From: Kees Cook <keescook@chromium.org>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
linux-kernel@vger.kernel.org
Subject: [INFO] ratio of const vs dynamic usercopy
Date: Mon, 19 Sep 2016 21:58:39 -0700 [thread overview]
Message-ID: <20160920045839.GA139098@beast> (raw)
Hi,
Al had asked me a couple weeks back what the ratio of const vs dynamic
usercopying was. With Josh's cleanup and my fix-up to only call the
hardened usercopy when non-const, I can actually gather these statistics
on a build. It's a bit of a hack (see attached patch that should not go
into the tree), but with my not-very-defconfig, it's rougly 2 to 1 const
vs dynamic. However, this doesn't take into account the frequency at
_runtime_, which maybe could be discovered via perf comparing copy*user()
calls to __check_object_size() calls, but I didn't try that. Does someone
have perf setup to check this?
$ grep 'warning: call to' build.stderr | wc -l
1505
$ grep 'warning: call to' build.stderr | grep 'const usercopy' | wc -l
998
$ grep 'warning: call to' build.stderr | grep 'dynamic usercopy' | wc -l
507
Signed-off-by: Kees Cook <keescook@chromium.org>
---
include/linux/thread_info.h | 8 +++++++-
mm/usercopy.c | 4 ++++
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index 2b5b10eed74f..4cae922797e5 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -115,14 +115,20 @@ static inline int arch_within_stack_frames(const void * const stack,
#endif
#ifdef CONFIG_HARDENED_USERCOPY
-extern void __check_object_size(const void *ptr, unsigned long n,
+extern void __compiletime_warning("dynamic usercopy")
+__check_object_size(const void *ptr, unsigned long n,
bool to_user);
+extern void __compiletime_warning("builtin-const usercopy")
+__skip_check_object_size(void);
+
static __always_inline void check_object_size(const void *ptr, unsigned long n,
bool to_user)
{
if (!__builtin_constant_p(n))
__check_object_size(ptr, n, to_user);
+ else
+ __skip_check_object_size();
}
#else
static inline void check_object_size(const void *ptr, unsigned long n,
diff --git a/mm/usercopy.c b/mm/usercopy.c
index 089328f2b920..9969a06f5e25 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -275,3 +275,7 @@ report:
report_usercopy(ptr, n, to_user, err);
}
EXPORT_SYMBOL(__check_object_size);
+
+void __skip_check_object_size(void)
+{ }
+EXPORT_SYMBOL(__skip_check_object_size);
--
2.7.4
--
Kees Cook
Nexus Security
next reply other threads:[~2016-09-20 4:58 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-20 4:58 Kees Cook [this message]
2016-09-20 5:48 ` [INFO] ratio of const vs dynamic usercopy kbuild test robot
2016-09-20 23:17 ` Kees Cook
2016-09-21 2:31 ` Fengguang Wu
2016-09-21 2:41 ` Kees Cook
2016-09-20 14:19 ` Josh Poimboeuf
2016-09-21 0:31 ` Kees Cook
2016-09-21 1:00 ` Linus Torvalds
2016-09-21 5:36 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160920045839.GA139098@beast \
--to=keescook@chromium.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.