From: Colin Vidal <colin@cvidal.org>
To: kernel-hardening@lists.openwall.com
Cc: Kees Cook <keescook@chromium.org>,
David Windsor <dave@progbits.org>,
"Reshetova, Elena" <elena.reshetova@intel.com>
Subject: Re: [kernel-hardening] [RFC v2 PATCH 00/13] HARDENED_ATOMIC
Date: Wed, 26 Oct 2016 10:44:49 +0200 [thread overview]
Message-ID: <1477471489.2263.107.camel@cvidal.org> (raw)
In-Reply-To: <2236FBA76BA1254E88B949DDB74E612B41BF8C68@IRSMSX102.ger.corp.intel.com>
Hi Elena,
> > Perhaps the cleaner solution would be to define prototypes (of real functions, not macros) of atomic64_*_wrap functions in asm- generic/atomic64.h. If the arch has its own implementation of atomic64, no problems (asm-generic/atomic64.h is not >included), and if
> > CONFIG_GENERIC_ATOMIC64 is set, we just need to implements atomic64_*_wrap functions (in a arch/lib/atomic64.c, for instance).
>
> Why not in lib/atomic64.c? Because this is what would be used in the case when CONFIG_GENERIC_ATOMIC is set. Also, when you say "implement", do you mean actually provide "protected" versions of wrap functions or just wrap functions themselves operating on wrap_t types but providing no difference from non-wrap functions?
>
The point is if CONFIG_GENERIC_ATOMIC64 is unset, asm-
generic/atomic64.h and lib/atomic64.c (see lib/Makefile) are not
included in compilation, therefore we don't care about that: the
architecture has its own implementation of atomic64 (protected and wrap
version).
If CONFIG_GENERIC_ATOMIC64 is set, the common implementation is in
lib/atomic64.c. Therefore, any functions in lib/atomic64.c should be
renamed to be suffixed by _wrap (unprotected versions), and prototypes
with _wrap suffix should be added in asm-generic/atomic64.h.
The protected versions of functions depends of each architecture,
therefore they can't be generic. That why I propose to add implements
them in arch/lib/atomic64.c (or even arch/lib/atomic64_wrap.c, it is
much clear).
And yes, by "implement" I means write "protected" versions. Err... Yes,
in that case, we don't have the "examples" implemented in PAX. But the
other solution would be leave GENERIC_ATOMIC64 unprotected, which is
really unclear from the "user" point-of-view.
If CONFIG_GENERIC_ATOMIC64 is set and CONFIG_HARDENED_ATOMIC is unset,
the implementations in arch/lib/atomic64_wrap.c just does not include
the overflow test on the add/sub operations, like the current protected
arm/x64 implementations.
> Overall, I agree, there is no magic, but IMO definitions are so confusing even without wrap added (local_t and its functions is a good example), that tracking them all down is a pain.
> At some point we used this table to track functions and their definition: https://docs.google.com/spreadsheets/d/12wX-csPY8tnHpQVRKVFPSOoV8o6WXtAwKKTAkx8uUIQ/edit?usp=sharing
> Maybe it can be extended to include more info that people would like to see there.
That would be useful and avoid numerous post-it on my desk :-) Thanks!
Best regards,
Colin
next prev parent reply other threads:[~2016-10-26 8:44 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-20 10:25 [kernel-hardening] [RFC v2 PATCH 00/13] HARDENED_ATOMIC Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 01/13] Add architecture independent hardened atomic base Elena Reshetova
2016-10-24 23:04 ` [kernel-hardening] " Kees Cook
2016-10-25 0:28 ` Kees Cook
2016-10-25 7:57 ` [kernel-hardening] " Reshetova, Elena
2016-10-25 8:51 ` [kernel-hardening] " AKASHI Takahiro
2016-10-25 9:46 ` Hans Liljestrand
2016-10-26 7:38 ` AKASHI Takahiro
2016-10-27 13:47 ` Hans Liljestrand
2016-10-25 18:20 ` Reshetova, Elena
2016-10-25 22:18 ` Kees Cook
2016-10-26 10:27 ` Reshetova, Elena
2016-10-26 20:44 ` Kees Cook
2016-10-25 22:16 ` Kees Cook
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 02/13] percpu-refcount: leave atomic counter unprotected Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 03/13] kernel: identify wrapping atomic usage Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 04/13] mm: " Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 05/13] fs: " Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 06/13] net: " Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 07/13] net: atm: " Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 08/13] security: " Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 09/13] drivers: identify wrapping atomic usage (part 1/2) Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 10/13] drivers: identify wrapping atomic usage (part 2/2) Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 11/13] x86: identify wrapping atomic usage Elena Reshetova
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 12/13] x86: implementation for HARDENED_ATOMIC Elena Reshetova
2016-10-26 5:06 ` AKASHI Takahiro
2016-10-26 6:55 ` David Windsor
2016-10-26 11:15 ` Reshetova, Elena
2016-10-26 20:51 ` Kees Cook
2016-10-26 21:48 ` David Windsor
2016-10-26 21:52 ` Kees Cook
2016-10-20 10:25 ` [kernel-hardening] [RFC v2 PATCH 13/13] lkdtm: add tests for atomic over-/underflow Elena Reshetova
2016-10-24 23:14 ` Kees Cook
2016-10-25 8:56 ` AKASHI Takahiro
2016-10-25 9:04 ` Colin Vidal
2016-10-25 9:11 ` Hans Liljestrand
2016-10-25 18:30 ` Kees Cook
2016-10-20 13:13 ` [kernel-hardening] [RFC v2 PATCH 00/13] HARDENED_ATOMIC Hans Liljestrand
2016-10-24 22:38 ` Kees Cook
2016-10-25 9:05 ` Hans Liljestrand
2016-10-25 17:18 ` Colin Vidal
2016-10-25 17:51 ` David Windsor
2016-10-25 20:53 ` Colin Vidal
2016-10-26 8:17 ` Reshetova, Elena
2016-10-26 8:44 ` Colin Vidal [this message]
2016-10-26 9:46 ` Reshetova, Elena
2016-10-26 18:52 ` Colin Vidal
2016-10-26 19:47 ` Colin Vidal
2016-10-26 19:52 ` Kees Cook
2016-10-26 20:07 ` Colin Vidal
2016-10-27 7:35 ` Reshetova, Elena
2016-10-27 12:00 ` Reshetova, Elena
[not found] ` <CAEXv5_jDAPAqHp7vfOzU+WqN_h3g00_VUOz2_xxp9nJNzzFjxg@mail.gmail.com>
2016-10-27 13:03 ` David Windsor
2016-10-28 13:02 ` Reshetova, Elena
2016-10-28 15:20 ` David Windsor
2016-10-28 19:51 ` Reshetova, Elena
2016-10-29 5:27 ` David Windsor
2016-10-29 10:31 ` Reshetova, Elena
2016-10-29 11:48 ` David Windsor
2016-10-29 17:56 ` Reshetova, Elena
2016-10-29 18:05 ` David Windsor
2016-10-29 18:08 ` Reshetova, Elena
2016-10-28 8:37 ` Colin Vidal
2016-10-26 19:49 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1477471489.2263.107.camel@cvidal.org \
--to=colin@cvidal.org \
--cc=dave@progbits.org \
--cc=elena.reshetova@intel.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.