[PATCH 3/4] mm: security: Check early if HARDENED_USERCOPY is enabled

Thu, 23 Jan 2025 14:12:37 -0800 

HARDENED_USERCOPY is checked within a function so even if disabled, the
function overhead still exists. Move the static check inline.

This is at best a micro-optimisation and any difference in performance
was within noise but it is relatively consistent with the init_on_*
implementations.

Suggested-by: Kees Cook <k...@kernel.org>
Signed-off-by: Mel Gorman <mgor...@techsingularity.net>
---
 include/linux/thread_info.h |  8 +++++++-
 mm/usercopy.c               | 13 +++++++------
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index cf2446c9c30d..09fc241a45f7 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -221,11 +221,17 @@ static inline int arch_within_stack_frames(const void * 
const stack,
 extern void __check_object_size(const void *ptr, unsigned long n,
                                        bool to_user);
 
+DECLARE_STATIC_KEY_MAYBE(CONFIG_HARDENED_USERCOPY_DEFAULT_ON,
+                          validate_usercopy_range);
+
 static __always_inline void check_object_size(const void *ptr, unsigned long n,
                                              bool to_user)
 {
-       if (!__builtin_constant_p(n))
+       if (!__builtin_constant_p(n) &&
+           static_branch_maybe(CONFIG_HARDENED_USERCOPY_DEFAULT_ON,
+                               &validate_usercopy_range)) {
                __check_object_size(ptr, n, to_user);
+       }
 }
 #else
 static inline void check_object_size(const void *ptr, unsigned long n,
diff --git a/mm/usercopy.c b/mm/usercopy.c
index 4cf33305347a..a1193bdabb16 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -201,7 +201,9 @@ static inline void check_heap_object(const void *ptr, 
unsigned long n,
        }
 }
 
-static DEFINE_STATIC_KEY_FALSE_RO(bypass_usercopy_checks);
+DEFINE_STATIC_KEY_MAYBE_RO(CONFIG_HARDENED_USERCOPY_DEFAULT_ON,
+                          validate_usercopy_range);
+EXPORT_SYMBOL(validate_usercopy_range);
 
 /*
  * Validates that the given object is:
@@ -212,9 +214,6 @@ static DEFINE_STATIC_KEY_FALSE_RO(bypass_usercopy_checks);
  */
 void __check_object_size(const void *ptr, unsigned long n, bool to_user)
 {
-       if (static_branch_unlikely(&bypass_usercopy_checks))
-               return;
-
        /* Skip all tests if size is zero. */
        if (!n)
                return;
@@ -270,8 +269,10 @@ __setup("hardened_usercopy=", parse_hardened_usercopy);
 
 static int __init set_hardened_usercopy(void)
 {
-       if (enable_checks == false)
-               static_branch_enable(&bypass_usercopy_checks);
+       if (enable_checks)
+               static_branch_enable(&validate_usercopy_range);
+       else
+               static_branch_disable(&validate_usercopy_range);
        return 1;
 }
 
-- 
2.43.0

Reply via email to