From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 651DAC4332F for ; Tue, 7 Nov 2023 20:30:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D40D58D0055; Tue, 7 Nov 2023 15:30:42 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id CF0EA8D0001; Tue, 7 Nov 2023 15:30:42 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BB83F8D0055; Tue, 7 Nov 2023 15:30:42 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id ACC1B8D0001 for ; Tue, 7 Nov 2023 15:30:42 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id EC821160B21 for ; Tue, 7 Nov 2023 20:30:41 +0000 (UTC) X-FDA: 81432301482.29.51CF846 Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by imf07.hostedemail.com (Postfix) with ESMTP id 1374F40018 for ; Tue, 7 Nov 2023 20:30:39 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=L1HaM5sF; spf=pass (imf07.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.179 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699389040; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=kMKC+f3GuoNBGpjpvUIzL6NWxNO/+YBarjXdWe3vCGU=; b=dX1I6YwcVOAXOJIYZoWJ4zhxXPMH4EuCfSklb7gqJjg4uQFTNFkRgOl6nm3Omn+mW/CWbG +ZhpOQTTSdy3h9ytIh8dOvzH8N+RiUr2PJl6xwlH1XSKvQHMe0FwIQY5zwx9gCzGVbBMHe 90oBz1DPOwLm/S1r1XEjyYaUAb2CDTk= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=L1HaM5sF; spf=pass (imf07.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.179 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699389040; a=rsa-sha256; cv=none; b=DgEWIoiNwXB4vM5kqk0Su/R7ageog1w4Ekcg+8DfukyqlTnpbcDKbRllvwvsoxd7NdOm3u mNfZgL6U/+A01FwPaldbCP/N5N3RRVQrCS5DJqRewHw2KPppg5fxNAPeqrItJXriZUuDqT LiVwyGgmvgIrTzDaU26cRbx4lMvkT7o= Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-1cc30bf9e22so565485ad.1 for ; Tue, 07 Nov 2023 12:30:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1699389039; x=1699993839; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=kMKC+f3GuoNBGpjpvUIzL6NWxNO/+YBarjXdWe3vCGU=; b=L1HaM5sFufKYlJRgAklo8wchq+vTNmJ/JlL6TOILz/qDL6SE6ZhbD0yWWPuqW4b6G8 YPOko3qxSbUQQxo4bojtRQkmfIBFsJkf2SUb8QonreF+kiVCieCmuakewaVyuT5gVh8g QI0ipGuhaeB9DxCciZhw3xoWWodhLjnQ+goTA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699389039; x=1699993839; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=kMKC+f3GuoNBGpjpvUIzL6NWxNO/+YBarjXdWe3vCGU=; b=jgX4puSr2P7K71V+XVBgwDq4S0j3hjGNkpHQNGg1qQxrbplIWUkHlLO3TVZ+tYAoao 3j1y52VollSuDk1F9Zws0/9hOOVmUdUGyADS/1+J5M06MhVN6glimt9Mxq3zJCILlkIe l6WuomE7m0WFY9DfJOjgCkSPjC6kgYrVmhtaiW0u2sCdc2qZDnEJyImXNcY0G35tPM+6 mrv2YUTrrDX1QXETsDLFZHMYjycZ2503f4beMVqfWDgokb9yQYSKmSv81LEpl14+3ikr oDegK6NH3aiSsdsZJqhGIPHId/ny2HD1iUT01xeqBP/43wHl7BsuLE7Zg4JsDtIj0mfV XEHw== X-Gm-Message-State: AOJu0YwfgP6Yv/nVkQmPQ3+qbezYR2RXyrfPAnTXjhPM2kTxiZXG5KuB yJ52RKCBQ/4PD/NZWBTHl462LQ== X-Google-Smtp-Source: AGHT+IE+tNZ4JB+XVmT1foSgL0lugYRgOWvRkGk+9lpLcUqnOxA3uaZasFMQofi47dyLmcuOIes3PA== X-Received: by 2002:a17:903:41c6:b0:1c9:9fa6:ce5b with SMTP id u6-20020a17090341c600b001c99fa6ce5bmr5127588ple.16.1699389038799; Tue, 07 Nov 2023 12:30:38 -0800 (PST) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id s14-20020a170902b18e00b001cc5225c220sm237006plr.15.2023.11.07.12.30.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Nov 2023 12:30:38 -0800 (PST) Date: Tue, 7 Nov 2023 12:30:37 -0800 From: Kees Cook To: Josh Triplett Cc: Eric Biederman , Alexander Viro , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] fs/exec.c: Add fast path for ENOENT on PATH search before allocating mm Message-ID: <202311071228.27D22C00@keescook> References: <5c7333ea4bec2fad1b47a8fa2db7c31e4ffc4f14.1663334978.git.josh@joshtriplett.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5c7333ea4bec2fad1b47a8fa2db7c31e4ffc4f14.1663334978.git.josh@joshtriplett.org> X-Rspamd-Queue-Id: 1374F40018 X-Rspam-User: X-Stat-Signature: 58kric5bdeo1ko1p6xs3q1eedqo53p5p X-Rspamd-Server: rspam01 X-HE-Tag: 1699389039-467766 X-HE-Meta: U2FsdGVkX1/S/GBWGAtVjsvQhS0RWjZClaTe84a2O1b81vMEG9dKrDhNTUxkfYxroopwySshVuwnv1BwnZ7MSgxl8nVKzjIjWJdkUKwYpYGou66JQJJFaGbC22CDlQdO+wIjPACAXTCoYBCCSv5yTnBXgFhH7jabzIX9Rg+8PwrxGOCHXcW3GmgbOeHWKuNvGFXfabp6xKIe2jj1mYPCgxWDbZ+qinLd7yM8K4ru/h4YywfM+T7LLupUHuvn4wcpp4GROQgzg+boXs8nUK4RTGoIILLduxGj3dNpjjrPIZMuVBQcEnNWoPmxuQDz9eGZ3WkHtnEVEgyj5n85aarXRTQpT4DlepDw1v7QgeGtDOxiWxN3YmNguNfUYj7eQXUC1T3qD3bKdVFfNoQaY/SEiqHKX8BjIywwKk7+x0zUnIKZJEqaqJXwE4l9BIhynQUlILBwrb5G6mvERJzAujXPkM6gvv1lDmkd5yPhhtQP7LY0UyPd3UXUpILEVhglDg+bjK86DMc1NlF1TnYjcIdWj0BNYt5KETf0H5e0ds+6Xbve3EVfwlalm7CLB2B52Sd1nDYx6j311rdhm5d5JmIhnt4aIlX/TZRvzdY7Nim9lVVFxxynru2lDkXluM2vCGytZ2OC7cGkdzjZBHDH5X5x0Vrz3GwLq1kAcvYFTknXFSMPpbDVuaScaVaDAIF9V9azi87qA9n0Ccz+IBCGNmpy1tcCzfod/tSo4yb0KlWAfkCuwnGpem1hgqpFkqSfe/CVvXDOZ3FQdXHs5CWYsX1dR2gj3E3bEuIdCS3mAWPesOIgUxrzLv4xVdi0vKjq4F5sd2KT4pGb/mezyQ02DaavK88W8DBqWxoNjMNVwhALsXM7y0GRmbkryAdC3dN2sdSupRx0rOh8KP4Qb3HgTFzm/2uZn3g3KT6QwydDz/cQrpnDjZINrMYcqOi8HETPGDMs6SgZayG/wn0+OafvdDh ZAFWE1ID IKFUlYJ3ROJwwuKN7PqSaOq6yI7pyR5WyWLqcmK5mLzH/kC+Iw0cqSsx4FgfwdAO7W8gsHGP+pbSaZcuvmZTGBEhY5QOT7Y7NZajFywFInewk+xC7kSe0dGDovwRcC5/fnCEWOHvCc9VjU+ZdTk5LsT5WWfU0j757W/vSjr3eU3Vmt1yJqFIeeeMCkQss997azkYqwt4W2hY8Tny92NL/+VQBUwtgyzlviRwS09ct3ea/nx2X44j4fwnaZ51hexAIuQIYv5L93PyT1zvTepjl5Ycn9RhlWndJ1spB8pwBPBfAZUFNm3B0mzfKvwAGwmtJ0rw03d5vXNjS/Zu+k6iDPy/JlHHn/HJ8d9xrbgqGddM51TumEwDXxcaSq38w7dxI1cCagEC7EGMV0xGvVe4kIlBf1X5+95ioqzwsgSL8Hq4PYvb6vPfPDH4X2WAacJ8ZrUMjd/FlnA9a1strnm2nHLPsdH8ArAzjflp+D4R7yHvOJgw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000054, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Sep 16, 2022 at 02:41:30PM +0100, Josh Triplett wrote: > Currently, execve allocates an mm and parses argv and envp before > checking if the path exists. However, the common case of a $PATH search > may have several failed calls to exec before a single success. Do a > filename lookup for the purposes of returning ENOENT before doing more > expensive operations. > > This does not create a TOCTTOU race, because this can only happen if the > file didn't exist at some point during the exec call, and that point is > permitted to be when we did our lookup. > > To measure performance, I ran 2000 fork and execvpe calls with a > seven-element PATH in which the file was found in the seventh directory > (representative of the common case as /usr/bin is the seventh directory > on my $PATH), as well as 2000 fork and execve calls with an absolute > path to an existing binary. I recorded the minimum time for each, to > eliminate noise from context switches and similar. > > Without fast-path: > fork/execvpe: 49876ns > fork/execve: 32773ns > > With fast-path: > fork/execvpe: 36890ns > fork/execve: 32069ns > > The cost of the additional lookup seems to be in the noise for a > successful exec, but it provides a 26% improvement for the path search > case by speeding up the six failed execs. > > Signed-off-by: Josh Triplett *thread necromancy* I'll snag this patch after -rc1 is out. Based on the research we both did in the rest of this thread, this original patch is a clear win. Let's get it into linux-next and see if anything else falls out of it. I did, however, scratch my head over the 0-day report: https://lore.kernel.org/lkml/202209221401.90061e56-yujie.liu@intel.com/ But I can't see why this patch could trigger those problems... Thanks! -Kees -- Kees Cook