From: Cyrill Gorcunov <gorcunov@openvz.org>
To: Jonathan Corbet <corbet@lwn.net>
Cc: linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Pavel Emelyanov <xemul@parallels.com>,
Serge Hallyn <serge.hallyn@canonical.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Kees Cook <keescook@chromium.org>, Tejun Heo <tj@kernel.org>,
Andrew Vagin <avagin@openvz.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Andi Kleen <andi@firstfloor.org>,
KOSAKI Motohiro <kosaki.motohiro@gmail.com>,
Ingo Molnar <mingo@elte.hu>, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Glauber Costa <glommer@parallels.com>,
Matt Helsley <matthltc@us.ibm.com>,
Pekka Enberg <penberg@kernel.org>,
Eric Dumazet <eric.dumazet@gmail.com>,
Vasiliy Kulikov <segoon@openwall.com>,
Valdis.Kletnieks@vt.edu
Subject: Re: [patch cr 2/4] [RFC] syscalls, x86: Add __NR_kcmp syscall v7
Date: Tue, 31 Jan 2012 01:07:02 +0400 [thread overview]
Message-ID: <20120130210702.GG4282@moon> (raw)
In-Reply-To: <20120130125812.0075dd04@dt>
On Mon, Jan 30, 2012 at 12:58:12PM -0700, Jonathan Corbet wrote:
> Just a couple of silly little things that came to mind while I was looking
> at the code...
>
> > +/*
> > + * We don't expose real in-memory order of objects for security
> > + * reasons, still the comparision results should be suitable for
> > + * sorting. Thus, we obfuscate kernel pointers values (using random
> > + * cookies obtaned at early boot stage) and compare the production
> > + * instead.
> > + */
> > +static unsigned long cookies[KCMP_TYPES][2] __read_mostly;
> > +
> > +static long kptr_obfuscate(long v, int type)
> > +{
> > + return (v ^ cookies[type][0]) * cookies[type][1];
> > +}
>
> I don't understand the purpose of this at all. Obfuscation will cause a
> random shuffling in the ordering of the pointers - it's intended to - so
> how is the result "suitable for sorting"? More to the point, is there
> ever a time when a user of this will care about some contrived ordering
> value? It seems like equality is all that really matters.
>
It won't be completely random shuffling but rather re-ordering in some
new order, which means the results might be passed to qsort or anything.
And yes, in c/r we need at least this "re-ordered" order which will help
to figure out shared file descriptors in case of huge number of files opened.
> > +
> > +/*
> > + * 0 - equal
> > + * 1 - less than
> > + * 2 - greater than
> > + * 3 - not equal but ordering unavailable (reserved for future)
> > + */
> > +static int kcmp_ptr(void *v1, void *v2, enum kcmp_type type)
> > +{
> > + long ret;
> > +
> > + ret = kptr_obfuscate((long)v1, type) - kptr_obfuscate((long)v2, type);
> > +
> > + return (ret < 0) | ((ret > 0) << 1);
> > +}
>
> That's a cute trick, but do we know that every compiler that will ever see
> this code will use 1 for a true integer comparison? Simply spelling it
> out with an if statement might be more robust, just as efficient, and, at
> the same time, easier for others to understand.
Well, I believe if this become true, and (ret < 0) wont emit 1 -- the
number of places in kernel will be broken as well (for example see
math_div() function). But of course I don't insist and can rewrite
this code in straight fashion if needed.
Cyrill
next prev parent reply other threads:[~2012-01-30 21:07 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-30 14:09 [patch cr 0/4] [patch cr 0/@total@] Cyrill Gorcunov
2012-01-30 14:09 ` [patch cr 1/4] fs, proc: Introduce /proc/<pid>/task/<tid>/children entry v9 Cyrill Gorcunov
2012-01-30 14:09 ` [patch cr 2/4] [RFC] syscalls, x86: Add __NR_kcmp syscall v7 Cyrill Gorcunov
2012-01-30 19:58 ` Jonathan Corbet
2012-01-30 21:07 ` Cyrill Gorcunov [this message]
2012-01-30 21:11 ` H. Peter Anvin
2012-02-02 23:26 ` Andrew Morton
2012-02-03 2:27 ` H. Peter Anvin
2012-02-03 7:09 ` Cyrill Gorcunov
2012-02-03 7:46 ` Ingo Molnar
2012-02-03 8:35 ` Cyrill Gorcunov
2012-02-03 9:09 ` Ingo Molnar
2012-02-03 9:22 ` Andrew Morton
2012-02-03 9:28 ` Cyrill Gorcunov
2012-02-03 17:32 ` H. Peter Anvin
2012-02-03 17:35 ` H. Peter Anvin
2012-02-03 17:42 ` Cyrill Gorcunov
2012-02-03 9:52 ` Ingo Molnar
2012-02-03 10:07 ` [PATCH] SubmittingPatches: Increase the line length limit from 80 to 100 colums Ingo Molnar
2012-02-03 10:17 ` Pekka Enberg
2012-02-03 10:23 ` Cyrill Gorcunov
2012-02-03 10:40 ` Alexey Dobriyan
2012-02-03 16:13 ` Tejun Heo
2012-02-03 16:39 ` hpanvin@gmail.com
2012-02-03 17:56 ` Andi Kleen
2012-02-03 20:57 ` Andrew Morton
2012-02-03 21:00 ` H. Peter Anvin
2012-02-03 21:06 ` H. Peter Anvin
2012-02-04 13:08 ` Ingo Molnar
2012-02-03 21:27 ` Linus Torvalds
2012-02-03 23:20 ` [PATCH] checkpatch: Warn on code with 6+ tab indentation Joe Perches
2012-02-04 1:27 ` Linus Torvalds
2012-02-04 1:33 ` Joe Perches
2012-02-04 3:09 ` Linus Torvalds
2012-02-04 3:21 ` Joe Perches
2012-02-04 3:35 ` Linus Torvalds
2012-02-04 3:58 ` Joe Perches
2012-02-04 1:37 ` Andrew Morton
2012-02-04 2:40 ` Eric W. Biederman
2012-02-04 2:46 ` Joe Perches
2012-02-04 4:45 ` Tony Luck
2012-02-04 4:53 ` Joe Perches
2012-02-04 13:03 ` [PATCH, v2] checkpatch: Warn on code with 6+ tab indentation, remove 80col warning Ingo Molnar
2012-02-04 16:22 ` Joe Perches
2012-02-04 18:02 ` Ingo Molnar
2012-02-04 18:48 ` Joe Perches
2012-02-04 18:54 ` Pekka Enberg
2012-02-04 19:27 ` Joe Perches
2012-02-04 19:32 ` Pekka Enberg
2012-02-05 11:38 ` Ingo Molnar
2012-02-05 16:21 ` Joe Perches
2012-02-05 18:13 ` Ingo Molnar
2012-02-05 19:01 ` [PATCH] checkpatch: Add line-length options, set default to 100 Joe Perches
2012-02-06 12:36 ` Dan Carpenter
2012-02-04 1:24 ` [PATCH] SubmittingPatches: Increase the line length limit from 80 to 100 colums Randy Dunlap
2012-02-09 21:55 ` Jan Engelhardt
2012-02-09 22:09 ` Joe Perches
2012-02-09 22:30 ` Mark Brown
2012-01-30 14:09 ` [patch cr 3/4] c/r: procfs: add arg_start/end, env_start/end and exit_code members to /proc/$pid/stat Cyrill Gorcunov
2012-02-02 23:26 ` Andrew Morton
2012-02-03 7:11 ` Cyrill Gorcunov
2012-01-30 14:09 ` [patch cr 4/4] c/r: prctl: Extend PR_SET_MM to set up more mm_struct entries Cyrill Gorcunov
2012-02-02 23:27 ` Andrew Morton
2012-02-03 7:18 ` Cyrill Gorcunov
2012-02-02 23:26 ` [patch cr 0/4] [patch cr 0/@total@] Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120130210702.GG4282@moon \
--to=gorcunov@openvz.org \
--cc=Valdis.Kletnieks@vt.edu \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=avagin@openvz.org \
--cc=corbet@lwn.net \
--cc=ebiederm@xmission.com \
--cc=eric.dumazet@gmail.com \
--cc=glommer@parallels.com \
--cc=hpa@zytor.com \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=keescook@chromium.org \
--cc=kosaki.motohiro@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=matthltc@us.ibm.com \
--cc=mingo@elte.hu \
--cc=penberg@kernel.org \
--cc=segoon@openwall.com \
--cc=serge.hallyn@canonical.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.