|
Message-ID: <CAGXu5jJ6Av611YQWvHNzVtEoprk-xnB9Ns9MGgg_rs95OPDMoQ@mail.gmail.com> Date: Sat, 19 Nov 2016 13:39:58 -0800 From: Kees Cook <keescook@...omium.org> To: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com> Cc: Elena Reshetova <elena.reshetova@...el.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Arnd Bergmann <arnd@...db.de>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <h.peter.anvin@...el.com>, Peter Zijlstra <peterz@...radead.org>, Will Deacon <will.deacon@....com>, David Windsor <dwindsor@...il.com>, Hans Liljestrand <ishkamiel@...il.com> Subject: Re: [RFC v4 PATCH 03/13] kernel: identify wrapping atomic usage On Sat, Nov 19, 2016 at 5:28 AM, Paul E. McKenney <paulmck@...ux.vnet.ibm.com> wrote: > On Thu, Nov 10, 2016 at 10:24:38PM +0200, Elena Reshetova wrote: >> From: David Windsor <dwindsor@...il.com> >> >> In some cases atomic is not used for reference >> counting and therefore should be allowed to overflow. >> Identify such cases and make a switch to non-hardened >> atomic version. >> >> The copyright for the original PAX_REFCOUNT code: >> - all REFCOUNT code in general: PaX Team <pageexec@...email.hu> >> - various false positive fixes: Mathias Krause <minipli@...glemail.com> >> >> Signed-off-by: Hans Liljestrand <ishkamiel@...il.com> >> Signed-off-by: Elena Reshetova <elena.reshetova@...el.com> >> Signed-off-by: David Windsor <dwindsor@...il.com> > > Not a fan of the rename from atomic_t to atomic_wrap_t. Yeah, the thread has grown considerably now. :) We're most likely looking at carving off two of the common atomic_t usage patterns into "stats_t" (with _add(), _sub(), and _read()), and "refcount_t" (with _inc(), _inc_not_zero(), _dec_and_test(), and _read(), along with a trap on overflow). With these in place, refcounts will be protected to avoid use-after-free exploits, things that don't care about wrapping will be annotated without a risk of them being turned into refcounts, and the remaining atomic_t uses will be easier to audit for misuse. -Kees -- Kees Cook Nexus Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.