From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 24C34CD4847
	for <linux-mm@archiver.kernel.org>; Wed,  4 Sep 2024 18:52:04 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id A7A186B0253; Wed,  4 Sep 2024 14:52:03 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A2B016B0256; Wed,  4 Sep 2024 14:52:03 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 87BFB6B0253; Wed,  4 Sep 2024 14:52:03 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id 630E26B024D
	for <linux-mm@kvack.org>; Wed,  4 Sep 2024 14:52:03 -0400 (EDT)
Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id A6A81A10BB
	for <linux-mm@kvack.org>; Wed,  4 Sep 2024 18:52:02 +0000 (UTC)
X-FDA: 82527950484.16.AB3AE10
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49])
	by imf26.hostedemail.com (Postfix) with ESMTP id B458314001E
	for <linux-mm@kvack.org>; Wed,  4 Sep 2024 18:51:59 +0000 (UTC)
Authentication-Results: imf26.hostedemail.com;
	dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=Xs6nOjLy;
	spf=pass (imf26.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.49 as permitted sender) smtp.mailfrom=debug@rivosinc.com;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1725475895;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=O6ZVaLfTmncaiFC3xCMQJd5Si2uYtr9Mg2hPai6p2Zs=;
	b=uZu2qrdVufbPRbEpltJwuCx4/Zz7sfhpTRDJUuF/dqas+Mh4mi5v5hoNw6QJv6p2xV7oXu
	VOsmrQrlQPNF4nD6RXU1r3CV3hN2IhiAv5sR8Jr0aC3i/xMkCDktkptU4zknHica88fKzC
	PA08Pzk12KeqFwvQtaZwgyliFBMpLxU=
ARC-Authentication-Results: i=1;
	imf26.hostedemail.com;
	dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=Xs6nOjLy;
	spf=pass (imf26.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.49 as permitted sender) smtp.mailfrom=debug@rivosinc.com;
	dmarc=none
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725475895; a=rsa-sha256;
	cv=none;
	b=ohTPJg2UR/C0GK54kOzxfTswiTw8IuGIXYOlBofbYCo3qxJcpK5UwlMCqow2Bt+hQtLqEF
	3aC8QmO3yR4sjxqwyk88x0dMcHT0Kh6iUsFit8jAdihO6yxnW5f8HQm6ahrrpWqdKfG0Qv
	rXkooS2fyai24C7nZiXlU3Nke/52hSY=
Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-2d87a1f0791so3824949a91.2
        for <linux-mm@kvack.org>; Wed, 04 Sep 2024 11:51:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1725475918; x=1726080718; darn=kvack.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=O6ZVaLfTmncaiFC3xCMQJd5Si2uYtr9Mg2hPai6p2Zs=;
        b=Xs6nOjLyfCZCglOGvGPfqbYzfN8jUoNqJGeZ6b8uzGKn5GgnSccN33bOXyUwWgR6hV
         iwWcHXq2rLSu2iiBdPWaNadPZ1NDmfyWQX3tqBc9fReHU3q7J5Qq0iTwBFgPo7NX+bq3
         LYAHq3QwT/rIWg6SXD+05nuA6QzOoc0a8Oypobg9nvh1wh03QCainsZd65FBXLZgha+b
         YYQD7j2kJJIS8ZSzPH7xLogtSyG0XGiwOY3vsFJNIo09/5YrFpTpR+IDF2x2n8T/vIlC
         wlaepoOjq/UtAKYXhpeTmAEFY5xpteORuimCQQ/78GbO1eCzA27yJja62PpqnUSA5Ze1
         5REw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1725475918; x=1726080718;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=O6ZVaLfTmncaiFC3xCMQJd5Si2uYtr9Mg2hPai6p2Zs=;
        b=TquAa+CUwqfI4CDP3nEqRyE/SYp299SxxV8E4etl1QnBNnU24X+kDTtfsmBrNQ/91w
         o1QYtxXrvZShTpKyJezDVEcRzS7KC2mm8dcxN6vy9k+kmpaWCl7UGLLX7+j5Qv/2bT/F
         oPdRV/ktnQ/c83dWg2Fi2EFDMhwRc9sRKLUVI+rUdyIQGI/K7edCuQmPE1tcyBFXbaXK
         7d6+FxRfkdrJZ+K9XGZQl72iXIYmPgdvqKjrVuteFD7SVIvKliAVkIFBkUhZCfT/srTQ
         jkw8Y/SFJMQ6EgJ7HIEa0eovkt4Qfynl5zPwuqEFWKMJV4fQ4ATyneQWsY0Rp23j07QL
         A2ug==
X-Forwarded-Encrypted: i=1; AJvYcCUxJY9oiemRyppCU5FbGcVpeEQuYjI3od90cLEXh+ZUzQwx6GrSNtGxMgSZkDb0K6IF7vwiP3iA+w==@kvack.org
X-Gm-Message-State: AOJu0YzYcpuwTnyRHD6Zs+ULdKvxVU15cE6mph84jRyEQX6ca9R4zMDz
	WsoFbCmRg8lKDERNiU3sIOkEkzt1/lHNsnJYnXWgNPLtC2ETU4p64zvWi3xJvoU=
X-Google-Smtp-Source: AGHT+IGxM6h9S0OM8htpvDl1qRKbi0apkGb/RUsvutqrVBDacyDPb7hJbcL2mjRY0/SNPdo0kubr6w==
X-Received: by 2002:a17:90b:3903:b0:2d8:8430:8a91 with SMTP id 98e67ed59e1d1-2d89728b29emr15224775a91.10.1725475918042;
        Wed, 04 Sep 2024 11:51:58 -0700 (PDT)
Received: from debug.ba.rivosinc.com ([64.71.180.162])
        by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8e1ae1b3fsm6674555a91.33.2024.09.04.11.51.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 04 Sep 2024 11:51:57 -0700 (PDT)
Date: Wed, 4 Sep 2024 11:51:53 -0700
From: Deepak Gupta <debug@rivosinc.com>
To: Mark Brown <broonie@kernel.org>
Cc: Richard Henderson <richard.henderson@linaro.org>,
	Ivan Kokshaysky <ink@jurassic.park.msu.ru>,
	Matt Turner <mattst88@gmail.com>, Vineet Gupta <vgupta@kernel.org>,
	Russell King <linux@armlinux.org.uk>, Guo Ren <guoren@kernel.org>,
	Huacai Chen <chenhuacai@kernel.org>,
	WANG Xuerui <kernel@xen0n.name>,
	"James E.J. Bottomley" <James.Bottomley@hansenpartnership.com>,
	Helge Deller <deller@gmx.de>, Michael Ellerman <mpe@ellerman.id.au>,
	Nicholas Piggin <npiggin@gmail.com>,
	Christophe Leroy <christophe.leroy@csgroup.eu>,
	Naveen N Rao <naveen@kernel.org>,
	Alexander Gordeev <agordeev@linux.ibm.com>,
	Gerald Schaefer <gerald.schaefer@linux.ibm.com>,
	Heiko Carstens <hca@linux.ibm.com>,
	Vasily Gorbik <gor@linux.ibm.com>,
	Christian Borntraeger <borntraeger@linux.ibm.com>,
	Sven Schnelle <svens@linux.ibm.com>,
	Yoshinori Sato <ysato@users.sourceforge.jp>,
	Rich Felker <dalias@libc.org>,
	John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
	"David S. Miller" <davem@davemloft.net>,
	Andreas Larsson <andreas@gaisler.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>, Chris Zankel <chris@zankel.net>,
	Max Filippov <jcmvbkbc@gmail.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	"Liam R. Howlett" <Liam.Howlett@oracle.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>, linux-arm-kernel@lists.infradead.org,
	linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-snps-arc@lists.infradead.org, linux-csky@vger.kernel.org,
	loongarch@lists.linux.dev, linux-parisc@vger.kernel.org,
	linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org,
	linux-sh@vger.kernel.org, sparclinux@vger.kernel.org,
	linux-mm@kvack.org, Rick Edgecombe <rick.p.edgecombe@intel.com>
Subject: Re: [PATCH 3/3] mm: Care about shadow stack guard gap when getting
 an unmapped area
Message-ID: <ZtisSerxbnDaWr5l@debug.ba.rivosinc.com>
References: <20240902-mm-generic-shadow-stack-guard-v1-0-9acda38b3dd3@kernel.org>
 <20240902-mm-generic-shadow-stack-guard-v1-3-9acda38b3dd3@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <20240902-mm-generic-shadow-stack-guard-v1-3-9acda38b3dd3@kernel.org>
X-Rspam-User: 
X-Stat-Signature: r9j9p1zmpq9ft66e77ehbwmrj5b7fm33
X-Rspamd-Queue-Id: B458314001E
X-Rspamd-Server: rspam11
X-HE-Tag: 1725475919-895831
X-HE-Meta: U2FsdGVkX19SIFB39t3GWStcQaaD6Yad+qfHJXPS8ah1ykR4t6bUW0iKIbXcL2dqUujdThR8jS6ZXCJQmBoU/5Uiq2a/k04bx6HLkJPItEvtfsEyJTo3wgBC2FuacF8nl+IK/HKs5D7x1Q3UinG4+s6eaUVx+lz+eyR6DFxWb/qxMdWQbdrMaQr75DejBqVewAzdt4/yQOCHw1l53E6ZPpKjJFv3jxTU08mc4I4S+oLAK+JNcfyeRVu57EoB+Smt46zEikgvKAJcqlIJXRuhH2txWb16l5mUYzjPheD2yi2xlqjMWQK+X14zywEx+w/1I4m0dR7RFkE/w+PVodeY11uAxTQze3jArD/5cMHv5RTBDjyUAxfdtbSsFk5Z+Ku6NT6kRYW5RdsteEHM1KKXE4B1p/qEhr8AiYJomuEXufa3ou/pQcp1+DffyRTnTU9uXB36O9xopJnR5n/qjYVuTGOgOSp2vhr5uQcPaWX5LFti5LZvD1b4h6u7L5mTgRgUTsK4mmP0HulTmFQvYOHYXnwiniJDeJUKtq4biToeHklOIKO2OJGYajxY5cL0QQJguykLVjuBl+rcOw0HbC7G1ad1UemdrT+k21oCj9V2ldOSB2nVsUofqJjfzwuYI6dBOupqG992KlXus4Gm0YFJyWZ6TQJ+NxihyS/MCIXgTDJGdBkqOuRHHBdcBZFg9Y9C9mZXRixVhZAkK3fVzko78ibX66CJSWHcPASYJ5bnLulBmy4uPbP1LcmI1SXMl3pcAeHmNfKLNHVpk/t/yCP02/HKgvXlHRejDyMbY9QeLxPP5TybtFs/FLn+FNwqh9dsHxuf/bpdwi2m/6tUIjtTya5M5NQ73fxYaOqW65w8naqWrWA/XfEXvapRMn3jTPwBFuBWNHTjt7qbeyW+kcS9SmDaO0G6TWUToU1X9lWkQQuSn+5A8TGEpP2SqRLwghf+jC7OGMQ0l2lFHdK1hKp
 T6b1mCwa
 r8NVj7TTQSDSRpei7KsHVwzvs50uxDK7xmZgRQ2hQzCQ4iSsJqTMd9YTPaT2B/5/R/Kl/c7Be79rqUbmgpTHGDE3Xj52YaVG+lCrh1eao/CV/4I6BNsVYcg9AqhsYvbvJzKUd4xGC1b0tAXbc0CW5RZs7gTvTr6zr9bveXAOz21EsNCI5DFrbRim/TP1fJAIKwDQ4+xm4ptyoOH0OscsnaqOw4FRwwz0Jtqj8B6LIcIpezgcCV0fbfZZyZpBUDCMkVa97UTl1VXAZhbMzepv0xs/QOUC4EN8xf7CAV8KYEVtfcRkLIZ0fGTgDfiBADBGuhrm3KmshpXhRqmzOCYw2puNL3BaaKOBG+vZ2V1g4eaR9YHaDsmFouqbSbaXbmgcLazz+FRKmcFK9x5x0DTJPiGlCmA4dC1AqVVE1U0Ie/flA+I6RolChZeMU0Kj6uBCBEj0EFFN2E/j5a7Lc0aJ8JlkVMg==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Mon, Sep 02, 2024 at 08:08:15PM +0100, Mark Brown wrote:
>As covered in the commit log for c44357c2e76b ("x86/mm: care about shadow
>stack guard gap during placement") our current mmap() implementation does
>not take care to ensure that a new mapping isn't placed with existing
>mappings inside it's own guard gaps. This is particularly important for
>shadow stacks since if two shadow stacks end up getting placed adjacent to
>each other then they can overflow into each other which weakens the
>protection offered by the feature.
>
>On x86 there is a custom arch_get_unmapped_area() which was updated by the
>above commit to cover this case by specifying a start_gap for allocations
>with VM_SHADOW_STACK. Both arm64 and RISC-V have equivalent features and
>use the generic implementation of arch_get_unmapped_area() so let's make
>the equivalent change there so they also don't get shadow stack pages
>placed without guard pages.
>
>Architectures which do not have this feature will define VM_SHADOW_STACK
>to VM_NONE and hence be unaffected.
>
>Suggested-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
>Signed-off-by: Mark Brown <broonie@kernel.org>
>---
> mm/mmap.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
>diff --git a/mm/mmap.c b/mm/mmap.c
>index b06ba847c96e..902c482b6084 100644
>--- a/mm/mmap.c
>+++ b/mm/mmap.c
>@@ -1753,6 +1753,14 @@ static unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info)
> 	return gap;
> }
>
>+static inline unsigned long stack_guard_placement(vm_flags_t vm_flags)
>+{
>+	if (vm_flags & VM_SHADOW_STACK)
>+		return PAGE_SIZE;
>+
>+	return 0;
>+}
>+
> /*
>  * Search for an unmapped address range.
>  *
>@@ -1814,6 +1822,7 @@ generic_get_unmapped_area(struct file *filp, unsigned long addr,
> 	info.length = len;
> 	info.low_limit = mm->mmap_base;
> 	info.high_limit = mmap_end;
>+	info.start_gap = stack_guard_placement(vm_flags);
> 	return vm_unmapped_area(&info);
> }
>
>@@ -1863,6 +1872,7 @@ generic_get_unmapped_area_topdown(struct file *filp, unsigned long addr,
> 	info.length = len;
> 	info.low_limit = PAGE_SIZE;
> 	info.high_limit = arch_get_mmap_base(addr, mm->mmap_base);
>+	info.start_gap = stack_guard_placement(vm_flags);
> 	addr = vm_unmapped_area(&info);
>
> 	/*
>

lgtm

Reviewed-by: Deepak Gupta <debug@rivosinc.com>

>-- 
>2.39.2
>