Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp5280749rwb; Wed, 9 Aug 2023 01:16:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGfzicBTu8KJdhgnmAGkDoo0ydALVKj4Do3azeTpprfHQjaUAnlJtNh/ForVJP2IWxwWhBj X-Received: by 2002:a17:906:20cb:b0:99b:f3f5:9752 with SMTP id c11-20020a17090620cb00b0099bf3f59752mr1686578ejc.14.1691568997192; Wed, 09 Aug 2023 01:16:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691568997; cv=none; d=google.com; s=arc-20160816; b=ATa4N83fRKYCkAUscGZNk1fYI9ZyZC9dC8z9T+Jp2Pxuxd9C/XZ4aEmfm82RtOLlr5 jiL5NduZ/vTCg38yjkYcssbEIHzEDkVwDqq6ZfPbn6jkleDvIaJPvnTkP7meC/AjJdAD XtPZO5DhLHAkfsxnp/ET1wg9AtEcvni7DZjaq9j36JeHfjv4yQtCYd6Mu7nBUhr2QZO0 fM1wwc8MLujixa35U5e0j0RR+p/UboquPJ7dZPwBEI8cEiyQm89QX78eX+Rw5Jrt36fP YdXfjbd9iT3lE1RqeRtLodayMNfHcDeePhAN63DjFmpho7qREGHwAVOJXdhZEr0Sjs/o 3Zbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=9g6zXd3UY6FR9mRGo0YLbshWp2Mg0VfIdE8xLRYTWgY=; fh=OhVD7+5q5gV7DhBXNYxg3SR/gDmJhPIj0bBm5u8U3nw=; b=umLbMt5UaKy9C3idDXhw6dsE8sk8uCNu96BPOTiiJlOurn9DeYMX0PPE0slqBwl7Ro rgySCfX9L256TDsrOE0LPFDWXWLAOH750oG2BH2uos61rp7uJsZvZNhGG8OeKQiFV4Je EiIxpNIccK05XRZ7v+CF5aIbrrnb2ckIIsWmfUOjx4PdvhEqgfSpl4Z1m2nNATDJ4bQ2 wh3n3eViSo3hbvu9G3YRGjyxzRIrZAeRK8GP1x9a1ar4Vgw/x5yHlSnP2Gx0qIW8Nc8G ygnGjrXB2Ry4MDQMckmVzuQOFREx65rCfBoOvumWTipkpwYVBfXivDezbPl/C1jXc80e GyPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=P1SYKGJX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ec3-20020a170906b6c300b0099b4e5359besi9189714ejb.4.2023.08.09.01.16.12; Wed, 09 Aug 2023 01:16:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=P1SYKGJX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230464AbjHIHgL (ORCPT + 99 others); Wed, 9 Aug 2023 03:36:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46154 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229814AbjHIHgK (ORCPT ); Wed, 9 Aug 2023 03:36:10 -0400 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC6D1172A for ; Wed, 9 Aug 2023 00:36:07 -0700 (PDT) Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-3fe4cdb72b9so36253535e9.0 for ; Wed, 09 Aug 2023 00:36:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691566566; x=1692171366; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9g6zXd3UY6FR9mRGo0YLbshWp2Mg0VfIdE8xLRYTWgY=; b=P1SYKGJXzgRZvbTDBewiHnTDquAXRziX7UWB26is7h3/LiMwXhLXRCePcZ3BDl0Sdj fGD27F0jvYX2V3fWhgm1uCi12Ht843Bi32gcSGtXanIH5Hx5/pexhNmOSzgbpLWi4B7m /4hLuvXBj4TEiOHNyQZwWu/AVVFiKdfUXkSu7SNllyLWulMGPQg9OE5dIggbyXyCk09q bpQKrrWKWejpp32CDgXVZ7+1vppAq+IKuCSWsE+FVd61SVP0/wF9DO/zFGxrJCeBHPZF rKQmmGEeST4P24Ouz360dDEJmLUdlYaDL3MrtkgZfo4m7py3CJALHORTe/3Iag5hWYOg CbiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691566566; x=1692171366; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9g6zXd3UY6FR9mRGo0YLbshWp2Mg0VfIdE8xLRYTWgY=; b=ZetDSUVFV5Lb/6JsUQr+yfSq0Vv7PTdofIFbm6LZ0jyp9G9KazFZTvvK06U8254QkS jW5jUe7zp9IdYHUQMFkiGVAyP6Q42k7gpjMckDMioT2cx3J9fzrJ2faKbf+dbY7sANmU FZF4V480E4aNKzbUVqXfMlzxXT6z9pqEeUkfLnvS+Gy/pxVbFoA3JwcTURUVxcZZdFvk 40S0cN7Na18MDkH6UKpZF2kobjlC81/359aSEMzQw1U9CqTbFVA9oAkAa6rS4lvsKn8v faPWzHKdfGVFgDfuoOQyCJvzBm2EMvqj/1RCtEVe8r5e2T+7ftXH9dD6ip7x3wzMfGFr GbOA== X-Gm-Message-State: AOJu0YwIPf5G9cEp0AnDOl3iN97O5+pCaV5N0SjJ6GRVwOic+pIWjA92 uVaQ1mOkl98mgSupGBU71XuPSOo5i3e/o0hrinth5A== X-Received: by 2002:a05:600c:ac4:b0:3f9:c0f2:e1a4 with SMTP id c4-20020a05600c0ac400b003f9c0f2e1a4mr1498745wmr.34.1691566566341; Wed, 09 Aug 2023 00:36:06 -0700 (PDT) MIME-Version: 1.0 References: <20230808102049.465864-1-elver@google.com> <20230808102049.465864-3-elver@google.com> <202308081424.1DC7AA4AE3@keescook> In-Reply-To: <202308081424.1DC7AA4AE3@keescook> From: Marco Elver Date: Wed, 9 Aug 2023 09:35:29 +0200 Message-ID: Subject: Re: [PATCH v3 3/3] list_debug: Introduce CONFIG_DEBUG_LIST_MINIMAL To: Kees Cook Cc: Andrew Morton , Guenter Roeck , Peter Zijlstra , Mark Rutland , Steven Rostedt , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon , Nathan Chancellor , Nick Desaulniers , Tom Rix , Miguel Ojeda , Sami Tolvanen , linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Dmitry Vyukov , Alexander Potapenko , kasan-dev@googlegroups.com, linux-toolchains@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 8 Aug 2023 at 23:27, Kees Cook wrote: > > On Tue, Aug 08, 2023 at 12:17:27PM +0200, Marco Elver wrote: > > Numerous production kernel configs (see [1, 2]) are choosing to enable > > CONFIG_DEBUG_LIST, which is also being recommended by KSPP for hardened > > configs [3]. The feature has never been designed with performance in > > mind, yet common list manipulation is happening across hot paths all > > over the kernel. > > > > Introduce CONFIG_DEBUG_LIST_MINIMAL, which performs list pointer > > checking inline, and only upon list corruption delegates to the > > reporting slow path. > > I'd really like to get away from calling this "DEBUG", since it's used > more for hardening (CONFIG_LIST_HARDENED?). Will Deacon spent some time > making this better a while back, but the series never landed. Do you > have a bit of time to look through it? > > https://github.com/KSPP/linux/issues/10 > https://lore.kernel.org/lkml/20200324153643.15527-1-will@kernel.org/ I'm fine renaming this one. But there are other issues that Will's series solves, which I don't want this series to depend on. We can try to sort them out separately. The main problem here is that DEBUG_LIST has been designed to be friendly for debugging (incl. checking poison values and NULL). Some kernel devs may still want that, but for production use is pointless and wasteful. So what I can propose is to introduce CONFIG_LIST_HARDENED that doesn't depend on CONFIG_DEBUG_LIST, but instead selects it, because we still use that code to produce a report. If there are other list types that have similar debug checks, but where we can optimize performance by eliding some and moving them inline, we can do the same (CONFIG_*_HARDENED). If the checks are already optimized, we could just rename it to CONFIG_*_HARDENED and remove the DEBUG-name. I'm not a big fan of the 2 modes either, but that's what we get if we want to support the debugging and hardening usecases. Inlining the full set of checks does not work for performance and size.