lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Z06hXVPhN_3RH8Vt@pc636>
Date: Tue, 3 Dec 2024 07:12:45 +0100
From: Uladzislau Rezki <urezki@...il.com>
To: Ze Zuo <zuoze1@...wei.com>
Cc: gustavoars@...nel.org, akpm@...ux-foundation.org,
	linux-hardening@...r.kernel.org, linux-mm@...ck.org,
	willy@...radead.org, keescook@...omium.org, urezki@...il.com,
	wangkefeng.wang@...wei.com
Subject: Re: [PATCH -next] mm: usercopy: add a debugfs interface to bypass
 the vmalloc check.

On Tue, Dec 03, 2024 at 10:31:59AM +0800, Ze Zuo wrote:
> The commit 0aef499f3172 ("mm/usercopy: Detect vmalloc overruns") introduced
> vmalloc check for usercopy. However, in subsystems like networking, when
> memory allocated using vmalloc or vmap is subsequently copied using
> functions like copy_to_iter/copy_from_iter, the check is triggered. This
> adds overhead in the copy path, such as the cost of searching the
> red-black tree, which increases the performance burden.
> 
> We found that after merging this patch, network bandwidth performance in
> the XDP scenario significantly dropped from 25 Gbits/sec to 8 Gbits/sec,
> the hardened_usercopy is enabled by default.
> 
> To address this, we introduced a debugfs interface that allows selectively
> enabling or disabling the vmalloc check based on the use case, optimizing
> performance.
> 
> By default, vmalloc check for usercopy is enabled.
> 
> To disable the vmalloc check:
>         echo Y > /sys/kernel/debug/bypass_usercopy_vmalloc_check
> 
> After executing the above command, the XDP performance returns to 25
> Gbits/sec.
> 
To what Matthew has asked, could you please also specify the kernel version
you run your experiment on? Apart of that please describe your system and HW.

Thank you!

--
Uladzislau Rezki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ