lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZYUhrTaXMqyRchyP@ghost>
Date: Thu, 21 Dec 2023 21:42:05 -0800
From: Charlie Jenkins <charlie@...osinc.com>
To: Leonardo Bras <leobras@...hat.com>
Cc: guoren@...nel.org, linux-kernel@...r.kernel.org,
	paul.walmsley@...ive.com, palmer@...belt.com,
	alexghiti@...osinc.com, xiao.w.wang@...el.com, david@...hat.com,
	panqinglin2020@...as.ac.cn, rick.p.edgecombe@...el.com,
	willy@...radead.org, bjorn@...osinc.com, conor.dooley@...rochip.com,
	cleger@...osinc.com, linux-riscv@...ts.infradead.org,
	Guo Ren <guoren@...ux.alibaba.com>, stable@...r.kernel.org
Subject: Re: [PATCH V2 2/4] riscv: mm: Fixup compat arch_get_mmap_end

On Fri, Dec 22, 2023 at 01:23:29AM -0300, Leonardo Bras wrote:
> On Thu, Dec 21, 2023 at 08:04:43PM -0800, Charlie Jenkins wrote:
> > On Fri, Dec 22, 2023 at 12:34:56AM -0300, Leonardo Bras wrote:
> > > On Thu, Dec 21, 2023 at 10:46:59AM -0500, guoren@...nel.org wrote:
> > > > From: Guo Ren <guoren@...ux.alibaba.com>
> > > > 
> > > > When the task is in COMPAT mode, the arch_get_mmap_end should be 2GB,
> > > > not TASK_SIZE_64. The TASK_SIZE has contained is_compat_mode()
> > > > detection, so change the definition of STACK_TOP_MAX to TASK_SIZE
> > > > directly.
> > > 
> > > ok
> > > 
> > > > 
> > > > Cc: stable@...r.kernel.org
> > > > Fixes: add2cc6b6515 ("RISC-V: mm: Restrict address space for sv39,sv48,sv57")
> > > > Signed-off-by: Guo Ren <guoren@...ux.alibaba.com>
> > > > Signed-off-by: Guo Ren <guoren@...nel.org>
> > > > ---
> > > >  arch/riscv/include/asm/processor.h | 6 ++----
> > > >  1 file changed, 2 insertions(+), 4 deletions(-)
> > > > 
> > > > diff --git a/arch/riscv/include/asm/processor.h b/arch/riscv/include/asm/processor.h
> > > > index f19f861cda54..1f538fc4448d 100644
> > > > --- a/arch/riscv/include/asm/processor.h
> > > > +++ b/arch/riscv/include/asm/processor.h
> > > > @@ -16,15 +16,13 @@
> > > >  
> > > >  #ifdef CONFIG_64BIT
> > > >  #define DEFAULT_MAP_WINDOW	(UL(1) << (MMAP_VA_BITS - 1))
> > > > -#define STACK_TOP_MAX		TASK_SIZE_64
> > > > +#define STACK_TOP_MAX		TASK_SIZE
> > > 
> > > It means STACK_TOP_MAX will be in 64BIT:
> > > - TASK_SIZE_32 if compat_mode=y
> > > - TASK_SIZE_64 if compat_mode=n
> > > 
> > > Makes sense for me.
> > > 
> > > >  
> > > >  #define arch_get_mmap_end(addr, len, flags)			\
> > > >  ({								\
> > > >  	unsigned long mmap_end;					\
> > > >  	typeof(addr) _addr = (addr);				\
> > > > -	if ((_addr) == 0 || (IS_ENABLED(CONFIG_COMPAT) && is_compat_task())) \
> > > > -		mmap_end = STACK_TOP_MAX;			\
> > > > -	else if ((_addr) >= VA_USER_SV57)			\
> > > > +	if ((_addr) == 0 || (_addr) >= VA_USER_SV57)		\
> > > >  		mmap_end = STACK_TOP_MAX;			\
> > > >  	else if ((((_addr) >= VA_USER_SV48)) && (VA_BITS >= VA_BITS_SV48)) \
> > > >  		mmap_end = VA_USER_SV48;			\
> > > 
> > > 
> > > I don't think I got this change, or how it's connected to the commit msg.
> > > 
> > > Before:
> > > - addr == 0, or addr > 2^57, or compat: mmap_end = STACK_TOP_MAX
> > > - 2^48 < addr < 2^57: mmap_end = 2^48
> > > - 0 < addr < 2^48 : mmap_end = 2^39
> > > 
> > > Now:
> > > - addr == 0, or addr > 2^57: mmap_end = STACK_TOP_MAX
> > > - 2^48 < addr < 2^57: mmap_end = 2^48
> > > - 0 < addr < 2^48 : mmap_end = 2^39
> > > 
> > > IIUC compat mode addr will be < 2^32, so will always have mmap_end = 2^39 
> > > if addr != 0. Is that desireable? 
> > > (if not, above change is unneeded)
> > 
> > I agree, this change does not make sense for compat mode. Compat mode
> > should never return an address that is greater than 2^32, but this
> > change allows that.
> > 
> > > 
> > > Also, unrelated to the change:
> > > - 2^48 < addr < 2^57: mmap_end = 2^48
> > > Is the above correct?
> > > It looks like it should be 2^57 instead, and a new if clause for 
> > > 2^32 < addr < 2^48 should have mmap_end = 2^48.
> > 
> > That is not the case. I documented this behavior and reasoning in
> > Documentation/arch/riscv/vm-layout.rst in the "Userspace VAs" section.
> > 
> > I can reiterate here though. The hint address to mmap (defined here as
> > "addr") is the maximum userspace address that mmap should provide. What
> > you are describing is a minimum. The purpose of this change was to allow
> > applications that are not compatible with a larger virtual address (such
> > as applications like Java that use the upper bits of the VA to store
> > data) to have a consistent way of specifying how many bits they would
> > like to be left free in the VA. This requires to take the next lowest
> > address space to guaruntee that all of the most-significant bits left
> > clear in hint address do not end up populated in the virtual address
> > returned by mmap.
> > 
> > - Charlie
> 
> Hello Charlie, thank you for helping me understand!
> 
> Ok, that does make sense now! The addr value hints "don't allocate > addr"
> and thus:
> 
> - 0 < addr < 2^48 : mmap_end = 2^39
> - 2^48 < addr < 2^57: mmap_end = 2^48
> 
> Ok, but then
> - addr > 2^57: mmap_end = 2^57
> right?
> 
> I mean, probably STACK_TOP_MAX in non-compat mode means 2^57 already, but 
> having it explicitly like:
> 
>  else if ((_addr) >= VA_USER_SV57)                       \
>          mmap_end = VA_USER_SV57;                        \
> 
> would not be better for a future full 64-bit addressing?
> (since it's already on a different if clause)

I agree, that does make more sense.

> 
> I could add comment on top of the macro with a short version on your addr 
> hint description above. Would that be ok?

Sure :)

- Charlie

> 
> Thanks!
> Leo
> 
> 
> 
> 
> 
> > 
> > > 
> > > Do I get it wrong?
> > > 
> > > (I will send an RFC 'fixing' the code the way I am whinking it should look 
> > > like)
> > > 
> > > Thanks, 
> > > Leo
> > > 
> > > 
> > > 
> > > 
> > > 
> > > > -- 
> > > > 2.40.1
> > > > 
> > > 
> > 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ