From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 959C213C674 for ; Tue, 26 Mar 2024 14:50:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711464605; cv=none; b=XYMOxzyI492c0Vt12/cLA9O+fSsbvxEuy9hE7qNihweNMtWC5XCZtJ1GzrKIL6ID/owtNO+6AIkfhavuJ8sbCy4tgKniWhUF+f+eP1DTN/K3NaBjo/zWa3CAhn2ymx55dbqCdv9MSj/ZYsjGvEngdFPLug/LZ6/WWwIAVhlXNT0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711464605; c=relaxed/simple; bh=K283dq0rMCMbXlbjFmsIYUEw3mlmXF2plQnChcVoYxw=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=a41CK21z4Efd0Y++uNoE7x1L3Nf+tQBzxZJ02y82jisHHOI885WwgTG5TsUlvyYRZH2LHDR9EVz8PKsaQAISzNfp8IJHDup4z6JUTSSwd9nCweTHCITX1HDiW+wGuMursOgoiqYa2u190delaX9S/31j2bAiO+o+ORw/OUH6VWI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8BBA1339; Tue, 26 Mar 2024 07:50:36 -0700 (PDT) Received: from FVFF77S0Q05N.cambridge.arm.com (FVFF77S0Q05N.cambridge.arm.com [10.1.35.184]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7C25E3F694; Tue, 26 Mar 2024 07:50:00 -0700 (PDT) Date: Tue, 26 Mar 2024 14:49:57 +0000 From: Mark Rutland To: David Laight Cc: 'Arnd Bergmann' , Alexandre Ghiti , Samuel Holland , Alexandre Ghiti , Palmer Dabbelt , "linux-riscv@lists.infradead.org" , Albert Ou , Andrew Morton , Charlie Jenkins , guoren , Jisheng Zhang , Kemeng Shi , Matthew Wilcox , Mike Rapoport , Paul Walmsley , Xiao W Wang , Yangyu Chen , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH] riscv: Define TASK_SIZE_MAX for __access_ok() Message-ID: References: <88de4a1a-047e-4be9-b5b0-3e53434dc022@sifive.com> <95eb125d-dd54-42f1-b080-938faca6a8a1@app.fastmail.com> <882fc86da89f4adb81570cde3a653e6f@AcuMS.aculab.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <882fc86da89f4adb81570cde3a653e6f@AcuMS.aculab.com> On Tue, Mar 26, 2024 at 10:19:28AM +0000, David Laight wrote: > From: Arnd Bergmann > > Sent: 25 March 2024 20:38 > > > > On Mon, Mar 25, 2024, at 19:30, Mark Rutland wrote: > > > On Mon, Mar 25, 2024 at 07:02:13PM +0100, Arnd Bergmann wrote: > > >> On Mon, Mar 25, 2024, at 17:39, Mark Rutland wrote: > > > > > >> If an architecture ignores all the top bits of a virtual address, > > >> the largest TASK_SIZE would be higher than the smallest (positive, > > >> unsigned) PAGE_OFFSET, so you need TASK_SIZE_MAX to be dynamic. > > > > > > Agreed, but do we even support such architectures within Linux? > > > > Apparently not. > > > > On 32-bit architectures, you often have TASK_SIZE==PAGE_OFFSET, > > but not on 64-bit -- either the top few bits in PAGE_OFFSET are > > always ones, or the user and kernel page tables are completely > > separate. > > ISTR that arm64 uses (something like) bit 56 to select kernel > with the annoying 'feature' that the high bits can be ignored > just to complicate things. Yes, bit 55. We choose our TASK_SIZE_MAX to be below 2^55, so no kernel address will pass access_ok(), and we pre-mangle the TBI bits for userspace so they can't affect the check and fail unexpectedly. So it doesn't actually matter -- leave that aspect to arch code. Mark.