| Message ID | 20190724055850.6232-15-alex@ghiti.fr (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Provide generic top-down mmap layout functions | expand |
Hi Alexandre, I have a few questions about this patch. Sorry to be dense here ... On Wed, 24 Jul 2019, Alexandre Ghiti wrote: > In order to avoid wasting user address space by using bottom-up mmap > allocation scheme, prefer top-down scheme when possible. > > Before: > root@qemuriscv64:~# cat /proc/self/maps > 00010000-00016000 r-xp 00000000 fe:00 6389 /bin/cat.coreutils > 00016000-00017000 r--p 00005000 fe:00 6389 /bin/cat.coreutils > 00017000-00018000 rw-p 00006000 fe:00 6389 /bin/cat.coreutils > 00018000-00039000 rw-p 00000000 00:00 0 [heap] > 1555556000-155556d000 r-xp 00000000 fe:00 7193 /lib/ld-2.28.so > 155556d000-155556e000 r--p 00016000 fe:00 7193 /lib/ld-2.28.so > 155556e000-155556f000 rw-p 00017000 fe:00 7193 /lib/ld-2.28.so > 155556f000-1555570000 rw-p 00000000 00:00 0 > 1555570000-1555572000 r-xp 00000000 00:00 0 [vdso] > 1555574000-1555576000 rw-p 00000000 00:00 0 > 1555576000-1555674000 r-xp 00000000 fe:00 7187 /lib/libc-2.28.so > 1555674000-1555678000 r--p 000fd000 fe:00 7187 /lib/libc-2.28.so > 1555678000-155567a000 rw-p 00101000 fe:00 7187 /lib/libc-2.28.so > 155567a000-15556a0000 rw-p 00000000 00:00 0 > 3fffb90000-3fffbb1000 rw-p 00000000 00:00 0 [stack] > > After: > root@qemuriscv64:~# cat /proc/self/maps > 00010000-00016000 r-xp 00000000 fe:00 6389 /bin/cat.coreutils > 00016000-00017000 r--p 00005000 fe:00 6389 /bin/cat.coreutils > 00017000-00018000 rw-p 00006000 fe:00 6389 /bin/cat.coreutils > 2de81000-2dea2000 rw-p 00000000 00:00 0 [heap] > 3ff7eb6000-3ff7ed8000 rw-p 00000000 00:00 0 > 3ff7ed8000-3ff7fd6000 r-xp 00000000 fe:00 7187 /lib/libc-2.28.so > 3ff7fd6000-3ff7fda000 r--p 000fd000 fe:00 7187 /lib/libc-2.28.so > 3ff7fda000-3ff7fdc000 rw-p 00101000 fe:00 7187 /lib/libc-2.28.so > 3ff7fdc000-3ff7fe2000 rw-p 00000000 00:00 0 > 3ff7fe4000-3ff7fe6000 r-xp 00000000 00:00 0 [vdso] > 3ff7fe6000-3ff7ffd000 r-xp 00000000 fe:00 7193 /lib/ld-2.28.so > 3ff7ffd000-3ff7ffe000 r--p 00016000 fe:00 7193 /lib/ld-2.28.so > 3ff7ffe000-3ff7fff000 rw-p 00017000 fe:00 7193 /lib/ld-2.28.so > 3ff7fff000-3ff8000000 rw-p 00000000 00:00 0 > 3fff888000-3fff8a9000 rw-p 00000000 00:00 0 [stack] > > Signed-off-by: Alexandre Ghiti <alex@ghiti.fr> > Reviewed-by: Christoph Hellwig <hch@lst.de> > Reviewed-by: Kees Cook <keescook@chromium.org> > --- > arch/riscv/Kconfig | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index 59a4727ecd6c..6a63973873fd 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -54,6 +54,17 @@ config RISCV > select EDAC_SUPPORT > select ARCH_HAS_GIGANTIC_PAGE > select ARCH_WANT_HUGE_PMD_SHARE if 64BIT > + select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU > + select HAVE_ARCH_MMAP_RND_BITS > + > +config ARCH_MMAP_RND_BITS_MIN > + default 18 Could you help me understand the rationale behind this constant? > + > +# max bits determined by the following formula: > +# VA_BITS - PAGE_SHIFT - 3 I realize that these lines are probably copied from arch/arm64/Kconfig. But the rationale behind the "- 3" is not immediately obvious. This apparently originates from commit 8f0d3aa9de57 ("arm64: mm: support ARCH_MMAP_RND_BITS"). Can you provide any additional context here? > +config ARCH_MMAP_RND_BITS_MAX > + default 33 if 64BIT # SV48 based The rationale here is clear for Sv48, per the above formula: (48 - 12 - 3) = 33 > + default 18 However, here it is less clear to me. For Sv39, shouldn't this be (39 - 12 - 3) = 24 ? And what about Sv32? - Paul
On 7/26/19 2:20 AM, Paul Walmsley wrote: > Hi Alexandre, > > I have a few questions about this patch. Sorry to be dense here ... > > On Wed, 24 Jul 2019, Alexandre Ghiti wrote: > >> In order to avoid wasting user address space by using bottom-up mmap >> allocation scheme, prefer top-down scheme when possible. >> >> Before: >> root@qemuriscv64:~# cat /proc/self/maps >> 00010000-00016000 r-xp 00000000 fe:00 6389 /bin/cat.coreutils >> 00016000-00017000 r--p 00005000 fe:00 6389 /bin/cat.coreutils >> 00017000-00018000 rw-p 00006000 fe:00 6389 /bin/cat.coreutils >> 00018000-00039000 rw-p 00000000 00:00 0 [heap] >> 1555556000-155556d000 r-xp 00000000 fe:00 7193 /lib/ld-2.28.so >> 155556d000-155556e000 r--p 00016000 fe:00 7193 /lib/ld-2.28.so >> 155556e000-155556f000 rw-p 00017000 fe:00 7193 /lib/ld-2.28.so >> 155556f000-1555570000 rw-p 00000000 00:00 0 >> 1555570000-1555572000 r-xp 00000000 00:00 0 [vdso] >> 1555574000-1555576000 rw-p 00000000 00:00 0 >> 1555576000-1555674000 r-xp 00000000 fe:00 7187 /lib/libc-2.28.so >> 1555674000-1555678000 r--p 000fd000 fe:00 7187 /lib/libc-2.28.so >> 1555678000-155567a000 rw-p 00101000 fe:00 7187 /lib/libc-2.28.so >> 155567a000-15556a0000 rw-p 00000000 00:00 0 >> 3fffb90000-3fffbb1000 rw-p 00000000 00:00 0 [stack] >> >> After: >> root@qemuriscv64:~# cat /proc/self/maps >> 00010000-00016000 r-xp 00000000 fe:00 6389 /bin/cat.coreutils >> 00016000-00017000 r--p 00005000 fe:00 6389 /bin/cat.coreutils >> 00017000-00018000 rw-p 00006000 fe:00 6389 /bin/cat.coreutils >> 2de81000-2dea2000 rw-p 00000000 00:00 0 [heap] >> 3ff7eb6000-3ff7ed8000 rw-p 00000000 00:00 0 >> 3ff7ed8000-3ff7fd6000 r-xp 00000000 fe:00 7187 /lib/libc-2.28.so >> 3ff7fd6000-3ff7fda000 r--p 000fd000 fe:00 7187 /lib/libc-2.28.so >> 3ff7fda000-3ff7fdc000 rw-p 00101000 fe:00 7187 /lib/libc-2.28.so >> 3ff7fdc000-3ff7fe2000 rw-p 00000000 00:00 0 >> 3ff7fe4000-3ff7fe6000 r-xp 00000000 00:00 0 [vdso] >> 3ff7fe6000-3ff7ffd000 r-xp 00000000 fe:00 7193 /lib/ld-2.28.so >> 3ff7ffd000-3ff7ffe000 r--p 00016000 fe:00 7193 /lib/ld-2.28.so >> 3ff7ffe000-3ff7fff000 rw-p 00017000 fe:00 7193 /lib/ld-2.28.so >> 3ff7fff000-3ff8000000 rw-p 00000000 00:00 0 >> 3fff888000-3fff8a9000 rw-p 00000000 00:00 0 [stack] >> >> Signed-off-by: Alexandre Ghiti <alex@ghiti.fr> >> Reviewed-by: Christoph Hellwig <hch@lst.de> >> Reviewed-by: Kees Cook <keescook@chromium.org> >> --- >> arch/riscv/Kconfig | 11 +++++++++++ >> 1 file changed, 11 insertions(+) >> >> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig >> index 59a4727ecd6c..6a63973873fd 100644 >> --- a/arch/riscv/Kconfig >> +++ b/arch/riscv/Kconfig >> @@ -54,6 +54,17 @@ config RISCV >> select EDAC_SUPPORT >> select ARCH_HAS_GIGANTIC_PAGE >> select ARCH_WANT_HUGE_PMD_SHARE if 64BIT >> + select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU >> + select HAVE_ARCH_MMAP_RND_BITS >> + >> +config ARCH_MMAP_RND_BITS_MIN >> + default 18 > Could you help me understand the rationale behind this constant? Indeed, I took that from arm64 code and I did not think enough about it: that's great you spotted this because that's a way too large value for 32 bits as it would, at minimum, make mmap random offset go up to 1GB (18 + 12), which is a big hole for this small address space :) arm and mips propose 8 as default value for 32bits systems which is 1MB offset at minimum. > >> + >> +# max bits determined by the following formula: >> +# VA_BITS - PAGE_SHIFT - 3 > I realize that these lines are probably copied from arch/arm64/Kconfig. > But the rationale behind the "- 3" is not immediately obvious. This > apparently originates from commit 8f0d3aa9de57 ("arm64: mm: support > ARCH_MMAP_RND_BITS"). Can you provide any additional context here? The formula comes from commit d07e22597d1d ("mm: mmap: add new /proc tunable for mmap_base ASLR"), where the author states that "generally a 3-4 bits less than the number of bits in the user-space accessible virtual address space [allows to] give the greatest flexibility without generating an invalid mmap_base address". In practice, that limits the mmap random offset to at maximum 1/8 (for - 3) of the total address space. > >> +config ARCH_MMAP_RND_BITS_MAX >> + default 33 if 64BIT # SV48 based > The rationale here is clear for Sv48, per the above formula: > > (48 - 12 - 3) = 33 > >> + default 18 > However, here it is less clear to me. For Sv39, shouldn't this be > > (39 - 12 - 3) = 24 > > ? And what about Sv32? You're right. Is there a way to distinguish between sv39 and sv48 here ? Thanks Paul, Alex > > > - Paul > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv
On Fri, 26 Jul 2019, Alexandre Ghiti wrote: > On 7/26/19 2:20 AM, Paul Walmsley wrote: > > > > On Wed, 24 Jul 2019, Alexandre Ghiti wrote: > > > > > In order to avoid wasting user address space by using bottom-up mmap > > > allocation scheme, prefer top-down scheme when possible. > > > > > > Before: > > > root@qemuriscv64:~# cat /proc/self/maps > > > 00010000-00016000 r-xp 00000000 fe:00 6389 /bin/cat.coreutils > > > 00016000-00017000 r--p 00005000 fe:00 6389 /bin/cat.coreutils > > > 00017000-00018000 rw-p 00006000 fe:00 6389 /bin/cat.coreutils > > > 00018000-00039000 rw-p 00000000 00:00 0 [heap] > > > 1555556000-155556d000 r-xp 00000000 fe:00 7193 /lib/ld-2.28.so > > > 155556d000-155556e000 r--p 00016000 fe:00 7193 /lib/ld-2.28.so > > > 155556e000-155556f000 rw-p 00017000 fe:00 7193 /lib/ld-2.28.so > > > 155556f000-1555570000 rw-p 00000000 00:00 0 > > > 1555570000-1555572000 r-xp 00000000 00:00 0 [vdso] > > > 1555574000-1555576000 rw-p 00000000 00:00 0 > > > 1555576000-1555674000 r-xp 00000000 fe:00 7187 /lib/libc-2.28.so > > > 1555674000-1555678000 r--p 000fd000 fe:00 7187 /lib/libc-2.28.so > > > 1555678000-155567a000 rw-p 00101000 fe:00 7187 /lib/libc-2.28.so > > > 155567a000-15556a0000 rw-p 00000000 00:00 0 > > > 3fffb90000-3fffbb1000 rw-p 00000000 00:00 0 [stack] > > > > > > After: > > > root@qemuriscv64:~# cat /proc/self/maps > > > 00010000-00016000 r-xp 00000000 fe:00 6389 /bin/cat.coreutils > > > 00016000-00017000 r--p 00005000 fe:00 6389 /bin/cat.coreutils > > > 00017000-00018000 rw-p 00006000 fe:00 6389 /bin/cat.coreutils > > > 2de81000-2dea2000 rw-p 00000000 00:00 0 [heap] > > > 3ff7eb6000-3ff7ed8000 rw-p 00000000 00:00 0 > > > 3ff7ed8000-3ff7fd6000 r-xp 00000000 fe:00 7187 /lib/libc-2.28.so > > > 3ff7fd6000-3ff7fda000 r--p 000fd000 fe:00 7187 /lib/libc-2.28.so > > > 3ff7fda000-3ff7fdc000 rw-p 00101000 fe:00 7187 /lib/libc-2.28.so > > > 3ff7fdc000-3ff7fe2000 rw-p 00000000 00:00 0 > > > 3ff7fe4000-3ff7fe6000 r-xp 00000000 00:00 0 [vdso] > > > 3ff7fe6000-3ff7ffd000 r-xp 00000000 fe:00 7193 /lib/ld-2.28.so > > > 3ff7ffd000-3ff7ffe000 r--p 00016000 fe:00 7193 /lib/ld-2.28.so > > > 3ff7ffe000-3ff7fff000 rw-p 00017000 fe:00 7193 /lib/ld-2.28.so > > > 3ff7fff000-3ff8000000 rw-p 00000000 00:00 0 > > > 3fff888000-3fff8a9000 rw-p 00000000 00:00 0 [stack] > > > > > > Signed-off-by: Alexandre Ghiti <alex@ghiti.fr> > > > Reviewed-by: Christoph Hellwig <hch@lst.de> > > > Reviewed-by: Kees Cook <keescook@chromium.org> > > > --- > > > arch/riscv/Kconfig | 11 +++++++++++ > > > 1 file changed, 11 insertions(+) > > > > > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > > > index 59a4727ecd6c..6a63973873fd 100644 > > > --- a/arch/riscv/Kconfig > > > +++ b/arch/riscv/Kconfig > > > @@ -54,6 +54,17 @@ config RISCV > > > select EDAC_SUPPORT > > > select ARCH_HAS_GIGANTIC_PAGE > > > select ARCH_WANT_HUGE_PMD_SHARE if 64BIT > > > + select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU > > > + select HAVE_ARCH_MMAP_RND_BITS > > > + > > > +config ARCH_MMAP_RND_BITS_MIN > > > + default 18 > > Could you help me understand the rationale behind this constant? > > > Indeed, I took that from arm64 code and I did not think enough about it: > that's great you spotted this because that's a way too large value for > 32 bits as it would, at minimum, make mmap random offset go up to 1GB > (18 + 12), which is a big hole for this small address space :) > > arm and mips propose 8 as default value for 32bits systems which is 1MB offset > at minimum. 8 seems like a fine minimum for Sv32. > > > + > > > +# max bits determined by the following formula: > > > +# VA_BITS - PAGE_SHIFT - 3 > > I realize that these lines are probably copied from arch/arm64/Kconfig. > > But the rationale behind the "- 3" is not immediately obvious. This > > apparently originates from commit 8f0d3aa9de57 ("arm64: mm: support > > ARCH_MMAP_RND_BITS"). Can you provide any additional context here? > > > The formula comes from commit d07e22597d1d ("mm: mmap: add new /proc > tunable for mmap_base ASLR"), where the author states that "generally a > 3-4 bits less than the number of bits in the user-space accessible > virtual address space [allows to] give the greatest flexibility without > generating an invalid mmap_base address". > > In practice, that limits the mmap random offset to at maximum 1/8 (for - > 3) of the total address space. OK. > > > +config ARCH_MMAP_RND_BITS_MAX > > > + default 33 if 64BIT # SV48 based > > The rationale here is clear for Sv48, per the above formula: > > > > (48 - 12 - 3) = 33 > > > > > + default 18 > > However, here it is less clear to me. For Sv39, shouldn't this be > > > > (39 - 12 - 3) = 24 > > > > ? And what about Sv32? > > > You're right. Is there a way to distinguish between sv39 and sv48 here ? This patch has just been posted: https://lore.kernel.org/linux-riscv/alpine.DEB.2.21.9999.1907261259420.26670@viisi.sifive.com/T/#u Assuming there are no negative comments, we'll plan to send it upstream during v5.3-rc. Your patch should be able to set different minimums and maximums based on the value of CONFIG_RISCV_VM_SV* - Paul
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 59a4727ecd6c..6a63973873fd 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -54,6 +54,17 @@ config RISCV select EDAC_SUPPORT select ARCH_HAS_GIGANTIC_PAGE select ARCH_WANT_HUGE_PMD_SHARE if 64BIT + select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU + select HAVE_ARCH_MMAP_RND_BITS + +config ARCH_MMAP_RND_BITS_MIN + default 18 + +# max bits determined by the following formula: +# VA_BITS - PAGE_SHIFT - 3 +config ARCH_MMAP_RND_BITS_MAX + default 33 if 64BIT # SV48 based + default 18 config MMU def_bool y