From: Linus Torvalds <torvalds@linux-foundation.org>
To: Kees Cook <keescook@chromium.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@kernel.org>, "H . Peter Anvin" <hpa@zytor.com>,
"the arch/x86 maintainers" <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Steven Rostedt <rostedt@goodmis.org>,
Brian Gerst <brgerst@gmail.com>,
Peter Zijlstra <peterz@infradead.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Byungchul Park <byungchul.park@lge.com>,
Nilay Vaish <nilayvaish@gmail.com>
Subject: Re: [PATCH v4 54/57] x86/mm: convert arch_within_stack_frames() to use the new unwinder
Date: Tue, 23 Aug 2016 14:47:36 -0400 [thread overview]
Message-ID: <CA+55aFwK1asVEOwLSji4K7bT=uidxmDVq-r+_6YUbBnxCOkxOQ@mail.gmail.com> (raw)
In-Reply-To: <CAGXu5jKTtrvPK-=3xJ+CwtDuGz1cBg7_ukLe6mRzitym8q2ODQ@mail.gmail.com>
On Mon, Aug 22, 2016 at 9:27 PM, Kees Cook <keescook@chromium.org> wrote:
>
> I need to re-check the copy_*_user changes, but on several
> architectures, the bounds checking is only triggered for non
> built-in-const sizes, so these kinds of pointless checks shouldn't
> happen.
They definitely happen at least on x86.
"stat()" is one common user of fixed-sized structures being copied.
There are tons of others, but 'stat()' is the one I've seen in my
profiles before as being noticeable. It's been critical enough that I
have occasionally tried to play with making it avoid the "copy to
temporary struct, then copy_to_user() the whole struct" and just do it
field-by-field. But it gets nasty with the padding fields etc, so it's
never been done.
Not doing the access size checks for constant-sized copies (at least
when they are "sufficiently small" constants) would probably be the
right thing to do, and then depend on gcc just getting the static case
right warning-wise. Which isn't apparently getting done right now
either, but oh well..
Linus
next prev parent reply other threads:[~2016-08-23 23:13 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-18 13:05 [PATCH v4 00/57] x86/dumpstack: rewrite x86 stack dump code Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 01/57] x86/dumpstack: remove show_trace() Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 02/57] x86/asm/head: remove unused init_rsp variable extern Josh Poimboeuf
2016-08-18 16:22 ` Sebastian Andrzej Siewior
2016-08-18 13:05 ` [PATCH v4 03/57] x86/asm/head: rename 'stack_start' -> 'initial_stack' Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 04/57] x86/asm/head: use a common function for starting CPUs Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 05/57] x86/dumpstack: make printk_stack_address() more generally useful Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 06/57] x86/dumpstack: add IRQ_USABLE_STACK_SIZE define Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 07/57] x86/dumpstack: remove extra brackets around "<EOE>" Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 08/57] x86/dumpstack: fix irq stack bounds calculation in show_stack_log_lvl() Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 09/57] x86/dumpstack: fix x86_32 kernel_stack_pointer() previous stack access Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 10/57] x86/dumpstack: add get_stack_pointer() and get_frame_pointer() Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 11/57] x86/dumpstack: remove unnecessary stack pointer arguments Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 12/57] x86: move _stext marker to before head code Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 13/57] x86/head: remove useless zeroed word Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 14/57] x86/head: put real return address on idle task stack Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 15/57] x86/head: fix the end of the stack for idle tasks Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 16/57] x86/entry/32: fix the end of the stack for newly forked tasks Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 17/57] x86/head/32: fix the end of the stack for idle tasks Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 18/57] x86/smp: fix initial idle stack location on 32-bit Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 19/57] x86/entry/head/32: use local labels Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 20/57] x86/entry/32: rename 'error_code' to 'common_exception' Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 21/57] perf/x86: check perf_callchain_store() error Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 22/57] oprofile/x86: add regs->ip to oprofile trace Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 23/57] proc: fix return address printk conversion specifer in /proc/<pid>/stack Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 24/57] ftrace: remove CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST from config Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 25/57] ftrace: only allocate the ret_stack 'fp' field when needed Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 26/57] ftrace: add return address pointer to ftrace_ret_stack Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 27/57] ftrace: add ftrace_graph_ret_addr() stack unwinding helpers Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 28/57] x86/dumpstack/ftrace: convert dump_trace() callbacks to use ftrace_graph_ret_addr() Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 29/57] ftrace/x86: implement HAVE_FUNCTION_GRAPH_RET_ADDR_PTR Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 30/57] x86/dumpstack/ftrace: mark function graph handler function as unreliable Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 31/57] x86/dumpstack/ftrace: don't print unreliable addresses in print_context_stack_bp() Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 32/57] x86/dumpstack: allow preemption in show_stack_log_lvl() and dump_trace() Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 33/57] x86/dumpstack: simplify in_exception_stack() Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 34/57] x86/dumpstack: add get_stack_info() interface Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 35/57] x86/dumpstack: add recursion checking for all stacks Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 36/57] x86/unwind: add new unwind interface and implementations Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 37/57] perf/x86: convert perf_callchain_kernel() to use the new unwinder Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 38/57] x86/stacktrace: convert save_stack_trace_*() " Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 39/57] oprofile/x86: convert x86_backtrace() " Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 40/57] x86/dumpstack: convert show_trace_log_lvl() " Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 41/57] x86/dumpstack: remove dump_trace() and related callbacks Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 42/57] x86/entry/unwind: create stack frames for saved interrupt registers Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 43/57] x86/unwind: create stack frames for saved syscall registers Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 44/57] x86/dumpstack: print stack identifier on its own line Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 45/57] x86/dumpstack: print any pt_regs found on the stack Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 46/57] x86/dumpstack: fix duplicate RIP address display in __show_regs() Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 47/57] x86/dumpstack: print orig_ax " Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 48/57] x86: remove 64-byte gap at end of irq stack Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 49/57] x86/unwind: warn on kernel stack corruption Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 50/57] x86/unwind: warn on bad stack return address Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 51/57] x86/unwind: warn if stack grows up Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 52/57] x86/dumpstack: warn on stack recursion Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 53/57] x86/mm: move arch_within_stack_frames() to usercopy.c Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 54/57] x86/mm: convert arch_within_stack_frames() to use the new unwinder Josh Poimboeuf
2016-08-19 18:27 ` Kees Cook
2016-08-19 21:55 ` Josh Poimboeuf
2016-08-22 20:27 ` Josh Poimboeuf
2016-08-22 23:33 ` Josh Poimboeuf
2016-08-23 0:59 ` Kees Cook
2016-08-23 4:21 ` Josh Poimboeuf
2016-08-22 22:11 ` Linus Torvalds
2016-08-23 1:27 ` Kees Cook
2016-08-23 16:21 ` Josh Poimboeuf
2016-08-23 18:47 ` Linus Torvalds [this message]
2016-08-23 16:06 ` Josh Poimboeuf
2016-08-23 19:28 ` [PATCH 1/2] mm/usercopy: get rid of "provably correct" warnings Josh Poimboeuf
2016-08-24 2:36 ` Kees Cook
2016-08-23 19:28 ` [PATCH 2/2] mm/usercopy: enable usercopy size checking for modern versions of gcc Josh Poimboeuf
2016-08-24 2:37 ` Kees Cook
2016-08-25 20:47 ` Josh Poimboeuf
2016-08-26 2:14 ` Kees Cook
2016-08-26 3:27 ` Josh Poimboeuf
2016-08-26 13:42 ` Kees Cook
2016-08-26 13:55 ` Josh Poimboeuf
2016-08-26 20:56 ` Josh Poimboeuf
2016-08-26 21:00 ` Josh Poimboeuf
2016-08-27 0:37 ` Linus Torvalds
2016-08-29 14:48 ` Josh Poimboeuf
2016-08-29 15:36 ` Linus Torvalds
2016-08-29 17:08 ` [PATCH v2] mm/usercopy: get rid of CONFIG_DEBUG_STRICT_USER_COPY_CHECKS Josh Poimboeuf
2016-08-29 17:59 ` Josh Poimboeuf
2016-08-30 13:04 ` [PATCH v3] " Josh Poimboeuf
2016-08-30 17:02 ` Linus Torvalds
2016-08-30 18:12 ` Al Viro
2016-08-30 18:13 ` Linus Torvalds
2016-08-30 18:15 ` Kees Cook
2016-08-30 19:09 ` Josh Poimboeuf
2016-08-30 19:20 ` Kees Cook
2016-08-30 20:13 ` Al Viro
2016-08-30 22:20 ` Kees Cook
2016-08-31 9:43 ` Mark Rutland
2016-08-30 18:33 ` [PATCH 2/2] mm/usercopy: enable usercopy size checking for modern versions of gcc Kees Cook
2016-08-23 20:31 ` [PATCH v4 54/57] x86/mm: convert arch_within_stack_frames() to use the new unwinder Andy Lutomirski
2016-08-23 21:06 ` Linus Torvalds
2016-08-23 21:08 ` Josh Poimboeuf
2016-08-24 1:37 ` Kees Cook
2016-08-18 13:06 ` [PATCH v4 55/57] x86/mm: simplify starting frame logic for hardened usercopy Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 56/57] x86/mm: removed unused arch_within_stack_frames() arguments Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 57/57] mm: re-enable gcc frame address warning Josh Poimboeuf
2016-08-18 13:25 ` [PATCH v4 00/57] x86/dumpstack: rewrite x86 stack dump code Frederic Weisbecker
2016-08-18 13:39 ` Ingo Molnar
2016-08-18 14:31 ` Josh Poimboeuf
2016-08-18 14:41 ` Steven Rostedt
2016-08-18 16:36 ` Ingo Molnar
2016-08-18 14:34 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+55aFwK1asVEOwLSji4K7bT=uidxmDVq-r+_6YUbBnxCOkxOQ@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=brgerst@gmail.com \
--cc=byungchul.park@lge.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=nilayvaish@gmail.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).