From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5C985C433EF for ; Mon, 13 Dec 2021 23:10:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:In-Reply-To:References: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=JktwpBjscoA/fnt+uUVxrbqFBIM1lmi1hLEMaYjJpoI=; b=ZGHrEvP2ryt/K+ kBXPKDyYMVFR5b9kJymmDzAPfteb0qzCyzgOq41RqdHIc3m5T52oGrLP+Myd3ZZDbvYoBdfFXrCIB TyruOtbZGLweJBEy7WdOZYkOqc1ztD+/wd4rl1EUH6jGBainuLv5ZojU0zbdrTIuIWYTleReW580T NTAajuKMMl9XYPjQf58ZjQDJIUP3gWwtxxGhQXi09kiYRgOP3CE+1wUMM0jTqHsJ38el5bm8X8VBB YgZPCGmzG8aE4OqZxBdECR/Qbk8qIrEAxcXePTVHhCslMj0narmtnotfwxQWuHeHPchu8tzHrs/G8 ZV+MGNCF+A8UXU/FsvOw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mwuQP-00BvLZ-QG; Mon, 13 Dec 2021 23:08:07 +0000 Received: from eu-smtp-delivery-151.mimecast.com ([185.58.85.151]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mwuQD-00BvK5-9n for linux-arm-kernel@lists.infradead.org; Mon, 13 Dec 2021 23:07:55 +0000 Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id uk-mta-148-HjWL4iprNbOk-cYtT8YBng-1; Mon, 13 Dec 2021 23:07:44 +0000 X-MC-Unique: HjWL4iprNbOk-cYtT8YBng-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP Server (TLS) id 15.0.1497.26; Mon, 13 Dec 2021 23:07:42 +0000 Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id 15.00.1497.026; Mon, 13 Dec 2021 23:07:42 +0000 From: David Laight To: 'Peter Collingbourne' CC: Catalin Marinas , Will Deacon , Ingo Molnar , Peter Zijlstra , "Juri Lelli" , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Daniel Bristot de Oliveira , "Thomas Gleixner" , Andy Lutomirski , Kees Cook , Andrew Morton , "Masahiro Yamada" , Sami Tolvanen , YiFei Zhu , Mark Rutland , Frederic Weisbecker , Viresh Kumar , Andrey Konovalov , "Gabriel Krisman Bertazi" , Chris Hyser , Daniel Vetter , "Chris Wilson" , Arnd Bergmann , "Dmitry Vyukov" , Christian Brauner , "Eric W. Biederman" , Alexey Gladkov , Ran Xiaokai , David Hildenbrand , Xiaofeng Cao , Cyrill Gorcunov , Thomas Cedeno , Marco Elver , "Alexander Potapenko" , "linux-kernel@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , Evgenii Stepanov Subject: RE: [PATCH v4 0/7] kernel: introduce uaccess logging Thread-Topic: [PATCH v4 0/7] kernel: introduce uaccess logging Thread-Index: AQHX7UpWadBINBQ4oUSeJNLk/BiYRKwtinPAgANPzICAADN0UA== Date: Mon, 13 Dec 2021 23:07:42 +0000 Message-ID: References: <20211209221545.2333249-1-pcc@google.com> In-Reply-To: Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211213_150753_670762_8B3D31CB X-CRM114-Status: GOOD ( 38.23 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Peter Collingbourne > Sent: 13 December 2021 19:49 > > On Sat, Dec 11, 2021 at 9:23 AM David Laight wrote: > > > > From: Peter Collingbourne > > > Sent: 09 December 2021 22:16 > > > > > > This patch series introduces a kernel feature known as uaccess > > > logging, which allows userspace programs to be made aware of the > > > address and size of uaccesses performed by the kernel during > > > the servicing of a syscall. More details on the motivation > > > for and interface to this feature are available in the file > > > Documentation/admin-guide/uaccess-logging.rst added by the final > > > patch in the series. > > > > How does this work when get_user() and put_user() are used to > > do optimised copies? > > > > While adding checks to copy_to/from_user() is going to have > > a measurable performance impact - even if nothing is done, > > adding them to get/put_user() (and friends) is going to > > make some hot paths really slow. > > > > So maybe you could add it so KASAN test kernels, but you can't > > sensibly enable it on a production kernel. > > > > Now, it might be that you could semi-sensibly log 'data' transfers. > > But have you actually looked at all the transfers that happen > > for something like sendmsg(). > > The 'user copy hardening' code already has a significant impact > > on that code (in many places). > > Hi David, > > Yes, I realised after I sent out my patch (and while writing test > cases for it) that it didn't cover get_user()/put_user(). I have a > patch under development that will add this coverage. I used it to run > my invalid syscall and uname benchmarks and the results were basically > the same as without the coverage. > > Are you aware of any benchmarks that cover sendmsg()? I can try to > look at writing my own if not. I was also planning to write a > benchmark that uses getresuid() as this was the simplest syscall that > I could find that does multiple put_user() calls. Also look at sys_poll() I think that uses __put/get_user(). I think you'll find some of the socket option code also uses get_user(). There is also the compat code for import_iovec(). IIRC that is actually faster than the non-compat version at the moment. I did some benchmarking of writev("/dev/null", iov, 10); The cost of reading in the iovec is significant in that case. Maybe I ought to find time to sort out my patches. For sendmsg() using __copy_from_user() to avoid the user-copy hardening checks also makes a measurable difference when sending UDP through raw sockets - which we do a lot of. I think you'd need to instrument user_access_begin() and also be able to merge trace entries (for multiple get_user() calls). You really don't have to look far to find places where copy_to/from_user() is optimised to multiple get/put_user() or __get/put_user() (or are they the 'nofault' variants?) Those are all hot paths - at least for some workloads. So adding anything there isn't likely to be accepted for production kernels. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales) _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel