From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06A52C4332F for ; Tue, 7 Nov 2023 20:52:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 99F2C8D0059; Tue, 7 Nov 2023 15:52:07 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 94FED8D0001; Tue, 7 Nov 2023 15:52:07 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 817AD8D0059; Tue, 7 Nov 2023 15:52:07 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 6F1808D0001 for ; Tue, 7 Nov 2023 15:52:07 -0500 (EST) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 3D1BD160301 for ; Tue, 7 Nov 2023 20:52:07 +0000 (UTC) X-FDA: 81432355494.14.975F559 Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) by imf30.hostedemail.com (Postfix) with ESMTP id 5A31A80011 for ; Tue, 7 Nov 2023 20:52:05 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=EHQx9mKZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf30.hostedemail.com: domain of mjguzik@gmail.com designates 209.85.218.42 as permitted sender) smtp.mailfrom=mjguzik@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699390325; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=WHD9MrkpuzBL019+pu/tF6WpBjLY38oBJb9Q97KwJZg=; b=rfEcrl9/u8IlEtFhSIplvSLG8LUFwkQE/O7naDZA9+s2A3IQYjOQSDs5zwKC7FcIkTKCSs t5i/UozlspuxruImww3lRbw9hLU70BEEfMyBz5YCTuYzdZN1vX9iPUMn3A9HI+mB6HJHRe qA31ZLbsxMbUTd10kSKAe+Kd2OoL1rU= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=EHQx9mKZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf30.hostedemail.com: domain of mjguzik@gmail.com designates 209.85.218.42 as permitted sender) smtp.mailfrom=mjguzik@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699390325; a=rsa-sha256; cv=none; b=589dqwNe4WdKLbzWnNn3YYB6SetsnvTbiFAI170IKjE9V0AQkg7cKMTvFMlBA7+gijo4mk WmefVK/bFRkHWHY5MQS1UmmorOihW7Ses2sHhNaZ6UYBK2G3r7xuI4aZUHcnOVVWNuVZHG 01+TX6w1URMIVmCsB8lgXDQ8/950o1k= Received: by mail-ej1-f42.google.com with SMTP id a640c23a62f3a-9c2a0725825so928549866b.2 for ; Tue, 07 Nov 2023 12:52:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699390324; x=1699995124; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=WHD9MrkpuzBL019+pu/tF6WpBjLY38oBJb9Q97KwJZg=; b=EHQx9mKZRt8vOrO/KN3cU1QVdFhUR9CfXp/zbTggkRdh25Une+/mZptsfBGb+9CS5E bGSCZCOeT/xViKpLXSeW9+PWoHZu3SJz82bt9oer+m/i2XsMxFq5mRnXLeGO3ZCV+AXH pOAgQXTIIa52ZBSMabay2pekYjvuC6kpFvkpy3MayI1VshAZNoKZZD3gqnbHQ8LOohJw lqRBqk0H90BGQZVkqMEyMQPnFbnu1y+mHM1LARb2iuGyv+rEWv5u/pJLoGcBXQWQu1zg gKMesUb/BdkdCB5TIUoenHEOs/yaYWMaZE/WCA4l8X1cgbdojNECal5D2anPyMqpaPKY VCdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699390324; x=1699995124; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=WHD9MrkpuzBL019+pu/tF6WpBjLY38oBJb9Q97KwJZg=; b=kyBuXq/S7XrEP+luxCIbW7SeELqVV7VhyR/WFZ8YNzUy7eSwkQglcozpRNDb5inV3r ACynRZGv9zVXja5xlXzUmT0sWhzi8Ij3O3E/AqOzYHV0c/n1sUzzQJ7R6KshBUE4Jw0+ TViO5r03aPVVEqxHutcg7i0ia11OTCTssM3x56/HnQwQX/AifpHICV9WnAaTU6vsBW71 JWISbqT/68UOeUMtVTSsFn6H8Qgna5sODmXVB0hL9naw9+ykKqx0qiVsc5YmZgeaevQA +f39ocEj+Xct0jLX5ZI3GKLVD1jEBOVran5MfNyYwt1ebh4/y9R94BJgXZ0upk0HI2B7 sihA== X-Gm-Message-State: AOJu0YyKchiUvRANISH64C04rxAYGw+5xkokSroBkSkdI43liGWrmey7 upf92vLcqIpbfucMKohyZ/I= X-Google-Smtp-Source: AGHT+IG35rCRFP1xAW5DdWqensQUZSKqgaN9Hs6rsm7Y6CDppdeyoIBUF1TV9TlFDZofLDwNdzIF+A== X-Received: by 2002:a17:907:d502:b0:9db:e46c:569 with SMTP id wb2-20020a170907d50200b009dbe46c0569mr12135731ejc.45.1699390323535; Tue, 07 Nov 2023 12:52:03 -0800 (PST) Received: from f (cst-prg-81-17.cust.vodafone.cz. [46.135.81.17]) by smtp.gmail.com with ESMTPSA id t27-20020a170906179b00b009a1dbf55665sm1534eje.161.2023.11.07.12.52.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Nov 2023 12:52:03 -0800 (PST) Date: Tue, 7 Nov 2023 21:51:51 +0100 From: Mateusz Guzik To: Kees Cook Cc: Josh Triplett , Eric Biederman , Alexander Viro , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] fs/exec.c: Add fast path for ENOENT on PATH search before allocating mm Message-ID: <20231107205151.qkwlw7aarjvkyrqs@f> References: <5c7333ea4bec2fad1b47a8fa2db7c31e4ffc4f14.1663334978.git.josh@joshtriplett.org> <202311071228.27D22C00@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <202311071228.27D22C00@keescook> X-Rspamd-Queue-Id: 5A31A80011 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: agjoa6c55nouyjfjpt63g4t5ofhpjfnj X-HE-Tag: 1699390325-717645 X-HE-Meta: U2FsdGVkX1+q02WUO07de2rwXvzS4HD7t9O4glI7AA6NQrr5h5fm+PJurDvT/fzOgD5kuh99TWXkhvFmp90RhsYeqbJxxVAMArLxSfR7/aiv18T0xVlC1gXf0a3d+mn3LPTLgI+xMeKAE9FL2miCHtdPc3acsQhhfqn3QQmSderjtp+DhoMNTmPMbwFI+cgs4m894zK8NcnzOzNpDCyQYjQYk1rgW8tEqn23cbXL4jLZ1tqIFGA+zgKuxe29xbq0j6/YAMV69iAlIdocPk32fw0VBTroCEvDjkuU9lAy6KRWWojUWQ8uIz+FAmSASu5Ef8KfFDsXFicKnYQXjhChUu/4ugHrfc6o96XvSnmgZVdoYxCVkIp6dZ2EgsHvJONNUXlLJ05cZPiOyUy1n/TCQh+mq2aJB1fo4GyZNSA7slgM3MMcpCBaCZEs2Xop4Ql5Na/Qovo/VTAcmXgl0tyNrMSVR6qScZNaZI8KovMNm6xEK8aCz7WLaWUG0bfcxM7YdAGpcGNVRrza5wEtxflAVDcui5I47aLzTmYO67T+7IAb6je+xC2hdkBsli/j2tDsH8C554/CrFkx4Y0bRwosEyRFFY1yEet8e5f1kuZsf1MV0fURDmgH1rPft2AFt7uzs7DadQHHL0LDhjZVpNW+JnXayG0JkJiY93EVcWrhtkvgmpJRANpusJk1ElOxi0YQ+tjimeVfK8IDwufnSr036PxcZzRzR1Kk2TOjDT5rKeAen3IgsKibXtWcd44LI7TBKzCie2579WYRHBDp/BWCe0xJzpQge74ia96RqMqRQSA0EFZ/DbReP9FDVaAZ8Rjsk4k7eELuRrFj+6+VZ0udYE6cufwcCj7cH3YE8OyiaiHqSYTJcxiBJLDXIZ9E49y6DqpHtV8MF6oHKOJQB5ySKoI1PZhBDu6Djjl5wV200PWjRoaTHMnK4ZNs0u3dHvatt3jbV4/Nty7Dyql/KAY lfJtunkJ xqBJjpwlbwgC5kegBuRx4dVVtaWtloLkicXe0+fmVWi4y/BkiiaBxKUwZjubStBL+KZxCPixfZAjDiGycboxfUY5dDQtipSl8uizzA5K7SH0bfHcC538La3ajdLUeX0AbeADqC4AnQ2L/Z+hpIx5oy/YQMfImtrXYOTtLMvKTs2gHfuDZkiXg/rIXQD+vN7KWWFLmyQywfTdImGXSk1Nf5YHhhws/Ud5giSwPX5u49eQc2e4kHzqOaZKDvFTAaVdC6GlbpXAcv1WNS9ll9F68wtLrEPo1DWSGHPmCX4BghSZVPkDypd88kZGzJ0xrvREL8fD42zMJQZrqRyP1ZTjIvLqgRx4ujN0+0Wl4MVIfp6tn9t/TVDUMuR4BZ6j8rFRyakh7jE6TQsq6MhTCOvrZnt2zhKu6kGnNpnMlOOUMob2/3kg6cvptIovW7yczfwCJJYFui5MjxW1oHavVMdmBPLeJDLDiWxuBdmC0MVqF/VR657Mcsj3YfGSK9LyOTIMTGiI7EBDkE/1ezPVz0g4+XWqDqlc0cSEDOi+U6RyPvfJjhIU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Nov 07, 2023 at 12:30:37PM -0800, Kees Cook wrote: > On Fri, Sep 16, 2022 at 02:41:30PM +0100, Josh Triplett wrote: > > Currently, execve allocates an mm and parses argv and envp before > > checking if the path exists. However, the common case of a $PATH search > > may have several failed calls to exec before a single success. Do a > > filename lookup for the purposes of returning ENOENT before doing more > > expensive operations. > > > > This does not create a TOCTTOU race, because this can only happen if the > > file didn't exist at some point during the exec call, and that point is > > permitted to be when we did our lookup. > > > > To measure performance, I ran 2000 fork and execvpe calls with a > > seven-element PATH in which the file was found in the seventh directory > > (representative of the common case as /usr/bin is the seventh directory > > on my $PATH), as well as 2000 fork and execve calls with an absolute > > path to an existing binary. I recorded the minimum time for each, to > > eliminate noise from context switches and similar. > > > > Without fast-path: > > fork/execvpe: 49876ns > > fork/execve: 32773ns > > > > With fast-path: > > fork/execvpe: 36890ns > > fork/execve: 32069ns > > > > The cost of the additional lookup seems to be in the noise for a > > successful exec, but it provides a 26% improvement for the path search > > case by speeding up the six failed execs. > > > > Signed-off-by: Josh Triplett > > *thread necromancy* > > I'll snag this patch after -rc1 is out. Based on the research we both > did in the rest of this thread, this original patch is a clear win. > Let's get it into linux-next and see if anything else falls out of it. > So the obvious question is why not store lookup result within bprm, instead of doing the lookup again later. Turns out you had very same question and even wrote a patch to sort it out: https://lore.kernel.org/all/202209161637.9EDAF6B18@keescook/ Why do you intend to go with this patch instead?