Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Jul 2017 18:20:02 +0100
From: Ard Biesheuvel <>
To: Kees Cook <>
Cc: Li Kun <>, 
	"" <>, 
	"" <>, Will Deacon <>, 
	Mark Rutland <>, Laura Abbott <>
Subject: Re: [RFC PATCH untested] arm64: kernel: implement fast refcount checking

On 25 July 2017 at 18:13, Kees Cook <> wrote:
> On Tue, Jul 25, 2017 at 4:49 AM, Ard Biesheuvel
> <> wrote:
>> Hi all,
>> I had a stab at porting the fast refcount checks to arm64. It is slightly
>> less straight-forward than x86 given that we need to support both LSE and
>> LL/SC, and fallback to the latter if running a kernel built with support
>> for the former on hardware that does not support it.
>> It is build tested with and without LSE support, and boots fine on non-LSE
>> hardware in both cases.
> Ah! Very cool. Hopefully you and Li can compare notes; I think they've
> been working on an implementation too.

I wasn't aware of that.

>> Suggestions welcome as to how to test and/or benchmark this,
> I'll post a patch for LKDTM that I've been using. It's more
> comprehensive than the existing ATOMIC checks (which predated the
> refcount-only protection).

OK. One thing I couldn't figure out: is refcount_t signed or not? The
saturate tests set the initial value to UINT_MAX - 1, but this is
interpreted as a negative value and so the refcount manipulations that
are expected to succeed also fail in my case.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.