Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp518997rdd; Tue, 9 Jan 2024 10:57:23 -0800 (PST) X-Google-Smtp-Source: AGHT+IGAAAya/yJW7yV05YrvixFCxGKXCTzeQZOH5XabNSD1bXI9XPZN4yqGG9FRx1rZq6Nxoamt X-Received: by 2002:a50:8d54:0:b0:553:63af:43df with SMTP id t20-20020a508d54000000b0055363af43dfmr3016060edt.6.1704826643621; Tue, 09 Jan 2024 10:57:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704826643; cv=none; d=google.com; s=arc-20160816; b=xPiNb77wLOaLBs5QJfSuUGEWWrVXE3/NORaa6w4waz6UGKhDOn6mnFrYyESkaaSENL atKRJ5XPBrgrHFiF4AxVnIc1bL1LFgjM9PTjAHySHISLw1fwWQJ+8+JouwzR6WviqjYm Xjp+JM/vn0TsaE6IEoTpZ1ollXGPSZ8Hg7X76S7yhVDHHDG1zJyGEjXbtAwlvsrMFuVf YJ2DMb/8bLpd26T5xqskMTuWIziAwFlw0uomGv5pVCOltSiFvEgi4pJbRh0MQ3e/pUYC 8a4LoDfJw3fA7pOd/dRdbIy/vFNWnXAAC9Ot0P/YUrCh+Fa/BBkrRP3xhIHk0owuFmsu jwuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:feedback-id:dkim-signature:dkim-signature; bh=B6zmsf+yayYXeE2DxGFKFSH0g73vDFd/FENCoj8Itrg=; fh=fLWxFkAL3OyHM3nUQ0TPS2PRgeTIqqYthJ9QACCTKRU=; b=Z/8GD9uYGl9w88hRwJ3mIyn3nwIWBOjYILRT5qrBY3i8gATWCEF6kxIc+fb4gzGiN5 FSJaX0rEcWo1Ft0NDhWwDSYfbYcsDKnQdl/DdtLynAQwWnLJj1XQ0cVcO+H1E+hUC8fp BQwSZzioGv2nvupAOU1sMi8uetHcx1p4jfC9V/hr0PEmrNSpVpzHkgYNNSv+DzwcuyOK j6rC2QaM05xdrfZEzmSTVvXxDhnwTXtuPbmCEww2kLhLw+wmyAJ5isCm0UbtWUTtetc6 eVS5Pic51HNFlAJVgDg2qQXHDJRfPBu2RE1HfqP0Q4OdNmfgKmAhpjIrF15TXam1IuVm 1+aQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@joshtriplett.org header.s=fm1 header.b=Y2UCq9xn; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=cbKCxbTO; spf=pass (google.com: domain of linux-kernel+bounces-21278-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21278-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id dg19-20020a0564021d1300b005546d15bd7bsi969841edb.10.2024.01.09.10.57.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 10:57:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21278-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@joshtriplett.org header.s=fm1 header.b=Y2UCq9xn; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=cbKCxbTO; spf=pass (google.com: domain of linux-kernel+bounces-21278-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21278-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 484741F2259D for ; Tue, 9 Jan 2024 18:57:23 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AA76E3D0C8; Tue, 9 Jan 2024 18:57:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=joshtriplett.org header.i=@joshtriplett.org header.b="Y2UCq9xn"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="cbKCxbTO" Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 09DC73D0C1 for ; Tue, 9 Jan 2024 18:57:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=joshtriplett.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=joshtriplett.org Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id DE9C15C0150; Tue, 9 Jan 2024 13:57:05 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 09 Jan 2024 13:57:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= joshtriplett.org; h=cc:cc:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1704826625; x=1704913025; bh=B6zmsf+yayYXeE2DxGFKFSH0g73vDFd/FENCoj8Itrg=; b= Y2UCq9xnI5X+l7WZO4SYgT7C56VGWm4fcNCbuaIxS86fv4J1vCiwyzwmuMhvy5p8 0mtsasWAiCiAl9eSFEk070xqFPOT6UAgocORbnz0X/UlrHWrA8jSrrdnmIPmRQb/ vJowb96a2A4V+lktqp8o07Fi49T18BIBNZNhtFKl4mqjGZE9x7VEEjB+1UIeP334 TAkAhEZ4RrIy/izibAHwGymKyZ13NFzMG0fZkqH/ZLTlnggsJVUbKBCUNI+FMiaW ClTr3Av1h1tiM3U+9SX4hQNopAe/Kl0z0aUEp3DAj+SBq8H6oDZ2n+gkd3RwQeuJ kWJoRS08tOjsII0xLjuf4w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1704826625; x=1704913025; bh=B6zmsf+yayYXeE2DxGFKFSH0g73v DFd/FENCoj8Itrg=; b=cbKCxbTOWu+691qmbiZiikz7NRLJ7yMzAdg45SfUk9ND tbGuCyyXLk5Ma7bDZYP0/xvxagGu++DyzBjAPC7fb3jt6ZPQW1WhEezwikfztirR WCD0s2w5VUFEI6iwPGwQ3J9ayU3VZWmoHQ0eovAEUP2iVy4LCoRqJ084g7pB2mYQ 5+8dzpy35cyKt4wrvXq+k7QxbkVH0iqMacB1QM4fYPYf06M05pwEb/WnhU5cqf31 lJcvIJsDdKQ/n4aTdCfyr4foU+RaDTHfwqQm0zg+A4+HNWPP9DWF0gfMEQ7ZnvuU Eif5fx6ERS/NfrsSFJ8SrzLm0IlESABpDkgPDYAGUg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdehledguddujecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvvefukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpeflohhs hhcuvfhrihhplhgvthhtuceojhhoshhhsehjohhshhhtrhhiphhlvghtthdrohhrgheqne cuggftrfgrthhtvghrnhepudeigeehieejuedvtedufeevtdejfeegueefgffhkefgleef teetledvtdfftefgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomhepjhhoshhhsehjohhshhhtrhhiphhlvghtthdrohhrgh X-ME-Proxy: Feedback-ID: i83e94755:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 9 Jan 2024 13:57:04 -0500 (EST) Date: Tue, 9 Jan 2024 10:57:03 -0800 From: Josh Triplett To: Kees Cook Cc: Linus Torvalds , Kees Cook , linux-kernel@vger.kernel.org, Alexey Dobriyan Subject: Re: [GIT PULL] execve updates for v6.8-rc1 Message-ID: References: <202401081028.0E908F9E0A@keescook> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Jan 08, 2024 at 05:48:38PM -0800, Kees Cook wrote: > If you think this is too much of a hack, I'm happy to drop it. My very > first reaction was "fix userspace; shells use access() not execve()" > but it seems enough other runtimes (Python?) use execve PATH searches > that it would make a measurable real-world difference. In particular, execvpe and all the p variants of exec functions in both glibc and musl have this exact behavior, and thus anything that uses those functions will have the same behavior. If someone wants to try other variations on this patch that only look up the path once, and show via benchmarks that they're faster, I'm all for it. I would *prefer* the approach of only looking up the path once, if it's actually faster rather than slower. But I do think the spawnbench benchmark I provided (which has fork-execvpe and vfork-execvpe and posix_spawnp variants) is representative of real-world patterns for how programs execute other programs on $PATH. Doing a microbenchmark on just execvpe chaining from a program to itself is also valid, but I thought it would be preferable to benchmark real-world patterns and measure the actual time-to-first-instruction of the executed program as closely as possible.