> > Thanks for doing this implementation! One reason usercopy hardening > > didn't persue doing a "full" stacktrace was because it seemed relatively > > expensive. Did you do any usercopy-heavily workload testing to see if > > there was a noticeable performance impact? Look at anything that uses sendmsg(). It is noticeably more expensive than sendto(). All the extra copy_from_user() cause measurable slow slowdowns. Using __copy_from_user()(to avoid 'hardending') in the socket code and when reading the iov[] gives a measurable improvement. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
