From: Paul Walmsley <paul.walmsley@sifive.com>
To: Alexandre Ghiti <alex@ghiti.fr>
Cc: linux-arm-kernel@lists.infradead.org,
Albert Ou <aou@eecs.berkeley.edu>,
Kees Cook <keescook@chromium.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Palmer Dabbelt <palmer@sifive.com>,
Will Deacon <will.deacon@arm.com>,
Russell King <linux@armlinux.org.uk>,
Ralf Baechle <ralf@linux-mips.org>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Paul Burton <paul.burton@mips.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
James Hogan <jhogan@kernel.org>,
linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
linux-mips@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
linux-riscv@lists.infradead.org,
Daniel Cashman <dcashman@google.com>,
Luis Chamberlain <mcgrof@kernel.org>
Subject: Re: [PATCH REBASE v4 14/14] riscv: Make mmap allocation top-down by default
Date: Fri, 26 Jul 2019 13:15:24 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.21.9999.1907261310490.26670@viisi.sifive.com> (raw)
In-Reply-To: <6b2b45a5-0ac4-db73-8f50-ab182a0cb621@ghiti.fr>
On Fri, 26 Jul 2019, Alexandre Ghiti wrote:
> On 7/26/19 2:20 AM, Paul Walmsley wrote:
> >
> > On Wed, 24 Jul 2019, Alexandre Ghiti wrote:
> >
> > > In order to avoid wasting user address space by using bottom-up mmap
> > > allocation scheme, prefer top-down scheme when possible.
> > >
> > > Before:
> > > root@qemuriscv64:~# cat /proc/self/maps
> > > 00010000-00016000 r-xp 00000000 fe:00 6389 /bin/cat.coreutils
> > > 00016000-00017000 r--p 00005000 fe:00 6389 /bin/cat.coreutils
> > > 00017000-00018000 rw-p 00006000 fe:00 6389 /bin/cat.coreutils
> > > 00018000-00039000 rw-p 00000000 00:00 0 [heap]
> > > 1555556000-155556d000 r-xp 00000000 fe:00 7193 /lib/ld-2.28.so
> > > 155556d000-155556e000 r--p 00016000 fe:00 7193 /lib/ld-2.28.so
> > > 155556e000-155556f000 rw-p 00017000 fe:00 7193 /lib/ld-2.28.so
> > > 155556f000-1555570000 rw-p 00000000 00:00 0
> > > 1555570000-1555572000 r-xp 00000000 00:00 0 [vdso]
> > > 1555574000-1555576000 rw-p 00000000 00:00 0
> > > 1555576000-1555674000 r-xp 00000000 fe:00 7187 /lib/libc-2.28.so
> > > 1555674000-1555678000 r--p 000fd000 fe:00 7187 /lib/libc-2.28.so
> > > 1555678000-155567a000 rw-p 00101000 fe:00 7187 /lib/libc-2.28.so
> > > 155567a000-15556a0000 rw-p 00000000 00:00 0
> > > 3fffb90000-3fffbb1000 rw-p 00000000 00:00 0 [stack]
> > >
> > > After:
> > > root@qemuriscv64:~# cat /proc/self/maps
> > > 00010000-00016000 r-xp 00000000 fe:00 6389 /bin/cat.coreutils
> > > 00016000-00017000 r--p 00005000 fe:00 6389 /bin/cat.coreutils
> > > 00017000-00018000 rw-p 00006000 fe:00 6389 /bin/cat.coreutils
> > > 2de81000-2dea2000 rw-p 00000000 00:00 0 [heap]
> > > 3ff7eb6000-3ff7ed8000 rw-p 00000000 00:00 0
> > > 3ff7ed8000-3ff7fd6000 r-xp 00000000 fe:00 7187 /lib/libc-2.28.so
> > > 3ff7fd6000-3ff7fda000 r--p 000fd000 fe:00 7187 /lib/libc-2.28.so
> > > 3ff7fda000-3ff7fdc000 rw-p 00101000 fe:00 7187 /lib/libc-2.28.so
> > > 3ff7fdc000-3ff7fe2000 rw-p 00000000 00:00 0
> > > 3ff7fe4000-3ff7fe6000 r-xp 00000000 00:00 0 [vdso]
> > > 3ff7fe6000-3ff7ffd000 r-xp 00000000 fe:00 7193 /lib/ld-2.28.so
> > > 3ff7ffd000-3ff7ffe000 r--p 00016000 fe:00 7193 /lib/ld-2.28.so
> > > 3ff7ffe000-3ff7fff000 rw-p 00017000 fe:00 7193 /lib/ld-2.28.so
> > > 3ff7fff000-3ff8000000 rw-p 00000000 00:00 0
> > > 3fff888000-3fff8a9000 rw-p 00000000 00:00 0 [stack]
> > >
> > > Signed-off-by: Alexandre Ghiti <alex@ghiti.fr>
> > > Reviewed-by: Christoph Hellwig <hch@lst.de>
> > > Reviewed-by: Kees Cook <keescook@chromium.org>
> > > ---
> > > arch/riscv/Kconfig | 11 +++++++++++
> > > 1 file changed, 11 insertions(+)
> > >
> > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> > > index 59a4727ecd6c..6a63973873fd 100644
> > > --- a/arch/riscv/Kconfig
> > > +++ b/arch/riscv/Kconfig
> > > @@ -54,6 +54,17 @@ config RISCV
> > > select EDAC_SUPPORT
> > > select ARCH_HAS_GIGANTIC_PAGE
> > > select ARCH_WANT_HUGE_PMD_SHARE if 64BIT
> > > + select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU
> > > + select HAVE_ARCH_MMAP_RND_BITS
> > > +
> > > +config ARCH_MMAP_RND_BITS_MIN
> > > + default 18
> > Could you help me understand the rationale behind this constant?
>
>
> Indeed, I took that from arm64 code and I did not think enough about it:
> that's great you spotted this because that's a way too large value for
> 32 bits as it would, at minimum, make mmap random offset go up to 1GB
> (18 + 12), which is a big hole for this small address space :)
>
> arm and mips propose 8 as default value for 32bits systems which is 1MB offset
> at minimum.
8 seems like a fine minimum for Sv32.
> > > +
> > > +# max bits determined by the following formula:
> > > +# VA_BITS - PAGE_SHIFT - 3
> > I realize that these lines are probably copied from arch/arm64/Kconfig.
> > But the rationale behind the "- 3" is not immediately obvious. This
> > apparently originates from commit 8f0d3aa9de57 ("arm64: mm: support
> > ARCH_MMAP_RND_BITS"). Can you provide any additional context here?
>
>
> The formula comes from commit d07e22597d1d ("mm: mmap: add new /proc
> tunable for mmap_base ASLR"), where the author states that "generally a
> 3-4 bits less than the number of bits in the user-space accessible
> virtual address space [allows to] give the greatest flexibility without
> generating an invalid mmap_base address".
>
> In practice, that limits the mmap random offset to at maximum 1/8 (for -
> 3) of the total address space.
OK.
> > > +config ARCH_MMAP_RND_BITS_MAX
> > > + default 33 if 64BIT # SV48 based
> > The rationale here is clear for Sv48, per the above formula:
> >
> > (48 - 12 - 3) = 33
> >
> > > + default 18
> > However, here it is less clear to me. For Sv39, shouldn't this be
> >
> > (39 - 12 - 3) = 24
> >
> > ? And what about Sv32?
>
>
> You're right. Is there a way to distinguish between sv39 and sv48 here ?
This patch has just been posted:
https://lore.kernel.org/linux-riscv/alpine.DEB.2.21.9999.1907261259420.26670@viisi.sifive.com/T/#u
Assuming there are no negative comments, we'll plan to send it upstream
during v5.3-rc. Your patch should be able to set different minimums and
maximums based on the value of CONFIG_RISCV_VM_SV*
- Paul
next prev parent reply other threads:[~2019-07-26 20:15 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-24 5:58 [PATCH REBASE v4 00/14] Provide generic top-down mmap layout functions Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 01/14] mm, fs: Move randomize_stack_top from fs to mm Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 02/14] arm64: Make use of is_compat_task instead of hardcoding this test Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 03/14] arm64: Consider stack randomization for mmap base only when necessary Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 04/14] arm64, mm: Move generic mmap layout functions to mm Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 05/14] arm64, mm: Make randomization selected by generic topdown mmap layout Alexandre Ghiti
2019-07-24 17:11 ` Luis Chamberlain
2019-07-25 5:48 ` Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 06/14] arm: Properly account for stack randomization and stack guard gap Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 07/14] arm: Use STACK_TOP when computing mmap base address Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 08/14] arm: Use generic mmap top-down layout and brk randomization Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 09/14] mips: Properly account for stack randomization and stack guard gap Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 10/14] mips: Use STACK_TOP when computing mmap base address Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 11/14] mips: Adjust brk randomization offset to fit generic version Alexandre Ghiti
2019-07-25 6:22 ` Alexandre Ghiti
2019-07-25 20:00 ` Kees Cook
2019-07-26 0:55 ` Andrew Morton
2019-07-24 5:58 ` [PATCH REBASE v4 12/14] mips: Replace arch specific way to determine 32bit task with " Alexandre Ghiti
2019-07-24 17:16 ` Luis Chamberlain
2019-07-25 6:09 ` Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 13/14] mips: Use generic mmap top-down layout and brk randomization Alexandre Ghiti
2019-07-24 5:58 ` [PATCH REBASE v4 14/14] riscv: Make mmap allocation top-down by default Alexandre Ghiti
2019-07-26 0:20 ` Paul Walmsley
2019-07-26 11:48 ` Alexandre Ghiti
2019-07-26 20:15 ` Paul Walmsley [this message]
2019-07-24 17:17 ` [PATCH REBASE v4 00/14] Provide generic top-down mmap layout functions Luis Chamberlain
2019-07-25 6:10 ` Alexandre Ghiti
2019-07-24 20:18 ` [EXTERNAL][PATCH " Paul Burton
2019-07-25 6:21 ` Alexandre Ghiti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.9999.1907261310490.26670@viisi.sifive.com \
--to=paul.walmsley@sifive.com \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=aou@eecs.berkeley.edu \
--cc=catalin.marinas@arm.com \
--cc=dcashman@google.com \
--cc=hch@lst.de \
--cc=jhogan@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux@armlinux.org.uk \
--cc=mcgrof@kernel.org \
--cc=palmer@sifive.com \
--cc=paul.burton@mips.com \
--cc=ralf@linux-mips.org \
--cc=viro@zeniv.linux.org.uk \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).