On Wed, Jul 4, 2018 at 6:43 AM, Vlastimil Babka <vbabka@xxxxxxx> wrote:
> On 07/03/2018 09:43 PM, Chris von Recklinghausen wrote:
>
> Subject: [PATCH v7] add param that allows bootline control of hardened
> usercopy
>
> s/bootline/boot time/ ?
>
>> v1->v2:
>> remove CONFIG_HUC_DEFAULT_OFF
>> default is now enabled, boot param disables
>> move check to __check_object_size so as to not break optimization of
>> __builtin_constant_p()
>
> Sorry for late and drive-by suggestion, but I think the change above is
> kind of a waste because there's a function call overhead only to return
> immediately.
>
> Something like this should work and keep benefits of both the built-in
> check and avoiding function call?
>
> static __always_inline void check_object_size(const void *ptr, unsigned
> long n, bool to_user)
> {
> if (!__builtin_constant_p(n) &&
> static_branch_likely(&bypass_usercopy_checks))
> __check_object_size(ptr, n, to_user);
> }
This produces less efficient code in the general case, and I'd like to
keep the general case (hardening enabled) as fast as possible.
-Kees
--
Kees Cook
Pixel Security
