Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2220459imm; Mon, 16 Jul 2018 04:31:20 -0700 (PDT) X-Google-Smtp-Source: AAOMgpc/YeI8BNvp6ZNE787waK/SL3cAq7lkGaGJ/5gtcplMNtm/rct/ARtisw9V+g3peeNu8LT/ X-Received: by 2002:a62:3f99:: with SMTP id z25-v6mr17748962pfj.250.1531740679940; Mon, 16 Jul 2018 04:31:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531740679; cv=none; d=google.com; s=arc-20160816; b=pO4N011Crvn33NsU0OFr/56qdIxacFUFRz3KEUqVlmvi/MRJaCEVkWWKOT1Mqppt8p 0pHCNSSeKcAomgXCE8UPbqhOqCQ1mZmdBoY3DXj4IQY/l5v7PaL3GaNEJjMx+9FhTO/W 2f3+zqY7QRV3RTnwcg/SoOqxMkcUgKQXnTstvsGA0En3GtJNwVr2NnmOpA0SUdl91onJ h9sUhGn8Nhkx0X+9DP9XOywxwAJ/dSSfQ6nuq7YavvVJC35lQIdfxHsrW3QaeZcvBsKx ua1R2WjWBeWRyYuQvy7Kn9yvLT6DlBP2SFd1FXIHKvfFGfkTxJdEzKYKPOTAF4KaBR4V kIkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject :arc-authentication-results; bh=ZPIX1jX4wcNM7jtbzO+AvZYkzh6c024TdylRqxpjSjM=; b=jQkojeQCYwUQX5fG0O4nFcSk5T6UmptmDwa1tvzNtUZfrFi/YVVQjdaDT4ScLZMTd4 hbDEBiIkL1BqhSALJsGChphZzeN4jUKtcGxNDLr+A+5nvFTP3p4RE4xxNxtRw5JSdA8f v213YHR0h37kZp+mwwgrecSCd1d5jGxBFPw4iM8pGcvOIk7HX6x3DYdLyuHF6Nkt1eQz O041qJCghDRY02fQsL4XSEfF9BcF2KBtTtjslgKJI2bKtsuAet68i7Hy301+raedmQFI vd6HR1EGebWYOh4xkccrjBg7EXRUmYpDnpeGa1Ibd6tk5SpJ+mJ0HRPfQboGd1CFAp2A 2bwQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 194-v6si22206579pgc.116.2018.07.16.04.31.04; Mon, 16 Jul 2018 04:31:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729983AbeGPL5W (ORCPT + 99 others); Mon, 16 Jul 2018 07:57:22 -0400 Received: from mx2.suse.de ([195.135.220.15]:52444 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728477AbeGPL5V (ORCPT ); Mon, 16 Jul 2018 07:57:21 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 01631AD85; Mon, 16 Jul 2018 11:30:20 +0000 (UTC) Subject: Re: [PATCH v7] add param that allows bootline control of hardened usercopy To: Kees Cook Cc: Chris von Recklinghausen , Laura Abbott , Paolo Abeni , LKML , Linux-MM , Kernel Hardening References: <1530646988-25546-1-git-send-email-crecklin@redhat.com> <0bf9be39-82bb-ad3a-a3c3-e41bebedba7e@suse.cz> From: Vlastimil Babka Openpgp: preference=signencrypt Autocrypt: addr=vbabka@suse.cz; prefer-encrypt=mutual; keydata= xsFNBFZdmxYBEADsw/SiUSjB0dM+vSh95UkgcHjzEVBlby/Fg+g42O7LAEkCYXi/vvq31JTB KxRWDHX0R2tgpFDXHnzZcQywawu8eSq0LxzxFNYMvtB7sV1pxYwej2qx9B75qW2plBs+7+YB 87tMFA+u+L4Z5xAzIimfLD5EKC56kJ1CsXlM8S/LHcmdD9Ctkn3trYDNnat0eoAcfPIP2OZ+ 9oe9IF/R28zmh0ifLXyJQQz5ofdj4bPf8ecEW0rhcqHfTD8k4yK0xxt3xW+6Exqp9n9bydiy tcSAw/TahjW6yrA+6JhSBv1v2tIm+itQc073zjSX8OFL51qQVzRFr7H2UQG33lw2QrvHRXqD Ot7ViKam7v0Ho9wEWiQOOZlHItOOXFphWb2yq3nzrKe45oWoSgkxKb97MVsQ+q2SYjJRBBH4 8qKhphADYxkIP6yut/eaj9ImvRUZZRi0DTc8xfnvHGTjKbJzC2xpFcY0DQbZzuwsIZ8OPJCc LM4S7mT25NE5kUTG/TKQCk922vRdGVMoLA7dIQrgXnRXtyT61sg8PG4wcfOnuWf8577aXP1x 6mzw3/jh3F+oSBHb/GcLC7mvWreJifUL2gEdssGfXhGWBo6zLS3qhgtwjay0Jl+kza1lo+Cv BB2T79D4WGdDuVa4eOrQ02TxqGN7G0Biz5ZLRSFzQSQwLn8fbwARAQABzSFWbGFzdGltaWwg QmFia2EgPHZiYWJrYUBzdXNlLmNvbT7CwZcEEwEKAEECGwMFCwkIBwMFFQoJCAsFFgIDAQAC HgECF4ACGQEWIQSpQNQ0mSwujpkQPVAiT6fnzIKmZAUCWi/zTwUJBbOLuQAKCRAiT6fnzIKm ZIpED/4jRN/6LKZZIT4R2xoou0nJkBGVA3nfb+mUMgi3uwn/zC+o6jjc3ShmP0LQ0cdeuSt/ t2ytstnuARTFVqZT4/IYzZgBsLM8ODFY5vGfPw00tsZMIfFuVPQX3xs0XgLEHw7/1ZCVyJVr mTzYmV3JruwhMdUvIzwoZ/LXjPiEx1MRdUQYHAWwUfsl8lUZeu2QShL3KubR1eH6lUWN2M7t VcokLsnGg4LTajZzZfq2NqCKEQMY3JkAmOu/ooPTrfHCJYMF/5dpi8YF1CkQF/PVbnYbPUuh dRM0m3NzPtn5DdyfFltJ7fobGR039+zoCo6dFF9fPltwcyLlt1gaItfX5yNbOjX3aJSHY2Vc A5T+XAVC2sCwj0lHvgGDz/dTsMM9Ob/6rRJANlJPRWGYk3WVWnbgW8UejCWtn1FkiY/L/4qJ UsqkId8NkkVdVAenCcHQmOGjRQYTpe6Cf4aQ4HGNDeWEm3H8Uq9vmHhXXcPLkxBLRbGDSHyq vUBVaK+dAwAsXn/5PlGxw1cWtur1ep7RDgG3vVQDhIOpAXAg6HULjcbWpBEFaoH720oyGmO5 kV+yHciYO3nPzz/CZJzP5Ki7Q1zqBb/U6gib2at5Ycvews+vTueYO+rOb9sfD8BFTK386LUK uce7E38owtgo/V2GV4LMWqVOy1xtCB6OAUfnGDU2EM7ATQRbGTU1AQgAn0H6UrFiWcovkh6E XVcl+SeqyO6JHOPm+e9Wu0Vw+VIUvXZVUVVQLa1PQDUi6j00ChlcR66g9/V0sPIcSutacPKf dKYOBvzd4rlhL8rfrdEsQw5ApZxrA8kYZVMhFmBRKAa6wos25moTlMKpCWzTH84+WO5+ziCT sTUZASAToz3RdunTD+vQcHj0GqNTPAHK63sfbAB2I0BslZkXkY1RLb/YhuA6E7JyEd2pilZO rIuBGl/5q2qSakgnAVFWFBR/DO27JuAksYnq+aH8vI0xGvwn75KqSk4UzAkDzWSmO4ZHuahK tQgZNsMYV+PGayRBX9b9zbldzopoLBdqHc4njQARAQABwsF8BBgBCgAmFiEEqUDUNJksLo6Z ED1QIk+n58yCpmQFAlsZNTUCGwwFCQPCZwAACgkQIk+n58yCpmQ83g/9Frg1sRMdGPn98zV+ O2eC3h0p5f/oxxQ8MhG5znwHoW4JDG2TuxfcQuz7X7Dd5JWscjlw4VFJ2DD+IrDAGLHwPhCr RyfKalnrbYokvbClM9EuU1oUuh7k+Sg5ECNXEsamW9AiWGCaKWNDdHre3Lf4xl+RJWxghOVW RiUdpLA/a3yDvJNVr6rxkDHQ1P24ZZz/VKDyP+6g8aty2aWEU0YFNjI+rqYZb2OppDx6fdma YnLDcIfDFnkVlDmpznnGCyEqLLyMS3GH52AH13zMT9L9QYgT303+r6QQpKBIxAwn8Jg8dAlV OLhgeHXKr+pOQdFf6iu2sXlUR4MkO/5KWM1K0jFR2ug8Pb3aKOhowVMBT64G0TXhQ/kX4tZ2 ZF0QZLUCHU3Cigvbu4AWWVMNDEOGD/4sn9OoHxm6J04jLUHFUpFKDcjab4NRNWoHLsuLGjve Gdbr2RKO2oJ5qZj81K7os0/5vTAA4qHDP2EETAQcunTn6aPlkUnJ8aw6I1Rwyg7/XsU7gQHF IM/cUMuWWm7OUUPtJeR8loxZiZciU7SMvN1/B9ycPMFs/A6EEzyG+2zKryWry8k7G/pcPrFx O2PkDPy3YmN1RfpIX2HEmnCEFTTCsKgYORangFu/qOcXvM83N+2viXxG4mjLAMiIml1o2lKV cqmP8roqufIAj+Ohhzs= Message-ID: <5e08d6ab-00dd-1d1c-3a2f-32761bc51d28@suse.cz> Date: Mon, 16 Jul 2018 13:30:20 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/15/2018 04:04 AM, Kees Cook wrote: > On Wed, Jul 4, 2018 at 10:47 AM, Vlastimil Babka wrote: >> On 07/04/2018 06:52 PM, Kees Cook wrote: >>> This produces less efficient code in the general case, and I'd like to >>> keep the general case (hardening enabled) as fast as possible. >> >> How specifically is the code less efficient? It should be always a >> static key check (no-op thanks to the code patching involved) and a >> function call in the "hardening enabled" case, just in different order. >> And in either case compiled out if it's a constant. > > My understanding from reading the jump label comments[1] is that on > order produces: > > NOP > do normal thing > label1: > do rest of function > RET > label2: > do exceptional thing > jump label1 > > where "NOP" is changed to "JMP label2" when toggled, and the other is: > > JMP label1 > do exceptional thing > JMP label2 > label1: > do normal thing > label2: > do rest of function > RET > > where "JMP label1" is changed to NOP when toggled. (i.e. does the > default do NOP, thing, function, or does the default to JMP, thing, > JMP, function) My mistake, sorry. I didn't mean to change likely() to unlikely(). Also I didn't negate the condition. The correct code is: if (!__builtin_constant_p(n) && !static_branch_unlikely(&bypass_usercopy_checks)) __check_object_size(ptr, n, to_user); I've test-compiled it, did objdump -d and checked few call sites and they seem to be preceded just y NOP, so it's the first case you mentioned above, as expected - calling __check_object_size() is treated as the "normal thing".