Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp1014204rdb;
        Sun, 1 Oct 2023 16:06:10 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGrOuPgeDYj5YdxDC3HdnnfgSAP4U/aNW0CGcp8jmMLbe3UPilfRnv+xv1jy0lPRLxqV1If
X-Received: by 2002:a05:6870:a686:b0:1c8:ca70:dd0c with SMTP id i6-20020a056870a68600b001c8ca70dd0cmr12421580oam.19.1696201569736;
        Sun, 01 Oct 2023 16:06:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696201569; cv=none;
        d=google.com; s=arc-20160816;
        b=q00VIhul4p5AYuzbf0s6+mo2sZFOPisgp0XVvfI2NAAodhEKP07SZg+KWr8pTM2Dgw
         Y2nAoLHBS3HkJdgaQbf/KU3RJ+41nUz4cA0FTs+toigsdE8fcu8983Qn80NV9ml/NuEk
         zs/6hGOI8WBgxgmT5q5hhxtyQVAA5FpJl+9GFyHGJCGaBLhS4TmkBQzP4KvSAF38cGOd
         0BJ5gvjcmIkHQwgYZr84HCoNC0asPtsgQ+fO0IFScH5wvPFKrsvqvg4hShutXkSeepUl
         q9Vs7kS5b4m8/CgmjjlJHH+/lihg/S+5jUG6q8iCkbFAK+AX/5auau4dIi68MsP3GYZM
         KYLw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=AlqqAdUK9+XiZ3vr9zfHOEKY61BQKj01sr184YRw5U0=;
        fh=0uM/YtfSfkPGXUSIbyJfnEEFShuV7I/j52zCWYGIvj8=;
        b=vCjGryFshdEgQX145fRHR9ENSwDMojXJHJyEd+iLxz0K+OuWjYUWL19VZP0BV991/9
         uVUtxu1xo3/4XjjHDhJvGXdgSwvddSvVf/E2PCtn0OsHgrPCHuiaENPyy5v8MEWQxVeT
         lUlpDarWNOnuyEiLiXGC9v/p0KnhTkw2DX/9hTRCXMLHXwrndcRfySPOhEqP5Z4Ov2N1
         XxFdXeATZYIkUDmYlqmyIWuhs0UR9rvFsCSwbIqB1aUaj0/rOR9+M/qsaCjbMSL6ddyw
         BP5ECiShzcfqXdj45UByJvq3dkVYv8NiXm5Harq/lEVhyjZnvsNDfLz3/+S24vv/8qoG
         RafA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=bHX8cDQX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6])
        by mx.google.com with ESMTPS id w186-20020a6382c3000000b00578ac490e7bsi26730173pgd.638.2023.10.01.16.06.07
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 01 Oct 2023 16:06:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=bHX8cDQX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by pete.vger.email (Postfix) with ESMTP id F3E048023765;
	Sun,  1 Oct 2023 08:20:29 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235164AbjJAPUD (ORCPT <rfc822;vegard.nossum@gmail.com>
        + 99 others); Sun, 1 Oct 2023 11:20:03 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55942 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235113AbjJAPUB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 1 Oct 2023 11:20:01 -0400
Received: from mail-vk1-xa32.google.com (mail-vk1-xa32.google.com [IPv6:2607:f8b0:4864:20::a32])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AE27C99
        for <linux-kernel@vger.kernel.org>; Sun,  1 Oct 2023 08:19:59 -0700 (PDT)
Received: by mail-vk1-xa32.google.com with SMTP id 71dfb90a1353d-49d0d90a7ddso1134283e0c.0
        for <linux-kernel@vger.kernel.org>; Sun, 01 Oct 2023 08:19:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1696173599; x=1696778399; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=AlqqAdUK9+XiZ3vr9zfHOEKY61BQKj01sr184YRw5U0=;
        b=bHX8cDQXbquFxXSYfRIsNfxRQw0HhsYskdQKU0/x1WIpKGMBHG6qLpO7HmW+IuzFmE
         eG2+3mMWT6UzBz41ua9mr42t/rezTke6WSax33mHOgMFV2xyr/cKfyQ6hTDU5z0Vq9Rq
         HR98pljJqSDdHoNv2csl7t0QOceIOhLciU3Xa8tGQtJ8b5LhYkRo6GSp8rFAcg6ljBoZ
         /rbprA1gBnfRMWukIUwonNlnj84qCcHDaSX1OhpGjH8ln/6ADpW9f4cxRk1BKwfBpWKR
         mr+c/Parbwu8MAKP/Dar21MI+ceZbUh/FJHUslA9VJ8rUZROg+JQjoSlUoPaT7OO9GGK
         rDTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1696173599; x=1696778399;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=AlqqAdUK9+XiZ3vr9zfHOEKY61BQKj01sr184YRw5U0=;
        b=rr3YOvceg2geCoWxkUn8Xprj125O2eXFtURw56I0z+LuBv/4AKp+c4hQomri2uYfQ9
         gli2xgXu4NEs2MpD9zqjdOSSasrfQQWnOu6DktkJybXCTYFN7GJeMLyplyT/GtB6/H4T
         UQ8bxU82r5B+gWpJJH9r+YhFOUANMbtbolBbAaXxUt2vE5SkCqQzWfNWJ9rOp+w9LzjP
         8RvLDB64Go/EYTKfTK6fy+CBpUJVGJHT60rD8GfO5RJHUJmdHt+++Lo01uxDNvG07XF+
         nI7BFnT/oVwjycw0z+wOmzXHAoNCsSh7x2zjbEdg/NIMf8OXHdu3OTr7h2N/a5zQ7nZq
         gVqQ==
X-Gm-Message-State: AOJu0YwHSBKR++sT9Xn+ODv68Gz4cu+4gIbUWUjQ1Mh+iZ2gglXWHe3g
        DJBf/+ZumsYxewr9ck5WZZCRTKKUzCz7voOYvBevOSZ0
X-Received: by 2002:a1f:c5c7:0:b0:49a:6dc0:5a89 with SMTP id
 v190-20020a1fc5c7000000b0049a6dc05a89mr6121125vkf.5.1696173598711; Sun, 01
 Oct 2023 08:19:58 -0700 (PDT)
MIME-Version: 1.0
References: <20230929211155.3910949-4-samitolvanen@google.com>
 <20230929211155.3910949-6-samitolvanen@google.com> <202309291452.66ED9B4D83@keescook>
 <CABCJKufxUVoO+yJ+513W5FOFu6u45N=6wZe6a69u+8LU6A_N2Q@mail.gmail.com>
 <20230930-emporium-share-2bbdf7074e54@spud> <202309301400.4E1AD87@keescook>
In-Reply-To: <202309301400.4E1AD87@keescook>
From:   Pedro Falcato <pedro.falcato@gmail.com>
Date:   Sun, 1 Oct 2023 16:19:47 +0100
Message-ID: <CAKbZUD08W9_HB9F7tQqwreYvVapgVMOkS3QokzwHPcBnFnVMig@mail.gmail.com>
Subject: Re: [PATCH 2/2] riscv: mm: Update mmap_rnd_bits_max
To:     Kees Cook <keescook@chromium.org>
Cc:     Conor Dooley <conor@kernel.org>,
        Sami Tolvanen <samitolvanen@google.com>,
        Paul Walmsley <paul.walmsley@sifive.com>,
        Palmer Dabbelt <palmer@dabbelt.com>,
        Albert Ou <aou@eecs.berkeley.edu>,
        Andrew Morton <akpm@linux-foundation.org>, linux-mm@kvack.org,
        linux-riscv@lists.infradead.org, llvm@lists.linux.dev,
        linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Sun, 01 Oct 2023 08:20:30 -0700 (PDT)

On Sun, Oct 1, 2023 at 2:51=E2=80=AFAM Kees Cook <keescook@chromium.org> wr=
ote:
>
> On Sat, Sep 30, 2023 at 10:02:35AM +0100, Conor Dooley wrote:
> > On Fri, Sep 29, 2023 at 03:52:22PM -0700, Sami Tolvanen wrote:
> > > On Fri, Sep 29, 2023 at 2:54=E2=80=AFPM Kees Cook <keescook@chromium.=
org> wrote:
> > > >
> > > > On Fri, Sep 29, 2023 at 09:11:58PM +0000, Sami Tolvanen wrote:
> > > > > ARCH_MMAP_RND_BITS_MAX is based on Sv39, which leaves a few
> > > > > potential bits of mmap randomness on the table if we end up enabl=
ing
> > > > > 4/5-level paging. Update mmap_rnd_bits_max to take the final addr=
ess
> > > > > space size into account. This increases mmap_rnd_bits_max from 24=
 to
> > > > > 33 with Sv48/57.
> > > > >
> > > > > Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
> > > >
> > > > I like this. Is RISCV the only arch where the paging level can be c=
hosen
> > > > at boot time?
> > >
> > > I haven't seen this elsewhere, but I also haven't looked at all the
> > > other architectures that closely. arm64 does something interesting
> > > with ARM64_VA_BITS_52, but I think we can still handle that in
> > > Kconfig.
> >
> > AFAIU, x86-64 can do this also:
> >
> >       no4lvl          [RISCV] Disable 4-level and 5-level paging modes.=
 Forces
> >                       kernel to use 3-level paging instead.
> >
> >       no5lvl          [X86-64,RISCV] Disable 5-level paging mode. Force=
s
> >                       kernel to use 4-level paging instead.
>
> Ah-ha! Okay, well, then let's track this idea:
> https://github.com/KSPP/linux/issues/346

(Replying here for visibility, tell me if you want to move this
discussion to github)

AIUI, x86 cannot do this for compat reasons. Even if you enable LA57,
mmap only gives you < 48-bit addresses, for compatibility with things
like JITs, etc that stash information in the upper 16 bits. You need
to pass a > 48-bit mmap hint to get 57-bit addresses.

I imagine riscv does not have this issue yet, due to little
accumulated cruft, but it may be wise to check against popular JITters
for these problems on riscv code.

--=20
Pedro