|
Message-ID: <CAGXu5jLcx7iFNJGL9=LStCGCq6gx2D7onJAmHsKK3Vxe2pJvdg@mail.gmail.com> Date: Sat, 14 Jul 2018 19:04:07 -0700 From: Kees Cook <keescook@...omium.org> To: Vlastimil Babka <vbabka@...e.cz> Cc: Chris von Recklinghausen <crecklin@...hat.com>, Laura Abbott <labbott@...hat.com>, Paolo Abeni <pabeni@...hat.com>, LKML <linux-kernel@...r.kernel.org>, Linux-MM <linux-mm@...ck.org>, Kernel Hardening <kernel-hardening@...ts.openwall.com> Subject: Re: [PATCH v7] add param that allows bootline control of hardened usercopy On Wed, Jul 4, 2018 at 10:47 AM, Vlastimil Babka <vbabka@...e.cz> wrote: > On 07/04/2018 06:52 PM, Kees Cook wrote: >> This produces less efficient code in the general case, and I'd like to >> keep the general case (hardening enabled) as fast as possible. > > How specifically is the code less efficient? It should be always a > static key check (no-op thanks to the code patching involved) and a > function call in the "hardening enabled" case, just in different order. > And in either case compiled out if it's a constant. My understanding from reading the jump label comments[1] is that on order produces: NOP do normal thing label1: do rest of function RET label2: do exceptional thing jump label1 where "NOP" is changed to "JMP label2" when toggled, and the other is: JMP label1 do exceptional thing JMP label2 label1: do normal thing label2: do rest of function RET where "JMP label1" is changed to NOP when toggled. (i.e. does the default do NOP, thing, function, or does the default to JMP, thing, JMP, function) -Kees [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/jump_label.h#n334 -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.