From: Mateusz Guzik <mjguzik@gmail.com>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Christian Brauner <brauner@kernel.org>,
serge@hallyn.com, paul@paul-moore.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v3 2/2] vfs: avoid duplicating creds in faccessat if possible
Date: Thu, 2 Mar 2023 19:22:17 +0100 [thread overview]
Message-ID: <CAGudoHFhnJ1z-81FKYpzfDmvcWFeHNkKGdr00CkuH5WJa2FAMQ@mail.gmail.com> (raw)
In-Reply-To: <ZADoeOiJs6BRLUSd@ZenIV>
On 3/2/23, Al Viro <viro@zeniv.linux.org.uk> wrote:
> On Thu, Mar 02, 2023 at 07:14:24PM +0100, Mateusz Guzik wrote:
>> On 3/2/23, Linus Torvalds <torvalds@linux-foundation.org> wrote:
>> > On Thu, Mar 2, 2023 at 12:30 AM Christian Brauner <brauner@kernel.org>
>> > wrote:
>> >>
>> >> Fwiw, as long as you, Al, and others are fine with it and I'm aware of
>> >> it I'm happy to pick up more stuff like this. I've done it before and
>> >> have worked in this area so I'm happy to help with some of the load.
>> >
>> > Yeah, that would work. We've actually had discussions of vfs
>> > maintenance in general.
>> >
>> > In this case it really wasn't an issue, with this being just two
>> > fairly straightforward patches for code that I was familiar with.
>> >
>>
>> Well on that note I intend to write a patch which would add a flag to
>> the dentry cache.
>>
>> There is this thing named CONFIG_INIT_ON_ALLOC_DEFAULT_ON which is
>> enabled at least on debian, ubuntu and arch. It results in mandatory
>> memset on the obj before it gets returned from kmalloc, for hardening
>> purposes.
>>
>> Now the problem is that dentry cache allocates bufs 4096 bytes in
>> size, so this is an equivalent of a clear_page call and it happens
>> *every time* there is a path lookup.
>
> Huh? Quite a few path lookups don't end up allocating any dentries;
> what exactly are you talking about?
>
Ops, I meant "names_cache", here:
names_cachep = kmem_cache_create_usercopy("names_cache", PATH_MAX, 0,
SLAB_HWCACHE_ALIGN|SLAB_PANIC, 0, PATH_MAX, NULL);
it is fs/dcache.c and I brainfarted into the above.
>> Given how dentry cache is used, I'm confident there is 0 hardening
>> benefit for it.
>>
>> So the plan would be to add a flag on cache creation to exempt it from
>> the mandatory memset treatment and use it with dentry.
>>
>> I don't have numbers handy but as you can imagine it gave me a nice bump
>> :)
>>
>> Whatever you think about the idea aside, the q is: can something like
>> the above go in without Al approving it?
>
> That one I would really like to take a look at.
>
allright
--
Mateusz Guzik <mjguzik gmail.com>
next prev parent reply other threads:[~2023-03-02 18:22 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-25 15:55 [PATCH v3 1/2] capability: add cap_isidentical Mateusz Guzik
2023-01-25 15:55 ` [PATCH v3 2/2] vfs: avoid duplicating creds in faccessat if possible Mateusz Guzik
2023-02-28 0:44 ` Linus Torvalds
2023-03-02 8:30 ` Christian Brauner
2023-03-02 17:51 ` Linus Torvalds
2023-03-02 18:14 ` Mateusz Guzik
2023-03-02 18:18 ` Al Viro
2023-03-02 18:22 ` Mateusz Guzik [this message]
2023-03-02 18:43 ` Al Viro
2023-03-02 18:51 ` Mateusz Guzik
2023-03-02 19:02 ` Al Viro
2023-03-02 19:18 ` Al Viro
2023-03-02 19:03 ` Linus Torvalds
2023-03-02 19:10 ` Linus Torvalds
2023-03-02 19:19 ` Al Viro
2023-03-02 19:54 ` Kees Cook
2023-03-02 20:11 ` Al Viro
2023-03-03 15:30 ` Alexander Potapenko
2023-03-03 17:39 ` Mateusz Guzik
2023-03-03 17:54 ` Linus Torvalds
2023-03-03 19:37 ` Mateusz Guzik
2023-03-03 19:38 ` Mateusz Guzik
2023-03-03 20:08 ` Linus Torvalds
2023-03-03 20:39 ` Mateusz Guzik
2023-03-03 20:58 ` Linus Torvalds
2023-03-03 21:09 ` Mateusz Guzik
2023-03-04 19:01 ` Mateusz Guzik
2023-03-04 20:31 ` Mateusz Guzik
2023-03-04 20:48 ` Linus Torvalds
2023-03-05 17:23 ` David Laight
2023-03-04 1:29 ` Linus Torvalds
2023-03-04 3:25 ` Yury Norov
2023-03-04 3:42 ` Linus Torvalds
2023-03-04 5:51 ` Yury Norov
2023-03-04 16:41 ` David Vernet
2023-03-04 19:02 ` Linus Torvalds
2023-03-04 19:19 ` Linus Torvalds
2023-03-04 20:34 ` Linus Torvalds
2023-03-04 20:51 ` Yury Norov
2023-03-04 21:01 ` Linus Torvalds
2023-03-04 21:03 ` Linus Torvalds
2023-03-04 21:10 ` Linus Torvalds
2023-03-04 23:08 ` Linus Torvalds
2023-03-04 23:52 ` Linus Torvalds
[not found] ` <CA+icZUUH-J3eh=PSEcaHRDtcKB9svA2Qct6RiOq_MFP_+KeBLQ@mail.gmail.com>
2023-03-05 18:17 ` Linus Torvalds
2023-03-05 18:43 ` Linus Torvalds
2023-03-06 5:43 ` Yury Norov
2023-03-04 20:18 ` Al Viro
2023-03-04 20:42 ` Mateusz Guzik
2023-03-02 19:38 ` Kees Cook
2023-03-02 19:48 ` Eric Biggers
2023-03-02 18:41 ` Al Viro
2023-03-03 14:49 ` Christian Brauner
2023-03-02 18:11 ` Al Viro
2023-03-03 14:27 ` Christian Brauner
2023-02-28 1:14 ` [PATCH v3 1/2] capability: add cap_isidentical Linus Torvalds
2023-02-28 2:46 ` Casey Schaufler
2023-02-28 14:47 ` Mateusz Guzik
2023-02-28 19:39 ` Linus Torvalds
2023-02-28 19:51 ` Linus Torvalds
2023-02-28 20:48 ` Linus Torvalds
2023-02-28 21:21 ` Mateusz Guzik
2023-02-28 21:29 ` Linus Torvalds
2023-03-01 18:13 ` Linus Torvalds
2023-02-28 17:32 ` Serge E. Hallyn
2023-02-28 17:52 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGudoHFhnJ1z-81FKYpzfDmvcWFeHNkKGdr00CkuH5WJa2FAMQ@mail.gmail.com \
--to=mjguzik@gmail.com \
--cc=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).