On Fri, May 13, 2022 at 03:27:24AM +0200, Thomas Gleixner wrote: > On Thu, May 12 2022 at 17:46, Dave Hansen wrote: > > On 5/12/22 17:08, H.J. Lu wrote: > > If I had to take a shot at this today, I think I'd opt for: > > > > mask = sys_enable_masking(bits=6, flags=FUZZY_NR_BITS); > > > > although I'm not super confident about the "fuzzy" flag. I also don't > > think I'd totally hate the "blind" interface where the kernel just gets > > to pick unilaterally and takes zero input from userspace. > > That's the only sane choice and you can make it simple for userspace: > > ret = prctl(GET_XXX_MASK, &mask); > > and then let it decide based on @ret and @mask whether to use it or not. Getting the mask would work for arm64 as well (it's always 0xffUL << 56, top-byte-ignore). Setting the mask from user space won't be of any use to us, it's baked in hardware. > But of course nobody thought about this as a generic feature and so we > have the ARM64 TBI muck as a precedence. > > So much for coordination and portability... Well, we had TBI in the architecture and enabled for user-space since the first arm64 kernel port (2012), no ABI controls needed. It had some specific uses like JITs to avoid masking out type bits encoded in pointers. In 2019 sanitisers appeared and we relaxed the TBI at the syscall level but, to avoid potentially confusing some programs, we added a control which only changes the behaviour of access_ok(). More of a safety thing, we might have as well skipped it. There is no hardware configuration toggled by this control, nor is the user address space layout (max 52-bit on arm64). Since sanitisers require compiler instrumentation (or, with MTE, arm64-specific libc changes), it's pretty much all within the arm64-specific user codebase. MTE came along and we added some more bits on top which, again, are hardware specific and contained within the arm64 libc startup code (tag checking modes etc). Dave indeed mentioned passing a mask to allow a more flexible control but, as already mentioned in the old thread, for arm64 the feature was already on, so it didn't make much sense, it seemed more like over-engineering. Had we known that Intel is pursing something similar, maybe we'd have designed the interface differently (we didn't get the hint). Intel's LAM has more flexibility but I don't see the arm64 TBI getting in the way. Just don't use it as an example because they evolved in different ways. I'm happy for arm64 to adopt a more flexible interface while keeping the current one around for backwards compatibility). But on arm64 we can't control the masking, not even disable it per process since it has always been on. > I'm so tired of this short sighted 'cram my feature in' approach of > _all_ involved parties. Unfortunately it happens occasionally, especially when developers can't disclose that their companies work on similar features (resctrl is a good example where arm64 would have benefited from a more generic approach but at the time MPAM was not public). -- Catalin