This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT
- From: "Michael Kerrisk (man-pages)" <mtk dot manpages at gmail dot com>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>, Carlos O'Donell <carlos at redhat dot com>, linux-man <linux-man at vger dot kernel dot org>
- Cc: mtk dot manpages at gmail dot com, Jeff Law <law at redhat dot com>, Zack Weinberg <zackw at panix dot com>, Andi Kleen <andi at firstfloor dot org>, Adhemerval Zanella <adhemerval dot zanella at linaro dot org>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Wed, 16 Dec 2015 15:02:04 +0100
- Subject: Re: [PATCH] Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT
- Authentication-results: sourceware.org; auth=none
- References: <CAMe9rOo1OBOGruWMoLTx96wnkKUYPzBZ5HcOCFdGJEp+jTRzVA at mail dot gmail dot com>
On 12/15/2015 10:34 PM, H.J. Lu wrote:
> On Tue, Dec 15, 2015 at 1:06 PM, Carlos O'Donell <email@example.com> wrote:
>> On 12/15/2015 03:08 PM, H.J. Lu wrote:
>>> On Tue, Dec 15, 2015 at 10:38 AM, Carlos O'Donell <firstname.lastname@example.org> wrote:
>>>>> On 12/15/2015 01:27 PM, Carlos O'Donell wrote:
>>>>>>> + cpu_features->feature[index_Prefer_MAP_32BIT_EXEC]
>>>>>>> + |= get_prefer_map_32bit_exec ();
>>>>>>> You wouldn't need get_prefer_map_32bit_exec, since this is all part of
>>>>>>> the code, like dl-librecon.h, which parses the extra env var.
>>>>> To be clear:
>>>>> * Add new bit flag definitions for cpu_features.
>>>>> * Add a sysdeps/unix/sysv/linux/x86_64/dl-silvermont.h
>>>>> * Fill in EXTRA_LD_ENVVARS or add new ones.
>>>>> * Write to rtld's GLRO cpu_features the bit you need based
>>>>> on __libc_enable_secure.
>>>>> That should simplify and concentrate the Silvermont fixes to
>>>>> just two files, making future maintenance and documentation
>>> This is the updated patch. I put EXTRA_LD_ENVVARS and
>>> EXTRA_UNSECURE_ENVVARS in x86_64/64/dl-librecon.h
>>> to be consistent with i386/dl-librecon.h. If we ever need to
>>> update EXTRA_LD_ENVVARS/EXTRA_UNSECURE_ENVVARS
>>> in the future, we have a single file to change.
>>> Tested on x86-64. OK for master?
>>> Thanks for all the feedbacks and suggestions.
>> This looks much better and much cleaner. Looks good to me now. It also
>> appears you have consesnsus with this last change.
>> It needs a bug # please since you're fixing a user-visible performance
>> problem on Silvermont.
> I opened
> and checked in my patch.
>> It appears to meet Zack's requirement to choose a security safe default
>> at the expense of performance (I agree with that).
>> I *strongly* urge you to immediately submit a patch to the linux man
>> pages project to document that as of 2.23 this new flag exists and
>> does what you describe it does.
> Here is a patch for Linux man page.
Thanks, H.J. I applied the patch and tweaked your text somewhat.
Does the following look okay?
(x86-64 only)(glibc since 2.23) According to the Intel
Silvermont software optimization guide, for 64-bit appliâ
cations, branch prediction performance can be negatively
impacted when the target of a branch is more than 4GB away
from the branch. If this environment variable is set (to
any value), ld.so will first try to map executable pages
using the mmap(2) MAP_32BIT flag, and fall back to mapping
without that flag if that attempt fails. NB: MAP_32BIT
will map to the low 2GB (not 2GB) of the address space.
Because MAP_32BIT reduces the address range available for
address space layout randomization (ASLR), LD_PREâ
FER_MAP_32BIT_EXEC is always disabled in secure-execution
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/