From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hjl.tools@gmail.com>
Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com
 [IPv6:2607:f8b0:4864:20::234])
 by sourceware.org (Postfix) with ESMTPS id E12C13899078
 for <libc-alpha@sourceware.org>; Mon, 22 Feb 2021 13:58:24 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org E12C13899078
Received: by mail-oi1-x234.google.com with SMTP id l3so14027121oii.2
 for <libc-alpha@sourceware.org>; Mon, 22 Feb 2021 05:58:24 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=BnVonxWEkd/amKQhVQFDGSmY6zxuPVKPWO4277FJSYI=;
 b=cct/YP9ErMCvsVvJiUthMox4ybEN5mjXNI3RtsAY5uehqzoro5f49H3kh1xtZwTwZG
 /OXlbg92+QINvnkRxPS/wY1xDr3h8Co1EXNb+7giY79UJ3b13rY5I2oQDJ2/uJ1PPnY4
 mUza6nNkI4oUfZIM9bEXY0rKYtsT3OlRdo0247HJpNBDTMRwR2j1fDjpfq75A7BaQDkr
 3KnsTCo8fP5sf9wll400UoMFc6OHUP7n4sEjWQEhfbS6sdiWj7lvsFSw7ZrF32W26foc
 TeGFbDIBNmWmP8PliQzscimUavlXIMyVC2VJtcASKKBhPYlx+x7rOOOfoTEcY7zUsNmR
 gGxg==
X-Gm-Message-State: AOAM531OsVI8DJr2mtbWFYNgBmRHuiA4mVMhXz5xn/zP6/xlYeG/b7cb
 c2wYVLtNcqptoAEnCgcPPccyqca8YgUxp2HNyik=
X-Google-Smtp-Source: ABdhPJwHgdhs7RO4Kcm+fMXVUWotUUk+CXEDN4qBSiKlJ17CiqpSZrwPsWuZziaV3JfRuPxm2gpflSEJq0WIK720L6M=
X-Received: by 2002:aca:5783:: with SMTP id l125mr768223oib.79.1614002304343; 
 Mon, 22 Feb 2021 05:58:24 -0800 (PST)
MIME-Version: 1.0
References: <alpine.DEB.2.22.394.2102112022390.2915723@digraph.polyomino.org.uk>
 <CAMe9rOqLW2pn2-TZ0_sXk40Wr9+NU8BP3JfCGM3X4rQAHbEisg@mail.gmail.com>
 <877dndmxj3.fsf@oldenburg.str.redhat.com>
 <CAMe9rOq3p5oLZURAKW0KhL46UU6=_dWFrNcsY4eWhvGwOVf8RQ@mail.gmail.com>
 <CAMe9rOrwtyuiEq+a+81wFhmMLBzYhjQOrjkCCmKqgESY=kd4Rg@mail.gmail.com>
 <CAMe9rOpfKbaaVoeu=UJP4vMwqFn1CPtLO=8Lb9jHrJY_rkqSfg@mail.gmail.com>
 <20210218132419.GD12795@arm.com> <874ki9mrn4.fsf@oldenburg.str.redhat.com>
 <20210218135035.GE12795@arm.com>
 <CAMe9rOrUm89Rnp2cPLe1h8Bav3pKnhxGk-OcUnNBR1+9Wac0xQ@mail.gmail.com>
 <20210222082723.GH12795@arm.com>
In-Reply-To: <20210222082723.GH12795@arm.com>
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Mon, 22 Feb 2021 05:57:48 -0800
Message-ID: <CAMe9rOprpmAuq3_1S6ixKFJMJo7iss0-=yGiwaabQUf16dC7JA@mail.gmail.com>
Subject: Re: [RFC] <sys/tagged-address.h>: An API for tagged address
To: Szabolcs Nagy <szabolcs.nagy@arm.com>
Cc: Florian Weimer <fweimer@redhat.com>, 
 "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, 
 "Shanbhogue, Vedvyas" <vedvyas.shanbhogue@intel.com>, 
 "H.J. Lu via Libc-alpha" <libc-alpha@sourceware.org>,
 Joseph Myers <joseph@codesourcery.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-3029.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP,
 URIBL_BLACK autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 13:58:26 -0000

On Mon, Feb 22, 2021 at 12:28 AM Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
>
> The 02/18/2021 14:32, H.J. Lu wrote:
> >
> > We are working to enable LAM in glibc and GCC (HWASAN).
> >
> > 0. LAM is disabled when the process starts.
> > 1. Define GNU property markers for LAM compatibility.
> > 2. Update ld.so to support LAM.
> > 3. Make libc.so LAM compatible (memmove).
>
> if pointers to the same object always have the same tag,
> then memmove should work without changes i think.

string/memmove.c has

  /* This test makes the forward copying code be used whenever possible.
     Reduces the working set.  */
  if (dstp - srcp >= len) /* *Unsigned* compare!  */

This doesn't work when pointers have tags.

char *
inhibit_loop_to_libcall
simple_memmove (char *dst, const char *src, size_t n)
{
  char *ret = dst;
  if (src < dst)
    {
      dst += n;
      src += n;
      while (n--)
*--dst = *--src;
    }
  else
    while (n--)
      *dst++ = *src++;
  return ret;
}

has the same issue.

> if such pointers can have different tags then all pointer
> comparisions are problematic, not just memmove.

We haven't found other pointer usages in glibc which are
incompatible with tags.

> > 4. Provide an API to enable LAM.
> >
> > We noticed a few issues:
> >
> > 1. HWASAN should use the glibc API to enable tagged address
> > since glibc must track the tagged address mask.
>
> how does that mask work?
> is it possible to set it to different values or just on/off?

It is a bit mask of uintptr_t.  The default is (uintptr_t) -1.

#ifdef __GNUC__
/* A mask for constant address BITS used in address translation.  */
# define TAGGED_ADDRESS_MASK(BITS) \
  (__extension__ \
    ({ \
       _Static_assert (TAGGED_ADDRESS_VALID_BITS (BITS), \
       "Tagged address bits must be valid"); \
       (((uintptr_t) 1) << (BITS)) - 1; \
     }))
#endif

> > 2. set_tagged_address_mask shouldn't be allowed after
> > pthread_create is called.
>
> such api breaks software composability.
> i don't have a good solution (other than libc doing an early
> decision on its own).

How does it work with HWASAN?

> > 3. After set_tagged_address_mask is called, can it be called
> > again to change tagged address mask.
>
> after tagged pointers escape it is unlikely that changing
> settings works.
>


-- 
H.J.