redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/mm
History
Chris von Recklinghausen b5cb15d937 usercopy: Allow boot cmdline disabling of hardening 
Enabling HARDENED_USERCOPY may cause measurable regressions in networking
performance: up to 8% under UDP flood.

I ran a small packet UDP flood using pktgen vs. a host b2b connected. On
the receiver side the UDP packets are processed by a simple user space
process that just reads and drops them:

https://github.com/netoptimizer/network-testing/blob/master/src/udp_sink.c

Not very useful from a functional PoV, but it helps to pin-point
bottlenecks in the networking stack.

When running a kernel with CONFIG_HARDENED_USERCOPY=y, I see a 5-8%
regression in the receive tput, compared to the same kernel without this
option enabled.

With CONFIG_HARDENED_USERCOPY=y, perf shows ~6% of CPU time spent
cumulatively in __check_object_size (~4%) and __virt_addr_valid (~2%).

The call-chain is:

__GI___libc_recvfrom
entry_SYSCALL_64_after_hwframe
do_syscall_64
__x64_sys_recvfrom
__sys_recvfrom
inet_recvmsg
udp_recvmsg
__check_object_size

udp_recvmsg() actually calls copy_to_iter() (inlined) and the latters
calls check_copy_size() (again, inlined).

A generic distro may want to enable HARDENED_USERCOPY in their default
kernel config, but at the same time, such distro may want to be able to
avoid the performance penalties in with the default configuration and
disable the stricter check on a per-boot basis.

This change adds a boot parameter that conditionally disables
HARDENED_USERCOPY via "hardened_usercopy=off".

Signed-off-by: Chris von Recklinghausen <crecklin@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
2018-07-04 08:04:52 -07:00
..
kasan kasan: fix memory hotplug during boot 2018-05-25 18:12:11 -07:00
backing-dev.c bdi: Fix another oops in wb_workfn() 2018-06-22 12:08:07 -06:00
balloon_compaction.c
bootmem.c
cleancache.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
cma.c Revert "mm/cma: manage the memory of the CMA area by using the ZONE_MOVABLE" 2018-05-24 10:07:50 -07:00
cma.h
cma_debug.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
compaction.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
debug.c
debug_page_ref.c
dmapool.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
early_ioremap.c
fadvise.c mm: add ksys_fadvise64_64() helper; remove in-kernel call to sys_fadvise64_64() 2018-04-02 20:16:10 +02:00
failslab.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
filemap.c mm: use new return type vm_fault_t 2018-06-07 17:34:36 -07:00
frame_vector.c
frontswap.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
gup.c libnvdimm for 4.18 2018-06-08 17:21:52 -07:00
gup_benchmark.c treewide: kvzalloc() -> kvcalloc() 2018-06-12 16:19:22 -07:00
highmem.c
hmm.c mm: introduce MEMORY_DEVICE_FS_DAX and CONFIG_DEV_PAGEMAP_OPS 2018-05-22 06:59:39 -07:00
huge_memory.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
hugetlb.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
hugetlb_cgroup.c mm: rename page_counter's count/limit into usage/max 2018-06-07 17:34:35 -07:00
hwpoison-inject.c
init-mm.c mm: introduce arg_lock to protect arg_start|end and env_start|end in mm_struct 2018-06-07 17:34:34 -07:00
internal.h Changes for 4.18: 2018-06-05 13:24:20 -07:00
interval_tree.c
Kconfig libnvdimm for 4.18 2018-06-08 17:21:52 -07:00
Kconfig.debug
khugepaged.c page cache: use xa_lock 2018-04-11 10:28:39 -07:00
kmemleak-test.c
kmemleak.c mm: kernel-doc: add missing parameter descriptions 2018-04-05 21:36:27 -07:00
ksm.c mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() 2018-06-15 07:55:23 +09:00
list_lru.c mm: make counting of list_lru_one::nr_items lockless 2018-04-05 21:36:27 -07:00
maccess.c
madvise.c
Makefile mm: restructure memfd code 2018-06-07 17:34:35 -07:00
memblock.c revert "mm/memblock: add missing include <linux/bootmem.h>" 2018-06-19 07:43:44 +09:00
memcontrol.c mm: fix oom_kill event handling 2018-06-15 07:55:25 +09:00
memfd.c mm: restructure memfd code 2018-06-07 17:34:35 -07:00
memory-failure.c mm, migrate: remove reason argument from new_page_t 2018-04-11 10:28:32 -07:00
memory.c Merge branch 'akpm' (patches from Andrew) 2018-06-07 18:39:37 -07:00
memory_hotplug.c mm: move is_pageblock_removable_nolock() to mm/memory_hotplug.c 2018-06-07 17:34:36 -07:00
mempolicy.c mm: unclutter THP migration 2018-04-11 10:28:32 -07:00
mempool.c mempool: Add mempool_init()/mempool_exit() 2018-05-14 13:14:23 -06:00
memtest.c
migrate.c mm: migrate: fix double call of radix_tree_replace_slot() 2018-05-11 17:28:45 -07:00
mincore.c
mlock.c
mm_init.c
mmap.c mm: change return type to vm_fault_t 2018-06-07 17:34:36 -07:00
mmu_context.c
mmu_notifier.c
mmzone.c
mprotect.c sched/numa: avoid trapping faults and attempting migration of file-backed dirty pages 2018-04-11 10:28:31 -07:00
mremap.c mremap: remove LATENCY_LIMIT from mremap to reduce the number of TLB shootdowns 2018-06-15 07:55:24 +09:00
msync.c
nobootmem.c
nommu.c mm: use new return type vm_fault_t 2018-06-07 17:34:36 -07:00
oom_kill.c mm: fix oom_kill event handling 2018-06-15 07:55:25 +09:00
page-writeback.c writeback: safer lock nesting 2018-04-20 17:18:35 -07:00
page_alloc.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
page_counter.c memcg: introduce memory.min 2018-06-07 17:34:36 -07:00
page_ext.c
page_idle.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
page_io.c
page_isolation.c mm, migrate: remove reason argument from new_page_t 2018-04-11 10:28:32 -07:00
page_owner.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
page_poison.c mm/page_poison.c: make early_page_poison_param() __init 2018-04-05 21:36:26 -07:00
page_vma_mapped.c
pagewalk.c mm: kernel-doc: add missing parameter descriptions 2018-04-05 21:36:27 -07:00
percpu-internal.h
percpu-km.c
percpu-stats.c treewide: Use array_size() in vmalloc() 2018-06-12 16:19:22 -07:00
percpu-vm.c
percpu.c arch: remove obsolete architecture ports 2018-04-02 20:20:12 -07:00
pgtable-generic.c
process_vm_access.c
quicklist.c
readahead.c mm: split ->readpages calls to avoid non-contiguous pages lists 2018-06-01 18:37:32 -07:00
rmap.c Linux 4.17-rc2 2018-04-27 17:13:20 -06:00
rodata_test.c
shmem.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
slab.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
slab.h slab, slub: skip unnecessary kasan_cache_shutdown() 2018-04-05 21:36:24 -07:00
slab_common.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
slob.c slab: __GFP_ZERO is incompatible with a constructor 2018-06-07 17:34:34 -07:00
slub.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
sparse-vmemmap.c
sparse.c mm/sparse.c: pass the __highest_present_section_nr + 1 to alloc_func() 2018-06-07 17:34:35 -07:00
swap.c mm: introduce MEMORY_DEVICE_FS_DAX and CONFIG_DEV_PAGEMAP_OPS 2018-05-22 06:59:39 -07:00
swap_cgroup.c
swap_slots.c treewide: kvzalloc() -> kvcalloc() 2018-06-12 16:19:22 -07:00
swap_state.c treewide: kvzalloc() -> kvcalloc() 2018-06-12 16:19:22 -07:00
swapfile.c mm/swapfile.c: fix swap_count comment about nonexistent SWAP_HAS_CONT 2018-06-15 07:55:23 +09:00
truncate.c page cache: use xa_lock 2018-04-11 10:28:39 -07:00
usercopy.c usercopy: Allow boot cmdline disabling of hardening 2018-07-04 08:04:52 -07:00
userfaultfd.c userfaultfd: prevent non-cooperative events vs mcopy_atomic races 2018-06-07 17:34:38 -07:00
util.c mm: kvmalloc does not fallback to vmalloc for incompatible gfp flags 2018-06-07 17:34:38 -07:00
vmacache.c
vmalloc.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
vmpressure.c mm/vmpressure.c: convert to use match_string() helper 2018-06-07 17:34:36 -07:00
vmscan.c memcg: introduce memory.min 2018-06-07 17:34:36 -07:00
vmstat.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
workingset.c page cache: use xa_lock 2018-04-11 10:28:39 -07:00
z3fold.c z3fold: fix reclaim lock-ups 2018-05-11 17:28:45 -07:00
zbud.c
zpool.c
zsmalloc.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00
zswap.c mm: use octal not symbolic permissions 2018-06-15 07:55:25 +09:00