[linux-2.6-block.git] / Documentation / arm64 / tagged-pointers.rst

=========================================
Tagged virtual addresses in AArch64 Linux
=========================================

Author: Will Deacon <will.deacon@arm.com>

Date  : 12 June 2013

This document briefly describes the provision of tagged virtual
addresses in the AArch64 translation system and their potential uses
in AArch64 Linux.

The kernel configures the translation tables so that translations made
via TTBR0 (i.e. userspace mappings) have the top byte (bits 63:56) of
the virtual address ignored by the translation hardware. This frees up
this byte for application use.


Passing tagged addresses to the kernel
--------------------------------------

All interpretation of userspace memory addresses by the kernel assumes
an address tag of 0x00, unless the application enables the AArch64
Tagged Address ABI explicitly
(Documentation/arm64/tagged-address-abi.rst).

This includes, but is not limited to, addresses found in:

 - pointer arguments to system calls, including pointers in structures
   passed to system calls,

 - the stack pointer (sp), e.g. when interpreting it to deliver a
   signal,

 - the frame pointer (x29) and frame records, e.g. when interpreting
   them to generate a backtrace or call graph.

Using non-zero address tags in any of these locations when the
userspace application did not enable the AArch64 Tagged Address ABI may
result in an error code being returned, a (fatal) signal being raised,
or other modes of failure.

For these reasons, when the AArch64 Tagged Address ABI is disabled,
passing non-zero address tags to the kernel via system calls is
forbidden, and using a non-zero address tag for sp is strongly
discouraged.

Programs maintaining a frame pointer and frame records that use non-zero
address tags may suffer impaired or inaccurate debug and profiling
visibility.


Preserving tags
---------------

Non-zero tags are not preserved when delivering signals. This means that
signal handlers in applications making use of tags cannot rely on the
tag information for user virtual addresses being maintained for fields
inside siginfo_t. One exception to this rule is for signals raised in
response to watchpoint debug exceptions, where the tag information will
be preserved.

The architecture prevents the use of a tagged PC, so the upper byte will
be set to a sign-extension of bit 55 on exception return.

This behaviour is maintained when the AArch64 Tagged Address ABI is
enabled.


Other considerations
--------------------

Special care should be taken when using tagged pointers, since it is
likely that C compilers will not hazard two virtual addresses differing
only in the upper byte.
Commit	Line	Data
b693d0b3 MCC	1	=========================================
	2	Tagged virtual addresses in AArch64 Linux
	3	=========================================
d50240a5 WD	4
d50240a5 WD	5	Author: Will Deacon <will.deacon@arm.com>
b693d0b3	6
d50240a5 WD	7	Date : 12 June 2013
	8
	9	This document briefly describes the provision of tagged virtual
	10	addresses in the AArch64 translation system and their potential uses
	11	in AArch64 Linux.
	12
	13	The kernel configures the translation tables so that translations made
	14	via TTBR0 (i.e. userspace mappings) have the top byte (bits 63:56) of
	15	the virtual address ignored by the translation hardware. This frees up
f0e421b1	16	this byte for application use.
d50240a5	17
d50240a5	18
f0e421b1 KM	19	Passing tagged addresses to the kernel
f0e421b1 KM	20	--------------------------------------
d50240a5	21
f0e421b1	22	All interpretation of userspace memory addresses by the kernel assumes
92af2b69 VF	23	an address tag of 0x00, unless the application enables the AArch64
	24	Tagged Address ABI explicitly
	25	(Documentation/arm64/tagged-address-abi.rst).
f0e421b1 KM	26
	27	This includes, but is not limited to, addresses found in:
	28
	29	- pointer arguments to system calls, including pointers in structures
	30	passed to system calls,
	31
	32	- the stack pointer (sp), e.g. when interpreting it to deliver a
	33	signal,
	34
	35	- the frame pointer (x29) and frame records, e.g. when interpreting
	36	them to generate a backtrace or call graph.
	37
92af2b69 VF	38	Using non-zero address tags in any of these locations when the
	39	userspace application did not enable the AArch64 Tagged Address ABI may
	40	result in an error code being returned, a (fatal) signal being raised,
	41	or other modes of failure.
f0e421b1	42
92af2b69 VF	43	For these reasons, when the AArch64 Tagged Address ABI is disabled,
	44	passing non-zero address tags to the kernel via system calls is
	45	forbidden, and using a non-zero address tag for sp is strongly
	46	discouraged.
f0e421b1 KM	47
	48	Programs maintaining a frame pointer and frame records that use non-zero
	49	address tags may suffer impaired or inaccurate debug and profiling
	50	visibility.
	51
	52
	53	Preserving tags
	54	---------------
	55
	56	Non-zero tags are not preserved when delivering signals. This means that
	57	signal handlers in applications making use of tags cannot rely on the
	58	tag information for user virtual addresses being maintained for fields
	59	inside siginfo_t. One exception to this rule is for signals raised in
	60	response to watchpoint debug exceptions, where the tag information will
	61	be preserved.
d50240a5 WD	62
	63	The architecture prevents the use of a tagged PC, so the upper byte will
	64	be set to a sign-extension of bit 55 on exception return.
f0e421b1	65
92af2b69 VF	66	This behaviour is maintained when the AArch64 Tagged Address ABI is
	67	enabled.
	68
f0e421b1 KM	69
	70	Other considerations
	71	--------------------
	72
	73	Special care should be taken when using tagged pointers, since it is
	74	likely that C compilers will not hazard two virtual addresses differing
	75	only in the upper byte.