXhG2MedXxBxM6hiiXMGj5LfbHp933dTD2OfukJuuzG+wql8QRRBDx5yl0X7hLUkblnpuJPwmvE2wliv2y2jJEcD96YUGdk22E9Y/phMrORTBCK1zTIh29XFZd8DXxIfxqS/fcBYi/3nzBuEcc+7tUv5d0grdw4ukkrkqI/0GcpRmvnHoBsWTbscUtRq8PfcqSU1rIT+qwALEsz0aH7kiRlEtA2s7l6Etu6zY5N8m00ovBovaqClbgRnkOFL+25IGKqWmeEcRHPvqX52d0rrtgWS8Rr3B0ttm3NqLVGHPThUJTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2OkfW7Lkb70MePem7ZP/amJ7+FXJspYK0CQfKRnf/hs=; b=Ua0++At0uDtJsUG+XU8uZwaCbQtdMFKVXMBL2ZMe3lQMjYnO7BRFGayRyJA+QaJ3y8y6UVjF4kSlXpxsdapHLaxv3grqSwuLUZISt+p+CTfKPYxQB5ASmDtvpmsrvb00YrjulcbRmRj4vGtrIuPn2xmS3bcUuoWmwx+J+cloqFnl9Ry9DusWXo1oYLxG4Ki68yHAunmI5wgpFyBHcnIsDtxvSDTZfCdDpe6fzwZ9Cm/LEjjz86nvur+3rOyZG5aOPdXGcQoXw85xItBGcGzoqVcOf9+ulERGc7zs+blZ5JTSuxDECWaUbIDc1wKAKEM4qQOSOf58wTZQJk7g24iYKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none Authentication-Results-Original: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=arm.com; Received: from PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) by PR2PR08MB4668.eurprd08.prod.outlook.com (2603:10a6:101:1e::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.33; Mon, 21 Dec 2020 14:31:42 +0000 Received: from PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::9d96:26c8:4904:40a3]) by PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::9d96:26c8:4904:40a3%3]) with mapi id 15.20.3676.033; Mon, 21 Dec 2020 14:31:42 +0000 Date: Mon, 21 Dec 2020 14:31:40 +0000 From: Szabolcs Nagy To: Florian Weimer Cc: Richard Earnshaw via Libc-alpha , Richard Earnshaw Subject: Re: [PATCH v4 3/6] malloc: Basic support for memory tagging in the malloc() family Message-ID: <20201221143139.GC720@arm.com> References: <20201218192957.11035-1-rearnsha@arm.com> <20201218192957.11035-4-rearnsha@arm.com> <87sg7zw9tl.fsf@oldenburg2.str.redhat.com> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <87sg7zw9tl.fsf@oldenburg2.str.redhat.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-Originating-IP: [217.140.106.54] X-ClientProxiedBy: LO4P123CA0356.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18d::19) To PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from arm.com (217.140.106.54) by LO4P123CA0356.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18d::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.29 via Frontend Transport; Mon, 21 Dec 2020 14:31:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: eb62fd2e-7296-41a4-d2d3-08d8a5bd3c92 X-MS-TrafficTypeDiagnostic: PR2PR08MB4668:|PR3PR08MB5786: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:9508;OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: Es4mQrD5Diyhr4Eoa7NRIeyoKVOKYBpgPkFcr8dssmPCCKqETPCxaqsNP034L5XTroLr4KxVEbqkAT8f+Jhy9e+BkLtOLLVw36Kd3+X7XPA+xVFWp613/sDf5I3xEcASnJj5QqDo4LA6UWAxtViQa72O6HtWYEZf5+0ilfqMzCjMwpv0y0nd0rvlq6x/E/cjs6Mt7WZGe7w982Fz4ql7kTRjvl/Kn0vVY53nlMjT2KaP3uY49Xypzs2iBBJTad9YDHcvuz864SNcBGqHAtAn7C0KQ24cuG2paRWNXvbWp60EPTuXBYWr/dRi1JsU/44LWJJgzazsHymh9yinMzndZffISnHW+J6h1gDKmyOSLRPZ/T5yWRioEeuI6jC3xphXmEilKtSIJ6MN/maN54OlU++c0LG4VTS/FIn3ZHWbCpFC1+bXfBCEgc+yEmcuiDM7 X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR08MB6320.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(39830400003)(366004)(376002)(16526019)(956004)(2616005)(2906002)(1076003)(186003)(5660300002)(508600001)(36756003)(26005)(33656002)(44832011)(66556008)(8676002)(6916009)(52116002)(86362001)(55016002)(8936002)(66476007)(66946007)(7696005)(8886007)(54906003)(4326008)(34490700003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?cUpLVVI0Y0Q1UG5Na2ErQ0Q1Und5OHRYQWN1b2Vqb2dEWUptSmNDMnNQeFE3?= =?utf-8?B?RHkyTmsxNkZpQ1orZFpXSU14Z01ta3FmUlZwY0hqTnVCREpDWDdCeHoyS0Fx?= =?utf-8?B?WWM5TW1DRzF1d25waHpzYkY5OWJ0a0VMaWIydVFUTnNvTm9PS1BYd1dkOTZi?= =?utf-8?B?bTB3ZGc1b3lhcWVLVUJyMVVyZHc2SGNQd2xRaGEremhHMGVPdHVtQlM4V0tM?= =?utf-8?B?TFVUMmRjT2o1a1kzMWtkVG1pVE5xN0ROaERSZk5PU2M3dldac1o2aW5nenN6?= =?utf-8?B?bC9tcGRPTXlPajgzdDF0UkJ3TWo0OEFjdjd6T1VLQVJnbm5KcWtGTXl5eGZO?= =?utf-8?B?NVUyTGdBZnVLbXJHZWRicjFwU0VHYkI4S21SMHFhK2puWHFRN1VEVXo1UUp5?= =?utf-8?B?alZYcDR1L3lhaEtKM0pVT0xFdnRzRzIxTXBVZ1FaUVZlSG40MnR3K2pickRs?= =?utf-8?B?Q0l2WFdTNkNZVVZkUVlSencxNWw2UGVEVVREKzh0SE1mUWc0QzBlUjZycGl1?= =?utf-8?B?Rmoycml1eU5qV0M0cnFPYzlYbGNyWnlqMm4xS3JzUHpETDA0bTRCTFdKVDFU?= =?utf-8?B?N0o3YU9xRjA4VjVDOUVPZnkxUmR2VFI4WmRaclVCMmlsZkZKd1Npaythb3Zw?= =?utf-8?B?N1JCY3ZMcEtoMmdiY09lQjNsclZTYXFpWGlvRnBFTExIOUZsWTJCK0g0Yi9y?= =?utf-8?B?eDFMTmg5MytxN0pkTkoweWVGZXA5b01rZnhoVTdoTEFYL2FscnJnK05mbW5E?= =?utf-8?B?QnVldDFCV1IzNldYOEpRL3k3STVvOXVzNjc3SUNsU1doUmVCR0FJaEwxLzk2?= =?utf-8?B?bGlXMTIyWThreERPOHpTRmpmVXoxMFBOMlFzK0VOb2NJM0NRQkw2MzI3WUJI?= =?utf-8?B?YzA2K0loVDlqSzBIQktyV0E5OXQxazd3OUpUSjN1UWhVVGpUeGtUMzlZQVkz?= =?utf-8?B?WHJ3OEZHZDk5a0lTOW9JYXpqdU8zamE0Y3d6N3g1VGZGemNzOVpqVndjdTdT?= =?utf-8?B?MnM3cHFiOERJYm9YUlAyOGxoWjlPR0MydG9TQk1ITUd3c1NaREN0NXV5VDhl?= =?utf-8?B?dkFpOVhxSkE2SUgrWXR4eFZRblhKNk5KOEo1ZHRqSXdnQlhPWWRma3hnUFBr?= =?utf-8?B?K29iMDlJMEpuT0FHbjNpUm9heGQ0WEpIRVlrRHpiVE0vTHRaeXBHeFJId2FK?= =?utf-8?B?WFFqdkRyY01DN1V4TlMyR1BHOFIwUDFDT25QVlUyTmtUeW5tdi9qc1VLbWtW?= =?utf-8?B?L3lWeXJxSHpnN0VueVNnaitLYk9UUEk5WmFMb1VmSDZSZkdjMW1RbHBZQ01s?= =?utf-8?Q?5JBf5O9Sc5a0j/6ZaEK1dA/Vo4JInzJ0I/?= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR2PR08MB4668 Original-Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT057.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 68a04b5b-22df-4be8-9302-08d8a5bd229c X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BqCD/pu3Cjdcxx00B5EJOmgRsiJg2v8bKCYRlgGhEL4FpRaQUrdEZ0smUaCvu/TKdYsBU/wHbtYXjK6zPcm5A/iouRzXk0Xmg7UXLDGFlnIAkyQ1Z1K9DKo1iINkrxzZf7VnD3oEvGAlQqzSGHOqQybmXgViqv7gZufp83FjOcSWbrQJ27tbLjCR7eM0wfjceFoqA5v5Nt4kJRYzLsTAYCTsNWYVNfUp7Iy93itmHMlxyv9KUjn4m7x718L1plnCN3OxiDp2y+N4/c8dnK6XCc4T2QH2uVeWFYYUWZ8zrVO62861Xnz4ZrSKmOmW9srzfgYmyKFBfVwH8DxmLin6O5Y6u44L8JQnGqGk5+fdlW+oBjxCzxmMgGludiBPOy5i79Mu6PpNgEtYCo9qeBNq/PBHcZ7EtEuvSfZ4ev+MCqv8Xh3IUg1plO1AZHH1vuNHylFC+7fID0gN9ecpdkyqIA== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(396003)(346002)(376002)(39830400003)(46966005)(55016002)(16526019)(54906003)(47076004)(81166007)(356005)(2906002)(7696005)(6862004)(2616005)(956004)(36756003)(186003)(8886007)(508600001)(86362001)(44832011)(8936002)(82310400003)(336012)(1076003)(4326008)(33656002)(8676002)(5660300002)(26005)(70586007)(70206006); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2020 14:32:25.5922 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: eb62fd2e-7296-41a4-d2d3-08d8a5bd3c92 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT057.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR08MB5786 X-Spam-Status: No, score=-7.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2020 14:32:31 -0000 The 12/21/2020 14:46, Florian Weimer via Libc-alpha wrote: > * Richard Earnshaw via Libc-alpha: > > +/* Generate a new (random) tag value for PTR, set the tags for the > > + memory to the new tag and initialize the memory contents to VAL. > > + In practice this function will only be called with VAL=0, but we > > + keep this parameter to maintain the same prototype as memset. */ > > +static void * > > +__mtag_tag_new_memset (void *ptr, int val, size_t size) > > +{ > > + return __libc_mtag_memset_with_tag (__libc_mtag_new_tag (ptr), val, size); > > +} > > I would like to point out that random choice from all possible tag bits > precludes some memory tagging applications. Some applications might > want to unconditionally force certain tag bits on a load, to assert that > the pointer refers to a specific kind of memory. If glibc malloc > randomly assigns tag bits from entire range, this kind of memory type > assertion is no longer eliable. in the mte architecture we can control the set of tags __libc_mtag_new_tag (irg instruction) may select from. currently we set the MTE_ALLOWED_TAGS in aarch64 via prctl such that all tags are allowed except 0. i imagine if we have a usecase for using specific tags somewhere then we would exclude those from the allowed random tags. (e.g. malloc metadata in heap memory is 0 tagged now which is guaranteed to be different from the user allocation tags, but we could reserve a special tag for metadata and exclude that from the allowed tags.) note that currently user code cannot easily use tagging: the prctl settings are owned by the libc and cannot be changed easily in a multithreaded process. suballocators cannot retag heap memory unless they revert the tags before calling free. and the PROT_MTE setting for most variables are libc controlled (globals in elf objects heap and stack). so only manually mmaped memory can use tags in user code. we could reserve some tags for such usage that are distinct from heap tags, but havent so far. since we haven't committed to a stable abi yet with the tunables i think we have opportunity to change this if necessary.