From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A429EC43461 for ; Thu, 10 Sep 2020 12:43:42 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id E313C208FE for ; Thu, 10 Sep 2020 12:43:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E313C208FE Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 71FA5900008; Thu, 10 Sep 2020 08:43:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6CEE2900006; Thu, 10 Sep 2020 08:43:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5E612900008; Thu, 10 Sep 2020 08:43:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0179.hostedemail.com [216.40.44.179]) by kanga.kvack.org (Postfix) with ESMTP id 488D2900006 for ; Thu, 10 Sep 2020 08:43:41 -0400 (EDT) Received: from smtpin05.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 09263362C for ; Thu, 10 Sep 2020 12:43:41 +0000 (UTC) X-FDA: 77247118242.05.club85_0417ef0270e6 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin05.hostedemail.com (Postfix) with ESMTP id D6DC01801923A for ; Thu, 10 Sep 2020 12:43:40 +0000 (UTC) X-HE-Tag: club85_0417ef0270e6 X-Filterd-Recvd-Size: 5343 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by imf44.hostedemail.com (Postfix) with ESMTP for ; Thu, 10 Sep 2020 12:43:39 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BD6431063; Thu, 10 Sep 2020 05:43:38 -0700 (PDT) Received: from [192.168.1.179] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 283643F66E; Thu, 10 Sep 2020 05:43:37 -0700 (PDT) Subject: Re: [PATCH v9 09/29] arm64: mte: Clear the tags when a page is mapped in user-space with PROT_MTE To: Catalin Marinas Cc: linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, Will Deacon , Dave P Martin , Vincenzo Frascino , Szabolcs Nagy , Kevin Brodsky , Andrey Konovalov , Peter Collingbourne , Andrew Morton References: <20200904103029.32083-1-catalin.marinas@arm.com> <20200904103029.32083-10-catalin.marinas@arm.com> <5c2ebe16-2ac9-6cff-3456-6d8ac96b5fb7@arm.com> <20200910105258.GA4030@gaia> <19137fdc-64c6-a5c2-d6f6-ebcf4f553816@arm.com> <20200910115519.GB4030@gaia> From: Steven Price Message-ID: <6325a3b8-9723-6a28-1ae2-05148faffe9e@arm.com> Date: Thu, 10 Sep 2020 13:43:32 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20200910115519.GB4030@gaia> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: D6DC01801923A X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam02 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 10/09/2020 12:55, Catalin Marinas wrote: > On Thu, Sep 10, 2020 at 12:12:27PM +0100, Steven Price wrote: >> On 10/09/2020 11:52, Catalin Marinas wrote: >>> On Thu, Sep 10, 2020 at 11:23:33AM +0100, Steven Price wrote: >>>> On 04/09/2020 11:30, Catalin Marinas wrote: >>>>> --- /dev/null >>>>> +++ b/arch/arm64/lib/mte.S >>>>> @@ -0,0 +1,34 @@ >>>>> +/* SPDX-License-Identifier: GPL-2.0-only */ >>>>> +/* >>>>> + * Copyright (C) 2020 ARM Ltd. >>>>> + */ >>>>> +#include >>>>> + >>>>> +#include >>>>> +#include >>>>> + >>>>> + .arch armv8.5-a+memtag >>>>> + >>>>> +/* >>>>> + * multitag_transfer_size - set \reg to the block size that is accessed by the >>>>> + * LDGM/STGM instructions. >>>>> + */ >>>>> + .macro multitag_transfer_size, reg, tmp >>>>> + mrs_s \reg, SYS_GMID_EL1 >>>>> + ubfx \reg, \reg, #SYS_GMID_EL1_BS_SHIFT, #SYS_GMID_EL1_BS_SIZE >>>>> + mov \tmp, #4 >>>>> + lsl \reg, \tmp, \reg >>>>> + .endm >>>>> + >>>>> +/* >>>>> + * Clear the tags in a page >>>>> + * x0 - address of the page to be cleared >>>>> + */ >>>>> +SYM_FUNC_START(mte_clear_page_tags) >>>>> + multitag_transfer_size x1, x2 >>>>> +1: stgm xzr, [x0] >>>>> + add x0, x0, x1 >>>>> + tst x0, #(PAGE_SIZE - 1) >>>>> + b.ne 1b >>>>> + ret >>>>> +SYM_FUNC_END(mte_clear_page_tags) >>>> >>>> Could the value of SYS_GMID_EL1 vary between CPUs and do we therefore need a >>>> preempt_disable() around mte_clear_page_tags() (and other functions in later >>>> patches)? >>> >>> If they differ, disabling preemption here is not sufficient. We'd have >>> to trap the GMID_EL1 access at EL2 as well and emulate it (we do this >>> for CTR_EL0 in dcache_line_size). >> >> Hmm, good point. It's actually not possible to properly emulate this - EL2 >> can trap GMID_EL1 to provide a different (presumably smaller) size, but >> LDGM/STGM will still read/store the number of tags of the underlying >> hardware. While simple loops like we've got at the moment won't care (we'll >> just end up doing useless work), it won't be architecturally correct. The >> guest can always deduce the underlying value. So I think we can safely >> consider this broken hardware. > > I think that's similar to the DC ZVA (and DCZID_EL0.BS) case where > faking it could lead to data corruption if the software assumes it > writes a maximum number of bytes. > > (I meant to raise a ticket with the architects to make this a > requirement in the ARM ARM but forgot about it) Yes, that looks like exactly the same issue. >>> I don't want to proactively implement this just in case we'll have >>> broken hardware (I feel a bit more optimistic today ;)). >> >> Given the above I think if we do have broken hardware the only sane thing to >> do would be to provide a way of overriding multitag_transfer_size to return >> the smallest size of all CPUs. Which works well enough for the uses we've >> currently got. > > If we do have such broken hardware, we should probably drop the STGM > instructions in favour of STG or ST2G. Luckily, STGM/LDGM are not > available in user space. > STGM should be safe the way we're doing it as long as the block size we're using is <= the hardware block size (it'll just write multiple times, but we're writing more than the maximum block size so there's no data loss). Although it would be worthwhile to benchmark on the hardware to see whether it's actually worth it in that case or if STG/ST2G is actually faster. Steve