Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp3223761lqp; Tue, 26 Mar 2024 03:21:19 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVoKxZCm+j8z1GSPT27c4vZq9ezQt0+k61aSWZhA3Un0nyXVOyT1wiiuzry0IudCwg5fD2aqJXq4NHG4KQcZRJ4D+2Qy2+Ab1Ah56j9Gw== X-Google-Smtp-Source: AGHT+IHRL/KGWYt/oFdw85n82UzUhjja/FxCM01Yh6H4j+FwFjXO2BZ3tXjHwp5GDOerDjsXAQaX X-Received: by 2002:a05:6a20:8f06:b0:1a3:6817:1b03 with SMTP id b6-20020a056a208f0600b001a368171b03mr1466481pzk.4.1711448478959; Tue, 26 Mar 2024 03:21:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711448478; cv=pass; d=google.com; s=arc-20160816; b=iPg/4Pooo+78zbBg590bT0EygSQJxPoP+XIyc+61ipqfV1Lmn40p4aiiQswxG/t/cK sC1S8ARiTkxdGyRdaQ8+I9Wz0gg8vzb3M6jjCB+7tFmHkzmcXksot7w7YuWxeSoFEkTc 62zLE6fuArShDvzExWzl2IVR9E0vONABtQkhJA8dPjL/YrfbHnYxpa6SgwqSnYFgPPgi MORoxrUDwjSVXL7Dq2pnAQYb4lfcMzpmnyofkaarKNvQ4q2ZfoFXxaz6ELEC4havnigV mcaLzm8meTAKlb8Ush7CdJFLtGy4XP61uu7ZkLsjXRem/+l6oyhNWny9Y5XDfCjWVbU0 RFxA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:accept-language :in-reply-to:references:message-id:date:thread-index:thread-topic :subject:cc:to:from; bh=zAcUXFyLr77VpvLvJWQ1mxpnEFBr3QkWxmyNygh+e8E=; fh=gQiuYJpw7cJAXcWNuW2wRkBD8cTr5n/AGa8z9mXwk/o=; b=TVdkv9sohbM/vepdhmLsGgQz5oq9JtlE6V0BMC1kbfuFBSJPnLAiHKZjueYPoUU3gv NU2sZ4Xd3YM/JINTSQRZQ8EPlohQzEaYu4ePmmsXr3nYb6JADlm4mh5VYIJrhVZzj5qP JL5q8NdcnrsgnCSU+M9zGupOvDHEWSJOEoqjyFyUzY3e4SkEA/1M7pZWi0Y/ssXfUaD5 4do7mCVLZeWIpbJWXTlgwNB+eWE5YqxS9h1kKrfoQ9h0n9ST4ppZiVNV8+Onx4nw3n/F uqPjxBG7Rai5C3VZNtGcNSSBhCLOQc63uwQpofEzwZCttTSfgSI6xb2/DgO47dKQ5f7r 77JA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=aculab.com dmarc=pass fromdomain=aculab.com); spf=pass (google.com: domain of linux-kernel+bounces-118777-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-118777-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id j20-20020a63e754000000b005dc5576a4fasi9232383pgk.770.2024.03.26.03.21.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Mar 2024 03:21:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-118777-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=aculab.com dmarc=pass fromdomain=aculab.com); spf=pass (google.com: domain of linux-kernel+bounces-118777-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-118777-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 4119D2E716D for ; Tue, 26 Mar 2024 10:20:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8E6136EB58; Tue, 26 Mar 2024 10:20:05 +0000 (UTC) Received: from eu-smtp-delivery-151.mimecast.com (eu-smtp-delivery-151.mimecast.com [185.58.85.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 16B335C911 for ; Tue, 26 Mar 2024 10:20:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.58.85.151 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711448405; cv=none; b=dom9Fe+aTg6hsaAb9mf6spfbAFFu8vdDsRV6HYx8sinK7D0KPi0zfMPM9qPEqLbnSTYqrViifZ+1nJyw97Ayxrddk4axzz7NfbNjjvXTQ96713tFcbOlaShE2VkBS+CzzZXkAJWFmGiDskASLH3ccnhHJvxqK7JyFVuuK4V7ees= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711448405; c=relaxed/simple; bh=zAcUXFyLr77VpvLvJWQ1mxpnEFBr3QkWxmyNygh+e8E=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: MIME-Version:Content-Type; b=OhyhaYcKhs70nl3jdfB9+YPBWt3iyk4gNo/h4HoUaLKFjKn72IBxfD9+8zaAnzCOzEiTTiveqCOTvhQploMfN5hE3N9H4Z8bNYQZmdRqKAWn6LJG8Mg0gCLNEVE8Y7hCGmQRGVidk5s24Vdz/UmphqG09XbtApGXnlnixwQXc1s= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=ACULAB.COM; spf=pass smtp.mailfrom=aculab.com; arc=none smtp.client-ip=185.58.85.151 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=ACULAB.COM Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=aculab.com Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) by relay.mimecast.com with ESMTP with both STARTTLS and AUTH (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id uk-mta-88-FBtS3KNePk6yGweZO_w26Q-1; Tue, 26 Mar 2024 10:19:53 +0000 X-MC-Unique: FBtS3KNePk6yGweZO_w26Q-1 Received: from AcuMS.Aculab.com (10.202.163.4) by AcuMS.aculab.com (10.202.163.4) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 26 Mar 2024 10:19:28 +0000 Received: from AcuMS.Aculab.com ([::1]) by AcuMS.aculab.com ([::1]) with mapi id 15.00.1497.048; Tue, 26 Mar 2024 10:19:28 +0000 From: David Laight To: 'Arnd Bergmann' , Mark Rutland CC: Alexandre Ghiti , Samuel Holland , Alexandre Ghiti , "Palmer Dabbelt" , "linux-riscv@lists.infradead.org" , Albert Ou , "Andrew Morton" , Charlie Jenkins , guoren , Jisheng Zhang , Kemeng Shi , Matthew Wilcox , "Mike Rapoport" , Paul Walmsley , "Xiao W Wang" , Yangyu Chen , "linux-kernel@vger.kernel.org" Subject: RE: [PATCH] riscv: Define TASK_SIZE_MAX for __access_ok() Thread-Topic: [PATCH] riscv: Define TASK_SIZE_MAX for __access_ok() Thread-Index: AQHaeh3F9DUQSIkEB0u5Xt52XMTyX7FHT0cAgAGlN9CAAN1lkA== Date: Tue, 26 Mar 2024 10:19:28 +0000 Message-ID: <882fc86da89f4adb81570cde3a653e6f@AcuMS.aculab.com> References: <20240313180010.295747-1-samuel.holland@sifive.com> <88de4a1a-047e-4be9-b5b0-3e53434dc022@sifive.com> <95eb125d-dd54-42f1-b080-938faca6a8a1@app.fastmail.com> In-Reply-To: <95eb125d-dd54-42f1-b080-938faca6a8a1@app.fastmail.com> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable From: Arnd Bergmann > Sent: 25 March 2024 20:38 >=20 > On Mon, Mar 25, 2024, at 19:30, Mark Rutland wrote: > > On Mon, Mar 25, 2024 at 07:02:13PM +0100, Arnd Bergmann wrote: > >> On Mon, Mar 25, 2024, at 17:39, Mark Rutland wrote: > > > >> If an architecture ignores all the top bits of a virtual address, > >> the largest TASK_SIZE would be higher than the smallest (positive, > >> unsigned) PAGE_OFFSET, so you need TASK_SIZE_MAX to be dynamic. > > > > Agreed, but do we even support such architectures within Linux? >=20 > Apparently not. >=20 > On 32-bit architectures, you often have TASK_SIZE=3D=3DPAGE_OFFSET, > but not on 64-bit -- either the top few bits in PAGE_OFFSET are > always ones, or the user and kernel page tables are completely > separate. ISTR that arm64 uses (something like) bit 56 to select kernel with the annoying 'feature' that the high bits can be ignored just to complicate things. But I also recall the people that want 'address masking' for x86-64 have been persuaded that addresses with the top bit set are invalid. I has to be said that I'm not sure that aliasing user addresses like that is a good idea. If the TLB/PTE verified the masked bits it might be more use. If bit63 selects kernel addresses (as in x86-64) there is a massive (non-canonical address) gap before the first valid kernel address that is larger than the user address space (and hence buffer size). I think that lets access_ok() check ((address | size) >> 60) !=3D 0. Although it probably means that you don't need to test 'size' at all (unless some code probes the last byte of the buffer). For 32bit the user/kernel boundary is usually 0x80000000 or 0xc0000000 and there may not even be an invalid page between the two. This does require access_ok() check the length (even for get_user()). =09David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1= PT, UK Registration No: 1397386 (Wales)