lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Mar 2017 22:03:23 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Vineet Gupta <Vineet.Gupta1@...opsys.com>, "linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Richard Henderson <rth@...ddle.net>, Russell King <linux@...linux.org.uk>, Will Deacon <will.deacon@....com>, Haavard Skinnemoen <hskinnemoen@...il.com>, Steven Miao <realmz6@...il.com>, Jesper Nilsson <jesper.nilsson@...s.com>, Mark Salter <msalter@...hat.com>, Yoshinori Sato <ysato@...rs.sourceforge.jp>, Richard Kuo <rkuo@...eaurora.org>, Tony Luck <tony.luck@...el.com>, Geert Uytterhoeven <geert@...ux-m68k.org>, James Hogan <james.hogan@...tec.com>, Michal Simek <monstr@...str.eu>, David Howells <dhowells@...hat.com>, Ley Foon Tan <lftan@...era.com>, Jonas Bonn <jonas@...thpole.se>, Helge Deller <deller@....de>, Martin Schwidefsky <schwidefsky@...ibm.com>, Ralf Baechle <ralf@...ux-mips.org>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Chen Liqin <liqin.linux@...il.com>, "David S. Miller" <davem@...emloft.net>, Chris Metcalf <cmetcalf@...lanox.com>, Richard Weinberger <richard@....at>, Guan Xuetao <gxt@...c.pku.edu.cn>, Thomas Gleixner <tglx@...utronix.de>, Chris Zankel <chris@...kel.net> Subject: Re: [RFC][CFT][PATCHSET v1] uaccess unification On Wed, Mar 29, 2017 at 01:37:30PM -0700, Linus Torvalds wrote: > On Wed, Mar 29, 2017 at 1:29 PM, Al Viro <viro@...iv.linux.org.uk> wrote: > > > > BTW, I wonder if inlining all of the copy_{to,from}_user() is actually a win. > > I would suggest against it. > > The only part I think is worth inlining is the compile time size > checks for kasan - and that only because of the obvious "sizes are > constant only when inlining" issue. > > We used to inline a *lot* of user accesses historically, pretty much > all of them were bogus. > > The only ones that really want inlining are the non-checking ones that > people should never use directly, but that are just helper things used > by other routines (ie the "unsafe_copy_from_user()" kind of things > that are designed for strncpy_from_user()). > > Once you start checking access ranges, and have might_fault debugging > etc, it shouldn't be inlined. FWIW, that's why I'd put those knobs (INLINE_COPY_{TO,FROM}_USER) in there; if for some architectures making those inlined is really a win, they can request the inlining; for now I'd mostly set them to match what architectures had been doing, but I also strongly suspect that in a lot of cases that inlining is counterproductive. Building it both ways is simply a matter of deleting those two lines in asm/uaccess.h in question, and if testing shows that out-of-line works better on given architecture, well... I would expect that the final variant will have those remain only on a few architectures. IMO decision whether to inline them or not is up to architecture - it's not as if having the possibility to inline them would really complicate the generic side of things...
Powered by blists - more mailing lists