From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7D24C433F5 for ; Fri, 13 May 2022 12:26:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 502746B0073; Fri, 13 May 2022 08:26:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 48AB36B0075; Fri, 13 May 2022 08:26:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 305FF6B0078; Fri, 13 May 2022 08:26:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 1BAC36B0073 for ; Fri, 13 May 2022 08:26:53 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id ED2A821441 for ; Fri, 13 May 2022 12:26:52 +0000 (UTC) X-FDA: 79460643864.22.DC34B91 Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178]) by imf20.hostedemail.com (Postfix) with ESMTP id 5EC851C00BC for ; Fri, 13 May 2022 12:26:42 +0000 (UTC) Received: by mail-yb1-f178.google.com with SMTP id m128so15033729ybm.5 for ; Fri, 13 May 2022 05:26:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=CNColVrvzT2paTadmJx7QmfVUH99VFUNC4FwQajaX30=; b=fgZoCr+P0YLHIt9difJEkBctiHZD1TAZ4VGl1Wdxe0wL43HKeppNRKfFFjEBzHoTnK X+MZTjD/NYV3m2WKlRYDIDK4kxl+KQpDnmBj/jy9Dg8Eik7KJSbnbSNAkWfJnCfPiYaE YT6Ub7aOFoQlbMYGV3qFBVQlH3ltkUMH0gg9bamWReNzk4Od8Zs8ONqgWu+RAIgBcEVP ip6TDNYvIzo1zGJJAY6MeVnFjQ01/JDpYdLjBMMmZ3R/2EQyGNHgHPllV7CXm9HiKljk Fd9YqC1JwP3smDlGcgXwmG+aVIBPAw1mOzEQp7jeg7GdE9GId7CWZgnSCciUhAsAC/P3 6JpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=CNColVrvzT2paTadmJx7QmfVUH99VFUNC4FwQajaX30=; b=qNRJnHf8wiBhRJICU+JhUWbmkA612FOsaulR9YP6vW21ZkOgAI153GZodZJVg9In4Y /rnA1qOkJGOxaWQrjaC0BsjsxBdNCr4YsEBfKtFRD/D7evLOpo6yoYJH4RKROshWKzDr H9TAQvXxMK/9O5Fb3o6wAfLt0HB1abXhkKHXV0geBHJQCpSJP8/1Ro2Kkkq8BzJ8hBQd oECZvJIjod0E2d5wNR16eD+AFZeAGAsBnVpWMGw29MSQPORrUsDLxhgnZqJ4gzp/80Im PqBWWdNrzXW9/XJbX18huPqqt6wyOrj4NoV02C9uObZxKI1dBFxs7qQouLgoS3IA29Od DKYQ== X-Gm-Message-State: AOAM533Z5t6Gz+Fe2EJhdgUXkEr4reXOClA4+aoQoOOiHBm+S/Sc1UJP q2t0NkZjZLRXIjqlrq46/tO2iXKobrlc1Nws98YPPQ== X-Google-Smtp-Source: ABdhPJxoTL2jX3zw7FK7Qs22T64RPExXJjGiprH1kOuNLfotTjSS/RWHWRl6vMXtyRXLS4ogUW95JldzIV+mEZZTr6o= X-Received: by 2002:a25:8706:0:b0:64b:4657:d2e1 with SMTP id a6-20020a258706000000b0064b4657d2e1mr4492719ybl.147.1652444811517; Fri, 13 May 2022 05:26:51 -0700 (PDT) MIME-Version: 1.0 References: <20220511022751.65540-1-kirill.shutemov@linux.intel.com> <20220511064943.GR76023@worktop.programming.kicks-ass.net> <20bada85-9203-57f4-2502-57a6fd11f3ea@intel.com> <875ymav8ul.ffs@tglx> <55176b79-90af-4a47-dc06-9f5f2f2c123d@intel.com> <8a47d0ee50b44520a6f26177e6fe7ec5@AcuMS.aculab.com> In-Reply-To: <8a47d0ee50b44520a6f26177e6fe7ec5@AcuMS.aculab.com> From: Alexander Potapenko Date: Fri, 13 May 2022 14:26:15 +0200 Message-ID: Subject: Re: [RFCv2 00/10] Linear Address Masking enabling To: David Laight Cc: Dave Hansen , Thomas Gleixner , Peter Zijlstra , "Kirill A. Shutemov" , Dave Hansen , Andy Lutomirski , "the arch/x86 maintainers" , Dmitry Vyukov , "H . J . Lu" , Andi Kleen , Rick Edgecombe , Linux Memory Management List , LKML Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 5EC851C00BC X-Stat-Signature: dtujadhm8jn49fk74odjzshykwxp3ndc X-Rspam-User: Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=fgZoCr+P; spf=pass (imf20.hostedemail.com: domain of glider@google.com designates 209.85.219.178 as permitted sender) smtp.mailfrom=glider@google.com; dmarc=pass (policy=reject) header.from=google.com X-HE-Tag: 1652444802-551981 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000141, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, May 13, 2022 at 1:28 PM David Laight wrot= e: > > ... > > Once we have the possibility to store tags in the pointers, we don't > > need redzones for heap/stack objects anymore, which saves quite a bit > > of memory. > > You still need redzones. > The high bits are ignored for actual memory accesses. > > To do otherwise you'd need the high bits to be in the PTE, > copied to the TLB and finally get into the cache tag. > > Then you'd have to use the correct tags for each page. Sorry, I don't understand how this is relevant to HWASan in the userspace. Like in ASan, we have a custom allocator that assigns tags to heap objects. The assigned tag is stored in both the shadow memory for the object and the pointer returned by the allocator. Instrumentation inserted by the compiler checks the pointer before every memory access and ensures that its tag matches the tag of the object in the shadow memory. A tag mismatch is reported as an out-of-bounds or a use-after-free, depending on whether the accessed memory is still considered allocated. Because objects with different tags follow each other, there is no need to add extra redzones to the objects to detect buffer overflows. (We might need to increase the object alignment though, but that's a different story). > > David > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1= 1PT, UK > Registration No: 1397386 (Wales) --=20 Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Stra=C3=9Fe, 33 80636 M=C3=BCnchen Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Diese E-Mail ist vertraulich. Falls Sie diese f=C3=A4lschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, l=C3=B6schen Sie alle Kopien und Anh=C3=A4nge davon und lassen Sie = mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde. This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.