Date: Mon, 21 Nov 2016 12:13:13 -0800 From: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com> To: Kees Cook <keescook@...omium.org> Cc: Elena Reshetova <elena.reshetova@...el.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Arnd Bergmann <arnd@...db.de>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <h.peter.anvin@...el.com>, Peter Zijlstra <peterz@...radead.org>, Will Deacon <will.deacon@....com>, David Windsor <dwindsor@...il.com>, Hans Liljestrand <ishkamiel@...il.com> Subject: Re: [RFC v4 PATCH 03/13] kernel: identify wrapping atomic usage On Sat, Nov 19, 2016 at 01:39:58PM -0800, Kees Cook wrote: > On Sat, Nov 19, 2016 at 5:28 AM, Paul E. McKenney > <paulmck@...ux.vnet.ibm.com> wrote: > > On Thu, Nov 10, 2016 at 10:24:38PM +0200, Elena Reshetova wrote: > >> From: David Windsor <dwindsor@...il.com> > >> > >> In some cases atomic is not used for reference > >> counting and therefore should be allowed to overflow. > >> Identify such cases and make a switch to non-hardened > >> atomic version. > >> > >> The copyright for the original PAX_REFCOUNT code: > >> - all REFCOUNT code in general: PaX Team <pageexec@...email.hu> > >> - various false positive fixes: Mathias Krause <minipli@...glemail.com> > >> > >> Signed-off-by: Hans Liljestrand <ishkamiel@...il.com> > >> Signed-off-by: Elena Reshetova <elena.reshetova@...el.com> > >> Signed-off-by: David Windsor <dwindsor@...il.com> > > > > Not a fan of the rename from atomic_t to atomic_wrap_t. > > Yeah, the thread has grown considerably now. :) We're most likely > looking at carving off two of the common atomic_t usage patterns into > "stats_t" (with _add(), _sub(), and _read()), and "refcount_t" (with > _inc(), _inc_not_zero(), _dec_and_test(), and _read(), along with a > trap on overflow). With these in place, refcounts will be protected to > avoid use-after-free exploits, things that don't care about wrapping > will be annotated without a risk of them being turned into refcounts, > and the remaining atomic_t uses will be easier to audit for misuse. Whew!!! ;-) Thanx, Paul
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.