diff mbox series

[1/2] aarch64: Move and update the definition of MTE_ENABLED

Message ID bfb7e82c231aec375aceeb517ba070a63e47576d.1611572339.git.szabolcs.nagy@arm.com
State New
Headers show
Series aarch64: fix string tests [BZ #26818] | expand

Commit Message

Szabolcs Nagy Jan. 25, 2021, 11:03 a.m. UTC
The hwcap value is now in linux 5.10 and in glibc bits/hwcap.h, so use
that definition.

Move the definition to init-arch.h so all ifunc selectors can use it
and expose an "mte" shorthand for mte enabled runtime.

For now we allow user code to enable tag checks and use PROT_MTE
mappings without libc involvment, this is not guaranteed ABI, but
can be useful for testing and debugging with MTE.
---
 sysdeps/aarch64/multiarch/init-arch.h | 11 ++++++++++-
 sysdeps/aarch64/multiarch/strlen.c    | 11 +----------
 2 files changed, 11 insertions(+), 11 deletions(-)

Comments

Adhemerval Zanella Jan. 25, 2021, 1:08 p.m. UTC | #1
On 25/01/2021 08:03, Szabolcs Nagy via Libc-alpha wrote:
> The hwcap value is now in linux 5.10 and in glibc bits/hwcap.h, so use
> that definition.
> 
> Move the definition to init-arch.h so all ifunc selectors can use it
> and expose an "mte" shorthand for mte enabled runtime.
> 
> For now we allow user code to enable tag checks and use PROT_MTE
> mappings without libc involvment, this is not guaranteed ABI, but
> can be useful for testing and debugging with MTE.
> ---
>  sysdeps/aarch64/multiarch/init-arch.h | 11 ++++++++++-
>  sysdeps/aarch64/multiarch/strlen.c    | 11 +----------
>  2 files changed, 11 insertions(+), 11 deletions(-)
> 
> diff --git a/sysdeps/aarch64/multiarch/init-arch.h b/sysdeps/aarch64/multiarch/init-arch.h
> index bf8264b561..fce260d168 100644
> --- a/sysdeps/aarch64/multiarch/init-arch.h
> +++ b/sysdeps/aarch64/multiarch/init-arch.h
> @@ -17,9 +17,18 @@
>     <https://www.gnu.org/licenses/>.  */
>  
>  #include <ldsodefs.h>
> +#include <sys/auxv.h>
> +
> +/* Make glibc MTE-safe on a system that supports MTE in case user code
> +   enables tag checks independently of the mte_status of glibc.  There
> +   is currently no ABI contract for enabling tag checks in user code,
> +   but this can be useful for debugging with MTE.  */
> +#define MTE_ENABLED() (GLRO(dl_hwcap2) & HWCAP2_MTE)
>  
>  #define INIT_ARCH()							      \
>    uint64_t __attribute__((unused)) midr =				      \
>      GLRO(dl_aarch64_cpu_features).midr_el1;				      \
>    unsigned __attribute__((unused)) zva_size =				      \
> -    GLRO(dl_aarch64_cpu_features).zva_size;
> +    GLRO(dl_aarch64_cpu_features).zva_size;				      \
> +  bool __attribute__((unused)) mte =					      \
> +    MTE_ENABLED ();

Why not use mte_state and thus also enable MTE selection for the case
of tunables force enable it for USE_MTAG support?

> diff --git a/sysdeps/aarch64/multiarch/strlen.c b/sysdeps/aarch64/multiarch/strlen.c
> index f3c018aab4..8f38de69b5 100644
> --- a/sysdeps/aarch64/multiarch/strlen.c
> +++ b/sysdeps/aarch64/multiarch/strlen.c
> @@ -26,21 +26,12 @@
>  # include <string.h>
>  # include <init-arch.h>
>  
> -/* This should check HWCAP2_MTE when it is available: current
> -   linux kernel does not expose it, but its value is reserved.
> -   This is needed to make glibc MTE-safe on future systems in
> -   case user code enables MTE. The ABI contract for enabling
> -   MTE is not yet specified, but it can be useful for at least
> -   debugging which does not need a contract.  */
> -#define FUTURE_HWCAP2_MTE (1 << 18)
> -#define MTE_ENABLED() (GLRO(dl_hwcap2) & FUTURE_HWCAP2_MTE)
> -
>  extern __typeof (__redirect_strlen) __strlen;
>  
>  extern __typeof (__redirect_strlen) __strlen_mte attribute_hidden;
>  extern __typeof (__redirect_strlen) __strlen_asimd attribute_hidden;
>  
> -libc_ifunc (__strlen, (MTE_ENABLED () ? __strlen_mte : __strlen_asimd));
> +libc_ifunc (__strlen, (mte ? __strlen_mte : __strlen_asimd));
>  
>  # undef strlen
>  strong_alias (__strlen, strlen);
>
Szabolcs Nagy Jan. 25, 2021, 1:42 p.m. UTC | #2
The 01/25/2021 10:08, Adhemerval Zanella wrote:
> On 25/01/2021 08:03, Szabolcs Nagy via Libc-alpha wrote:
> > The hwcap value is now in linux 5.10 and in glibc bits/hwcap.h, so use
> > that definition.
> > 
> > Move the definition to init-arch.h so all ifunc selectors can use it
> > and expose an "mte" shorthand for mte enabled runtime.
> > 
> > For now we allow user code to enable tag checks and use PROT_MTE
> > mappings without libc involvment, this is not guaranteed ABI, but
> > can be useful for testing and debugging with MTE.
> > ---
> >  sysdeps/aarch64/multiarch/init-arch.h | 11 ++++++++++-
> >  sysdeps/aarch64/multiarch/strlen.c    | 11 +----------
> >  2 files changed, 11 insertions(+), 11 deletions(-)
> > 
> > diff --git a/sysdeps/aarch64/multiarch/init-arch.h b/sysdeps/aarch64/multiarch/init-arch.h
> > index bf8264b561..fce260d168 100644
> > --- a/sysdeps/aarch64/multiarch/init-arch.h
> > +++ b/sysdeps/aarch64/multiarch/init-arch.h
> > @@ -17,9 +17,18 @@
> >     <https://www.gnu.org/licenses/>.  */
> >  
> >  #include <ldsodefs.h>
> > +#include <sys/auxv.h>
> > +
> > +/* Make glibc MTE-safe on a system that supports MTE in case user code
> > +   enables tag checks independently of the mte_status of glibc.  There
> > +   is currently no ABI contract for enabling tag checks in user code,
> > +   but this can be useful for debugging with MTE.  */
> > +#define MTE_ENABLED() (GLRO(dl_hwcap2) & HWCAP2_MTE)
> >  
> >  #define INIT_ARCH()							      \
> >    uint64_t __attribute__((unused)) midr =				      \
> >      GLRO(dl_aarch64_cpu_features).midr_el1;				      \
> >    unsigned __attribute__((unused)) zva_size =				      \
> > -    GLRO(dl_aarch64_cpu_features).zva_size;
> > +    GLRO(dl_aarch64_cpu_features).zva_size;				      \
> > +  bool __attribute__((unused)) mte =					      \
> > +    MTE_ENABLED ();
> 
> Why not use mte_state and thus also enable MTE selection for the case
> of tunables force enable it for USE_MTAG support?

that's what the comment is meant to explain.

mte is enabled via a prctl, in principle user code can do that
(e.g. i have test code that does that as well as ld_preloaded
malloc implementation, this only works if glibc is mte safe
independently of whether glibc has heap tagging or not. no ABI
contract means that we don't guarantee that glibc will be
mte safe because we don't know yet how this will be used, the
plan is to have some form of opt-in/out mechanism eventually
to request particular mte state, but for now i want glibc to
be mte safe on any mte system)
Adhemerval Zanella Jan. 25, 2021, 2:58 p.m. UTC | #3
On 25/01/2021 10:42, Szabolcs Nagy wrote:
> The 01/25/2021 10:08, Adhemerval Zanella wrote:
>> On 25/01/2021 08:03, Szabolcs Nagy via Libc-alpha wrote:
>>> The hwcap value is now in linux 5.10 and in glibc bits/hwcap.h, so use
>>> that definition.
>>>
>>> Move the definition to init-arch.h so all ifunc selectors can use it
>>> and expose an "mte" shorthand for mte enabled runtime.
>>>
>>> For now we allow user code to enable tag checks and use PROT_MTE
>>> mappings without libc involvment, this is not guaranteed ABI, but
>>> can be useful for testing and debugging with MTE.
>>> ---
>>>  sysdeps/aarch64/multiarch/init-arch.h | 11 ++++++++++-
>>>  sysdeps/aarch64/multiarch/strlen.c    | 11 +----------
>>>  2 files changed, 11 insertions(+), 11 deletions(-)
>>>
>>> diff --git a/sysdeps/aarch64/multiarch/init-arch.h b/sysdeps/aarch64/multiarch/init-arch.h
>>> index bf8264b561..fce260d168 100644
>>> --- a/sysdeps/aarch64/multiarch/init-arch.h
>>> +++ b/sysdeps/aarch64/multiarch/init-arch.h
>>> @@ -17,9 +17,18 @@
>>>     <https://www.gnu.org/licenses/>.  */
>>>  
>>>  #include <ldsodefs.h>
>>> +#include <sys/auxv.h>
>>> +
>>> +/* Make glibc MTE-safe on a system that supports MTE in case user code
>>> +   enables tag checks independently of the mte_status of glibc.  There
>>> +   is currently no ABI contract for enabling tag checks in user code,
>>> +   but this can be useful for debugging with MTE.  */
>>> +#define MTE_ENABLED() (GLRO(dl_hwcap2) & HWCAP2_MTE)
>>>  
>>>  #define INIT_ARCH()							      \
>>>    uint64_t __attribute__((unused)) midr =				      \
>>>      GLRO(dl_aarch64_cpu_features).midr_el1;				      \
>>>    unsigned __attribute__((unused)) zva_size =				      \
>>> -    GLRO(dl_aarch64_cpu_features).zva_size;
>>> +    GLRO(dl_aarch64_cpu_features).zva_size;				      \
>>> +  bool __attribute__((unused)) mte =					      \
>>> +    MTE_ENABLED ();
>>
>> Why not use mte_state and thus also enable MTE selection for the case
>> of tunables force enable it for USE_MTAG support?
> 
> that's what the comment is meant to explain.
> 
> mte is enabled via a prctl, in principle user code can do that
> (e.g. i have test code that does that as well as ld_preloaded
> malloc implementation, this only works if glibc is mte safe
> independently of whether glibc has heap tagging or not. no ABI
> contract means that we don't guarantee that glibc will be
> mte safe because we don't know yet how this will be used, the
> plan is to have some form of opt-in/out mechanism eventually
> to request particular mte state, but for now i want glibc to
> be mte safe on any mte system)
> 

Ok, fair enough.  The patch looks ok for 2.33.
diff mbox series

Patch

diff --git a/sysdeps/aarch64/multiarch/init-arch.h b/sysdeps/aarch64/multiarch/init-arch.h
index bf8264b561..fce260d168 100644
--- a/sysdeps/aarch64/multiarch/init-arch.h
+++ b/sysdeps/aarch64/multiarch/init-arch.h
@@ -17,9 +17,18 @@ 
    <https://www.gnu.org/licenses/>.  */
 
 #include <ldsodefs.h>
+#include <sys/auxv.h>
+
+/* Make glibc MTE-safe on a system that supports MTE in case user code
+   enables tag checks independently of the mte_status of glibc.  There
+   is currently no ABI contract for enabling tag checks in user code,
+   but this can be useful for debugging with MTE.  */
+#define MTE_ENABLED() (GLRO(dl_hwcap2) & HWCAP2_MTE)
 
 #define INIT_ARCH()							      \
   uint64_t __attribute__((unused)) midr =				      \
     GLRO(dl_aarch64_cpu_features).midr_el1;				      \
   unsigned __attribute__((unused)) zva_size =				      \
-    GLRO(dl_aarch64_cpu_features).zva_size;
+    GLRO(dl_aarch64_cpu_features).zva_size;				      \
+  bool __attribute__((unused)) mte =					      \
+    MTE_ENABLED ();
diff --git a/sysdeps/aarch64/multiarch/strlen.c b/sysdeps/aarch64/multiarch/strlen.c
index f3c018aab4..8f38de69b5 100644
--- a/sysdeps/aarch64/multiarch/strlen.c
+++ b/sysdeps/aarch64/multiarch/strlen.c
@@ -26,21 +26,12 @@ 
 # include <string.h>
 # include <init-arch.h>
 
-/* This should check HWCAP2_MTE when it is available: current
-   linux kernel does not expose it, but its value is reserved.
-   This is needed to make glibc MTE-safe on future systems in
-   case user code enables MTE. The ABI contract for enabling
-   MTE is not yet specified, but it can be useful for at least
-   debugging which does not need a contract.  */
-#define FUTURE_HWCAP2_MTE (1 << 18)
-#define MTE_ENABLED() (GLRO(dl_hwcap2) & FUTURE_HWCAP2_MTE)
-
 extern __typeof (__redirect_strlen) __strlen;
 
 extern __typeof (__redirect_strlen) __strlen_mte attribute_hidden;
 extern __typeof (__redirect_strlen) __strlen_asimd attribute_hidden;
 
-libc_ifunc (__strlen, (MTE_ENABLED () ? __strlen_mte : __strlen_asimd));
+libc_ifunc (__strlen, (mte ? __strlen_mte : __strlen_asimd));
 
 # undef strlen
 strong_alias (__strlen, strlen);