From: Mateusz Guzik <mjguzik@gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alexander Potapenko <glider@google.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Kees Cook <keescook@chromium.org>,
Eric Biggers <ebiggers@google.com>,
Christian Brauner <brauner@kernel.org>,
serge@hallyn.com, paul@paul-moore.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v3 2/2] vfs: avoid duplicating creds in faccessat if possible
Date: Fri, 3 Mar 2023 21:39:11 +0100 [thread overview]
Message-ID: <CAGudoHGYaWTCnL4GOR+4Lbcfg5qrdOtNjestGZOkgtUaTwdGrQ@mail.gmail.com> (raw)
In-Reply-To: <CAHk-=wjy_q9t4APgug9q-EBMRKAybXt9DQbyM9Egsh=F+0k2Mg@mail.gmail.com>
On 3/3/23, Linus Torvalds <torvalds@linux-foundation.org> wrote:
> On Fri, Mar 3, 2023 at 11:37 AM Mateusz Guzik <mjguzik@gmail.com> wrote:
>>
>> I mentioned in the previous e-mail that memset is used a lot even
>> without the problematic opt and even have shown size distribution of
>> what's getting passed there.
>
> Well, I *have* been pushing Intel to try to fix memcpy and memset for
> over two decades by now, but with FSRM I haven't actually seen the
> huge problems any more.
>
rep *stos* remains crap with FSRM, but I don't have sensible tests
handy nor the ice lake cpu i tested on at the moment
> I actually used to have the reverse of your hack for this - I've had
> various hacks over the year that made memcpy and memset be inlined
> "rep movs/stos", which (along with inlined spinlocks) is a great way
> to see the _culprit_ (without having to deal with the call chains -
> which always get done the wrong way around imnsho).
>
that's all hackery which makes sense pre tooling like bpftrace, people
can do better now (see the second part of the email)
I think there is a systemic problem which comes with the kzalloc API, consider:
static struct file *__alloc_file(int flags, const struct cred *cred)
{
struct file *f;
int error;
f = kmem_cache_zalloc(filp_cachep, GFP_KERNEL);
if (unlikely(!f))
return ERR_PTR(-ENOMEM);
[bunch of the struct gets initialized here]
the allocation routine does not have any information about the size
available at compilation time, so has to resort to a memset call at
runtime. Instead, should this be:
f = kmem_cache_alloc(...);
memset(f, 0, sizeof(*f));
... the compiler could in principle inititalize stuff as indicated by
code and emit zerofill for the rest. Interestingly, last I checked
neither clang nor gcc knew how to do it, they instead resort to a full
sized memset anyway, which is quite a bummer.
Personally i grew up on dtrace, bpftrace I can barely use and don't
know how to specifically get the caller, but kstack(2) seems like a
good enough workaround.
as an example here is a one-liner to show crappers which do 0-sized ops:
bpftrace -e 'kprobe:memset,kprobe:memcpy /arg2 == 0/ { @[probe,
kstack(2)] = count(); }'
one can trace all kinds of degeneracy like that without recompiling
anything, provided funcs are visible to bpftrace
sample result from the above one-liner while doing 'make clean' in the
kernel dir:
@[kprobe:memcpy,
memcpy+5
realloc_array+78
]: 1
@[kprobe:memcpy,
memcpy+5
push_jmp_history+125
]: 1
@[kprobe:memset,
memset+5
blk_mq_dispatch_rq_list+687
]: 3
@[kprobe:memcpy,
memcpy+5
mix_interrupt_randomness+192
]: 4
@[kprobe:memcpy,
memcpy+5
d_alloc_pseudo+18
]: 59
@[kprobe:memcpy,
memcpy+5
add_device_randomness+111
]: 241
@[kprobe:memcpy,
memcpy+5
add_device_randomness+93
]: 527
@[kprobe:memset,
memset+5
copy_process+2904
]: 2054
@[kprobe:memset,
memset+5
dup_fd+283
]: 6162
--
Mateusz Guzik <mjguzik gmail.com>
next prev parent reply other threads:[~2023-03-03 20:39 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-25 15:55 [PATCH v3 1/2] capability: add cap_isidentical Mateusz Guzik
2023-01-25 15:55 ` [PATCH v3 2/2] vfs: avoid duplicating creds in faccessat if possible Mateusz Guzik
2023-02-28 0:44 ` Linus Torvalds
2023-03-02 8:30 ` Christian Brauner
2023-03-02 17:51 ` Linus Torvalds
2023-03-02 18:14 ` Mateusz Guzik
2023-03-02 18:18 ` Al Viro
2023-03-02 18:22 ` Mateusz Guzik
2023-03-02 18:43 ` Al Viro
2023-03-02 18:51 ` Mateusz Guzik
2023-03-02 19:02 ` Al Viro
2023-03-02 19:18 ` Al Viro
2023-03-02 19:03 ` Linus Torvalds
2023-03-02 19:10 ` Linus Torvalds
2023-03-02 19:19 ` Al Viro
2023-03-02 19:54 ` Kees Cook
2023-03-02 20:11 ` Al Viro
2023-03-03 15:30 ` Alexander Potapenko
2023-03-03 17:39 ` Mateusz Guzik
2023-03-03 17:54 ` Linus Torvalds
2023-03-03 19:37 ` Mateusz Guzik
2023-03-03 19:38 ` Mateusz Guzik
2023-03-03 20:08 ` Linus Torvalds
2023-03-03 20:39 ` Mateusz Guzik [this message]
2023-03-03 20:58 ` Linus Torvalds
2023-03-03 21:09 ` Mateusz Guzik
2023-03-04 19:01 ` Mateusz Guzik
2023-03-04 20:31 ` Mateusz Guzik
2023-03-04 20:48 ` Linus Torvalds
2023-03-05 17:23 ` David Laight
2023-03-04 1:29 ` Linus Torvalds
2023-03-04 3:25 ` Yury Norov
2023-03-04 3:42 ` Linus Torvalds
2023-03-04 5:51 ` Yury Norov
2023-03-04 16:41 ` David Vernet
2023-03-04 19:02 ` Linus Torvalds
2023-03-04 19:19 ` Linus Torvalds
2023-03-04 20:34 ` Linus Torvalds
2023-03-04 20:51 ` Yury Norov
2023-03-04 21:01 ` Linus Torvalds
2023-03-04 21:03 ` Linus Torvalds
2023-03-04 21:10 ` Linus Torvalds
2023-03-04 23:08 ` Linus Torvalds
2023-03-04 23:52 ` Linus Torvalds
[not found] ` <CA+icZUUH-J3eh=PSEcaHRDtcKB9svA2Qct6RiOq_MFP_+KeBLQ@mail.gmail.com>
2023-03-05 18:17 ` Linus Torvalds
2023-03-05 18:43 ` Linus Torvalds
2023-03-06 5:43 ` Yury Norov
2023-03-04 20:18 ` Al Viro
2023-03-04 20:42 ` Mateusz Guzik
2023-03-02 19:38 ` Kees Cook
2023-03-02 19:48 ` Eric Biggers
2023-03-02 18:41 ` Al Viro
2023-03-03 14:49 ` Christian Brauner
2023-03-02 18:11 ` Al Viro
2023-03-03 14:27 ` Christian Brauner
2023-02-28 1:14 ` [PATCH v3 1/2] capability: add cap_isidentical Linus Torvalds
2023-02-28 2:46 ` Casey Schaufler
2023-02-28 14:47 ` Mateusz Guzik
2023-02-28 19:39 ` Linus Torvalds
2023-02-28 19:51 ` Linus Torvalds
2023-02-28 20:48 ` Linus Torvalds
2023-02-28 21:21 ` Mateusz Guzik
2023-02-28 21:29 ` Linus Torvalds
2023-03-01 18:13 ` Linus Torvalds
2023-02-28 17:32 ` Serge E. Hallyn
2023-02-28 17:52 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGudoHGYaWTCnL4GOR+4Lbcfg5qrdOtNjestGZOkgtUaTwdGrQ@mail.gmail.com \
--to=mjguzik@gmail.com \
--cc=brauner@kernel.org \
--cc=ebiggers@google.com \
--cc=glider@google.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).