| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Dec 2023 21:42:05 -0800
From: Charlie Jenkins <charlie@...osinc.com>
To: Leonardo Bras <leobras@...hat.com>
Cc: guoren@...nel.org, linux-kernel@...r.kernel.org,
paul.walmsley@...ive.com, palmer@...belt.com,
alexghiti@...osinc.com, xiao.w.wang@...el.com, david@...hat.com,
panqinglin2020@...as.ac.cn, rick.p.edgecombe@...el.com,
willy@...radead.org, bjorn@...osinc.com, conor.dooley@...rochip.com,
cleger@...osinc.com, linux-riscv@...ts.infradead.org,
Guo Ren <guoren@...ux.alibaba.com>, stable@...r.kernel.org
Subject: Re: [PATCH V2 2/4] riscv: mm: Fixup compat arch_get_mmap_end
On Fri, Dec 22, 2023 at 01:23:29AM -0300, Leonardo Bras wrote:
> On Thu, Dec 21, 2023 at 08:04:43PM -0800, Charlie Jenkins wrote:
> > On Fri, Dec 22, 2023 at 12:34:56AM -0300, Leonardo Bras wrote:
> > > On Thu, Dec 21, 2023 at 10:46:59AM -0500, guoren@...nel.org wrote:
> > > > From: Guo Ren <guoren@...ux.alibaba.com>
> > > >
> > > > When the task is in COMPAT mode, the arch_get_mmap_end should be 2GB,
> > > > not TASK_SIZE_64. The TASK_SIZE has contained is_compat_mode()
> > > > detection, so change the definition of STACK_TOP_MAX to TASK_SIZE
> > > > directly.
> > >
> > > ok
> > >
> > > >
> > > > Cc: stable@...r.kernel.org
> > > > Fixes: add2cc6b6515 ("RISC-V: mm: Restrict address space for sv39,sv48,sv57")
> > > > Signed-off-by: Guo Ren <guoren@...ux.alibaba.com>
> > > > Signed-off-by: Guo Ren <guoren@...nel.org>
> > > > ---
> > > > arch/riscv/include/asm/processor.h | 6 ++----
> > > > 1 file changed, 2 insertions(+), 4 deletions(-)
> > > >
> > > > diff --git a/arch/riscv/include/asm/processor.h b/arch/riscv/include/asm/processor.h
> > > > index f19f861cda54..1f538fc4448d 100644
> > > > --- a/arch/riscv/include/asm/processor.h
> > > > +++ b/arch/riscv/include/asm/processor.h
> > > > @@ -16,15 +16,13 @@
> > > >
> > > > #ifdef CONFIG_64BIT
> > > > #define DEFAULT_MAP_WINDOW (UL(1) << (MMAP_VA_BITS - 1))
> > > > -#define STACK_TOP_MAX TASK_SIZE_64
> > > > +#define STACK_TOP_MAX TASK_SIZE
> > >
> > > It means STACK_TOP_MAX will be in 64BIT:
> > > - TASK_SIZE_32 if compat_mode=y
> > > - TASK_SIZE_64 if compat_mode=n
> > >
> > > Makes sense for me.
> > >
> > > >
> > > > #define arch_get_mmap_end(addr, len, flags) \
> > > > ({ \
> > > > unsigned long mmap_end; \
> > > > typeof(addr) _addr = (addr); \
> > > > - if ((_addr) == 0 || (IS_ENABLED(CONFIG_COMPAT) && is_compat_task())) \
> > > > - mmap_end = STACK_TOP_MAX; \
> > > > - else if ((_addr) >= VA_USER_SV57) \
> > > > + if ((_addr) == 0 || (_addr) >= VA_USER_SV57) \
> > > > mmap_end = STACK_TOP_MAX; \
> > > > else if ((((_addr) >= VA_USER_SV48)) && (VA_BITS >= VA_BITS_SV48)) \
> > > > mmap_end = VA_USER_SV48; \
> > >
> > >
> > > I don't think I got this change, or how it's connected to the commit msg.
> > >
> > > Before:
> > > - addr == 0, or addr > 2^57, or compat: mmap_end = STACK_TOP_MAX
> > > - 2^48 < addr < 2^57: mmap_end = 2^48
> > > - 0 < addr < 2^48 : mmap_end = 2^39
> > >
> > > Now:
> > > - addr == 0, or addr > 2^57: mmap_end = STACK_TOP_MAX
> > > - 2^48 < addr < 2^57: mmap_end = 2^48
> > > - 0 < addr < 2^48 : mmap_end = 2^39
> > >
> > > IIUC compat mode addr will be < 2^32, so will always have mmap_end = 2^39
> > > if addr != 0. Is that desireable?
> > > (if not, above change is unneeded)
> >
> > I agree, this change does not make sense for compat mode. Compat mode
> > should never return an address that is greater than 2^32, but this
> > change allows that.
> >
> > >
> > > Also, unrelated to the change:
> > > - 2^48 < addr < 2^57: mmap_end = 2^48
> > > Is the above correct?
> > > It looks like it should be 2^57 instead, and a new if clause for
> > > 2^32 < addr < 2^48 should have mmap_end = 2^48.
> >
> > That is not the case. I documented this behavior and reasoning in
> > Documentation/arch/riscv/vm-layout.rst in the "Userspace VAs" section.
> >
> > I can reiterate here though. The hint address to mmap (defined here as
> > "addr") is the maximum userspace address that mmap should provide. What
> > you are describing is a minimum. The purpose of this change was to allow
> > applications that are not compatible with a larger virtual address (such
> > as applications like Java that use the upper bits of the VA to store
> > data) to have a consistent way of specifying how many bits they would
> > like to be left free in the VA. This requires to take the next lowest
> > address space to guaruntee that all of the most-significant bits left
> > clear in hint address do not end up populated in the virtual address
> > returned by mmap.
> >
> > - Charlie
>
> Hello Charlie, thank you for helping me understand!
>
> Ok, that does make sense now! The addr value hints "don't allocate > addr"
> and thus:
>
> - 0 < addr < 2^48 : mmap_end = 2^39
> - 2^48 < addr < 2^57: mmap_end = 2^48
>
> Ok, but then
> - addr > 2^57: mmap_end = 2^57
> right?
>
> I mean, probably STACK_TOP_MAX in non-compat mode means 2^57 already, but
> having it explicitly like:
>
> else if ((_addr) >= VA_USER_SV57) \
> mmap_end = VA_USER_SV57; \
>
> would not be better for a future full 64-bit addressing?
> (since it's already on a different if clause)
I agree, that does make more sense.
>
> I could add comment on top of the macro with a short version on your addr
> hint description above. Would that be ok?
Sure :)
- Charlie
>
> Thanks!
> Leo
>
>
>
>
>
> >
> > >
> > > Do I get it wrong?
> > >
> > > (I will send an RFC 'fixing' the code the way I am whinking it should look
> > > like)
> > >
> > > Thanks,
> > > Leo
> > >
> > >
> > >
> > >
> > >
> > > > --
> > > > 2.40.1
> > > >
> > >
> >
>
Powered by blists - more mailing lists