From: Daniel Cashman <dcashman@android.com>
To: Michael Ellerman <mpe@ellerman.id.au>,
Will Deacon <will.deacon@arm.com>,
akpm@linux-foundation.org
Cc: linux-kernel@vger.kernel.org, linux@arm.linux.org.uk,
keescook@chromium.org, mingo@kernel.org,
linux-arm-kernel@lists.infradead.org, corbet@lwn.net,
dzickus@redhat.com, ebiederm@xmission.com, xypron.glpk@gmx.de,
jpoimboe@redhat.com, kirill.shutemov@linux.intel.com,
n-horiguchi@ah.jp.nec.com, aarcange@redhat.com, mgorman@suse.de,
tglx@linutronix.de, rientjes@google.com, linux-mm@kvack.org,
linux-doc@vger.kernel.org, salyzyn@android.com, jeffv@google.com,
nnk@google.com, catalin.marinas@arm.com, hpa@zytor.com,
x86@kernel.org, hecmargi@upv.es, bp@suse.de, dcashman@google.com
Subject: Re: [PATCH v3 3/4] arm64: mm: support ARCH_MMAP_RND_BITS.
Date: Wed, 25 Nov 2015 11:32:53 -0800 [thread overview]
Message-ID: <56560CE5.3020202@android.com> (raw)
In-Reply-To: <1448425601.3762.9.camel@ellerman.id.au>
On 11/24/2015 08:26 PM, Michael Ellerman wrote:
> On Mon, 2015-11-23 at 10:55 -0800, Daniel Cashman wrote:
>> On 11/23/2015 07:04 AM, Will Deacon wrote:
>>> On Wed, Nov 18, 2015 at 03:20:07PM -0800, Daniel Cashman wrote:
>>>> +config ARCH_MMAP_RND_BITS_MAX
>>>> + default 20 if ARM64_64K_PAGES && ARCH_VA_BITS=39
>>>> + default 24 if ARCH_VA_BITS=39
>>>> + default 23 if ARM64_64K_PAGES && ARCH_VA_BITS=42
>>>> + default 27 if ARCH_VA_BITS=42
>>>> + default 29 if ARM64_64K_PAGES && ARCH_VA_BITS=48
>>>> + default 33 if ARCH_VA_BITS=48
>>>> + default 15 if ARM64_64K_PAGES
>>>> + default 19
>>>> +
>>>> +config ARCH_MMAP_RND_COMPAT_BITS_MIN
>>>> + default 7 if ARM64_64K_PAGES
>>>> + default 11
>>>
>>> FYI: we now support 16k pages too, so this might need updating. It would
>>> be much nicer if this was somehow computed rather than have the results
>>> all open-coded like this.
>>
>> Yes, I ideally wanted this to be calculated based on the different page
>> options and VA_BITS (which itself has a similar stanza), but I don't
>> know how to do that/if it is currently supported in Kconfig. This would
>> be even more desirable with the addition of 16K_PAGES, as with this
>> setup we have a combinatorial problem.
>>
>> We could move this logic into the code where min/max are initialized,
>> but that would create its own mess, creating new Kconfig values to
>> introduce it in an arch-agnostic way after patch-set v2 moved that to
>> mm/mmap.c instead of arch/${arch}/mm/mmap.c Suggestions welcome.
>
>
> Could we instead change the meaning of the mmap_rnd_bits value to be the number
> of address space bits that may be randomised?
>
> ie. 40 would mean "please randomise in a 1T range", which with PAGE_SIZE=4K
> gives you 28 random bits. etc.
>
> That would make the value independent of PAGE_SIZE, and only depend on the size
> of the address space.
>
> It would also mean the values userspace sets and sees don't need to change if the
> kernel PAGE_SIZE changes. (which probably doesn't happen often but still)
This is an intriguing idea. It might actually be more meaningful to a
sysadmin when weighing how high they're willing to go, since it makes
the relation to the address space overall more apparent. Though the
cost would be more obvious, the benefit would become less-so, as the
amount of entropy used, and thus expected brute-force requirements would
be hidden. I'll defer to Andrew Morton, as the maintainer, to make this
decision as I think both approaches are valid.
Thank You,
Dan
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2015-11-25 19:32 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-18 23:20 [PATCH v3 0/4] Allow customizable random offset to mmap_base address Daniel Cashman
2015-11-18 23:20 ` [PATCH v3 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR Daniel Cashman
2015-11-18 23:20 ` [PATCH v3 2/4] arm: mm: support ARCH_MMAP_RND_BITS Daniel Cashman
2015-11-18 23:20 ` [PATCH v3 3/4] arm64: " Daniel Cashman
2015-11-18 23:20 ` [PATCH v3 4/4] x86: " Daniel Cashman
2015-11-19 0:16 ` Daniel Cashman
2015-11-23 15:04 ` [PATCH v3 3/4] arm64: " Will Deacon
2015-11-23 18:55 ` Daniel Cashman
2015-11-25 4:26 ` Michael Ellerman
2015-11-25 19:32 ` Daniel Cashman [this message]
2015-11-25 12:06 ` Catalin Marinas
2015-11-25 20:39 ` Daniel Cashman
2015-11-27 8:36 ` Andrey Ryabinin
2015-11-27 9:32 ` Catalin Marinas
2015-11-19 0:14 ` [PATCH v3 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR Daniel Cashman
2015-11-25 0:40 ` Andrew Morton
2015-11-25 0:47 ` Kees Cook
2015-11-25 19:16 ` Daniel Cashman
2015-11-25 4:40 ` Michael Ellerman
2015-11-25 19:36 ` Daniel Cashman
2015-11-25 0:39 ` [PATCH v3 0/4] Allow customizable random offset to mmap_base address Andrew Morton
2015-11-25 19:07 ` Daniel Cashman
2015-11-26 15:11 ` Martin Schwidefsky
2015-11-26 7:07 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56560CE5.3020202@android.com \
--to=dcashman@android.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=bp@suse.de \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=dcashman@google.com \
--cc=dzickus@redhat.com \
--cc=ebiederm@xmission.com \
--cc=hecmargi@upv.es \
--cc=hpa@zytor.com \
--cc=jeffv@google.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@arm.linux.org.uk \
--cc=mgorman@suse.de \
--cc=mingo@kernel.org \
--cc=mpe@ellerman.id.au \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=nnk@google.com \
--cc=rientjes@google.com \
--cc=salyzyn@android.com \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox