Skip to content
  • Chris von Recklinghausen's avatar
    usercopy: Allow boot cmdline disabling of hardening · b5cb15d9
    Chris von Recklinghausen authored
    Enabling HARDENED_USERCOPY may cause measurable regressions in networking
    performance: up to 8% under UDP flood.
    
    I ran a small packet UDP flood using pktgen vs. a host b2b connected. On
    the receiver side the UDP packets are processed by a simple user space
    process that just reads and drops them:
    
    https://github.com/netoptimizer/network-testing/blob/master/src/udp_sink.c
    
    
    
    Not very useful from a functional PoV, but it helps to pin-point
    bottlenecks in the networking stack.
    
    When running a kernel with CONFIG_HARDENED_USERCOPY=y, I see a 5-8%
    regression in the receive tput, compared to the same kernel without this
    option enabled.
    
    With CONFIG_HARDENED_USERCOPY=y, perf shows ~6% of CPU time spent
    cumulatively in __check_object_size (~4%) and __virt_addr_valid (~2%).
    
    The call-chain is:
    
    __GI___libc_recvfrom
    entry_SYSCALL_64_after_hwframe
    do_syscall_64
    __x64_sys_recvfrom
    __sys_recvfrom
    inet_recvmsg
    udp_recvmsg
    __check_object_size
    
    udp_recvmsg() actually calls copy_to_iter() (inlined) and the latters
    calls check_copy_size() (again, inlined).
    
    A generic distro may want to enable HARDENED_USERCOPY in their default
    kernel config, but at the same time, such distro may want to be able to
    avoid the performance penalties in with the default configuration and
    disable the stricter check on a per-boot basis.
    
    This change adds a boot parameter that conditionally disables
    HARDENED_USERCOPY via "hardened_usercopy=off".
    
    Signed-off-by: default avatarChris von Recklinghausen <crecklin@redhat.com>
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    b5cb15d9