From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DAD5CC433F5
	for <linux-mm@archiver.kernel.org>; Mon, 22 Nov 2021 12:58:29 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 4B7DC6B0071; Mon, 22 Nov 2021 07:58:14 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 467B66B0072; Mon, 22 Nov 2021 07:58:14 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 32FDD6B0073; Mon, 22 Nov 2021 07:58:14 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0221.hostedemail.com [216.40.44.221])
	by kanga.kvack.org (Postfix) with ESMTP id 24CAA6B0071
	for <linux-mm@kvack.org>; Mon, 22 Nov 2021 07:58:14 -0500 (EST)
Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id D5B768A9A2
	for <linux-mm@kvack.org>; Mon, 22 Nov 2021 12:58:03 +0000 (UTC)
X-FDA: 78836568888.29.8BC9F65
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [217.70.183.193])
	by imf29.hostedemail.com (Postfix) with ESMTP id E500D9001A92
	for <linux-mm@kvack.org>; Mon, 22 Nov 2021 12:58:00 +0000 (UTC)
Received: (Authenticated sender: alex@ghiti.fr)
	by relay1-d.mail.gandi.net (Postfix) with ESMTPSA id F15E724001C;
	Mon, 22 Nov 2021 12:57:56 +0000 (UTC)
Message-ID: <eb070ba0-2131-cc4e-4742-ec20c13d72ef@ghiti.fr>
Date: Mon, 22 Nov 2021 13:57:56 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.2.1
Subject: Re: [PATCH 6/8] mm: Allow arch specific arch_randomize_brk() with
 CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
Content-Language: en-US
To: Christophe Leroy <christophe.leroy@csgroup.eu>,
 Benjamin Herrenschmidt <benh@kernel.crashing.org>,
 Paul Mackerras <paulus@samba.org>, Michael Ellerman <mpe@ellerman.id.au>
Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
 linux-mm@kvack.org
References: <cover.1637570556.git.christophe.leroy@csgroup.eu>
 <e2209d0f1f3c1b581592bd6c32243402ccfe3dde.1637570556.git.christophe.leroy@csgroup.eu>
 <325663a5-d9a1-a8b8-7f16-c2985c319864@ghiti.fr>
 <2dd4a22e-f1a5-683c-2d17-ce726f03f4c5@csgroup.eu>
From: Alexandre ghiti <alex@ghiti.fr>
In-Reply-To: <2dd4a22e-f1a5-683c-2d17-ce726f03f4c5@csgroup.eu>
Content-Type: text/plain; charset=UTF-8; format=flowed
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: E500D9001A92
X-Stat-Signature: 1izfgwisiowzb91kq8kykaaczc3mp86r
Authentication-Results: imf29.hostedemail.com;
	dkim=none;
	spf=none (imf29.hostedemail.com: domain of alex@ghiti.fr has no SPF policy when checking 217.70.183.193) smtp.mailfrom=alex@ghiti.fr;
	dmarc=none
X-HE-Tag: 1637585880-362369
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000020, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 11/22/21 12:47, Christophe Leroy wrote:
>
>
> Le 22/11/2021 =C3=A0 12:22, Alex Ghiti a =C3=A9crit=C2=A0:
>> Hi Christophe,
>>
>> Le 22/11/2021 =C3=A0 09:48, Christophe Leroy a =C3=A9crit=C2=A0:
>>> Commit e7142bf5d231 ("arm64, mm: make randomization selected by
>>> generic topdown mmap layout") introduced a default version of
>>> arch_randomize_brk() provided when
>>> CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT is selected.
>>>
>>> powerpc could select CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
>>> but needs to provide its own arch_randomize_brk().
>>>
>>> In order to allow that, don't make
>>> CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT select
>>> CONFIG_ARCH_HAS_ELF_RANDOMIZE. Instead, ensure that
>>> selecting CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT and
>>> selecting CONFIG_ARCH_HAS_ELF_RANDOMIZE has the same effect.
>>
>> This feels weird to me since if CONFIG_ARCH_HAS_ELF_RANDOMIZE is used=20
>> somewhere else at some point, it is not natural to add=20
>> CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT: can't we use a __weak=20
>> function or a new CONFIG_ARCH_HAS_RANDOMIZE_BRK?
>
>
> Yes I also found things a bit weird.
>
> CONFIG_ARCH_HAS_RANDOMIZE_BRK could be an idea but how different would=20
> it be from CONFIG_ARCH_HAS_ELF_RANDOMIZE ? In fact I find it weird=20
> that CONFIG_ARCH_HAS_ELF_RANDOMIZE is selected by=20
> CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT and not by the arch itself=
.


IIRC, this was a request from Kees Cook who wanted to enforce this=20
security measure.


>
> On the other hand CONFIG_ARCH_HAS_ELF_RANDOMIZE also handles=20
> arch_mmap_rnd() and here we are talking about arch_randomize_brk() only=
.
>
> In the begining I was thinking about adding a=20
> CONFIG_ARCH_WANT_DEFAULT_RANDOMIZE_BRK, but it was meaning adding it=20
> to the few other arches selecting=20
> CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT.
>
> So I think I will go for the __weak function option.


Ok, thanks.

Alex


>
> Thanks
> Christophe