Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp2175083rwn; Fri, 16 Sep 2022 06:47:35 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7Tlx+cJQvUkzH15yIQxWQQFeGY0NncAHhkga5B3hgUq4CrPuxftINFdmFHJCBJqD6cfZ1Z X-Received: by 2002:aa7:dc0d:0:b0:443:e1ca:bdb1 with SMTP id b13-20020aa7dc0d000000b00443e1cabdb1mr4105568edu.62.1663336055374; Fri, 16 Sep 2022 06:47:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663336055; cv=none; d=google.com; s=arc-20160816; b=yhC3f9qG+XrC0SYnblc01vCJTV3C3CynAPTIaIVbm7d9K/ujf0w1fTy76gkBBdjysa qiCC+FCTRUSs9n56VxMe4ww4zHUwjbm/+TaUsBgYeWC4wiQaYGI5BW0UI8qpPecgdYVe osLkAYpjBHeJWjw9ZubC5oLmqe44MnP9ZktuaXVaS4JJJC4ypY8uAAQuC9YGPRXHShsC 31/8Zg+wQIz6hDxudRRQBsi34bGgP1dY7QPXXJAwFB19Gd218HiGirnubrxMbsUS/oXq oS0KUx3L5RK7LYvZaZrJzmd1qeoTaH2l2g30SwDZVGAgUyFuAPgCfDSzdDNiPKIDXjk6 bUkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:cc:to:from:date:feedback-id:dkim-signature:dkim-signature; bh=yKfhkt+nNYe7MJg9PTxKXWyH3AaqpGz2T9Q7AFW5CyE=; b=bsRCanD8pqlRlUWGAthfNG7F06ynNuNp5bwv/do9rQcwdqg283BEqmPRN3kJd97jRz ciyuYn82B5jsarIOKkxchhfaiCMC3XqcUE2tognIAtxmCnP9g7nIwCtGcaVN4u/2JX04 iIjAvhTOjvttz9kurC3U4Ss/hZ1487/F0cLRqo5W/1hF61S1gZkWoEIn40hrkxROTKpK 3XOksFmyY2fGfn3M6eBkcn+SHoKXrrC5xQW4eaYRcywuMmCdsuDn+PdIKMOGFuESNrZ5 uYicknfnd7SxquzYKl3tyMVB3P8g+iI3rsX/DBnsvnHC1I5CDD22IayKn7/8lU9zruyc wwVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@joshtriplett.org header.s=fm1 header.b=H9bEUU0s; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=Z7kTJ1kO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dz21-20020a0564021d5500b004405af7da47si2556305edb.564.2022.09.16.06.47.08; Fri, 16 Sep 2022 06:47:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@joshtriplett.org header.s=fm1 header.b=H9bEUU0s; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=Z7kTJ1kO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229770AbiIPNlk (ORCPT + 99 others); Fri, 16 Sep 2022 09:41:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229581AbiIPNlh (ORCPT ); Fri, 16 Sep 2022 09:41:37 -0400 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1D925FF56; Fri, 16 Sep 2022 06:41:35 -0700 (PDT) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B37B85C01E7; Fri, 16 Sep 2022 09:41:32 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Fri, 16 Sep 2022 09:41:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= joshtriplett.org; h=cc:cc:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm1; t=1663335692; x=1663422092; bh=yKfhkt+nNY e7MJg9PTxKXWyH3AaqpGz2T9Q7AFW5CyE=; b=H9bEUU0sl289Dfe6Z3OILZXJy0 pbNxJPMD7xpYYQ8oX7c7+4rZJXMq8ewyhkCS30NarFu6G8nT1bNiyKr94G/hzPW9 yvpcLdbxROmISaC3gEj7LOV2M7fcNvi7O37tqrLn586hwR1mWsUhOFh4L653ZTUa iJmWXMWvIPnrZOCWn8C7aaJRGbP8ovJea+hJU92A0WwN+j0JB4rHmXmgd4goHrMi TgmQQ3tfsXp9n6012Rr3PJrmtb68M/qGoKRwk0gDjSQ1TpPYj+0Ve8IGT/Klls8m EgbWgAlV1YEC02JG0cIxwSSZ3Tc+jB0mVHNNDOz8l01sCOWPaW3XeBmZQFlw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:message-id:mime-version :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1663335692; x= 1663422092; bh=yKfhkt+nNYe7MJg9PTxKXWyH3AaqpGz2T9Q7AFW5CyE=; b=Z 7kTJ1kOl9TZDg/jeNqY0Rv1GqINBx845N+Ar9670OK/2mlJFHjkLbq6ARcI/U5Mb lo+6Yo4Gg5GABL+3JEKMMd5bq5YjQVtdjid6QQh124eSNt9PAWogOyamVsP2Mqix x239FQIoHNulFN0OQOWU7113qHNzxFpeSx3+m/e9uCD9sgMhw26SkwTD5TJ7z3zs QANvn/VZknO6DjCbqB7+Hy24HEWwXYZudOz+JjqirqrlRESfEWOeWvVlj9OMhKUy D0nau9T/rorYSgf2cdlN6Y4dCm6o8CbnImfcf3AkpumGs/CctDQ0ycfdqNhUN5KQ 2qZUXCmBzBttgsJexkCgw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrfedvtddgjedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkgggtugesthdtredttddtvdenucfhrhhomheplfhoshhhucfv rhhiphhlvghtthcuoehjohhshhesjhhoshhhthhrihhplhgvthhtrdhorhhgqeenucggtf frrghtthgvrhhnpeduvdelheettdfgvddvleegueefudegudevffekjeegffefvdeikeeh vdehleekhfenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehjohhshhesjhhoshhhthhrihhplhgvthhtrdhorhhg X-ME-Proxy: Feedback-ID: i83e94755:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 16 Sep 2022 09:41:31 -0400 (EDT) Date: Fri, 16 Sep 2022 14:41:30 +0100 From: Josh Triplett To: Eric Biederman , Kees Cook , Alexander Viro Cc: linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] fs/exec.c: Add fast path for ENOENT on PATH search before allocating mm Message-ID: <5c7333ea4bec2fad1b47a8fa2db7c31e4ffc4f14.1663334978.git.josh@joshtriplett.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, execve allocates an mm and parses argv and envp before checking if the path exists. However, the common case of a $PATH search may have several failed calls to exec before a single success. Do a filename lookup for the purposes of returning ENOENT before doing more expensive operations. This does not create a TOCTTOU race, because this can only happen if the file didn't exist at some point during the exec call, and that point is permitted to be when we did our lookup. To measure performance, I ran 2000 fork and execvpe calls with a seven-element PATH in which the file was found in the seventh directory (representative of the common case as /usr/bin is the seventh directory on my $PATH), as well as 2000 fork and execve calls with an absolute path to an existing binary. I recorded the minimum time for each, to eliminate noise from context switches and similar. Without fast-path: fork/execvpe: 49876ns fork/execve: 32773ns With fast-path: fork/execvpe: 36890ns fork/execve: 32069ns The cost of the additional lookup seems to be in the noise for a successful exec, but it provides a 26% improvement for the path search case by speeding up the six failed execs. Signed-off-by: Josh Triplett --- Discussed this at Plumbers with Kees Cook; turned out to be even more of a win than anticipated. fs/exec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fs/exec.c b/fs/exec.c index 9a5ca7b82bfc..fe786aeb2f1b 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1881,6 +1881,16 @@ static int do_execveat_common(int fd, struct filename *filename, if (IS_ERR(filename)) return PTR_ERR(filename); + /* Fast-path ENOENT for $PATH search failures, before we alloc an mm or + * parse arguments. */ + if (fd == AT_FDCWD && flags == 0 && filename->name[0] == '/') { + struct path path; + retval = filename_lookup(AT_FDCWD, filename, 0, &path, NULL); + if (retval == -ENOENT) + goto out_ret; + path_put(&path); + } + /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -- 2.37.2