From: Mark Rutland <mark.rutland@arm.com>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Alexandre Ghiti <alex@ghiti.fr>,
David Laight <David.Laight@aculab.com>,
Samuel Holland <samuel.holland@sifive.com>,
Alexandre Ghiti <alexghiti@rivosinc.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
Albert Ou <aou@eecs.berkeley.edu>,
Andrew Morton <akpm@linux-foundation.org>,
Charlie Jenkins <charlie@rivosinc.com>,
guoren <guoren@kernel.org>, Jisheng Zhang <jszhang@kernel.org>,
Kemeng Shi <shikemeng@huaweicloud.com>,
Matthew Wilcox <willy@infradead.org>,
Mike Rapoport <rppt@kernel.org>,
Paul Walmsley <paul.walmsley@sifive.com>,
Xiao W Wang <xiao.w.wang@intel.com>,
Yangyu Chen <cyy@cyyself.name>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] riscv: Define TASK_SIZE_MAX for __access_ok()
Date: Mon, 25 Mar 2024 18:30:08 +0000 [thread overview]
Message-ID: <ZgHCpgHh1ypSyrtv@FVFF77S0Q05N> (raw)
In-Reply-To: <eeccbc9f-7544-42c9-964f-2b4c924c2b2f@app.fastmail.com>
On Mon, Mar 25, 2024 at 07:02:13PM +0100, Arnd Bergmann wrote:
> On Mon, Mar 25, 2024, at 17:39, Mark Rutland wrote:
>
> > Using a compile-time constant TASK_SIZE_MAX allows the compiler to generate
> > much better code for access_ok(), and on arm64 we use a compile-time constant
> > even when our page table depth can change at runtime (and when native/compat
> > task sizes differ). The only abosolute boundary that needs to be maintained is
> > that access_ok() fails for kernel addresses.
>
> As I understand, this works on arm64 and x86 because the kernel
> mapping starts on negative 64-bit addresses, so the highest user
> address (TASK_SIZE = 0x000fffffffffffff) is still smaller than the
> lowest kernel address (PAGE_OFFSET = 0xfff0000000000000).
Yep; the highest posible user address is always below the lowest possible
kernel address, and any "non-canonical" address between the two ranges faults.
There's some fun with TBI (Top Byte Ignore) and MTE, but that only affects how
to mangle the pointer before the check, and doesn't affect the definition of
the VA boundary.
In general, so long as TASK_SIZE_MAX is <= the lowest possible kernel address
and TASK_SIZE_MAX > the highest possible user address, it all works out.
> If an architecture ignores all the top bits of a virtual address,
> the largest TASK_SIZE would be higher than the smallest (positive,
> unsigned) PAGE_OFFSET, so you need TASK_SIZE_MAX to be dynamic.
Agreed, but do we even support such architectures within Linux?
> It doesn't look like this is the case on riscv, but I'm not sure
> about this part.
It looks like riscv is in the same bucket as arm64 and x86 per:
https://www.kernel.org/doc/html/next/riscv/vm-layout.html
... which says:
| The RISC-V privileged architecture document states that the 64bit addresses
| "must have bits 63-48 all equal to bit 47, or else a page-fault exception
| will occur.": that splits the virtual address space into 2 halves separated
| by a very big hole, the lower half is where the userspace resides, the upper
| half is where the RISC-V Linux Kernel resides.
Mark.
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2024-03-25 18:30 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-13 17:59 [PATCH] riscv: Define TASK_SIZE_MAX for __access_ok() Samuel Holland
2024-03-18 20:50 ` Alexandre Ghiti
2024-03-18 21:29 ` Samuel Holland
2024-03-19 16:51 ` Alexandre Ghiti
2024-03-24 19:42 ` David Laight
2024-03-25 7:30 ` Alexandre Ghiti
2024-03-25 9:30 ` David Laight
2024-03-25 16:39 ` Mark Rutland
2024-03-25 18:02 ` Arnd Bergmann
2024-03-25 18:30 ` Mark Rutland [this message]
2024-03-25 19:20 ` Samuel Holland
2024-03-25 20:38 ` Arnd Bergmann
2024-03-26 10:19 ` David Laight
2024-03-26 14:49 ` Mark Rutland
2024-03-25 20:12 ` Alexandre Ghiti
2024-03-24 22:05 ` Arnd Bergmann
2024-03-25 7:25 ` Alexandre Ghiti
2024-03-25 11:15 ` Arnd Bergmann
2024-03-25 20:40 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZgHCpgHh1ypSyrtv@FVFF77S0Q05N \
--to=mark.rutland@arm.com \
--cc=David.Laight@aculab.com \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=alexghiti@rivosinc.com \
--cc=aou@eecs.berkeley.edu \
--cc=arnd@arndb.de \
--cc=charlie@rivosinc.com \
--cc=cyy@cyyself.name \
--cc=guoren@kernel.org \
--cc=jszhang@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=rppt@kernel.org \
--cc=samuel.holland@sifive.com \
--cc=shikemeng@huaweicloud.com \
--cc=willy@infradead.org \
--cc=xiao.w.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox