| Message ID | 20201123154236.25809-1-rearnsha@arm.com |
|---|---|
| Headers |
Return-Path: <libc-alpha-bounces@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CF3F53870868; Mon, 23 Nov 2020 15:42:59 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CF3F53870868 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1606146179; bh=fZAyAMlycfAagrl3XDl6hfh+UsfmpmZSv/x2xQOWbVw=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=LraAtxRwzpe89U8/FhHwvAIjstgxsDDu1qitb8oMYAuNiNU2bmJBRoh83xiNmEbXZ nAvpUKos+zHID1xAmbWEQXpIP6Tf+wO7PCCMKSd5aGIFZYkgSY+86xud+4mB+MUwgY v+W2onQ9FmgmD15G5zD24tbmsDzw3N+iHpfpbAPk= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 59D063842415 for <libc-alpha@sourceware.org>; Mon, 23 Nov 2020 15:42:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 59D063842415 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DC1AD1396; Mon, 23 Nov 2020 07:42:52 -0800 (PST) Received: from eagle.buzzard.freeserve.co.uk (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2FF3D3F718; Mon, 23 Nov 2020 07:42:52 -0800 (PST) To: libc-alpha@sourceware.org Subject: [PATCH v3 0/8] Memory tagging support Date: Mon, 23 Nov 2020 15:42:28 +0000 Message-Id: <20201123154236.25809-1-rearnsha@arm.com> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Richard Earnshaw via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Richard Earnshaw <rearnsha@arm.com> Cc: Richard Earnshaw <rearnsha@arm.com> Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org> |
| Series |
Memory tagging support
|
|
Message
Richard Earnshaw
Nov. 23, 2020, 3:42 p.m. UTC
This is the third iteration of the patch set to enable memory tagging in glibc's malloc code. It mainly addresses the following issues raised during the previous review: - Clean up/add some internal API documentation - Remove ROUND_UP_ALLOCATION_SIZE and use some conditionalized code in checked_request2size instead. - Support MALLOC_CHECK_ in conjuction with _MTAG_ENABLE. The first two issues are addressed in patch 4 of this series, and the third in patch 5. I intend to merge patches 3, 4 and 5 into a single update to the malloc code before the final commit; I've kept them separate for now to (hopefully) simplify the review. The patches have all been rebased against master as of 2020/11/20. I spent quite a bit of time while working on these looking at whether the code could be refactored in order to reduce the places where SIZE_SZ was being added (in different multiples) to various pointers. I eventually concluded that this wasn't significantly improving the readability of the code, but one change has survived - I've replaced usage of 2 * SIZE_SZ with CHUNK_HDR_SZ when it is clear that this is referring to the header block at the start of a chunk. I've pushed a copy of this patch series to rearnsha/mte-v3.0, since I understand some people want to try the patch series as a whole. R. Richard Earnshaw (8): config: Allow memory tagging to be enabled when configuring glibc elf: Add a tunable to control use of tagged memory malloc: Basic support for memory tagging in the malloc() family malloc: Clean up commentary malloc: support MALLOC_CHECK_ in conjunction with _MTAG_ENABLE. linux: Add compatibility definitions to sys/prctl.h for MTE aarch64: Add sysv specific enabling code for memory tagging aarch64: Add aarch64-specific files for memory tagging support INSTALL | 14 + config.h.in | 3 + config.make.in | 2 + configure | 17 + configure.ac | 10 + elf/dl-tunables.list | 9 + malloc/arena.c | 59 ++- malloc/hooks.c | 79 ++-- malloc/malloc.c | 336 ++++++++++++++---- malloc/malloc.h | 7 + manual/install.texi | 13 + manual/tunables.texi | 31 ++ sysdeps/aarch64/Makefile | 5 + sysdeps/aarch64/__mtag_address_get_tag.S | 31 ++ sysdeps/aarch64/__mtag_memset_tag.S | 46 +++ sysdeps/aarch64/__mtag_new_tag.S | 38 ++ sysdeps/aarch64/__mtag_tag_region.S | 44 +++ sysdeps/aarch64/libc-mtag.h | 57 +++ sysdeps/generic/libc-mtag.h | 52 +++ sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h | 1 + sysdeps/unix/sysv/linux/aarch64/bits/mman.h | 7 + .../unix/sysv/linux/aarch64/cpu-features.c | 28 ++ .../unix/sysv/linux/aarch64/cpu-features.h | 1 + sysdeps/unix/sysv/linux/sys/prctl.h | 18 + 24 files changed, 811 insertions(+), 97 deletions(-) create mode 100644 sysdeps/aarch64/__mtag_address_get_tag.S create mode 100644 sysdeps/aarch64/__mtag_memset_tag.S create mode 100644 sysdeps/aarch64/__mtag_new_tag.S create mode 100644 sysdeps/aarch64/__mtag_tag_region.S create mode 100644 sysdeps/aarch64/libc-mtag.h create mode 100644 sysdeps/generic/libc-mtag.h
Comments
The 11/23/2020 15:42, Richard Earnshaw wrote: > This is the third iteration of the patch set to enable memory tagging > in glibc's malloc code. It mainly addresses the following issues raised > during the previous review: > > - Clean up/add some internal API documentation > - Remove ROUND_UP_ALLOCATION_SIZE and use some conditionalized code > in checked_request2size instead. > - Support MALLOC_CHECK_ in conjuction with _MTAG_ENABLE. > > The first two issues are addressed in patch 4 of this series, and the > third in patch 5. I intend to merge patches 3, 4 and 5 into a single > update to the malloc code before the final commit; I've kept them > separate for now to (hopefully) simplify the review. > > The patches have all been rebased against master as of 2020/11/20. > > I spent quite a bit of time while working on these looking at whether > the code could be refactored in order to reduce the places where > SIZE_SZ was being added (in different multiples) to various pointers. > I eventually concluded that this wasn't significantly improving the > readability of the code, but one change has survived - I've replaced > usage of 2 * SIZE_SZ with CHUNK_HDR_SZ when it is clear that this is > referring to the header block at the start of a chunk. > > I've pushed a copy of this patch series to rearnsha/mte-v3.0, since I > understand some people want to try the patch series as a whole. cross testing with --enable-memory-tagging and _MTAG_ENABLE=3 in qemu with arm64 for-next/mte linux branch, the new failures i see: FAIL: malloc/tst-malloc-backtrace FAIL: malloc/tst-mallocstate FAIL: malloc/tst-safe-linking FAIL: malloc/tst-tcfree1 FAIL: malloc/tst-tcfree2 FAIL: malloc/tst-tcfree3 all these tests have use after free FAIL: posix/tst-mmap unaligned mmap over malloced memory now fails with ENOMEM instead of EINVAL. i think these are all reasonable failures for mte. (the malloc/ ones can be unsupported, and the mmap test can use mmaped memory instead of malloced)
On 11/23/20 9:12 PM, Richard Earnshaw via Libc-alpha wrote: > This is the third iteration of the patch set to enable memory tagging > in glibc's malloc code. It mainly addresses the following issues raised > during the previous review: > > - Clean up/add some internal API documentation > - Remove ROUND_UP_ALLOCATION_SIZE and use some conditionalized code > in checked_request2size instead. > - Support MALLOC_CHECK_ in conjuction with _MTAG_ENABLE. I tried to review but the patchset doesn't build on x86_64 because __libc_mtag_tag_region() and __libc_mtag_address_get_tag() are macros: arena.c: In function ‘ptmalloc_init’: arena.c:342:22: error: ‘__libc_mtag_tag_region’ undeclared (first use in this function); did you mean ‘__default_tag_region’? 342 | __tag_region = __libc_mtag_tag_region; | ^~~~~~~~~~~~~~~~~~~~~~ | __default_tag_region I'll review 1, 2. 6 and 7 (and the overall design) anyway since I suspect you'll only end up changing 3 and 8 to fix this failure. Hopefully that will help you make forward progress. > The first two issues are addressed in patch 4 of this series, and the > third in patch 5. I intend to merge patches 3, 4 and 5 into a single > update to the malloc code before the final commit; I've kept them > separate for now to (hopefully) simplify the review. Please merge them in first; it is actually confusing to review because I have to then refer across three patches to see what's fixed in 3/8. Besides, having the version of the patch in review being the same as the one that's committed helps since we can then auto-close patchwork patches. > I spent quite a bit of time while working on these looking at whether > the code could be refactored in order to reduce the places where > SIZE_SZ was being added (in different multiples) to various pointers. > I eventually concluded that this wasn't significantly improving the > readability of the code, but one change has survived - I've replaced > usage of 2 * SIZE_SZ with CHUNK_HDR_SZ when it is clear that this is > referring to the header block at the start of a chunk. I skimmed through the patches and I think this is a useful change, thanks. Siddhesh
On Mon, Nov 23, 2020 at 7:46 AM Richard Earnshaw via Libc-alpha <libc-alpha@sourceware.org> wrote: > > This is the third iteration of the patch set to enable memory tagging > in glibc's malloc code. It mainly addresses the following issues raised > during the previous review: > > - Clean up/add some internal API documentation > - Remove ROUND_UP_ALLOCATION_SIZE and use some conditionalized code > in checked_request2size instead. > - Support MALLOC_CHECK_ in conjuction with _MTAG_ENABLE. > > The first two issues are addressed in patch 4 of this series, and the > third in patch 5. I intend to merge patches 3, 4 and 5 into a single > update to the malloc code before the final commit; I've kept them > separate for now to (hopefully) simplify the review. > > The patches have all been rebased against master as of 2020/11/20. > > I spent quite a bit of time while working on these looking at whether > the code could be refactored in order to reduce the places where > SIZE_SZ was being added (in different multiples) to various pointers. > I eventually concluded that this wasn't significantly improving the > readability of the code, but one change has survived - I've replaced > usage of 2 * SIZE_SZ with CHUNK_HDR_SZ when it is clear that this is > referring to the header block at the start of a chunk. > > I've pushed a copy of this patch series to rearnsha/mte-v3.0, since I > understand some people want to try the patch series as a whole. > > R. > > Richard Earnshaw (8): > config: Allow memory tagging to be enabled when configuring glibc > elf: Add a tunable to control use of tagged memory > malloc: Basic support for memory tagging in the malloc() family > malloc: Clean up commentary > malloc: support MALLOC_CHECK_ in conjunction with _MTAG_ENABLE. > linux: Add compatibility definitions to sys/prctl.h for MTE > aarch64: Add sysv specific enabling code for memory tagging > aarch64: Add aarch64-specific files for memory tagging support > Please add some tests to verify use-after-free and underflow/overflow detections which aren't detected by the current malloc implementation. Also should glibc provide a memory tag interface for other memory allocators? H.J.
On 25/11/2020 14:49, Siddhesh Poyarekar wrote: > On 11/23/20 9:12 PM, Richard Earnshaw via Libc-alpha wrote: >> This is the third iteration of the patch set to enable memory tagging >> in glibc's malloc code. It mainly addresses the following issues raised >> during the previous review: >> >> - Clean up/add some internal API documentation >> - Remove ROUND_UP_ALLOCATION_SIZE and use some conditionalized code >> in checked_request2size instead. >> - Support MALLOC_CHECK_ in conjuction with _MTAG_ENABLE. > > I tried to review but the patchset doesn't build on x86_64 because > __libc_mtag_tag_region() and __libc_mtag_address_get_tag() are macros: > > arena.c: In function ‘ptmalloc_init’: > arena.c:342:22: error: ‘__libc_mtag_tag_region’ undeclared (first use in > this function); did you mean ‘__default_tag_region’? > 342 | __tag_region = __libc_mtag_tag_region; > | ^~~~~~~~~~~~~~~~~~~~~~ > | __default_tag_region > Ah, you're configuring x86 with this feature enabled. Sorry, I didn't think to test that :( I think the right solution is to make the configure step detect that this won't work and ignore the config option in that case. > I'll review 1, 2. 6 and 7 (and the overall design) anyway since I > suspect you'll only end up changing 3 and 8 to fix this failure. > Hopefully that will help you make forward progress. > >> The first two issues are addressed in patch 4 of this series, and the >> third in patch 5. I intend to merge patches 3, 4 and 5 into a single >> update to the malloc code before the final commit; I've kept them >> separate for now to (hopefully) simplify the review. > > Please merge them in first; it is actually confusing to review because I > have to then refer across three patches to see what's fixed in 3/8. > > Besides, having the version of the patch in review being the same as the > one that's committed helps since we can then auto-close patchwork patches. OK. > >> I spent quite a bit of time while working on these looking at whether >> the code could be refactored in order to reduce the places where >> SIZE_SZ was being added (in different multiples) to various pointers. >> I eventually concluded that this wasn't significantly improving the >> readability of the code, but one change has survived - I've replaced >> usage of 2 * SIZE_SZ with CHUNK_HDR_SZ when it is clear that this is >> referring to the header block at the start of a chunk. > > I skimmed through the patches and I think this is a useful change, thanks. > > Siddhesh R.
On 11/25/20 9:18 PM, Richard Earnshaw wrote: > Ah, you're configuring x86 with this feature enabled. Sorry, I didn't > think to test that :( > > I think the right solution is to make the configure step detect that > this won't work and ignore the config option in that case. > If you take that route then I think the earlier description of --enable-memory-tagging in configure is more precise and you'd need to adjust the description in INSTALL ;) Siddhesh