[PATCH v3 2/2] vfs: avoid duplicating creds in faccessat if possible
Linus Torvalds
torvalds at linux-foundation.org
Thu Mar 2 19:03:59 UTC 2023
On Thu, Mar 2, 2023 at 10:22 AM Mateusz Guzik <mjguzik at gmail.com> wrote:
>
> Ops, I meant "names_cache", here:
> names_cachep = kmem_cache_create_usercopy("names_cache", PATH_MAX, 0,
> SLAB_HWCACHE_ALIGN|SLAB_PANIC, 0, PATH_MAX, NULL);
That code just needs a __GFP_SKIP_ZERO.
It might be best if we actually exposed it as a SLAB_SKIP_ZERO thing,
just to make it possible to say - exactly in situations like this -
that this particular slab cache has no advantage from pre-zeroing.
This doesn't sound like a vfs issue, this is a hardening issue where
apparently people now use that INIT_ON_ALLOC_DEFAULT_ON in "real use"
and then you notice how horrid the performance impact can be.
But there might also be some possible interactions with KASAN etc.
Adding some hardening people to the cc.
Linus
More information about the Linux-security-module-archive
mailing list