Date: Tue, 25 Jul 2017 10:50:20 -0700 From: Kees Cook <keescook@...omium.org> To: Ard Biesheuvel <ard.biesheuvel@...aro.org> Cc: Li Kun <hw.likun@...wei.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Will Deacon <will.deacon@....com>, Mark Rutland <mark.rutland@....com>, Laura Abbott <labbott@...oraproject.org> Subject: Re: [RFC PATCH untested] arm64: kernel: implement fast refcount checking On Tue, Jul 25, 2017 at 10:20 AM, Ard Biesheuvel <ard.biesheuvel@...aro.org> wrote: > On 25 July 2017 at 18:13, Kees Cook <keescook@...omium.org> wrote: >> On Tue, Jul 25, 2017 at 4:49 AM, Ard Biesheuvel >> <ard.biesheuvel@...aro.org> wrote: >>> Hi all, >>> >>> I had a stab at porting the fast refcount checks to arm64. It is slightly >>> less straight-forward than x86 given that we need to support both LSE and >>> LL/SC, and fallback to the latter if running a kernel built with support >>> for the former on hardware that does not support it. >>> >>> It is build tested with and without LSE support, and boots fine on non-LSE >>> hardware in both cases. >> >> Ah! Very cool. Hopefully you and Li can compare notes; I think they've >> been working on an implementation too. >> > > I wasn't aware of that. > >>> Suggestions welcome as to how to test and/or benchmark this, >> >> I'll post a patch for LKDTM that I've been using. It's more >> comprehensive than the existing ATOMIC checks (which predated the >> refcount-only protection). >> > > OK. One thing I couldn't figure out: is refcount_t signed or not? The > saturate tests set the initial value to UINT_MAX - 1, but this is > interpreted as a negative value and so the refcount manipulations that > are expected to succeed also fail in my case. refcount_t under REFCOUNT_FULL is unsigned. Under the x86 fast refcount, it's signed to gain the CPU flag detection for overflow. The understanding is basically "omg, if you've got INT_MAX-many references to something you already DoSed your machine". I'll have the full LKDTM tests up in a moment here, just doing another pass on them now... -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.