From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 70468C3DA41
	for <linux-mm@archiver.kernel.org>; Tue, 27 Jun 2023 22:32:53 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id BDCAE8D0002; Tue, 27 Jun 2023 18:32:52 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id B65B78D0001; Tue, 27 Jun 2023 18:32:52 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id A2CE58D0002; Tue, 27 Jun 2023 18:32:52 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 904158D0001
	for <linux-mm@kvack.org>; Tue, 27 Jun 2023 18:32:52 -0400 (EDT)
Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 4E7714022B
	for <linux-mm@kvack.org>; Tue, 27 Jun 2023 22:32:52 +0000 (UTC)
X-FDA: 80949978984.28.7331319
Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45])
	by imf02.hostedemail.com (Postfix) with ESMTP id 2A3638001C
	for <linux-mm@kvack.org>; Tue, 27 Jun 2023 22:32:49 +0000 (UTC)
Authentication-Results: imf02.hostedemail.com;
	dkim=pass header.d=jrtc27.com header.s=gmail.jrtc27.user header.b="KHKX3x3/";
	spf=pass (imf02.hostedemail.com: domain of jrtc27@jrtc27.com designates 209.85.128.45 as permitted sender) smtp.mailfrom=jrtc27@jrtc27.com;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1687905170;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=96mjTfQ9kY+9YoQpS1KAZ12o+s7Q28O5zoNqhn0CFLw=;
	b=6T0KRkkN0WhBKS2NdCOkTtyCDQ4Km+Ug3ysC1XS8vQaocyFjWxnd+UmVMKdpa11Sckfu/8
	qCC1/P6D/0b91JJdZ7pzfsWMyWgwTYTLRsm82T1gCqDnWwQ7tsRTFyTYqXhODiNKKTALAj
	NKVL4w0dqp1WXkuxcmLO93P+8jv6gJg=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687905170; a=rsa-sha256;
	cv=none;
	b=G1kTWbzGZvBZwj5ZcoN806M5rp0uhpE6NHLj0qLbeahcv7AYWINsoysVQ8AXFK0/YIJl0R
	V0ljLYThJv7wSOzBuco9iVic36mu9akQVNThWY8vTbUKkCBg9DCgcTGaIgwCSky+Giq2cW
	bJ/Mgw2TEhZvBkoMtV3mkJBfgdY80KM=
ARC-Authentication-Results: i=1;
	imf02.hostedemail.com;
	dkim=pass header.d=jrtc27.com header.s=gmail.jrtc27.user header.b="KHKX3x3/";
	spf=pass (imf02.hostedemail.com: domain of jrtc27@jrtc27.com designates 209.85.128.45 as permitted sender) smtp.mailfrom=jrtc27@jrtc27.com;
	dmarc=none
Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-3fa9850bfd9so27670445e9.0
        for <linux-mm@kvack.org>; Tue, 27 Jun 2023 15:32:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=jrtc27.com; s=gmail.jrtc27.user; t=1687905168; x=1690497168;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=96mjTfQ9kY+9YoQpS1KAZ12o+s7Q28O5zoNqhn0CFLw=;
        b=KHKX3x3/xnUbcE9dNXX+UPf5rVUm/vAXIfnMCaYvfN1O7zLXkWxkqIr4fXCFAysZK0
         U17/JvZ8Aicy8einjjOf+lGga/SqFh+KbN5MByku+rszdWVtxLflpzmRQPPsw+sQdtca
         ARq389WyD4Dd2msj2BusZkJoBeyqFHo8GM/qFd/HolyIyIdStUG+TLyE1q/Pe9S74tHD
         i2LWaAyS7k/QA4X9zG/yL8pQ0Dep8F8f2f5SyG667W2UhSMVDaeVPEuCBuc1zL4NtjBb
         Ax1d+hTE8ixM8M1YIpxBGdwKN6hj7wI/ofutyUJS2eAFrUTKVMmuzlo8sTKekWhf+XcJ
         Qe3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1687905168; x=1690497168;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=96mjTfQ9kY+9YoQpS1KAZ12o+s7Q28O5zoNqhn0CFLw=;
        b=ABrr4n/SQ2Jp/k4nKXEZk0mJYkY4eZTrrCl6jQoFXoD5pyKzerq31SdtxHCI2Fa62M
         y+Jkj3+u+gtZc4kt8uHgo6ErqM8NqwLw1bgkDjXOKWhRln83kd7ATbU/rzLINpqYYpQt
         PcgCBoX6GupeEHqfCBIc+AGS2vmGV8x9gEtNYSuKf4M0QhfAiCyjtW7MNjWR0dUfBi/1
         MA6HTbVQnBlRKanLZrOzjuLQaIGdi6+uLvw9oZLo7cJgiEE72H+UiE3+wZWwgKZUvakT
         tEIo2FsS1QOHjG/F++Y43JFEUxPAWb0/QohMJLNSlp0ADiXjNdP+1Gwn3fju9DHk6cL1
         j0yQ==
X-Gm-Message-State: AC+VfDz5q+cB+8jfSiDJmAl5KFHUeRVnEsZq2/imODeZP9Uw9Zyf5k6Z
	aoC5dd5cNbqAIMqFY8qLvQP7ww==
X-Google-Smtp-Source: ACHHUZ56C4bQwPWT98hnSB+uKRS/WOCZaRkYvpaAwhlzkOui1rGSOpdwJa8Wm1Cus+cWjuCmOvVmQA==
X-Received: by 2002:a7b:cd89:0:b0:3fa:7991:52b3 with SMTP id y9-20020a7bcd89000000b003fa799152b3mr9680786wmj.5.1687905168246;
        Tue, 27 Jun 2023 15:32:48 -0700 (PDT)
Received: from smtpclient.apple ([131.111.5.246])
        by smtp.gmail.com with ESMTPSA id m5-20020a7bce05000000b003fbaade0735sm1622625wmc.19.2023.06.27.15.32.47
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 27 Jun 2023 15:32:47 -0700 (PDT)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Subject: Re: [PATCH 1/2] RISC-V: mm: Restrict address space for sv39,sv48,sv57
From: Jessica Clarke <jrtc27@jrtc27.com>
In-Reply-To: <20230627222152.177716-2-charlie@rivosinc.com>
Date: Tue, 27 Jun 2023 23:32:36 +0100
Cc: Alexandre Ghiti <alexghiti@rivosinc.com>,
 Atish Patra <atishp@rivosinc.com>,
 Conor Dooley <conor@kernel.org>,
 Paul Walmsley <paul.walmsley@sifive.com>,
 Palmer Dabbelt <palmer@rivosinc.com>,
 Albert Ou <aou@eecs.berkeley.edu>,
 bjorn@rivosinc.com,
 Anup Patel <anup@brainfault.org>,
 Evan Green <evan@rivosinc.com>,
 linux-riscv <linux-riscv@lists.infradead.org>,
 konstantin@linuxfoundation.org,
 linux-doc@vger.kernel.org,
 linux-kselftest@vger.kernel.org,
 linux-mm@kvack.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <473F7474-D7AA-4C9F-95A3-320F1741EC50@jrtc27.com>
References: <20230627222152.177716-1-charlie@rivosinc.com>
 <20230627222152.177716-2-charlie@rivosinc.com>
To: Charlie Jenkins <charlie@rivosinc.com>
X-Mailer: Apple Mail (2.3731.600.7)
X-Rspamd-Queue-Id: 2A3638001C
X-Rspam-User: 
X-Stat-Signature: ah9wc4g67e1h1no94aer3y9r8j7icszi
X-Rspamd-Server: rspam03
X-HE-Tag: 1687905169-991600
X-HE-Meta: U2FsdGVkX18zNn545FB02kzwLBdfiDqBEbGjfjUWh7kFIKxnhIBA0Qnjf6knwgplh1NcTqd+c39ed9z9TSK8NTVq1fF06aXgSRSfAeEz4zHIThLEKYNPIOsWSbG51P6I3w+fce6eQPmOgBOC1w7jzDnznRLRM/HWkF6FdpW4d162ANfAtsCWrOO22UmBg6d7TrLO//UWWuJqAcwM8iTt807R+r/x5vGvtqCPaFlI75VBnL+2aOX7jRI6w9kG3crXwRU7Bgykp7a4VcDpDJ7UN21MkmhWFnFuLiQJfPG4fd3Bxr0MaCPVe7+hewenDneyD2MuzP7CCkgNylojbopIcSQghrOAXbCzCbekIOZB9y/Ir8s4hkGYfXdKvGcrj7ylfhOYlgUTznMwXJE5izIDf9vdM9jklTO2xJC2T10wGXjv1F9aZT8Z1OsMkqlGmubeyww9tUGEvWgHjxdAoBo6sJVfOpmSZ2wjCC7EMMag1J8E6UqA64vQ/kD3z0KlUFsZ5DGlvfzxpYVSBwoATtX772ZWSKkIKmr2QUNgcY3op2qVLwAtQ/XbEGlb5tdANPeBtMRiety7oqVGUtS2QELVSwFgHTMeYfto2c8quIHWPXbat87vBp/hJovmwFKxC6f5C6m25J9Q9jAexmqR9P/Rwj75mszZppX9qaLh7qJMuy4zVixfbIvmcH1+8kQjxf7L7X9uhJHL4i24+TgK93gI+3IgQ/4auyE7CqLD91nMlC9hQnoBSXhBOEnIP15uG6bhoEHuGuHLrig8tyFQthIhtJ7a3urpLRCjNgTWs70G7gB6aWTSCmzd+u6/W6CAPALMMnRfJw8n5TUq7Iqt45kMUCE6wA0WpGpB7KOvLwYRfyOUrgguukXGk1CoKWA+gr7/lYCVnajIFrPfK1b2evmZ1O/SauJhKvozlkaPvEcxblDYtzSfnxx8oGexxnZ+AWvPxHSKfJ4JRms2WdsZjJQ
 A+zs8Z3i
 Xm0lj4OU2Hm8E2IpYHArGwhg3ExsoyEOX1KwzxTAMsGR4yhGKqRZ6S7JRHZzTCTl/oIjjiGU9+42+RD5W05tBwXGpeljOchuDP+zopRhM1Dy8sSbyKPe4qrBrdhvTyCNXI901lol3G5J7onkrvtClL+PWrmyxjpTtABiAwub9BKf9QFSjidxXApJNfdBFy0Teq2HeeRu6g1bVYKJHqJN4lkGEICNkRxNuF2dPHVH5QTwb09xol23NLZkqqm7lsFk/wyRqSPtCB+qQihwoX+4fYV8hZtCh8d/CLeLC7tYr8AcpOHgTqntgBhdhe9sNpNrMx+kZAUAvdWhuxzv00YiB+Zg1Nc57Ya9n2jdoJOHEHj2F0PcJ65rgQwfdGWmKa6nXQWZAOqSp9Y5Lw9O5g8p0u7Lgie1pKWia0nMhyuLaWUPFBmFq0cnb30b5TeiGajzgXlxExUerirG4HIREmSX8TR6otyw8TfUmLH6sm5tweJw5v0U=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000468, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 27 Jun 2023, at 23:21, Charlie Jenkins <charlie@rivosinc.com> wrote:
>=20
> Make sv39 the default address space for mmap as some applications
> currently depend on this assumption.

They are just plain wrong too. Sv48 was in even Priv v1.10 (the first
spec where satp was named as such and contained the mode, rather than
requiring M-mode=E2=80=99s help in configuring virtual memory), =
predating the
ratified v1.11 spec. A 39-bit address space is pathetic and has
implications for ASLR.

I strongly suggest applications be forced to support at least Sv48,
which is totally reasonable given the address space sizes used by other
architectures. Sv57 is more disruptive to some runtimes, though ideally
even that would be free for the kernel to use rather than committing to
not using it for the default uABI.

Jess

> The RISC-V specification enforces
> that bits outside of the virtual address range are not used, so
> restricting the size of the default address space as such should be
> temporary. A hint address passed to mmap will cause the largest =
address
> space that fits entirely into the hint to be used. If the hint is less
> than or equal to 1<<38, a 39-bit address will be used. After an =
address
> space is completely full, the next smallest address space will be =
used.
>=20
> Signed-off-by: Charlie Jenkins <charlie@rivosinc.com>
> ---
> arch/riscv/include/asm/elf.h       |  2 +-
> arch/riscv/include/asm/pgtable.h   | 13 +++++++++-
> arch/riscv/include/asm/processor.h | 41 +++++++++++++++++++++++++-----
> 3 files changed, 47 insertions(+), 9 deletions(-)
>=20
> diff --git a/arch/riscv/include/asm/elf.h =
b/arch/riscv/include/asm/elf.h
> index 30e7d2455960..1b57f13a1afd 100644
> --- a/arch/riscv/include/asm/elf.h
> +++ b/arch/riscv/include/asm/elf.h
> @@ -49,7 +49,7 @@ extern bool compat_elf_check_arch(Elf32_Ehdr *hdr);
>  * the loader.  We need to make sure that it is out of the way of the =
program
>  * that it will "exec", and that there is sufficient room for the brk.
>  */
> -#define ELF_ET_DYN_BASE ((TASK_SIZE / 3) * 2)
> +#define ELF_ET_DYN_BASE ((DEFAULT_MAP_WINDOW / 3) * 2)
>=20
> #ifdef CONFIG_64BIT
> #ifdef CONFIG_COMPAT
> diff --git a/arch/riscv/include/asm/pgtable.h =
b/arch/riscv/include/asm/pgtable.h
> index 75970ee2bda2..e83912e97870 100644
> --- a/arch/riscv/include/asm/pgtable.h
> +++ b/arch/riscv/include/asm/pgtable.h
> @@ -57,18 +57,29 @@
> #define MODULES_END (PFN_ALIGN((unsigned long)&_start))
> #endif
>=20
> +
> /*
>  * Roughly size the vmemmap space to be large enough to fit enough
>  * struct pages to map half the virtual address space. Then
>  * position vmemmap directly below the VMALLOC region.
>  */
> #ifdef CONFIG_64BIT
> +#define VA_BITS_SV39 39
> +#define VA_BITS_SV48 48
> +#define VA_BITS_SV57 57
> +
> +#define VA_USER_SV39 (UL(1) << (VA_BITS_SV39 - 1))
> +#define VA_USER_SV48 (UL(1) << (VA_BITS_SV48 - 1))
> +#define VA_USER_SV57 (UL(1) << (VA_BITS_SV57 - 1))
> +
> #define VA_BITS (pgtable_l5_enabled ? \
> - 57 : (pgtable_l4_enabled ? 48 : 39))
> + VA_BITS_SV57 : (pgtable_l4_enabled ? VA_BITS_SV48 : VA_BITS_SV39))
> #else
> #define VA_BITS 32
> #endif
>=20
> +#define DEFAULT_VA_BITS ((VA_BITS >=3D VA_BITS_SV39) ? VA_BITS_SV39 : =
VA_BITS)
> +
> #define VMEMMAP_SHIFT \
> (VA_BITS - PAGE_SHIFT - 1 + STRUCT_PAGE_MAX_SHIFT)
> #define VMEMMAP_SIZE BIT(VMEMMAP_SHIFT)
> diff --git a/arch/riscv/include/asm/processor.h =
b/arch/riscv/include/asm/processor.h
> index 6fb8bbec8459..019dcd4ecae4 100644
> --- a/arch/riscv/include/asm/processor.h
> +++ b/arch/riscv/include/asm/processor.h
> @@ -12,20 +12,47 @@
>=20
> #include <asm/ptrace.h>
>=20
> -/*
> - * This decides where the kernel will search for a free chunk of vm
> - * space during mmap's.
> - */
> -#define TASK_UNMAPPED_BASE PAGE_ALIGN(TASK_SIZE / 3)
> -
> -#define STACK_TOP TASK_SIZE
> #ifdef CONFIG_64BIT
> +#define DEFAULT_MAP_WINDOW (UL(1) << (DEFAULT_VA_BITS - 1))
> #define STACK_TOP_MAX TASK_SIZE_64
> +
> +#define arch_get_mmap_end(addr, len, flags) \
> + ((addr) =3D=3D 0 || (addr) >=3D VA_USER_SV57 ? STACK_TOP_MAX :   \
> + (((addr) >=3D VA_USER_SV48) && (VA_BITS >=3D VA_BITS_SV48)) ? \
> + VA_USER_SV48 : \
> + VA_USER_SV39)
> +
> +#define arch_get_mmap_base(addr, base) \
> + (((addr >=3D VA_USER_SV57) && (VA_BITS >=3D VA_BITS_SV57)) ?   \
> + base + STACK_TOP_MAX - DEFAULT_MAP_WINDOW : \
> + (((addr) >=3D VA_USER_SV48) && (VA_BITS >=3D VA_BITS_SV48)) ? \
> + base + VA_USER_SV48 - DEFAULT_MAP_WINDOW : \
> + base)
> +
> #else
> +#define DEFAULT_MAP_WINDOW TASK_SIZE
> #define STACK_TOP_MAX TASK_SIZE
> +
> +#define arch_get_mmap_end(addr, len, flags) \
> + ((addr) > DEFAULT_MAP_WINDOW ? STACK_TOP_MAX : DEFAULT_MAP_WINDOW)
> +
> +#define arch_get_mmap_base(addr, base) \
> + ((addr > DEFAULT_MAP_WINDOW) ? \
> + base + STACK_TOP_MAX - DEFAULT_MAP_WINDOW : \
> + base)
> +
> #endif
> #define STACK_ALIGN 16
>=20
> +
> +#define STACK_TOP DEFAULT_MAP_WINDOW
> +
> +/*
> + * This decides where the kernel will search for a free chunk of vm
> + * space during mmap's.
> + */
> +#define TASK_UNMAPPED_BASE PAGE_ALIGN(DEFAULT_MAP_WINDOW / 3)
> +
> #ifndef __ASSEMBLY__
>=20
> struct task_struct;
> --=20
> 2.34.1
>=20
>=20
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv