From: Chris von Recklinghausen <crecklin@redhat.com>
To: keescook@chromium.org, labbott@redhat.com, pabeni@redhat.com,
linux-mm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [v2 PATCH] add param that allows bootline control of hardened usercopy
Date: Tue, 26 Jun 2018 08:50:30 -0400 [thread overview]
Message-ID: <1530017430-5394-1-git-send-email-crecklin@redhat.com> (raw)
Enabling HARDENED_USER_COPY causes measurable regressions in the
networking performances, up to 8% under UDP flood.
A generic distro may want to enable HARDENED_USER_COPY in their default
kernel config, but at the same time, such distro may want to be able to
avoid the performance penalties in with the default configuration and
disable the stricter check on a per-boot basis.
This change adds a boot parameter that to conditionally disable
HARDENED_USERCOPY at boot time.
v1->v2:
remove CONFIG_HUC_DEFAULT_OFF
default is now enabled, boot param disables
move check to __check_object_size so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Signed-off-by: Chris von Recklinghausen <crecklin@redhat.com>
---
.../admin-guide/kernel-parameters.rst | 1 +
.../admin-guide/kernel-parameters.txt | 3 +++
include/linux/thread_info.h | 5 ++++
mm/usercopy.c | 27 +++++++++++++++++++
4 files changed, 36 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.rst b/Documentation/admin-guide/kernel-parameters.rst
index b8d0bc07ed0a..87a1200a1db6 100644
--- a/Documentation/admin-guide/kernel-parameters.rst
+++ b/Documentation/admin-guide/kernel-parameters.rst
@@ -100,6 +100,7 @@ parameter is applicable::
FB The frame buffer device is enabled.
FTRACE Function tracing enabled.
GCOV GCOV profiling is enabled.
+ HUC Hardened usercopy is enabled
HW Appropriate hardware is enabled.
IA-64 IA-64 architecture is enabled.
IMA Integrity measurement architecture is enabled.
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index efc7aa7a0670..d14be0038aed 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -816,6 +816,9 @@
disable= [IPV6]
See Documentation/networking/ipv6.txt.
+ disable_hardened_usercopy [HUC]
+ Disable hardened usercopy checks
+
disable_radix [PPC]
Disable RADIX MMU mode on POWER9
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index 8d8821b3689a..ab24fe2d3f87 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -109,6 +109,11 @@ static inline int arch_within_stack_frames(const void * const stack,
#endif
#ifdef CONFIG_HARDENED_USERCOPY
+#include <linux/atomic.h>
+#include <linux/jump_label.h>
+
+DECLARE_STATIC_KEY_FALSE(bypass_usercopy_checks);
+
extern void __check_object_size(const void *ptr, unsigned long n,
bool to_user);
diff --git a/mm/usercopy.c b/mm/usercopy.c
index e9e9325f7638..6a1265e1a54e 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -20,6 +20,8 @@
#include <linux/sched/task.h>
#include <linux/sched/task_stack.h>
#include <linux/thread_info.h>
+#include <linux/atomic.h>
+#include <linux/jump_label.h>
#include <asm/sections.h>
/*
@@ -248,6 +250,9 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
*/
void __check_object_size(const void *ptr, unsigned long n, bool to_user)
{
+ if (static_branch_likely(&bypass_usercopy_checks))
+ return;
+
/* Skip all tests if size is zero. */
if (!n)
return;
@@ -279,3 +284,25 @@ void __check_object_size(const void *ptr, unsigned long n, bool to_user)
check_kernel_text_object((const unsigned long)ptr, n, to_user);
}
EXPORT_SYMBOL(__check_object_size);
+
+DEFINE_STATIC_KEY_FALSE(bypass_usercopy_checks);
+EXPORT_SYMBOL(bypass_usercopy_checks);
+
+static bool disable_huc_atboot = false;
+
+static int __init parse_disable_usercopy(char *str)
+{
+ disable_huc_atboot = true;
+ return 1;
+}
+
+static int __init set_disable_usercopy(void)
+{
+ if (disable_huc_atboot == true)
+ static_branch_enable(&bypass_usercopy_checks);
+ return 1;
+}
+
+__setup("disable_hardened_usercopy", parse_disable_usercopy);
+
+late_initcall(set_disable_usercopy);
--
2.17.0
next reply other threads:[~2018-06-26 12:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-26 12:50 Chris von Recklinghausen [this message]
2018-06-26 12:53 ` [v2 PATCH] add param that allows bootline control of hardened usercopy Christoph von Recklinghausen
2018-06-27 0:03 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1530017430-5394-1-git-send-email-crecklin@redhat.com \
--to=crecklin@redhat.com \
--cc=keescook@chromium.org \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).