From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDDE0E77184 for ; Thu, 19 Dec 2024 21:31:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7FB356B0083; Thu, 19 Dec 2024 16:31:04 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7AA7D6B0085; Thu, 19 Dec 2024 16:31:04 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6C0996B0088; Thu, 19 Dec 2024 16:31:04 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 4FB156B0083 for ; Thu, 19 Dec 2024 16:31:04 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id EB69B1603AD for ; Thu, 19 Dec 2024 21:31:03 +0000 (UTC) X-FDA: 82913003292.18.CA2E23F Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf20.hostedemail.com (Postfix) with ESMTP id 65AB11C001B for ; Thu, 19 Dec 2024 21:30:27 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=sC15HflV; dmarc=none; spf=none (imf20.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1734643847; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=a+18tRI9mv3ZAUPywZ8L8kq4Hcw/gQZfJkwo1/aFm1U=; b=TJ7XzpxETqVMe7JG6fgBTCHn0y+ZjhXgEByfqtUAOwFlkwqPOYE1FvQUrFmggv4Mjzpj5/ GSg1ZmqhUqLz4tPWe3FPJsYgCAAHMh3zlvRmp5B4raretXqDsDFo/YN7T41RtlUJ1SLqxW gfxnyUEwy0iSnWuUC+Hn4lh05DIKGmc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1734643847; a=rsa-sha256; cv=none; b=pXKgWfIbGz6JTAsvyVzViaeohO6U4PRHdA3pLHf8bPyf+6fPM7cK5jk+GXmJOpoFUZLaih odJns6aEpgdq8yr3Kx87yhrCBB2Q0vfEiE++VDJzM6pzCHgZfnzgR9H9FV48koOwtZDrdM k9stJMGPw66Ldz+FhJYxRcVR7ieMsMs= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=sC15HflV; dmarc=none; spf=none (imf20.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=a+18tRI9mv3ZAUPywZ8L8kq4Hcw/gQZfJkwo1/aFm1U=; b=sC15HflVCitXYjckDE+sGU6ChI 8UDFF6/MMG4v0kL5lrnB5Q+H98VDjupHiY0zOC9z4oAybapFPgjDANbY7TZp4Qc8dlXCzD+AXZAqC dSUako1W0l2S75ytZlBQowUI/nhSQpKdRLcepmg8IOqRHU1cFsqPbrdACf431LEX6+IKin7cjBw3T qfF7b6NwxFmAX/FCoq75IFtknaahiSZTKzqLFx0JrqOu3tqBWh3Q67QOk17vCfRslojyCrNpXGntX LAplmTBmsC202JR9xtxLP/wmlaCN1Fq0pP+8Doqb5cBhlU+8kGIDduSi2cdWFrNAClZXPXM9h2Oiq Abu5jZXw==; Received: from willy by casper.infradead.org with local (Exim 4.98 #2 (Red Hat Linux)) id 1tOO6k-00000005VVQ-3FHt; Thu, 19 Dec 2024 21:30:58 +0000 Date: Thu, 19 Dec 2024 21:30:58 +0000 From: Matthew Wilcox To: Audra Mitchell Cc: linux-mm@kvack.org, raquini@redhat.com, aris@redhat.com, akpm@linux-foundation.org, william.kucharski@oracle.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mm: Stop PMD alignment for PIE shared objects Message-ID: References: <20241219211552.1450226-1-audra@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20241219211552.1450226-1-audra@redhat.com> X-Stat-Signature: jwwez3kcjsi5mkkenxyi4zkqxdrmtew5 X-Rspamd-Queue-Id: 65AB11C001B X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1734643827-59852 X-HE-Meta: U2FsdGVkX188O32/rf/OPe5H4NanGUNrDldosD5sNlliaBBj6Cyritk/0AqVl5QY702CWrQcDRNjkocaHbfNJbM7yD6D3aisuszuEUdqXNPrubv5AhckKZaeQEw2U61TXXzby1ArIdASQ3Yu9h2pyqLL3s3mkMPWb4P1mrKIkA/5vw5/lfuZEmkXqxRXUqnxyXVCJ6krTkQOHMTk02nTTPGJnLz8Nqatk/kYC56mGS58sWXy401ojNHijFJkODAoWfQjA1ZNYbzu91/c4LqXyee/idQtgZl63V93Fiw/BNdzi51ch26MsztVgpco/KIQPYmHuTp6oFG0br6QyuzwOe/cUg49UB/+IwyKojg25rQcuAIEOibEwScGvcmR7M/MfkmwAF7ColhyQICvqGRyQpOulGHMq+LQhEuOfFoiKpc26h3y1+sks7P84sRPXkcNIiYN0Sy8eNGXu7MxP6JkwXaL4Ye4OBcYiSF3BvOy+8cZFwoj8Xshet+gVzoQLZul8JxPe05Tb9cQX5KCaCJ4rv+aWRTW3WoTw7ERgxawfp5MM9d14uadmXn2OewdQEz0lgL8AwBFzTCBDcAKnyaULGgL75XeaKIUi6LsWwqrNr+MSEf6vZR98t4GxkKFaN5V136jzgYQ6M4e2Of/Gcomj84vEqj+v96dPanBeuU3EYAji4TWXYAePkMQ142X5DlLkFAFLwmw9f/X3Smr2ChOcbchIVccCrBPNrAPMNm/yxFGQaUew1GjPw84bTjwYjnTTQ6zDYUY6Ftt/DwejZZOO7+/Ut4vbkYEr4qqyUBDLokz5CYzEG7zVqQT/IdtLvNbl6YThfSjMmnmnEKsP53vP8s6LDH1wc9WkJkVjbCOfXP7WvPTapERH8uzHMp5OM+O4MEDr1KNHoZikdbqpQkSxdURHUcefKvn9MzHIj/BuDtbGOiUhzFhWjbeOtZYf9TVHwdnwCk1lqK0aTGs7oh BsBrYpoB 87bR+CrRKG5a7XG+ehmLfQ9eyVpqtPHL58391By5xJNERHkn5Xq+o5uIwZ7WwUS/4GG+KGHufiAoEUOexyLed4IB+v/dQpYPznwBrwR+tY0fUqypXhE16zR1KHta6KabPuoqkoSPObx3I8i7mXjdPt+6vCcPsxoBbQcqe+68vXWDf1X3UvT9lsqYeeNriH/jymhmhmylfuGeo6cDxqXbss3rAwXZA4X83VtFQ7Y6/+Yn3LUmRyQVvESA2rIMHUxFeujcvKN1nUxuBpl+fRLAUH9agVz4wJ6tas+opd8aq5Sopo0WKBKMdDhd6VXeDRaXrKqR2KH+mJtdGRMI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Dec 19, 2024 at 04:15:52PM -0500, Audra Mitchell wrote: > After commit 1854bc6e2420 ("mm/readahead: Align file mappings for non-DAX") > any request through thp_get_unmapped_area would align to a PMD_SIZE, > causing shared objects to have less randomization than previously (9 less > bits for 2MB PMDs). As these lower 9 bits are the most impactful for > ASLR, this change could be argued to have an impact on security. Yes, very tiresome people have been making that argument for a long time. Do you have anything further to add to the discussion that happened here: https://lore.kernel.org/linux-mm/20240118133504.2910955-1-shy828301@gmail.com/ particularly in light of 3afb76a66b55 existing. > Fix this issue by checking that the request is aligned to the PMD_SIZE, > otherwise fall back to mm_get_unmapped_area_vmflags(). NAK this version anyway. Even if the executable is, say, 2.1MB in size, we still want the first 2MB of the file to be covered with a PMD mapping.