Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Nov 2015 12:04:18 -0800
From: Kees Cook <>
To: "" <>
Subject: Re: status: PAX_REFCOUNT

On Tue, Nov 24, 2015 at 11:37 AM, David Windsor <> wrote:
> I'm currently in the process of splitting PAX_REFCOUNT.
> It looks to touch a massive number of files.  Many of the modifications
> occur in drivers:
> dave@...ontium:~/src/linux-grsec-4.2$ grep -ril "atomic.*unchecked" | wc -l
> 402
> dave@...ontium:~/src/linux-grsec-4.2$ grep -ril "atomic.*unchecked" drivers/
> | wc -l
> 158

Interesting there are so many intentional overflows. I think the
hardest part for getting this series upstream will be sticking to our
principle of not needing a developer to "opt in" to the protection. I
still think this is a compelling reason to keep it as-is, but it
should be an interesting discussion. :)

> As it stands, I'm trying to come up with a good way to split the patches.
> I'm currently going with a scheme of creating separate patches per kernel
> subsystem, further separating by component type (filesystems, drivers,
> etc.).  For instance, for patches touching fs/, I've created a patch for
> filesystem-independent changes, then separate patches for each individual
> filesystem's changes.  Extrapolated over the entire kernel, I estimate this
> strategy will produce approximately between 50 and 75 patches.

That'll be a lot of patches. I wonder if we could break it up by
top-level maintainer? i.e. everything in drivers would go in one
patch, etc?

> I'm moving my way through the tree and will hopefully have an RFC submission
> soon.

Great! Are you working on this full-time? (If not, would potential CII
funding help at all?)

I'll send an lkdtm patch that'll twiddle the atomic type, so you have
something to validate it with.


Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.