Re: [PATCH REBASE v4 14/14] riscv: Make mmap allocation top-down by default

[Alexandre Ghiti <alex@xxxxxxxx>]

On 7/26/19 2:20 AM, Paul Walmsley wrote:
> Hi Alexandre,
>
> I have a few questions about this patch.  Sorry to be dense here ...
>
> On Wed, 24 Jul 2019, Alexandre Ghiti wrote:
>
> > In order to avoid wasting user address space by using bottom-up mmap
> > allocation scheme, prefer top-down scheme when possible.
> >
> > Before:
> > root@qemuriscv64:~# cat /proc/self/maps
> > 00010000-00016000 r-xp 00000000 fe:00 6389       /bin/cat.coreutils
> > 00016000-00017000 r--p 00005000 fe:00 6389       /bin/cat.coreutils
> > 00017000-00018000 rw-p 00006000 fe:00 6389       /bin/cat.coreutils
> > 00018000-00039000 rw-p 00000000 00:00 0          [heap]
> > 1555556000-155556d000 r-xp 00000000 fe:00 7193   /lib/ld-2.28.so
> > 155556d000-155556e000 r--p 00016000 fe:00 7193   /lib/ld-2.28.so
> > 155556e000-155556f000 rw-p 00017000 fe:00 7193   /lib/ld-2.28.so
> > 155556f000-1555570000 rw-p 00000000 00:00 0
> > 1555570000-1555572000 r-xp 00000000 00:00 0      [vdso]
> > 1555574000-1555576000 rw-p 00000000 00:00 0
> > 1555576000-1555674000 r-xp 00000000 fe:00 7187   /lib/libc-2.28.so
> > 1555674000-1555678000 r--p 000fd000 fe:00 7187   /lib/libc-2.28.so
> > 1555678000-155567a000 rw-p 00101000 fe:00 7187   /lib/libc-2.28.so
> > 155567a000-15556a0000 rw-p 00000000 00:00 0
> > 3fffb90000-3fffbb1000 rw-p 00000000 00:00 0      [stack]
> >
> > After:
> > root@qemuriscv64:~# cat /proc/self/maps
> > 00010000-00016000 r-xp 00000000 fe:00 6389       /bin/cat.coreutils
> > 00016000-00017000 r--p 00005000 fe:00 6389       /bin/cat.coreutils
> > 00017000-00018000 rw-p 00006000 fe:00 6389       /bin/cat.coreutils
> > 2de81000-2dea2000 rw-p 00000000 00:00 0          [heap]
> > 3ff7eb6000-3ff7ed8000 rw-p 00000000 00:00 0
> > 3ff7ed8000-3ff7fd6000 r-xp 00000000 fe:00 7187   /lib/libc-2.28.so
> > 3ff7fd6000-3ff7fda000 r--p 000fd000 fe:00 7187   /lib/libc-2.28.so
> > 3ff7fda000-3ff7fdc000 rw-p 00101000 fe:00 7187   /lib/libc-2.28.so
> > 3ff7fdc000-3ff7fe2000 rw-p 00000000 00:00 0
> > 3ff7fe4000-3ff7fe6000 r-xp 00000000 00:00 0      [vdso]
> > 3ff7fe6000-3ff7ffd000 r-xp 00000000 fe:00 7193   /lib/ld-2.28.so
> > 3ff7ffd000-3ff7ffe000 r--p 00016000 fe:00 7193   /lib/ld-2.28.so
> > 3ff7ffe000-3ff7fff000 rw-p 00017000 fe:00 7193   /lib/ld-2.28.so
> > 3ff7fff000-3ff8000000 rw-p 00000000 00:00 0
> > 3fff888000-3fff8a9000 rw-p 00000000 00:00 0      [stack]
> >
> > Signed-off-by: Alexandre Ghiti <alex@xxxxxxxx>
> > Reviewed-by: Christoph Hellwig <hch@xxxxxx>
> > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
> > ---
> >   arch/riscv/Kconfig | 11 +++++++++++
> >   1 file changed, 11 insertions(+)
> >
> > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> > index 59a4727ecd6c..6a63973873fd 100644
> > --- a/arch/riscv/Kconfig
> > +++ b/arch/riscv/Kconfig
> > @@ -54,6 +54,17 @@ config RISCV
> >   	select EDAC_SUPPORT
> >   	select ARCH_HAS_GIGANTIC_PAGE
> >   	select ARCH_WANT_HUGE_PMD_SHARE if 64BIT
> > +	select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU
> > +	select HAVE_ARCH_MMAP_RND_BITS
> > +
> > +config ARCH_MMAP_RND_BITS_MIN
> > +	default 18
> Could you help me understand the rationale behind this constant?


Indeed, I took that from arm64 code and I did not think enough about it: 
that's
great you spotted this because that's a way too large value for 32 bits 
as it would,
at minimum, make mmap random offset go up to 1GB (18 + 12), which is a 
big hole for
this small address space :)

arm and mips propose 8 as default value for 32bits systems which is 1MB 
offset at minimum.


> > +
> > +# max bits determined by the following formula:
> > +#  VA_BITS - PAGE_SHIFT - 3
> I realize that these lines are probably copied from arch/arm64/Kconfig.
> But the rationale behind the "- 3" is not immediately obvious.  This
> apparently originates from commit 8f0d3aa9de57 ("arm64: mm: support
> ARCH_MMAP_RND_BITS"). Can you provide any additional context here?


The formula comes from commit d07e22597d1d ("mm: mmap: add new /proc tunable
for mmap_base ASLR"), where the author states that "generally a 3-4 bits 
less than the
number of bits in the user-space accessible virtual address space 
[allows to] give the greatest
flexibility without generating an invalid mmap_base address".

In practice, that limits the mmap random offset to at maximum 1/8 (for - 
3) of the total address space.


> > +config ARCH_MMAP_RND_BITS_MAX
> > +	default 33 if 64BIT # SV48 based
> The rationale here is clear for Sv48, per the above formula:
>
>     (48 - 12 - 3) = 33
>
> > +	default 18
> However, here it is less clear to me.  For Sv39, shouldn't this be
>
>     (39 - 12 - 3) = 24
>
> ?  And what about Sv32?


You're right. Is there a way to distinguish between sv39 and sv48 here ?

Thanks Paul,

Alex

>   
>
> - Paul
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/linux-riscv