lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <7be08ea9-f343-42da-805f-e5f0d61bde26@app.fastmail.com> Date: Fri, 06 Sep 2024 09:14:08 +0000 From: "Arnd Bergmann" <arnd@...db.de> To: "Lorenzo Stoakes" <lorenzo.stoakes@...cle.com> Cc: "Charlie Jenkins" <charlie@...osinc.com>, "Richard Henderson" <richard.henderson@...aro.org>, "Ivan Kokshaysky" <ink@...assic.park.msu.ru>, "Matt Turner" <mattst88@...il.com>, "Vineet Gupta" <vgupta@...nel.org>, "Russell King" <linux@...linux.org.uk>, guoren <guoren@...nel.org>, "Huacai Chen" <chenhuacai@...nel.org>, "WANG Xuerui" <kernel@...0n.name>, "Thomas Bogendoerfer" <tsbogend@...ha.franken.de>, "James E . J . Bottomley" <James.Bottomley@...senpartnership.com>, "Helge Deller" <deller@....de>, "Michael Ellerman" <mpe@...erman.id.au>, "Nicholas Piggin" <npiggin@...il.com>, "Christophe Leroy" <christophe.leroy@...roup.eu>, "Naveen N Rao" <naveen@...nel.org>, "Alexander Gordeev" <agordeev@...ux.ibm.com>, "Gerald Schaefer" <gerald.schaefer@...ux.ibm.com>, "Heiko Carstens" <hca@...ux.ibm.com>, "Vasily Gorbik" <gor@...ux.ibm.com>, "Christian Borntraeger" <borntraeger@...ux.ibm.com>, "Sven Schnelle" <svens@...ux.ibm.com>, "Yoshinori Sato" <ysato@...rs.sourceforge.jp>, "Rich Felker" <dalias@...c.org>, "John Paul Adrian Glaubitz" <glaubitz@...sik.fu-berlin.de>, "David S . Miller" <davem@...emloft.net>, "Andreas Larsson" <andreas@...sler.com>, "Thomas Gleixner" <tglx@...utronix.de>, "Ingo Molnar" <mingo@...hat.com>, "Borislav Petkov" <bp@...en8.de>, "Dave Hansen" <dave.hansen@...ux.intel.com>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, "Andy Lutomirski" <luto@...nel.org>, "Peter Zijlstra" <peterz@...radead.org>, "Muchun Song" <muchun.song@...ux.dev>, "Andrew Morton" <akpm@...ux-foundation.org>, "Liam R. Howlett" <Liam.Howlett@...cle.com>, "Vlastimil Babka" <vbabka@...e.cz>, shuah <shuah@...nel.org>, "Christoph Hellwig" <hch@...radead.org>, "Michal Hocko" <mhocko@...e.com>, "Kirill A. Shutemov" <kirill@...temov.name>, "Chris Torek" <chris.torek@...il.com>, Linux-Arch <linux-arch@...r.kernel.org>, linux-kernel@...r.kernel.org, linux-alpha@...r.kernel.org, linux-snps-arc@...ts.infradead.org, linux-arm-kernel@...ts.infradead.org, "linux-csky@...r.kernel.org" <linux-csky@...r.kernel.org>, loongarch@...ts.linux.dev, linux-mips@...r.kernel.org, linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org, linux-sh@...r.kernel.org, sparclinux@...r.kernel.org, linux-mm@...ck.org, linux-kselftest@...r.kernel.org, linux-abi-devel@...ts.sourceforge.net Subject: Re: [PATCH RFC v3 1/2] mm: Add personality flag to limit address to 47 bits On Fri, Sep 6, 2024, at 08:14, Lorenzo Stoakes wrote: > On Fri, Sep 06, 2024 at 07:17:44AM GMT, Arnd Bergmann wrote: >> On Thu, Sep 5, 2024, at 21:15, Charlie Jenkins wrote: >> > Create a personality flag ADDR_LIMIT_47BIT to support applications >> > that wish to transition from running in environments that support at >> > most 47-bit VAs to environments that support larger VAs. This >> > personality can be set to cause all allocations to be below the 47-bit >> > boundary. Using MAP_FIXED with mmap() will bypass this restriction. >> > >> > Signed-off-by: Charlie Jenkins <charlie@...osinc.com> >> >> I think having an architecture-independent mechanism to limit the size >> of the 64-bit address space is useful in general, and we've discussed >> the same thing for arm64 in the past, though we have not actually >> reached an agreement on the ABI previously. > > The thread on the original proposals attests to this being rather a fraught > topic, and I think the weight of opinion was more so in favour of opt-in > rather than opt-out. You mean opt-in to using the larger addresses like we do on arm64 and powerpc, while "opt-out" means a limit as Charlie suggested? >> > @@ -22,6 +22,7 @@ enum { >> > WHOLE_SECONDS = 0x2000000, >> > STICKY_TIMEOUTS = 0x4000000, >> > ADDR_LIMIT_3GB = 0x8000000, >> > + ADDR_LIMIT_47BIT = 0x10000000, >> > }; >> >> I'm a bit worried about having this done specifically in the >> personality flag bits, as they are rather limited. We obviously >> don't want to add many more such flags when there could be >> a way to just set the default limit. > > Since I'm the one who suggested it, I feel I should offer some kind of > vague defence here :) > > We shouldn't let perfect be the enemy of the good. This is a relatively > straightforward means of achieving the aim (assuming your concern about > arch_get_mmap_end() below isn't a blocker) which has the least impact on > existing code. > > Of course we can end up in absurdities where we start doing > ADDR_LIMIT_xxBIT... but again - it's simple, shouldn't represent an > egregious maintenance burden and is entirely opt-in so has things going for > it. I'm more confused now, I think most importantly we should try to handle this consistently across all architectures. The proposed implementation seems to completely block addresses above BIT(47) even for applications that opt in by calling mmap(BIT(47), ...), which seems to break the existing applications. If we want this flag for RISC-V and also keep the behavior of defaulting to >BIT(47) addresses for mmap(0, ...) how about changing arch_get_mmap_end() to return the limit based on ADDR_LIMIT_47BIT and then make this default to enabled on arm64 and powerpc but disabled on riscv? >> It's also unclear to me how we want this flag to interact with >> the existing logic in arch_get_mmap_end(), which attempts to >> limit the default mapping to a 47-bit address space already. > > How does ADDR_LIMIT_3GB presently interact with that? That is x86 specific and only relevant to compat tasks, limiting them to 3 instead of 4 GB. There is also ADDR_LIMIT_32BIT, which on arm32 is always set in practice to allow 32-bit addressing as opposed to ARMv2 style 26-bit addressing (IIRC ARMv3 supported both 26-bit and 32-bit addressing, while ARMv4 through ARMv7 are 32-bit only. Arnd
Powered by blists - more mailing lists