Re: [RFC PATCH v3] sparc64: Add support for Application Data Integrity (ADI)

[Rob Gardner]

On 01/06/2017 09:10 AM, Khalid Aziz wrote:
> On 01/06/2017 10:02 AM, David Miller wrote:
> > From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> > Date: Fri, 6 Jan 2017 08:55:03 -0800
> >
> > > Actually, that reminds me...  How does your code interface with 
> > > ksm?  Or
> > > is there no interaction needed since you're always working on virtual
> > > addresses?
> >
> > This reminds me, I consider this feature potentially extremely useful 
> > for
> > kernel debugging.  So I would like to make sure we don't implement 
> > anything
> > in a way which would preclude that in the long term.
>
> I agree and please do point out if I have made any implementation 
> decisions that could preclude that.
>
> Thanks,
> Khalid


Khalid, I have already pointed out an implementation decision that 
interferes with the potential for kernel debugging with ADI: lazy 
clearing of version tags.

Details: when memory is "freed" the version tags are left alone, as it 
is an expensive operation to go through the memory and clear the tag for 
each cache line. So this is done lazily whenever memory is "allocated". 
More specifically, the first time a user process touches freshly 
allocated memory, a fault occurs and the kernel then clears the page. In 
the NG4 and M7 variants of clear_user_page, the block init store ASI is 
used to optimize, and it has the side effect of clearing the ADI tag for 
the cache line. BUT only if pstate.mcde is clear. If pstate.mcde is set, 
then instead of the ADI tag being cleared, the tag is *checked*, and if 
there is a mismatch between the version in the virtual address and the 
version in memory, then you'll get a trap and panic. Therefore, with 
this design, you cannot have pstate.mcde enabled while in the kernel (in 
general). To solve this you have to check the state of pstate.mcde (or 
just turn it off) before doing any block init store in clear_user_page, 
memset, memcpy, etc.

Rob