| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6b2b45a5-0ac4-db73-8f50-ab182a0cb621@ghiti.fr>
Date: Fri, 26 Jul 2019 13:48:08 +0200
From: Alexandre Ghiti <alex@...ti.fr>
To: Paul Walmsley <paul.walmsley@...ive.com>
Cc: linux-arm-kernel@...ts.infradead.org,
Albert Ou <aou@...s.berkeley.edu>,
Kees Cook <keescook@...omium.org>,
Catalin Marinas <catalin.marinas@....com>,
Palmer Dabbelt <palmer@...ive.com>,
Will Deacon <will.deacon@....com>,
Russell King <linux@...linux.org.uk>,
Ralf Baechle <ralf@...ux-mips.org>,
linux-kernel@...r.kernel.org, linux-mm@...ck.org,
Paul Burton <paul.burton@...s.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
James Hogan <jhogan@...nel.org>, linux-fsdevel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
linux-mips@...r.kernel.org, Christoph Hellwig <hch@....de>,
linux-riscv@...ts.infradead.org,
Daniel Cashman <dcashman@...gle.com>,
Luis Chamberlain <mcgrof@...nel.org>
Subject: Re: [PATCH REBASE v4 14/14] riscv: Make mmap allocation top-down by
default
On 7/26/19 2:20 AM, Paul Walmsley wrote:
> Hi Alexandre,
>
> I have a few questions about this patch. Sorry to be dense here ...
>
> On Wed, 24 Jul 2019, Alexandre Ghiti wrote:
>
>> In order to avoid wasting user address space by using bottom-up mmap
>> allocation scheme, prefer top-down scheme when possible.
>>
>> Before:
>> root@...uriscv64:~# cat /proc/self/maps
>> 00010000-00016000 r-xp 00000000 fe:00 6389 /bin/cat.coreutils
>> 00016000-00017000 r--p 00005000 fe:00 6389 /bin/cat.coreutils
>> 00017000-00018000 rw-p 00006000 fe:00 6389 /bin/cat.coreutils
>> 00018000-00039000 rw-p 00000000 00:00 0 [heap]
>> 1555556000-155556d000 r-xp 00000000 fe:00 7193 /lib/ld-2.28.so
>> 155556d000-155556e000 r--p 00016000 fe:00 7193 /lib/ld-2.28.so
>> 155556e000-155556f000 rw-p 00017000 fe:00 7193 /lib/ld-2.28.so
>> 155556f000-1555570000 rw-p 00000000 00:00 0
>> 1555570000-1555572000 r-xp 00000000 00:00 0 [vdso]
>> 1555574000-1555576000 rw-p 00000000 00:00 0
>> 1555576000-1555674000 r-xp 00000000 fe:00 7187 /lib/libc-2.28.so
>> 1555674000-1555678000 r--p 000fd000 fe:00 7187 /lib/libc-2.28.so
>> 1555678000-155567a000 rw-p 00101000 fe:00 7187 /lib/libc-2.28.so
>> 155567a000-15556a0000 rw-p 00000000 00:00 0
>> 3fffb90000-3fffbb1000 rw-p 00000000 00:00 0 [stack]
>>
>> After:
>> root@...uriscv64:~# cat /proc/self/maps
>> 00010000-00016000 r-xp 00000000 fe:00 6389 /bin/cat.coreutils
>> 00016000-00017000 r--p 00005000 fe:00 6389 /bin/cat.coreutils
>> 00017000-00018000 rw-p 00006000 fe:00 6389 /bin/cat.coreutils
>> 2de81000-2dea2000 rw-p 00000000 00:00 0 [heap]
>> 3ff7eb6000-3ff7ed8000 rw-p 00000000 00:00 0
>> 3ff7ed8000-3ff7fd6000 r-xp 00000000 fe:00 7187 /lib/libc-2.28.so
>> 3ff7fd6000-3ff7fda000 r--p 000fd000 fe:00 7187 /lib/libc-2.28.so
>> 3ff7fda000-3ff7fdc000 rw-p 00101000 fe:00 7187 /lib/libc-2.28.so
>> 3ff7fdc000-3ff7fe2000 rw-p 00000000 00:00 0
>> 3ff7fe4000-3ff7fe6000 r-xp 00000000 00:00 0 [vdso]
>> 3ff7fe6000-3ff7ffd000 r-xp 00000000 fe:00 7193 /lib/ld-2.28.so
>> 3ff7ffd000-3ff7ffe000 r--p 00016000 fe:00 7193 /lib/ld-2.28.so
>> 3ff7ffe000-3ff7fff000 rw-p 00017000 fe:00 7193 /lib/ld-2.28.so
>> 3ff7fff000-3ff8000000 rw-p 00000000 00:00 0
>> 3fff888000-3fff8a9000 rw-p 00000000 00:00 0 [stack]
>>
>> Signed-off-by: Alexandre Ghiti <alex@...ti.fr>
>> Reviewed-by: Christoph Hellwig <hch@....de>
>> Reviewed-by: Kees Cook <keescook@...omium.org>
>> ---
>> arch/riscv/Kconfig | 11 +++++++++++
>> 1 file changed, 11 insertions(+)
>>
>> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
>> index 59a4727ecd6c..6a63973873fd 100644
>> --- a/arch/riscv/Kconfig
>> +++ b/arch/riscv/Kconfig
>> @@ -54,6 +54,17 @@ config RISCV
>> select EDAC_SUPPORT
>> select ARCH_HAS_GIGANTIC_PAGE
>> select ARCH_WANT_HUGE_PMD_SHARE if 64BIT
>> + select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU
>> + select HAVE_ARCH_MMAP_RND_BITS
>> +
>> +config ARCH_MMAP_RND_BITS_MIN
>> + default 18
> Could you help me understand the rationale behind this constant?
Indeed, I took that from arm64 code and I did not think enough about it:
that's
great you spotted this because that's a way too large value for 32 bits
as it would,
at minimum, make mmap random offset go up to 1GB (18 + 12), which is a
big hole for
this small address space :)
arm and mips propose 8 as default value for 32bits systems which is 1MB
offset at minimum.
>
>> +
>> +# max bits determined by the following formula:
>> +# VA_BITS - PAGE_SHIFT - 3
> I realize that these lines are probably copied from arch/arm64/Kconfig.
> But the rationale behind the "- 3" is not immediately obvious. This
> apparently originates from commit 8f0d3aa9de57 ("arm64: mm: support
> ARCH_MMAP_RND_BITS"). Can you provide any additional context here?
The formula comes from commit d07e22597d1d ("mm: mmap: add new /proc tunable
for mmap_base ASLR"), where the author states that "generally a 3-4 bits
less than the
number of bits in the user-space accessible virtual address space
[allows to] give the greatest
flexibility without generating an invalid mmap_base address".
In practice, that limits the mmap random offset to at maximum 1/8 (for -
3) of the total address space.
>
>> +config ARCH_MMAP_RND_BITS_MAX
>> + default 33 if 64BIT # SV48 based
> The rationale here is clear for Sv48, per the above formula:
>
> (48 - 12 - 3) = 33
>
>> + default 18
> However, here it is less clear to me. For Sv39, shouldn't this be
>
> (39 - 12 - 3) = 24
>
> ? And what about Sv32?
You're right. Is there a way to distinguish between sv39 and sv48 here ?
Thanks Paul,
Alex
>
>
> - Paul
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
Powered by blists - more mailing lists