| Message ID | bfb7e82c231aec375aceeb517ba070a63e47576d.1611572339.git.szabolcs.nagy@arm.com |
|---|---|
| State | New |
| Headers | show |
| Series | aarch64: fix string tests [BZ #26818] | expand |
On 25/01/2021 08:03, Szabolcs Nagy via Libc-alpha wrote: > The hwcap value is now in linux 5.10 and in glibc bits/hwcap.h, so use > that definition. > > Move the definition to init-arch.h so all ifunc selectors can use it > and expose an "mte" shorthand for mte enabled runtime. > > For now we allow user code to enable tag checks and use PROT_MTE > mappings without libc involvment, this is not guaranteed ABI, but > can be useful for testing and debugging with MTE. > --- > sysdeps/aarch64/multiarch/init-arch.h | 11 ++++++++++- > sysdeps/aarch64/multiarch/strlen.c | 11 +---------- > 2 files changed, 11 insertions(+), 11 deletions(-) > > diff --git a/sysdeps/aarch64/multiarch/init-arch.h b/sysdeps/aarch64/multiarch/init-arch.h > index bf8264b561..fce260d168 100644 > --- a/sysdeps/aarch64/multiarch/init-arch.h > +++ b/sysdeps/aarch64/multiarch/init-arch.h > @@ -17,9 +17,18 @@ > <https://www.gnu.org/licenses/>. */ > > #include <ldsodefs.h> > +#include <sys/auxv.h> > + > +/* Make glibc MTE-safe on a system that supports MTE in case user code > + enables tag checks independently of the mte_status of glibc. There > + is currently no ABI contract for enabling tag checks in user code, > + but this can be useful for debugging with MTE. */ > +#define MTE_ENABLED() (GLRO(dl_hwcap2) & HWCAP2_MTE) > > #define INIT_ARCH() \ > uint64_t __attribute__((unused)) midr = \ > GLRO(dl_aarch64_cpu_features).midr_el1; \ > unsigned __attribute__((unused)) zva_size = \ > - GLRO(dl_aarch64_cpu_features).zva_size; > + GLRO(dl_aarch64_cpu_features).zva_size; \ > + bool __attribute__((unused)) mte = \ > + MTE_ENABLED (); Why not use mte_state and thus also enable MTE selection for the case of tunables force enable it for USE_MTAG support? > diff --git a/sysdeps/aarch64/multiarch/strlen.c b/sysdeps/aarch64/multiarch/strlen.c > index f3c018aab4..8f38de69b5 100644 > --- a/sysdeps/aarch64/multiarch/strlen.c > +++ b/sysdeps/aarch64/multiarch/strlen.c > @@ -26,21 +26,12 @@ > # include <string.h> > # include <init-arch.h> > > -/* This should check HWCAP2_MTE when it is available: current > - linux kernel does not expose it, but its value is reserved. > - This is needed to make glibc MTE-safe on future systems in > - case user code enables MTE. The ABI contract for enabling > - MTE is not yet specified, but it can be useful for at least > - debugging which does not need a contract. */ > -#define FUTURE_HWCAP2_MTE (1 << 18) > -#define MTE_ENABLED() (GLRO(dl_hwcap2) & FUTURE_HWCAP2_MTE) > - > extern __typeof (__redirect_strlen) __strlen; > > extern __typeof (__redirect_strlen) __strlen_mte attribute_hidden; > extern __typeof (__redirect_strlen) __strlen_asimd attribute_hidden; > > -libc_ifunc (__strlen, (MTE_ENABLED () ? __strlen_mte : __strlen_asimd)); > +libc_ifunc (__strlen, (mte ? __strlen_mte : __strlen_asimd)); > > # undef strlen > strong_alias (__strlen, strlen); >
The 01/25/2021 10:08, Adhemerval Zanella wrote: > On 25/01/2021 08:03, Szabolcs Nagy via Libc-alpha wrote: > > The hwcap value is now in linux 5.10 and in glibc bits/hwcap.h, so use > > that definition. > > > > Move the definition to init-arch.h so all ifunc selectors can use it > > and expose an "mte" shorthand for mte enabled runtime. > > > > For now we allow user code to enable tag checks and use PROT_MTE > > mappings without libc involvment, this is not guaranteed ABI, but > > can be useful for testing and debugging with MTE. > > --- > > sysdeps/aarch64/multiarch/init-arch.h | 11 ++++++++++- > > sysdeps/aarch64/multiarch/strlen.c | 11 +---------- > > 2 files changed, 11 insertions(+), 11 deletions(-) > > > > diff --git a/sysdeps/aarch64/multiarch/init-arch.h b/sysdeps/aarch64/multiarch/init-arch.h > > index bf8264b561..fce260d168 100644 > > --- a/sysdeps/aarch64/multiarch/init-arch.h > > +++ b/sysdeps/aarch64/multiarch/init-arch.h > > @@ -17,9 +17,18 @@ > > <https://www.gnu.org/licenses/>. */ > > > > #include <ldsodefs.h> > > +#include <sys/auxv.h> > > + > > +/* Make glibc MTE-safe on a system that supports MTE in case user code > > + enables tag checks independently of the mte_status of glibc. There > > + is currently no ABI contract for enabling tag checks in user code, > > + but this can be useful for debugging with MTE. */ > > +#define MTE_ENABLED() (GLRO(dl_hwcap2) & HWCAP2_MTE) > > > > #define INIT_ARCH() \ > > uint64_t __attribute__((unused)) midr = \ > > GLRO(dl_aarch64_cpu_features).midr_el1; \ > > unsigned __attribute__((unused)) zva_size = \ > > - GLRO(dl_aarch64_cpu_features).zva_size; > > + GLRO(dl_aarch64_cpu_features).zva_size; \ > > + bool __attribute__((unused)) mte = \ > > + MTE_ENABLED (); > > Why not use mte_state and thus also enable MTE selection for the case > of tunables force enable it for USE_MTAG support? that's what the comment is meant to explain. mte is enabled via a prctl, in principle user code can do that (e.g. i have test code that does that as well as ld_preloaded malloc implementation, this only works if glibc is mte safe independently of whether glibc has heap tagging or not. no ABI contract means that we don't guarantee that glibc will be mte safe because we don't know yet how this will be used, the plan is to have some form of opt-in/out mechanism eventually to request particular mte state, but for now i want glibc to be mte safe on any mte system)
On 25/01/2021 10:42, Szabolcs Nagy wrote: > The 01/25/2021 10:08, Adhemerval Zanella wrote: >> On 25/01/2021 08:03, Szabolcs Nagy via Libc-alpha wrote: >>> The hwcap value is now in linux 5.10 and in glibc bits/hwcap.h, so use >>> that definition. >>> >>> Move the definition to init-arch.h so all ifunc selectors can use it >>> and expose an "mte" shorthand for mte enabled runtime. >>> >>> For now we allow user code to enable tag checks and use PROT_MTE >>> mappings without libc involvment, this is not guaranteed ABI, but >>> can be useful for testing and debugging with MTE. >>> --- >>> sysdeps/aarch64/multiarch/init-arch.h | 11 ++++++++++- >>> sysdeps/aarch64/multiarch/strlen.c | 11 +---------- >>> 2 files changed, 11 insertions(+), 11 deletions(-) >>> >>> diff --git a/sysdeps/aarch64/multiarch/init-arch.h b/sysdeps/aarch64/multiarch/init-arch.h >>> index bf8264b561..fce260d168 100644 >>> --- a/sysdeps/aarch64/multiarch/init-arch.h >>> +++ b/sysdeps/aarch64/multiarch/init-arch.h >>> @@ -17,9 +17,18 @@ >>> <https://www.gnu.org/licenses/>. */ >>> >>> #include <ldsodefs.h> >>> +#include <sys/auxv.h> >>> + >>> +/* Make glibc MTE-safe on a system that supports MTE in case user code >>> + enables tag checks independently of the mte_status of glibc. There >>> + is currently no ABI contract for enabling tag checks in user code, >>> + but this can be useful for debugging with MTE. */ >>> +#define MTE_ENABLED() (GLRO(dl_hwcap2) & HWCAP2_MTE) >>> >>> #define INIT_ARCH() \ >>> uint64_t __attribute__((unused)) midr = \ >>> GLRO(dl_aarch64_cpu_features).midr_el1; \ >>> unsigned __attribute__((unused)) zva_size = \ >>> - GLRO(dl_aarch64_cpu_features).zva_size; >>> + GLRO(dl_aarch64_cpu_features).zva_size; \ >>> + bool __attribute__((unused)) mte = \ >>> + MTE_ENABLED (); >> >> Why not use mte_state and thus also enable MTE selection for the case >> of tunables force enable it for USE_MTAG support? > > that's what the comment is meant to explain. > > mte is enabled via a prctl, in principle user code can do that > (e.g. i have test code that does that as well as ld_preloaded > malloc implementation, this only works if glibc is mte safe > independently of whether glibc has heap tagging or not. no ABI > contract means that we don't guarantee that glibc will be > mte safe because we don't know yet how this will be used, the > plan is to have some form of opt-in/out mechanism eventually > to request particular mte state, but for now i want glibc to > be mte safe on any mte system) > Ok, fair enough. The patch looks ok for 2.33.
diff --git a/sysdeps/aarch64/multiarch/init-arch.h b/sysdeps/aarch64/multiarch/init-arch.h index bf8264b561..fce260d168 100644 --- a/sysdeps/aarch64/multiarch/init-arch.h +++ b/sysdeps/aarch64/multiarch/init-arch.h @@ -17,9 +17,18 @@ <https://www.gnu.org/licenses/>. */ #include <ldsodefs.h> +#include <sys/auxv.h> + +/* Make glibc MTE-safe on a system that supports MTE in case user code + enables tag checks independently of the mte_status of glibc. There + is currently no ABI contract for enabling tag checks in user code, + but this can be useful for debugging with MTE. */ +#define MTE_ENABLED() (GLRO(dl_hwcap2) & HWCAP2_MTE) #define INIT_ARCH() \ uint64_t __attribute__((unused)) midr = \ GLRO(dl_aarch64_cpu_features).midr_el1; \ unsigned __attribute__((unused)) zva_size = \ - GLRO(dl_aarch64_cpu_features).zva_size; + GLRO(dl_aarch64_cpu_features).zva_size; \ + bool __attribute__((unused)) mte = \ + MTE_ENABLED (); diff --git a/sysdeps/aarch64/multiarch/strlen.c b/sysdeps/aarch64/multiarch/strlen.c index f3c018aab4..8f38de69b5 100644 --- a/sysdeps/aarch64/multiarch/strlen.c +++ b/sysdeps/aarch64/multiarch/strlen.c @@ -26,21 +26,12 @@ # include <string.h> # include <init-arch.h> -/* This should check HWCAP2_MTE when it is available: current - linux kernel does not expose it, but its value is reserved. - This is needed to make glibc MTE-safe on future systems in - case user code enables MTE. The ABI contract for enabling - MTE is not yet specified, but it can be useful for at least - debugging which does not need a contract. */ -#define FUTURE_HWCAP2_MTE (1 << 18) -#define MTE_ENABLED() (GLRO(dl_hwcap2) & FUTURE_HWCAP2_MTE) - extern __typeof (__redirect_strlen) __strlen; extern __typeof (__redirect_strlen) __strlen_mte attribute_hidden; extern __typeof (__redirect_strlen) __strlen_asimd attribute_hidden; -libc_ifunc (__strlen, (MTE_ENABLED () ? __strlen_mte : __strlen_asimd)); +libc_ifunc (__strlen, (mte ? __strlen_mte : __strlen_asimd)); # undef strlen strong_alias (__strlen, strlen);