Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Jan 2019 14:59:46 -0800
From: Kees Cook <>
To: Jason Yan <>
Cc: Jann Horn <>, 
	Kernel Hardening <>,,, Li Bin <>, 
	Wei Yongjun <>
Subject: Re: [PATCH] usercopy: skip the check if not a real usercopy

On Tue, Jan 8, 2019 at 6:26 PM Jason Yan <> wrote:
> It's very easy to reproduce in qemu using my config with v4.20. Please
> refer to the attachment.
> I did some debug and found that check_object_size() did not stuck but
> check_object_size() sometimes takes more than 30 milliseconds, and
> ftrace will call __probe_kernel_write() thousands of times, which makes
> the whole process stuck for more than 20 seconds.

30ms is still WAY too long. :)

> [yanaijie@138 linux]$ ./scripts/faddr2line vmlinux
> __check_object_size+0x5/0x460
> __check_object_size+0x5/0x460:
> __check_object_size at mm/usercopy.c:254
> [yanaijie@138 linux]$

For me, that's the entry to __check_object_size (the line with "{").
Is that what you see too?

Perhaps this is poor interaction with tracing? Does marking
__check_object_size with "notrace" help?

Kees Cook

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.