Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp1014204rdb; Sun, 1 Oct 2023 16:06:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGrOuPgeDYj5YdxDC3HdnnfgSAP4U/aNW0CGcp8jmMLbe3UPilfRnv+xv1jy0lPRLxqV1If X-Received: by 2002:a05:6870:a686:b0:1c8:ca70:dd0c with SMTP id i6-20020a056870a68600b001c8ca70dd0cmr12421580oam.19.1696201569736; Sun, 01 Oct 2023 16:06:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696201569; cv=none; d=google.com; s=arc-20160816; b=q00VIhul4p5AYuzbf0s6+mo2sZFOPisgp0XVvfI2NAAodhEKP07SZg+KWr8pTM2Dgw Y2nAoLHBS3HkJdgaQbf/KU3RJ+41nUz4cA0FTs+toigsdE8fcu8983Qn80NV9ml/NuEk zs/6hGOI8WBgxgmT5q5hhxtyQVAA5FpJl+9GFyHGJCGaBLhS4TmkBQzP4KvSAF38cGOd 0BJ5gvjcmIkHQwgYZr84HCoNC0asPtsgQ+fO0IFScH5wvPFKrsvqvg4hShutXkSeepUl q9Vs7kS5b4m8/CgmjjlJHH+/lihg/S+5jUG6q8iCkbFAK+AX/5auau4dIi68MsP3GYZM KYLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=AlqqAdUK9+XiZ3vr9zfHOEKY61BQKj01sr184YRw5U0=; fh=0uM/YtfSfkPGXUSIbyJfnEEFShuV7I/j52zCWYGIvj8=; b=vCjGryFshdEgQX145fRHR9ENSwDMojXJHJyEd+iLxz0K+OuWjYUWL19VZP0BV991/9 uVUtxu1xo3/4XjjHDhJvGXdgSwvddSvVf/E2PCtn0OsHgrPCHuiaENPyy5v8MEWQxVeT lUlpDarWNOnuyEiLiXGC9v/p0KnhTkw2DX/9hTRCXMLHXwrndcRfySPOhEqP5Z4Ov2N1 XxFdXeATZYIkUDmYlqmyIWuhs0UR9rvFsCSwbIqB1aUaj0/rOR9+M/qsaCjbMSL6ddyw BP5ECiShzcfqXdj45UByJvq3dkVYv8NiXm5Harq/lEVhyjZnvsNDfLz3/+S24vv/8qoG RafA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=bHX8cDQX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id w186-20020a6382c3000000b00578ac490e7bsi26730173pgd.638.2023.10.01.16.06.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Oct 2023 16:06:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=bHX8cDQX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id F3E048023765; Sun, 1 Oct 2023 08:20:29 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235164AbjJAPUD (ORCPT + 99 others); Sun, 1 Oct 2023 11:20:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55942 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235113AbjJAPUB (ORCPT ); Sun, 1 Oct 2023 11:20:01 -0400 Received: from mail-vk1-xa32.google.com (mail-vk1-xa32.google.com [IPv6:2607:f8b0:4864:20::a32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AE27C99 for ; Sun, 1 Oct 2023 08:19:59 -0700 (PDT) Received: by mail-vk1-xa32.google.com with SMTP id 71dfb90a1353d-49d0d90a7ddso1134283e0c.0 for ; Sun, 01 Oct 2023 08:19:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696173599; x=1696778399; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=AlqqAdUK9+XiZ3vr9zfHOEKY61BQKj01sr184YRw5U0=; b=bHX8cDQXbquFxXSYfRIsNfxRQw0HhsYskdQKU0/x1WIpKGMBHG6qLpO7HmW+IuzFmE eG2+3mMWT6UzBz41ua9mr42t/rezTke6WSax33mHOgMFV2xyr/cKfyQ6hTDU5z0Vq9Rq HR98pljJqSDdHoNv2csl7t0QOceIOhLciU3Xa8tGQtJ8b5LhYkRo6GSp8rFAcg6ljBoZ /rbprA1gBnfRMWukIUwonNlnj84qCcHDaSX1OhpGjH8ln/6ADpW9f4cxRk1BKwfBpWKR mr+c/Parbwu8MAKP/Dar21MI+ceZbUh/FJHUslA9VJ8rUZROg+JQjoSlUoPaT7OO9GGK rDTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696173599; x=1696778399; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AlqqAdUK9+XiZ3vr9zfHOEKY61BQKj01sr184YRw5U0=; b=rr3YOvceg2geCoWxkUn8Xprj125O2eXFtURw56I0z+LuBv/4AKp+c4hQomri2uYfQ9 gli2xgXu4NEs2MpD9zqjdOSSasrfQQWnOu6DktkJybXCTYFN7GJeMLyplyT/GtB6/H4T UQ8bxU82r5B+gWpJJH9r+YhFOUANMbtbolBbAaXxUt2vE5SkCqQzWfNWJ9rOp+w9LzjP 8RvLDB64Go/EYTKfTK6fy+CBpUJVGJHT60rD8GfO5RJHUJmdHt+++Lo01uxDNvG07XF+ nI7BFnT/oVwjycw0z+wOmzXHAoNCsSh7x2zjbEdg/NIMf8OXHdu3OTr7h2N/a5zQ7nZq gVqQ== X-Gm-Message-State: AOJu0YwHSBKR++sT9Xn+ODv68Gz4cu+4gIbUWUjQ1Mh+iZ2gglXWHe3g DJBf/+ZumsYxewr9ck5WZZCRTKKUzCz7voOYvBevOSZ0 X-Received: by 2002:a1f:c5c7:0:b0:49a:6dc0:5a89 with SMTP id v190-20020a1fc5c7000000b0049a6dc05a89mr6121125vkf.5.1696173598711; Sun, 01 Oct 2023 08:19:58 -0700 (PDT) MIME-Version: 1.0 References: <20230929211155.3910949-4-samitolvanen@google.com> <20230929211155.3910949-6-samitolvanen@google.com> <202309291452.66ED9B4D83@keescook> <20230930-emporium-share-2bbdf7074e54@spud> <202309301400.4E1AD87@keescook> In-Reply-To: <202309301400.4E1AD87@keescook> From: Pedro Falcato Date: Sun, 1 Oct 2023 16:19:47 +0100 Message-ID: Subject: Re: [PATCH 2/2] riscv: mm: Update mmap_rnd_bits_max To: Kees Cook Cc: Conor Dooley , Sami Tolvanen , Paul Walmsley , Palmer Dabbelt , Albert Ou , Andrew Morton , linux-mm@kvack.org, linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Sun, 01 Oct 2023 08:20:30 -0700 (PDT) On Sun, Oct 1, 2023 at 2:51=E2=80=AFAM Kees Cook wr= ote: > > On Sat, Sep 30, 2023 at 10:02:35AM +0100, Conor Dooley wrote: > > On Fri, Sep 29, 2023 at 03:52:22PM -0700, Sami Tolvanen wrote: > > > On Fri, Sep 29, 2023 at 2:54=E2=80=AFPM Kees Cook wrote: > > > > > > > > On Fri, Sep 29, 2023 at 09:11:58PM +0000, Sami Tolvanen wrote: > > > > > ARCH_MMAP_RND_BITS_MAX is based on Sv39, which leaves a few > > > > > potential bits of mmap randomness on the table if we end up enabl= ing > > > > > 4/5-level paging. Update mmap_rnd_bits_max to take the final addr= ess > > > > > space size into account. This increases mmap_rnd_bits_max from 24= to > > > > > 33 with Sv48/57. > > > > > > > > > > Signed-off-by: Sami Tolvanen > > > > > > > > I like this. Is RISCV the only arch where the paging level can be c= hosen > > > > at boot time? > > > > > > I haven't seen this elsewhere, but I also haven't looked at all the > > > other architectures that closely. arm64 does something interesting > > > with ARM64_VA_BITS_52, but I think we can still handle that in > > > Kconfig. > > > > AFAIU, x86-64 can do this also: > > > > no4lvl [RISCV] Disable 4-level and 5-level paging modes.= Forces > > kernel to use 3-level paging instead. > > > > no5lvl [X86-64,RISCV] Disable 5-level paging mode. Force= s > > kernel to use 4-level paging instead. > > Ah-ha! Okay, well, then let's track this idea: > https://github.com/KSPP/linux/issues/346 (Replying here for visibility, tell me if you want to move this discussion to github) AIUI, x86 cannot do this for compat reasons. Even if you enable LA57, mmap only gives you < 48-bit addresses, for compatibility with things like JITs, etc that stash information in the upper 16 bits. You need to pass a > 48-bit mmap hint to get 57-bit addresses. I imagine riscv does not have this issue yet, due to little accumulated cruft, but it may be wise to check against popular JITters for these problems on riscv code. --=20 Pedro