From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB486C47DDB for ; Wed, 24 Jan 2024 01:04:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 10A7F6B0078; Tue, 23 Jan 2024 20:04:38 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0BA506B007B; Tue, 23 Jan 2024 20:04:38 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EC4996B007E; Tue, 23 Jan 2024 20:04:37 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id D9A9A6B0078 for ; Tue, 23 Jan 2024 20:04:37 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id B6971A052A for ; Wed, 24 Jan 2024 01:04:37 +0000 (UTC) X-FDA: 81712409394.12.B86E904 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by imf19.hostedemail.com (Postfix) with ESMTP id F223F1A0018 for ; Wed, 24 Jan 2024 01:04:35 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=IlJVxxxE; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf19.hostedemail.com: domain of shy828301@gmail.com designates 209.85.210.177 as permitted sender) smtp.mailfrom=shy828301@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706058276; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5x8qSaSHG9VDbnBSf5ExAjNQJekPcZTX8Ea3mBAm7ig=; b=xQCudhah7xUfi2lHzfEYyuF+uFRz/Fw32MeaId48Vn5u72IjFCe87/HGWdGAYnJh38Uv50 NpZnbpdqFjeSNcuulSkM4gbMpMP9NaJ+M7qOfEYCofsBReI9K25FEpgk7zf5nDa+Nx8EKd wGrCjXk2WjI9FiL5Sgp7SjhJWqYjKEo= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=IlJVxxxE; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf19.hostedemail.com: domain of shy828301@gmail.com designates 209.85.210.177 as permitted sender) smtp.mailfrom=shy828301@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706058276; a=rsa-sha256; cv=none; b=iWEmnnbPwd46kFp5L2Pbp0un154J7DjWOsI5QBiArKQVhFjO9b6lV15OSLj5nBqs3gHrPY X+NkmkHPIrr5VJQa1RQrIIi9NtZvvO0by2AyZOAyuVGGZyvsznvZvhtlvEvke31ZyDMVRh cOVwNx4jXxI/HctDuNBRpnF4qocrss0= Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-6d9b13fe9e9so4012686b3a.2 for ; Tue, 23 Jan 2024 17:04:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706058275; x=1706663075; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=5x8qSaSHG9VDbnBSf5ExAjNQJekPcZTX8Ea3mBAm7ig=; b=IlJVxxxEbnnfiUUcTCzuuPraeseYNJ1TymmB6VVn1riPIvs9tH2oT4rv46CUgNrpjS f4Xdt8PRXfdeRtLfygFwth3J7VtbhxPPWs2dp8EVpmGvbAeCSverItnQYHsKJc3VZZqA zK5pE8s/Ajf/yA9ttbN/+LKYtJzXzObVomGvx45BI7+mjuAaz964m82mvdAI7IcnbA9Q cxra4bGP4d+/O/sVCWpGWa2gjOOo7+gyeYY4XgnAqXMGe2pgLRxtU/FmpO4hWI6OQQqs ENY4uPWAEP8xoGpr18EKzrXprxoEaGZDp8P2Hg535yigkjxkYwe/lE3xRwzk57nfYkLQ grZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706058275; x=1706663075; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5x8qSaSHG9VDbnBSf5ExAjNQJekPcZTX8Ea3mBAm7ig=; b=oILNzAip206kmNcdpGjkVm3r6XGp14f2cVsT86WxfmXcyG5GCUltJkuKUZMQc32OtS b/08V3TkyTLWyA1RiA8PisK1kUYRR6HN0WF7UlZFOgLW1Nf54a7ExVDqR3Z9iLiQPedd SUtHYNw0hgHiaSYfvlvpd2HYQuwN6oIuSH3chb91oFLCXcfWL46xMlVdcVBzU6Fd/Mkz YSnMhs9hhyAnjOtBEqoafRWm5/FUhZMYkj4lZEjdKWGzNdvT2Rh11FuAkpPnImcTuxPg Ge+pIpCfjisRzQgLTqa1ehA3fSydI39j1OeIH3x/OnzRs8G6OMMvvsrUxCw1xCWkh2Nq Ft6Q== X-Gm-Message-State: AOJu0Yy66LiIvnv+gZTwkUwVPA3XhvMRdhvHhDwWicU2/g1R5KZ7YpMS HbqnYxAZP0eXl7yFWXhdf8Rfck2uwqYzLQjGAVDZa5oLKboi1M3JRqJdUlcnmqIKHPE3ARj+HF5 KYNOLvPVMXHf/gkTIcMn5hzK7vjA= X-Google-Smtp-Source: AGHT+IGi1rAMIEK3yugM6MQGw2KhVhBEbwS8JrM0Xpukqr57/Y3cxdoqtYIgcZcSknxzdHtpikAk6wkV7+Vx9KRM0xE= X-Received: by 2002:a05:6a20:3b17:b0:199:f2ef:8282 with SMTP id c23-20020a056a203b1700b00199f2ef8282mr60150pzh.100.1706058274698; Tue, 23 Jan 2024 17:04:34 -0800 (PST) MIME-Version: 1.0 References: <69fa6015256613ed10aee996e181ebd4@horotw.com> <87il3ur1ik.fsf@gentoo.org> <07c348caaf6b4c457ab4b452f53ed048@horotw.com> <202401231433.FB2D7FBD@keescook> In-Reply-To: <202401231433.FB2D7FBD@keescook> From: Yang Shi Date: Tue, 23 Jan 2024 17:04:22 -0800 Message-ID: Subject: Re: Limited/Broken functionality of ASLR for Libs >= 2MB To: Kees Cook Cc: Ard Biesheuvel , Matthew Wilcox , Linux ARM , mail@horotw.com, linux-hardening@vger.kernel.org, Jakub Wilk , Salvatore Bonaccorso , Linux Memory Management List , William Kucharski Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: F223F1A0018 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 1j6a7uohjwuwqkhpf6sq66nymyuamx8c X-HE-Tag: 1706058275-104807 X-HE-Meta: U2FsdGVkX18+oBx6AISDjxWgMp1GCrFfT3V4+RZddbiN2BBhczBbys+ERANfQLMfRxwPfYAQg6FosQgyLVbb5Gvgdx6QHmW+BAslB7Frg2AH7grke/iNB46Bsnw6Yz32/r6ODPALiBldSgPGHO2IA3w6NuYyzzeS5KgXPYIl14YqZJLnbbN2Jj9ooC7iOAQXL3d3Rkgz+yxlidYLwK3SscdWIKd7RmZ2Z3Z63noXnvTWLg86RTeOPonpU1yj5VzEJMQcCNOmmh549L77ezb0Ld26/ODpwJV+GAY8oxUgqiQSjpBxGV7UnqUtdufxl+omGsx0zLXJ54oRU2J/drmNuSoBfO1HIQ+GEBauRYMjdyp152PEf8w1n/oykzaO+692Zq3bCfsZpF90gCuG1j9w0jJmKTTLlMtiXPR3QGDAsEpfOG6pN6hfwkhrERtIOmsg2/LGNnYYpoxsVsV0jlUqzierrZtnKJwMckrgoAw0FhnqFBMNheaor4O7YZdZwgWUaE1K7F/7nF5b3gLuS/EYYfSU8psFRWL2qIGYKhYVM9lDouO7XEV5IHTQac1k8XRbjFNlA7Lj4ViFOyl/NBDbLA6fNJuFX+JAwguOgy22kTl22KSvUw1/1BetwKmhxYZt/IpM9klsGmpwQR1v/jZfKqAkxzu3BDXjyfQ9jErqmJpfVdhFIWChwBEm1JLZpMgaPJQixUEQd3UZl5EDw0cths+RiQg22j6FpQbyxuud55zDmBjpCfKQH+ZvbnhGGQUZjnMIrDftArKqTJ1jxZUs5x3tK/uiVXBz++ekT7Ps/9lmKzEhUQuG9zzORs9TKe3syRm2IO6hMehdQqYy3nq3l5fgpoUUmICpjsexkAKYoaEjUalz5KRBDl2/GgNvKbABVHahQe7G/m/daRvEW+0okg4eugDItUJykxsI/nd2XqrA39Gyh9BzrpxpTt8Nx6g4AVw0CKpCSzxOW65mZeG Bcopwiu4 BFIm8CxLzYmj9NAvdKwBuwTfTOfikYyvYnDKr074JJAaB2lXKk60Z8WGJB0pJdfVS/LarS1vx5nbhdKUygppB5A7S+lKVVsIpP5EzeM4nynNbkqWNqdyIKtbKC3HenSEI1W62N+6pITpd66gm6KkDMFac1NcPe0j+WS7gM8/J7FNg/XEZLMev49cQ+JEq/FdXR0uqw87i44ELLyOqnWgJKhUob/UtDr6nMG7biLyVxzM0wwbBIyuMJ3ohE7tP43Z8PzPFjae+FS8WLIjmbmXgG2Wpv6hlC1ggUBREpd6QR1VO7AsybntIq/fuE9jJpGJDJiBH4cLIboB6dmafvz2loVnKz8OuBF2cE+rcHySgkXz5rvY+VsrkVyu7yfUoY348nH8rLycsy7RZhYUKawiENojw1G4PX7iOhisxV/JFoqh3UzihCUwXmYSlt4U87rwCPbnTEj1FtB7bQ4+Dl6eoU5FhDGmsr+AIo8fcjIXKm9TdGoGFGIJCC8WIAjazAUPpreMPOEo+NZuYpJwSC57HOt/yZNaB//o/3NY3SX0xcGY7+/KXDlub2sVHmpr5wGENowYy+oDJc2GICVrLIToZ22B+Dwx4ppO/K+XcyGryRdVrqLpf42+EQOTUg/nfh2XTOJBP/bpi3uVuovPiLuO0q5ZEm0DBB+kQKAJd0lIjqjyMJyEUKNhdN+Mm44YIh3nbqv/D X-Bogosity: Ham, tests=bogofilter, spamicity=0.000024, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jan 23, 2024 at 2:37=E2=80=AFPM Kees Cook w= rote: > > On Tue, Jan 16, 2024 at 09:09:45AM +0100, Ard Biesheuvel wrote: > > (cc Kees, LAKML) > > > > https://lkml.kernel.org/r/69fa6015256613ed10aee996e181ebd4%40horotw.com > > > > On Mon, 15 Jan 2024 at 21:46, Matthew Wilcox wrot= e: > > > > > ... > > > Yeah, I don't know either. Outside my scope of expertise. > > > > > > I received a suggestion off-list that we only do the PMD alignment on > > > 64-bit, which seems quite reasonable to me. After all, I don't care > > > about performance on 32-bit just as much as I don't care about securi= ty > > > on 32-bit. > > > > > > > For context, the culprit is > > > > commit 1854bc6e2420472676c5c90d3d6b15f6cd640e40 > > Author: William Kucharski > > Date: Sun Sep 22 08:43:15 2019 -0400 > > > > mm/readahead: Align file mappings for non-DAX > > > > When we have the opportunity to use PMDs to map a file, we want to = follow > > the same rules as DAX. > > > > Signed-off-by: William Kucharski > > Signed-off-by: Matthew Wilcox (Oracle) > > > > which affects *all* 32-bit architectures not just i686. 32-bit ARM > > user space is still being deployed widely, even on arm64 Chromebooks > > running 64-bit kernels (at least up until recently) so unfortunately, > > we're not quite at the point yet where we can just let it rot. > > Is this related at all to this thread as well? > https://lore.kernel.org/lkml/20220809142457.4751229f@imladris.surriel.com= / Yes > > Can we avoid this on 32-bit or at least not mislead userspace about the > available entropy visible in /proc/sys/vm/mmap_rnd*_bits ? https://lore.kernel.org/linux-mm/20240118133504.2910955-1-shy828301@gmail.c= om/ This patch basically made thp_get_unmapped_area no-op on 32 bit. > > -Kees > > -- > Kees Cook >