Date: Tue, 25 Jul 2017 18:20:02 +0100 From: Ard Biesheuvel <ard.biesheuvel@...aro.org> To: Kees Cook <keescook@...omium.org> Cc: Li Kun <hw.likun@...wei.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Will Deacon <will.deacon@....com>, Mark Rutland <mark.rutland@....com>, Laura Abbott <labbott@...oraproject.org> Subject: Re: [RFC PATCH untested] arm64: kernel: implement fast refcount checking On 25 July 2017 at 18:13, Kees Cook <keescook@...omium.org> wrote: > On Tue, Jul 25, 2017 at 4:49 AM, Ard Biesheuvel > <ard.biesheuvel@...aro.org> wrote: >> Hi all, >> >> I had a stab at porting the fast refcount checks to arm64. It is slightly >> less straight-forward than x86 given that we need to support both LSE and >> LL/SC, and fallback to the latter if running a kernel built with support >> for the former on hardware that does not support it. >> >> It is build tested with and without LSE support, and boots fine on non-LSE >> hardware in both cases. > > Ah! Very cool. Hopefully you and Li can compare notes; I think they've > been working on an implementation too. > I wasn't aware of that. >> Suggestions welcome as to how to test and/or benchmark this, > > I'll post a patch for LKDTM that I've been using. It's more > comprehensive than the existing ATOMIC checks (which predated the > refcount-only protection). > OK. One thing I couldn't figure out: is refcount_t signed or not? The saturate tests set the initial value to UINT_MAX - 1, but this is interpreted as a negative value and so the refcount manipulations that are expected to succeed also fail in my case.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.