Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1015552imm;
        Wed, 4 Jul 2018 09:53:27 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpenO4CaCw9CJuMzKwTOhIU/wN1tL1z6YgfFJl3H3z2atSc2udUE8pOtSEc3iu69i81G8MiS
X-Received: by 2002:a17:902:8b86:: with SMTP id ay6-v6mr2839262plb.295.1530723207785;
        Wed, 04 Jul 2018 09:53:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1530723207; cv=none;
        d=google.com; s=arc-20160816;
        b=hL8cWWiY6/JHyYRq9SIRAtUY4C5ytsKGvR/z0UrubX714+W2Hj9/ClAJOWLA9pFi/h
         BFzKTu/BEqTrjYKvuTxXtL5+TlXIteRF3WA8U9c+EFk84s6+BxcRHf8mhNc1VvaYbr9s
         NLJOd4tzZXdK+1wGhhLualhS9NJb28uOP0OsfqElyi1U8AcZ6fbDt7b9ptIYHEpdND+k
         cvbsr+5Av9rf5BouERg/MM+N1RAqGpsJTC0H6dJsESim6ZtqyKh7mXiG/6GlROJHgGGU
         qWUbYS4hQSbwjhyBWc4tAaN0X6FGTgaVs8QKuGUQ8wnGl+OLT/Un5R27bNm5NstD8z8i
         xlqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=rnr3r3bnvBwy7O5yFM+DVVe/0EDnKkyK9pRWngXA3rU=;
        b=e1wyFrRBgKiUcMEv4F6ryyPegNrUZEdNU2kSlxKKMOXI0QrVTWIhAf5UO4GELluQZ+
         ZLGgdd8KPIlAXUHzJ6KEDNGdZmOAzpYsg9rzf/EgGnCUzKoxp/KAgTrOFl1mqUS8V2nM
         F34s9R8oPPmQ2D7nhlFQPiwfNBw8eQ0RBVHlH2YD9PjYsBHWa211JN8bj8HnPPj3Gqaf
         ZefPfulYovKmoKwXSkDjSSD+wBXK5oN/sol+4ZU+2JiHs3JU3T4yXax9GWbOaogVjkyB
         HXYl2hKw8IigtedHxkh/OBHC8zvAzELNvxM5lcJEjW/+TuZDwDtBOFDZaCZOvyAsXgdM
         ehGw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=M3JAvCIW;
       dkim=fail header.i=@chromium.org header.s=google header.b=kCzkeLUu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t1-v6si4239856plj.334.2018.07.04.09.53.13;
        Wed, 04 Jul 2018 09:53:27 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=M3JAvCIW;
       dkim=fail header.i=@chromium.org header.s=google header.b=kCzkeLUu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752622AbeGDQwi (ORCPT <rfc822;ntypanski@gmail.com> + 99 others);
        Wed, 4 Jul 2018 12:52:38 -0400
Received: from mail-yw0-f196.google.com ([209.85.161.196]:34940 "EHLO
        mail-yw0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752019AbeGDQwg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 4 Jul 2018 12:52:36 -0400
Received: by mail-yw0-f196.google.com with SMTP id t18-v6so2117645ywg.2
        for <linux-kernel@vger.kernel.org>; Wed, 04 Jul 2018 09:52:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=rnr3r3bnvBwy7O5yFM+DVVe/0EDnKkyK9pRWngXA3rU=;
        b=M3JAvCIW1c4RAsDqH5N/m8Fjd5LmaQ4gbcnBbMKjJeg5v/82vpjxs0cS0YQaJR4Kyw
         1lAxqKtjAj6Ul7zfRfAVv1m+2/WEVBwE3hLTXAKwhZUMnaEI9Q/ErEj5elvpTyYxwuw9
         H4vlmjhYd3e8Q8voDUjaulRRB47LddgUetmG/HiWqfUGIUbFVZuTGPGKxN/I/o3v1mlK
         nlGmkFRK8QGtOvi4DE+aOAy7VIfHdtW9iA/yl6u5q7ZYLodptGYW3DrtqXlLFcfhrb48
         UeYbvzATyXd0m2rZIBo7dGb+ADKFLrLcYp3jhmwa0p2p0ePDgdCQY5k8Ji2zdTH0hqQF
         w4IA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=rnr3r3bnvBwy7O5yFM+DVVe/0EDnKkyK9pRWngXA3rU=;
        b=kCzkeLUuXyMb/3clOqQN3BGYq65tFJ6P2JgiUROamv4efod6qlHAIBW+XqVafmPJER
         DrVVkBc3a/52yjtd7L8Q3QyGJFCH9MNXARZgkIof67eGLFOX5kv06OCt4R7mNw56jynV
         2iNK8x9qWwp8qlYOGFC8bmpf35xWrz2bDplPI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=rnr3r3bnvBwy7O5yFM+DVVe/0EDnKkyK9pRWngXA3rU=;
        b=LZu57ghArGY8aBCsCKW9Ah4IpK5IFMd9obcAL7UapukC9XnBvUrWlbpUzDw9qvArgE
         PCjPOhC0xDIbShwhjfDZCHAegSSHE3pFwr4Zeb+fyn41Y1VY78EvxTUntA+Ef/0J3LYY
         NYWVaAJkrfIc7dPQCgTga2sU0vvRtclqeVwzmViFJc4w4d+x4rMq+tN0dghwQpyHdQmJ
         skKqanQuIGQjV1N6mDzbZzRUXORbzLnxGYr6MhBvK3NZac27bQM46aqEm1KAxRVslk17
         sGl8l7TfU4AsyrpmMr/9hRLYK54aPCrky/K7UIiMViXc7n3crA60R7K7xhqf9/4fB9tk
         t9Jg==
X-Gm-Message-State: APt69E2Ph0+4XbDJlwnfY9N/vq4dLoAPBaMWFqUImT6cQW3xEBtWFHFV
        utSse+5p7fQFdjWU4ZBqd00YNlu3wVGhsKfFlQt1og==
X-Received: by 2002:a81:4a05:: with SMTP id x5-v6mr1352293ywa.116.1530723156031;
 Wed, 04 Jul 2018 09:52:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a25:5f51:0:0:0:0:0 with HTTP; Wed, 4 Jul 2018 09:52:35 -0700 (PDT)
In-Reply-To: <b1bfe507-3dda-fccb-5355-26f6cce9fa6a@suse.cz>
References: <1530646988-25546-1-git-send-email-crecklin@redhat.com> <b1bfe507-3dda-fccb-5355-26f6cce9fa6a@suse.cz>
From:   Kees Cook <keescook@chromium.org>
Date:   Wed, 4 Jul 2018 09:52:35 -0700
X-Google-Sender-Auth: az72PxcyLWzRILUYE2JUtFYGyzI
Message-ID: <CAGXu5jJa=jEZmRQa6TYuOFORHs_nYvQAO3Q3Hv5vz4tsHd00nQ@mail.gmail.com>
Subject: Re: [PATCH v7] add param that allows bootline control of hardened usercopy
To:     Vlastimil Babka <vbabka@suse.cz>
Cc:     Chris von Recklinghausen <crecklin@redhat.com>,
        Laura Abbott <labbott@redhat.com>,
        Paolo Abeni <pabeni@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Linux-MM <linux-mm@kvack.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jul 4, 2018 at 6:43 AM, Vlastimil Babka <vbabka@suse.cz> wrote:
> On 07/03/2018 09:43 PM, Chris von Recklinghausen wrote:
>
> Subject: [PATCH v7] add param that allows bootline control of hardened
> usercopy
>
> s/bootline/boot time/ ?
>
>> v1->v2:
>>       remove CONFIG_HUC_DEFAULT_OFF
>>       default is now enabled, boot param disables
>>       move check to __check_object_size so as to not break optimization of
>>               __builtin_constant_p()
>
> Sorry for late and drive-by suggestion, but I think the change above is
> kind of a waste because there's a function call overhead only to return
> immediately.
>
> Something like this should work and keep benefits of both the built-in
> check and avoiding function call?
>
> static __always_inline void check_object_size(const void *ptr, unsigned
> long n, bool to_user)
> {
>         if (!__builtin_constant_p(n) &&
>                         static_branch_likely(&bypass_usercopy_checks))
>                 __check_object_size(ptr, n, to_user);
> }

This produces less efficient code in the general case, and I'd like to
keep the general case (hardening enabled) as fast as possible.

-Kees

-- 
Kees Cook
Pixel Security