From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fweimer@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by sourceware.org (Postfix) with ESMTP id F3CCC3857432
 for <libc-alpha@sourceware.org>; Mon, 23 Aug 2021 13:49:44 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org F3CCC3857432
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-155-eJ_kUkAZP9mNuU_QwxLeuA-1; Mon, 23 Aug 2021 09:49:43 -0400
X-MC-Unique: eJ_kUkAZP9mNuU_QwxLeuA-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A5CDA101C8A0;
 Mon, 23 Aug 2021 13:49:41 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.39.194.2])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id BC67160CC9;
 Mon, 23 Aug 2021 13:49:39 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: GNU C Library <libc-alpha@sourceware.org>,  Joseph Myers
 <joseph@codesourcery.com>,  "Kirill A . Shutemov"
 <kirill.shutemov@linux.intel.com>,  Szabolcs Nagy <szabolcs.nagy@arm.com>,
 Adhemerval Zanella <adhemerval.zanella@linaro.org>,  Sunil K Pandey
 <skpgkp2@gmail.com>
Subject: Re: [PATCH v6 1/1] <sys/tagged-address.h>: An API for tagged address
References: <20210822124546.154232-1-hjl.tools@gmail.com>
 <20210822124546.154232-2-hjl.tools@gmail.com>
 <87fsv0se5s.fsf@oldenburg.str.redhat.com>
 <CAMe9rOoADoJtD-nV=zj1duPRz383FFawk1msk4xB+7=q=2jOfw@mail.gmail.com>
Date: Mon, 23 Aug 2021 15:49:37 +0200
In-Reply-To: <CAMe9rOoADoJtD-nV=zj1duPRz383FFawk1msk4xB+7=q=2jOfw@mail.gmail.com>
 (H. J. Lu's message of "Mon, 23 Aug 2021 06:40:07 -0700")
Message-ID: <874kbgp8y6.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW,
 RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Aug 2021 13:49:46 -0000

* H. J. Lu:

> On Mon, Aug 23, 2021 at 2:28 AM Florian Weimer <fweimer@redhat.com> wrote:
>>
>> * H. J. Lu:
>>
>> > By default, the number of the address bits used in address translation
>> > is the number of address bits.  But it can be changed by ARM Top-byte
>> > Ignore (TBI) or Intel Linear Address Masking (LAM).
>>
>> I think the fundamental concern is that we don't really know today how
>> this API would be used.  Szabolcs has said that Arm doesn't need this
>> API for HWSAN.  TBI has already other (incompatible) users, I think.
>> (Although OpenJDK's ZGC garbage collector has moved off it.)
>>
>> My concern is that this interface essentialyl sets in stone a certain
>> programming model for LAM, and we really don't know today if that's the
>> right approach.
>
> My current API has only set_translated_address_mask to enable LAM.
> It doesn't specify/know how LAM is used.  I don't see there is an issue
> here.

It's still unclear who owns the tag bits, and if the behavior is
expected to be like the kernel (e.g., glibc masks all tag bits in
dladdr so that they are ignored not just at the hardware level).

>> I also expect that HWSAN needs to poke at glibc internals, like the
>> other sanitizers, so I don't see why calling a kernel API behind glibc's
>> back would be problematic.
>
> The LAM enabled glibc should support all LAM usages.   memmove
> needs to know the LAM bits to work properly.

Only if it is permitted to change the tag on subobjects, which I don't
think is the case.  Otherwise overlaps necessarily have the same tag,
and the existing pointer comparison works as expected.

>> As a side effect of the libpthread merge, we freed DF_1_INITFIRST for
>> other uses, so you should be able to work around initialization ordering
>> issues, too.
>
> The issue here is that LAM should only be enabled ONCE before main
> and thread creation.  Neither DF_1_INITFIRST nor kernel API can properly
> enforce it.

How does AArch64 solve this?  Different kernel API?

Thanks,
Florian