From: "H.J. Lu" <hjl.tools@gmail.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: GNU C Library <libc-alpha@sourceware.org>
Subject: Re: Programming model for tagged addresses
Date: Fri, 7 May 2021 04:48:30 -0700 [thread overview]
Message-ID: <CAMe9rOofBjG4McbO7kFY=gzW6+Jhj72NqVDn9=6Z1chxzh9E9g@mail.gmail.com> (raw)
In-Reply-To: <874kffeysx.fsf@oldenburg.str.redhat.com>
On Fri, May 7, 2021 at 2:33 AM Florian Weimer via Libc-alpha
<libc-alpha@sourceware.org> wrote:
>
> This is related to this bug:
>
> memmove doesn't work with tagged address
> <https://sourceware.org/bugzilla/show_bug.cgi?id=27828>
>
> The bug is about detecting memory region overlap in the presence of
> tagged addresses. This problem exists also with address tagging
> emulation using alias mappings.
>
> If tags are fixed at allocation, I do not think these comparisons are a
> problem. The argument goes like this: Backwards vs forwards copy only
> matters in case of overlap. All pointers within the same top-level
> object have the same tag, so the existing comparisons are fine.
> Overlapping memmove between different top-level objects cannot happen
> because top-level objects do not overlap. So you have to copy multiple
> objects to get an overlap, but that copies data between the objects as
> well, which is necessarily undefined.
>
> Things change when applications are expected to flip tag bits as they
> see fit, including for pointers to subjects. This leads to the question
> whether it's valid to pass such tag-altered pointers to glibc functions
> and system calls. Many objects have significant addresses (mutex and
> other synchronization objects, stdio streams), so the answer to that
> isn't immediately obvious.
It should be valid. Otherwise, we don't need TBI nor LAM. Glibc just
needs to be aware of the valid address bits used for address translation
and handle it properly. BTW, kernel can handle tagged addresses today.
> The next question is tag bits coming from glibc and the kernel are
> always zero initially. For example, for malloc, we currently use two
> bits in the heap to classify chunks (main arena, non-main arena, mmap).
> These bits do not change after allocation, so it is tempting to put them
> into the pointer itself. But this means that some of the tag bits are
> lost for application use.
Applications may put tags in tagged bits on pointers returned by malloc
or mmap. Glibc should always clear the tag on pointers when operating
on such pointers if needed.
--
H.J.
prev parent reply other threads:[~2021-05-07 11:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-07 8:24 Florian Weimer
2021-05-07 10:38 ` Szabolcs Nagy
2021-05-07 14:24 ` H.J. Lu
2021-05-07 11:48 ` H.J. Lu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMe9rOofBjG4McbO7kFY=gzW6+Jhj72NqVDn9=6Z1chxzh9E9g@mail.gmail.com' \
--to=hjl.tools@gmail.com \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).