From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: [PATCH] usercopy: skip the check if not a real usercopy References: <20190102093137.17136-1-yanaijie@huawei.com> <5C355BD6.2010608@huawei.com> From: Jason Yan Message-ID: <5C37F6F6.3030605@huawei.com> Date: Fri, 11 Jan 2019 09:52:54 +0800 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit To: Kees Cook Cc: Jann Horn , Kernel Hardening , zhaohongjiang@huawei.com, miaoxie@huawei.com, Li Bin , Wei Yongjun List-ID: On 2019/1/10 6:59, Kees Cook wrote: > On Tue, Jan 8, 2019 at 6:26 PM Jason Yan wrote: >> It's very easy to reproduce in qemu using my config with v4.20. Please >> refer to the attachment. >> >> I did some debug and found that check_object_size() did not stuck but >> check_object_size() sometimes takes more than 30 milliseconds, and >> ftrace will call __probe_kernel_write() thousands of times, which makes >> the whole process stuck for more than 20 seconds. > > 30ms is still WAY too long. :) > >> [yanaijie@138 linux]$ ./scripts/faddr2line vmlinux >> __check_object_size+0x5/0x460 >> __check_object_size+0x5/0x460: >> __check_object_size at mm/usercopy.c:254 >> [yanaijie@138 linux]$ > > For me, that's the entry to __check_object_size (the line with "{"). > Is that what you see too? > Yes, this is different every time, so it's just because there is too many loops outside to call this function? > Perhaps this is poor interaction with tracing? Does marking > __check_object_size with "notrace" help? > I will try this later.