Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 11 Jan 2019 09:52:54 +0800
From: Jason Yan <yanaijie@...wei.com>
To: Kees Cook <keescook@...omium.org>
CC: Jann Horn <jannh@...gle.com>, Kernel Hardening
	<kernel-hardening@...ts.openwall.com>, <zhaohongjiang@...wei.com>,
	<miaoxie@...wei.com>, Li Bin <huawei.libin@...wei.com>, Wei Yongjun
	<weiyongjun1@...wei.com>
Subject: Re: [PATCH] usercopy: skip the check if not a real usercopy



On 2019/1/10 6:59, Kees Cook wrote:
> On Tue, Jan 8, 2019 at 6:26 PM Jason Yan <yanaijie@...wei.com> wrote:
>> It's very easy to reproduce in qemu using my config with v4.20. Please
>> refer to the attachment.
>>
>> I did some debug and found that check_object_size() did not stuck but
>> check_object_size() sometimes takes more than 30 milliseconds, and
>> ftrace will call __probe_kernel_write() thousands of times, which makes
>> the whole process stuck for more than 20 seconds.
>
> 30ms is still WAY too long. :)
>
>> [yanaijie@138 linux]$ ./scripts/faddr2line vmlinux
>> __check_object_size+0x5/0x460
>> __check_object_size+0x5/0x460:
>> __check_object_size at mm/usercopy.c:254
>> [yanaijie@138 linux]$
>
> For me, that's the entry to __check_object_size (the line with "{").
> Is that what you see too?
>

Yes, this is different every time, so it's just because there is too 
many loops outside to call this function?

> Perhaps this is poor interaction with tracing? Does marking
> __check_object_size with "notrace" help?
>

I will try this later.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.