1*e4624435SJonathan Corbet========================================= 2*e4624435SJonathan CorbetTagged virtual addresses in AArch64 Linux 3*e4624435SJonathan Corbet========================================= 4*e4624435SJonathan Corbet 5*e4624435SJonathan CorbetAuthor: Will Deacon <will.deacon@arm.com> 6*e4624435SJonathan Corbet 7*e4624435SJonathan CorbetDate : 12 June 2013 8*e4624435SJonathan Corbet 9*e4624435SJonathan CorbetThis document briefly describes the provision of tagged virtual 10*e4624435SJonathan Corbetaddresses in the AArch64 translation system and their potential uses 11*e4624435SJonathan Corbetin AArch64 Linux. 12*e4624435SJonathan Corbet 13*e4624435SJonathan CorbetThe kernel configures the translation tables so that translations made 14*e4624435SJonathan Corbetvia TTBR0 (i.e. userspace mappings) have the top byte (bits 63:56) of 15*e4624435SJonathan Corbetthe virtual address ignored by the translation hardware. This frees up 16*e4624435SJonathan Corbetthis byte for application use. 17*e4624435SJonathan Corbet 18*e4624435SJonathan Corbet 19*e4624435SJonathan CorbetPassing tagged addresses to the kernel 20*e4624435SJonathan Corbet-------------------------------------- 21*e4624435SJonathan Corbet 22*e4624435SJonathan CorbetAll interpretation of userspace memory addresses by the kernel assumes 23*e4624435SJonathan Corbetan address tag of 0x00, unless the application enables the AArch64 24*e4624435SJonathan CorbetTagged Address ABI explicitly 25*e4624435SJonathan Corbet(Documentation/arch/arm64/tagged-address-abi.rst). 26*e4624435SJonathan Corbet 27*e4624435SJonathan CorbetThis includes, but is not limited to, addresses found in: 28*e4624435SJonathan Corbet 29*e4624435SJonathan Corbet - pointer arguments to system calls, including pointers in structures 30*e4624435SJonathan Corbet passed to system calls, 31*e4624435SJonathan Corbet 32*e4624435SJonathan Corbet - the stack pointer (sp), e.g. when interpreting it to deliver a 33*e4624435SJonathan Corbet signal, 34*e4624435SJonathan Corbet 35*e4624435SJonathan Corbet - the frame pointer (x29) and frame records, e.g. when interpreting 36*e4624435SJonathan Corbet them to generate a backtrace or call graph. 37*e4624435SJonathan Corbet 38*e4624435SJonathan CorbetUsing non-zero address tags in any of these locations when the 39*e4624435SJonathan Corbetuserspace application did not enable the AArch64 Tagged Address ABI may 40*e4624435SJonathan Corbetresult in an error code being returned, a (fatal) signal being raised, 41*e4624435SJonathan Corbetor other modes of failure. 42*e4624435SJonathan Corbet 43*e4624435SJonathan CorbetFor these reasons, when the AArch64 Tagged Address ABI is disabled, 44*e4624435SJonathan Corbetpassing non-zero address tags to the kernel via system calls is 45*e4624435SJonathan Corbetforbidden, and using a non-zero address tag for sp is strongly 46*e4624435SJonathan Corbetdiscouraged. 47*e4624435SJonathan Corbet 48*e4624435SJonathan CorbetPrograms maintaining a frame pointer and frame records that use non-zero 49*e4624435SJonathan Corbetaddress tags may suffer impaired or inaccurate debug and profiling 50*e4624435SJonathan Corbetvisibility. 51*e4624435SJonathan Corbet 52*e4624435SJonathan Corbet 53*e4624435SJonathan CorbetPreserving tags 54*e4624435SJonathan Corbet--------------- 55*e4624435SJonathan Corbet 56*e4624435SJonathan CorbetWhen delivering signals, non-zero tags are not preserved in 57*e4624435SJonathan Corbetsiginfo.si_addr unless the flag SA_EXPOSE_TAGBITS was set in 58*e4624435SJonathan Corbetsigaction.sa_flags when the signal handler was installed. This means 59*e4624435SJonathan Corbetthat signal handlers in applications making use of tags cannot rely 60*e4624435SJonathan Corbeton the tag information for user virtual addresses being maintained 61*e4624435SJonathan Corbetin these fields unless the flag was set. 62*e4624435SJonathan Corbet 63*e4624435SJonathan CorbetDue to architecture limitations, bits 63:60 of the fault address 64*e4624435SJonathan Corbetare not preserved in response to synchronous tag check faults 65*e4624435SJonathan Corbet(SEGV_MTESERR) even if SA_EXPOSE_TAGBITS was set. Applications should 66*e4624435SJonathan Corbettreat the values of these bits as undefined in order to accommodate 67*e4624435SJonathan Corbetfuture architecture revisions which may preserve the bits. 68*e4624435SJonathan Corbet 69*e4624435SJonathan CorbetFor signals raised in response to watchpoint debug exceptions, the 70*e4624435SJonathan Corbettag information will be preserved regardless of the SA_EXPOSE_TAGBITS 71*e4624435SJonathan Corbetflag setting. 72*e4624435SJonathan Corbet 73*e4624435SJonathan CorbetNon-zero tags are never preserved in sigcontext.fault_address 74*e4624435SJonathan Corbetregardless of the SA_EXPOSE_TAGBITS flag setting. 75*e4624435SJonathan Corbet 76*e4624435SJonathan CorbetThe architecture prevents the use of a tagged PC, so the upper byte will 77*e4624435SJonathan Corbetbe set to a sign-extension of bit 55 on exception return. 78*e4624435SJonathan Corbet 79*e4624435SJonathan CorbetThis behaviour is maintained when the AArch64 Tagged Address ABI is 80*e4624435SJonathan Corbetenabled. 81*e4624435SJonathan Corbet 82*e4624435SJonathan Corbet 83*e4624435SJonathan CorbetOther considerations 84*e4624435SJonathan Corbet-------------------- 85*e4624435SJonathan Corbet 86*e4624435SJonathan CorbetSpecial care should be taken when using tagged pointers, since it is 87*e4624435SJonathan Corbetlikely that C compilers will not hazard two virtual addresses differing 88*e4624435SJonathan Corbetonly in the upper byte. 89