Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 057A8C7EE2F for ; Thu, 2 Mar 2023 18:14:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229804AbjCBSO3 (ORCPT ); Thu, 2 Mar 2023 13:14:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42566 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229447AbjCBSO1 (ORCPT ); Thu, 2 Mar 2023 13:14:27 -0500 Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 198291ACD4; Thu, 2 Mar 2023 10:14:26 -0800 (PST) Received: by mail-oi1-x22d.google.com with SMTP id bk32so14200744oib.10; Thu, 02 Mar 2023 10:14:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1677780865; h=content-transfer-encoding:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=XeSjqmEVUpt1ySPAFm4qdmJX7HPSmSrgaAja9tHaOsA=; b=CS+ArVc3AOzzkRlMW7/06hk29HGVImNsghgdip5u5JkDVieKXi8nxFNLQ/IbDax+fv Q5X1M2XlZIAmabXRfDu5DHBoritqbRcsbwFZqKEHrjYP2t5c65nXAxGG6+n29danwwsQ MgVi0h3WpR50y8LdoGbSRyxX2f0cjok9mMkwGPGehb3rAIVAxAx3DY5EHAa/NQgEIYOG FQrRjJnuHLjTsmN52bd0pCg9Ma+e+dU0+WzArOho0rQXDmgk+uRVuQdaP0GcrksZVeE9 Oo3lww/4rktDRbY2WIOh2Bt9SC38jPN55IDJsV+JpOGE6WruKDvCYKyWmVT9eltoIOk4 mI+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677780865; h=content-transfer-encoding:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XeSjqmEVUpt1ySPAFm4qdmJX7HPSmSrgaAja9tHaOsA=; b=4VDVKLZFY0/UjEiPKLOqGp/wbgxaWYuHA5Iq9ClWYJPM+YLqNxdXP61ebHOm+iwvGs lxhIe7RX7w/3nGiRWcFmAKCbWY0ha3T9tO+FzZ/yHcJb8fWzO6AfI03fBzfRrmA85rBZ SjaX5RdlYQTJi6LAF/nm/30l0yE+N0j/fTnFqwgVLqvnht+cGCpr2/aA/KHWnjf5aQB9 YtPsHTRPKnHKAki9ApBNEEinni04ZPkZybgcfeeMAQkCrQoJxfypUGdbYcAXnYL2JZNy JgR711SGROlDrZFv9buDRl3DvFMP2GWIQvFYiaDECkzxv86UMFlT6NkJ1W6ElH6RuzZP yThg== X-Gm-Message-State: AO0yUKVCR756GK4quH8axFLZDL6tnGNWqUbl7KKO6Asb101oKFFT6nxw +2LOeXkaUKtwh9NO7GVkuZ6RXSQnMWTUNpvdZvT52wTI X-Google-Smtp-Source: AK7set/0SB+Xrb5pNo4K27xsX6wsTIfJVo7R4it2eY1eC1OodxMwsJkGjKV/kC7+IWDfwS0Koul/2Fe2WmjbWy8zp8s= X-Received: by 2002:a05:6808:cb:b0:383:c3d5:6c9f with SMTP id t11-20020a05680800cb00b00383c3d56c9fmr3797912oic.11.1677780865454; Thu, 02 Mar 2023 10:14:25 -0800 (PST) MIME-Version: 1.0 Received: by 2002:ac9:4304:0:b0:4c1:4768:8c59 with HTTP; Thu, 2 Mar 2023 10:14:24 -0800 (PST) In-Reply-To: References: <20230125155557.37816-1-mjguzik@gmail.com> <20230125155557.37816-2-mjguzik@gmail.com> <20230302083025.khqdizrnjkzs2lt6@wittgenstein> From: Mateusz Guzik Date: Thu, 2 Mar 2023 19:14:24 +0100 Message-ID: Subject: Re: [PATCH v3 2/2] vfs: avoid duplicating creds in faccessat if possible To: Linus Torvalds Cc: Christian Brauner , viro@zeniv.linux.org.uk, serge@hallyn.com, paul@paul-moore.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/2/23, Linus Torvalds wrote: > On Thu, Mar 2, 2023 at 12:30=E2=80=AFAM Christian Brauner > wrote: >> >> Fwiw, as long as you, Al, and others are fine with it and I'm aware of >> it I'm happy to pick up more stuff like this. I've done it before and >> have worked in this area so I'm happy to help with some of the load. > > Yeah, that would work. We've actually had discussions of vfs > maintenance in general. > > In this case it really wasn't an issue, with this being just two > fairly straightforward patches for code that I was familiar with. > Well on that note I intend to write a patch which would add a flag to the dentry cache. There is this thing named CONFIG_INIT_ON_ALLOC_DEFAULT_ON which is enabled at least on debian, ubuntu and arch. It results in mandatory memset on the obj before it gets returned from kmalloc, for hardening purposes. Now the problem is that dentry cache allocates bufs 4096 bytes in size, so this is an equivalent of a clear_page call and it happens *every time* there is a path lookup. Given how dentry cache is used, I'm confident there is 0 hardening benefit for it. So the plan would be to add a flag on cache creation to exempt it from the mandatory memset treatment and use it with dentry. I don't have numbers handy but as you can imagine it gave me a nice bump :) Whatever you think about the idea aside, the q is: can something like the above go in without Al approving it? If so, I'll try to find time to hack it up this or next week. I had some other patches to write too, but $reallife. --=20 Mateusz Guzik