From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C457DEB64D9
	for <linux-mm@archiver.kernel.org>; Tue, 27 Jun 2023 23:36:31 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 13F9E8D0002; Tue, 27 Jun 2023 19:36:31 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 0D2DC8D0001; Tue, 27 Jun 2023 19:36:31 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id ED0BD8D0002; Tue, 27 Jun 2023 19:36:30 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id DB27F8D0001
	for <linux-mm@kvack.org>; Tue, 27 Jun 2023 19:36:30 -0400 (EDT)
Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id B266A1606E5
	for <linux-mm@kvack.org>; Tue, 27 Jun 2023 23:36:30 +0000 (UTC)
X-FDA: 80950139340.23.AE49AE9
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179])
	by imf02.hostedemail.com (Postfix) with ESMTP id B529280007
	for <linux-mm@kvack.org>; Tue, 27 Jun 2023 23:36:28 +0000 (UTC)
Authentication-Results: imf02.hostedemail.com;
	dkim=pass header.d=rivosinc-com.20221208.gappssmtp.com header.s=20221208 header.b=VmLbCzwx;
	spf=pass (imf02.hostedemail.com: domain of palmer@rivosinc.com designates 209.85.210.179 as permitted sender) smtp.mailfrom=palmer@rivosinc.com;
	dmarc=none
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687908988; a=rsa-sha256;
	cv=none;
	b=vZcYy0tKlHZMGwTGvDjGAu/plDNw1BodjuKYxwaW+ePHPoMT+hSqCKMvZbiJtAcKWtCcqM
	NRovicvsbFGziPuD+OjoBN2Bc9DcOWnlNukfcz4nYNGfASrjM7hJUmDObRRIE9ETUBPEqs
	p2RWKhEUvJMpxJIhzbo8LtwqKNPHhzs=
ARC-Authentication-Results: i=1;
	imf02.hostedemail.com;
	dkim=pass header.d=rivosinc-com.20221208.gappssmtp.com header.s=20221208 header.b=VmLbCzwx;
	spf=pass (imf02.hostedemail.com: domain of palmer@rivosinc.com designates 209.85.210.179 as permitted sender) smtp.mailfrom=palmer@rivosinc.com;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1687908988;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:dkim-signature;
	bh=V2rRQjfAZRzBn1nTw9Qlx1rA3+sWwdfIHKIFqPq0xFE=;
	b=IuwhffY0Bw5pUC85UXuWOJ2QW9Q+uV+Wtiy5sxkzfY0C+Ss4+aVAnyOXAQwIZCqgvXUxsA
	A9mtEkofrU5PAJQLTC6aWh7nuaGsDhn6hqnIH4UwW+c3QQMJtea5genljnkFUjtUWebTQj
	utoKXzCRop483MHidqfcEnn84IEfQjw=
Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-666eba6f3d6so2972461b3a.3
        for <linux-mm@kvack.org>; Tue, 27 Jun 2023 16:36:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1687908987; x=1690500987;
        h=content-transfer-encoding:mime-version:message-id:to:from:cc
         :in-reply-to:subject:date:from:to:cc:subject:date:message-id
         :reply-to;
        bh=V2rRQjfAZRzBn1nTw9Qlx1rA3+sWwdfIHKIFqPq0xFE=;
        b=VmLbCzwx/HSoM66HuTJRlxp+eH3F/CACkgqayPBT7iQGdd9ftT4it4u3IXuZ45YA9y
         PlyzaOac4w1TOx6l2cS8MMY4pJU6lSiny/PNVXgY09O3tr7Hs9jv/0RLAncggAdz2U+e
         w6tDlJS2VEKVxucr7TKaE6ieRtzZy0ycZr+wtkHSU9bbEU9gxWIXF/tfCoyW7/c0DNHB
         2JP2eMlPEWwY8r0c7bIlGuiaVM1OBIVGxMkXKvoXkPKldhiN9vp57zcm73d75P4a0ic8
         T6jJkp/2jHnC8+MKCZjwWJ6xp/n4DIPBsxV9FKbM7yNklPqo6Mb2pXb5U8raJ06KDeez
         14lw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1687908987; x=1690500987;
        h=content-transfer-encoding:mime-version:message-id:to:from:cc
         :in-reply-to:subject:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=V2rRQjfAZRzBn1nTw9Qlx1rA3+sWwdfIHKIFqPq0xFE=;
        b=ZTh1rj+yJhELdODRLMd1xQvtIOx9ZuASFZl419H18lsRc8EppKCHctCYaUaCI1+rfW
         B+rz5ZH+2eSPD8CZTWx98TJUeQmiM21BlB2KYfpmywe81RyIzbLPP2x3pg0yyV9GMCHR
         Ge827NXY50Hds1tC5bejndzMM1L9hfPPbvecg6D3SlxUZmwqYLKrOpTuxajWUZ0bUs+L
         yXNLPGamyAr0/hDE07uZQLMqJv5Hgl38l9OhsOKGKqD6KMCUmQqY7t4U3N25vQLmm5qm
         b3/3FOtx32Hki0gvTGWzuyNsiT4ZM8pnnfY2NkLTD9IGuXFJd/CilW+/pdC9anqBNcHw
         1unQ==
X-Gm-Message-State: AC+VfDyhBaXoA0bb2S5zrtMqI5t3p/Vhr6WL1yswLfncsVLrL+38Z44Z
	hMrEF68jSHOePg1+hPRCopuK0Q==
X-Google-Smtp-Source: ACHHUZ4ASNbeSGa3QRS2GbFuqbk5/0ZIWBTCzbjCARoIuFpZc5CiyZq3f2M3TQpRLYC3On5tc6h1kQ==
X-Received: by 2002:a05:6a00:2394:b0:668:73f5:dce0 with SMTP id f20-20020a056a00239400b0066873f5dce0mr22062433pfc.29.1687908987263;
        Tue, 27 Jun 2023 16:36:27 -0700 (PDT)
Received: from localhost ([135.180.227.0])
        by smtp.gmail.com with ESMTPSA id v1-20020a634641000000b00548fb73874asm6110698pgk.37.2023.06.27.16.36.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 27 Jun 2023 16:36:26 -0700 (PDT)
Date: Tue, 27 Jun 2023 16:36:26 -0700 (PDT)
X-Google-Original-Date: Tue, 27 Jun 2023 16:36:24 PDT (-0700)
Subject:     Re: [PATCH 1/2] RISC-V: mm: Restrict address space for sv39,sv48,sv57
In-Reply-To: <473F7474-D7AA-4C9F-95A3-320F1741EC50@jrtc27.com>
CC: charlie@rivosinc.com, alexghiti@rivosinc.com, Atish Patra <atishp@rivosinc.com>,
  Conor Dooley <conor@kernel.org>, Paul Walmsley <paul.walmsley@sifive.com>, aou@eecs.berkeley.edu,
  Bjorn Topel <bjorn@rivosinc.com>, anup@brainfault.org, Evan Green <evan@rivosinc.com>,
  linux-riscv@lists.infradead.org, konstantin@linuxfoundation.org, linux-doc@vger.kernel.org,
  linux-kselftest@vger.kernel.org, linux-mm@kvack.org
From: Palmer Dabbelt <palmer@rivosinc.com>
To: jrtc27@jrtc27.com
Message-ID: <mhng-7914c1d2-d671-4cc4-ba90-f85acb7c8b50@palmer-ri-x1c9>
Mime-Version: 1.0 (MHng)
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: B529280007
X-Stat-Signature: q86qee3cgrh68fyhxuaduc646zft6ecp
X-Rspam-User: 
X-HE-Tag: 1687908988-28260
X-HE-Meta: U2FsdGVkX1+dkGTqz2gSJCOmzLTwyF/+izL8wJsU4hVqXEzs+DqqAjP9Wm/jOsav1LSYpETJUMty7/Z006lQlsdWq2fwwTfZalz5feDCOClgymGOmvnijv6NXRGBpfpzf0tY67sUeFsFpBrhdw8LZHAXJzvlpGFmZs6kgPWhngYKfBRl5WImTtjgfcyaAs5okN/e7+78vwPRQZFSbYUzAKwHMrznTZipXPqXm4rCHTIx2itNG154Xzp4lSFCKxy0Le7QxMlUL9HU1d4HEm+5qbrAx92MAig4CGewlfLzRTbbK0E31EZLc95kUjNeCNB8p1tsYZKZRdeRxcxkSuqNA2kyUdx3yvezqjplHZHGkPIXmcxKlxP1Zb4WrtumhYbea4uTM2OFuGqTMB3YTPHh0VEkXOtU+Kso7d0+amlQIJy0ywRZgmZTpUKPbXhwDFcTgbHEpSVsLq3JwunTYWQaGs+BQdd7mU4F64NsBdLpf1uH8HGC8gi7xz+qRi/N/uOj6KQLBba8qC9JGkgJu1ihBOOOLnVQlqHb8uScUyNwBhQ0ZFSKjhDsVPUyxEAVVSBZnRV4phFff75edCaF1hHWr1bGpmgZDbHzeB8N8nkmnRA6BDyGQnf6dMhk1CxQu2BJJbnJbCXNseBXt1NhyxGds/gR2lksC1qOP3HeBmDLvtCOtCvyyep8DnflCMNM+TjIiCKm9HnRABMvkNadC0LQD7p6FXAeSufSLyPwBDducpsh7PdG68beCHTkqz9xYq3RaZWIbwsuM588L08Ve972dOz3XCZsGrNh2ISUajMlGL/M90HLQXz0pEWoHQ4A3uHAlcAo55RkOWt5yTIxBHJvKDPuIYsGlrgKQCwtNoaWsp1LIIcYTa9pEd6PHd4Zt3SHx7PiFG8lxCGxOm75G8zR7yfzbkq288rIU3aLAIMWaXyoPd7vS0KJYJk4Gjut5dnyEk6sUVqaGVpVhEAhVJ1
 mwh0iizT
 4Rj1c2BGagBYQTM1hQqAv1PPRAcr+3KV1/DRMsT4xhwfmd4MehPXNVLl1Vd/IRgAdhuDuOCYD0TEWpfXD7O4qsEhd5d3Hj14Qf/3X0rhgRf9qHY2x00m6R1FnX7yq/SENSq+XGbzqSb+puPz3JojQ2ry4PX0e5OhfiXuBTNECAVhjOu+KwEYqV9GRxe0k6SeCWeXScUZt9LgoehM5lTROug7swqFrQsVZleMYyyKDyDwxEf+xX9USCQaWz5WC+WzXIzTQAluqv482bx9tpD5uKE+emBJJGvnKl8kwTKkrfYHKiwSSLm97MbDpjZhEAfc7lIQdhtz3zIwx+KDwgvmgbARRRr8LRjjC8a9UyDN65dHIGPcvrhxJeQulfwXom8eX6gwgvNtdvqinokSPgNJUUMLOAJrKdA2WDCYW7k2nyMFpiINgJJ3iOMYYzNC7TEYeZDEn01FLUDzW9CsLsW/jNy2gPFSvFaKLAJ/dTmlgBTtvPO28rqosVrc/uCP18wPk7/m6xTNpNkYC83dU2s1dnIRT8shu5mqPGsBtaqdofy98vfq2EybEchRbNvMRMn+NXSfDM49W3+bVYrnHYmYrNSwPQpFZ2WZPKTKK
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, 27 Jun 2023 15:32:36 PDT (-0700), jrtc27@jrtc27.com wrote:
> On 27 Jun 2023, at 23:21, Charlie Jenkins <charlie@rivosinc.com> wrote:
>> 
>> Make sv39 the default address space for mmap as some applications
>> currently depend on this assumption.
>
> They are just plain wrong too. Sv48 was in even Priv v1.10 (the first
> spec where satp was named as such and contained the mode, rather than
> requiring M-mode’s help in configuring virtual memory), predating the
> ratified v1.11 spec. A 39-bit address space is pathetic and has
> implications for ASLR.
>
> I strongly suggest applications be forced to support at least Sv48,
> which is totally reasonable given the address space sizes used by other
> architectures. Sv57 is more disruptive to some runtimes, though ideally
> even that would be free for the kernel to use rather than committing to
> not using it for the default uABI.

Go and OpenJDK both broke when we expanded the VA width.  I don't like 
it either, but if the change breaks userspace then it's a regression and 
we have to live with the bug.

> Jess
>
>> The RISC-V specification enforces
>> that bits outside of the virtual address range are not used, so
>> restricting the size of the default address space as such should be
>> temporary. A hint address passed to mmap will cause the largest address
>> space that fits entirely into the hint to be used. If the hint is less
>> than or equal to 1<<38, a 39-bit address will be used. After an address
>> space is completely full, the next smallest address space will be used.
>> 
>> Signed-off-by: Charlie Jenkins <charlie@rivosinc.com>
>> ---
>> arch/riscv/include/asm/elf.h       |  2 +-
>> arch/riscv/include/asm/pgtable.h   | 13 +++++++++-
>> arch/riscv/include/asm/processor.h | 41 +++++++++++++++++++++++++-----
>> 3 files changed, 47 insertions(+), 9 deletions(-)
>> 
>> diff --git a/arch/riscv/include/asm/elf.h b/arch/riscv/include/asm/elf.h
>> index 30e7d2455960..1b57f13a1afd 100644
>> --- a/arch/riscv/include/asm/elf.h
>> +++ b/arch/riscv/include/asm/elf.h
>> @@ -49,7 +49,7 @@ extern bool compat_elf_check_arch(Elf32_Ehdr *hdr);
>>  * the loader.  We need to make sure that it is out of the way of the program
>>  * that it will "exec", and that there is sufficient room for the brk.
>>  */
>> -#define ELF_ET_DYN_BASE ((TASK_SIZE / 3) * 2)
>> +#define ELF_ET_DYN_BASE ((DEFAULT_MAP_WINDOW / 3) * 2)
>> 
>> #ifdef CONFIG_64BIT
>> #ifdef CONFIG_COMPAT
>> diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h
>> index 75970ee2bda2..e83912e97870 100644
>> --- a/arch/riscv/include/asm/pgtable.h
>> +++ b/arch/riscv/include/asm/pgtable.h
>> @@ -57,18 +57,29 @@
>> #define MODULES_END (PFN_ALIGN((unsigned long)&_start))
>> #endif
>> 
>> +
>> /*
>>  * Roughly size the vmemmap space to be large enough to fit enough
>>  * struct pages to map half the virtual address space. Then
>>  * position vmemmap directly below the VMALLOC region.
>>  */
>> #ifdef CONFIG_64BIT
>> +#define VA_BITS_SV39 39
>> +#define VA_BITS_SV48 48
>> +#define VA_BITS_SV57 57
>> +
>> +#define VA_USER_SV39 (UL(1) << (VA_BITS_SV39 - 1))
>> +#define VA_USER_SV48 (UL(1) << (VA_BITS_SV48 - 1))
>> +#define VA_USER_SV57 (UL(1) << (VA_BITS_SV57 - 1))
>> +
>> #define VA_BITS (pgtable_l5_enabled ? \
>> - 57 : (pgtable_l4_enabled ? 48 : 39))
>> + VA_BITS_SV57 : (pgtable_l4_enabled ? VA_BITS_SV48 : VA_BITS_SV39))
>> #else
>> #define VA_BITS 32
>> #endif
>> 
>> +#define DEFAULT_VA_BITS ((VA_BITS >= VA_BITS_SV39) ? VA_BITS_SV39 : VA_BITS)
>> +
>> #define VMEMMAP_SHIFT \
>> (VA_BITS - PAGE_SHIFT - 1 + STRUCT_PAGE_MAX_SHIFT)
>> #define VMEMMAP_SIZE BIT(VMEMMAP_SHIFT)
>> diff --git a/arch/riscv/include/asm/processor.h b/arch/riscv/include/asm/processor.h
>> index 6fb8bbec8459..019dcd4ecae4 100644
>> --- a/arch/riscv/include/asm/processor.h
>> +++ b/arch/riscv/include/asm/processor.h
>> @@ -12,20 +12,47 @@
>> 
>> #include <asm/ptrace.h>
>> 
>> -/*
>> - * This decides where the kernel will search for a free chunk of vm
>> - * space during mmap's.
>> - */
>> -#define TASK_UNMAPPED_BASE PAGE_ALIGN(TASK_SIZE / 3)
>> -
>> -#define STACK_TOP TASK_SIZE
>> #ifdef CONFIG_64BIT
>> +#define DEFAULT_MAP_WINDOW (UL(1) << (DEFAULT_VA_BITS - 1))
>> #define STACK_TOP_MAX TASK_SIZE_64
>> +
>> +#define arch_get_mmap_end(addr, len, flags) \
>> + ((addr) == 0 || (addr) >= VA_USER_SV57 ? STACK_TOP_MAX :   \
>> + (((addr) >= VA_USER_SV48) && (VA_BITS >= VA_BITS_SV48)) ? \
>> + VA_USER_SV48 : \
>> + VA_USER_SV39)
>> +
>> +#define arch_get_mmap_base(addr, base) \
>> + (((addr >= VA_USER_SV57) && (VA_BITS >= VA_BITS_SV57)) ?   \
>> + base + STACK_TOP_MAX - DEFAULT_MAP_WINDOW : \
>> + (((addr) >= VA_USER_SV48) && (VA_BITS >= VA_BITS_SV48)) ? \
>> + base + VA_USER_SV48 - DEFAULT_MAP_WINDOW : \
>> + base)
>> +
>> #else
>> +#define DEFAULT_MAP_WINDOW TASK_SIZE
>> #define STACK_TOP_MAX TASK_SIZE
>> +
>> +#define arch_get_mmap_end(addr, len, flags) \
>> + ((addr) > DEFAULT_MAP_WINDOW ? STACK_TOP_MAX : DEFAULT_MAP_WINDOW)
>> +
>> +#define arch_get_mmap_base(addr, base) \
>> + ((addr > DEFAULT_MAP_WINDOW) ? \
>> + base + STACK_TOP_MAX - DEFAULT_MAP_WINDOW : \
>> + base)
>> +
>> #endif
>> #define STACK_ALIGN 16
>> 
>> +
>> +#define STACK_TOP DEFAULT_MAP_WINDOW
>> +
>> +/*
>> + * This decides where the kernel will search for a free chunk of vm
>> + * space during mmap's.
>> + */
>> +#define TASK_UNMAPPED_BASE PAGE_ALIGN(DEFAULT_MAP_WINDOW / 3)
>> +
>> #ifndef __ASSEMBLY__
>> 
>> struct task_struct;
>> -- 
>> 2.34.1
>> 
>> 
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv