All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: Roland Dreier <roland@purestorage.com>
Cc: Djalal Harouni <tixxdz@opendz.org>,
	Vasiliy Kulikov <segoon@openwall.com>,
	kernel-hardening@lists.openwall.com,
	Kees Cook <keescook@chromium.org>,
	Ubuntu security discussion <ubuntu-hardened@lists.ubuntu.com>,
	linux-kernel@vger.kernel.org, David Windsor <dwindsor@gmail.com>,
	pageexec@freemail.hu, spender@grsecurity.net
Subject: Re: [kernel-hardening] Re: Add overflow protection to kref
Date: Sat, 18 Feb 2012 08:18:49 -0800	[thread overview]
Message-ID: <20120218161849.GA4176@kroah.com> (raw)
In-Reply-To: <CAL1RGDWM0C26YR+GGbguRQd0R3HoPJ5QVyEFkLGFfPqs6wb5Mg@mail.gmail.com>

On Fri, Feb 17, 2012 at 05:44:57PM -0800, Roland Dreier wrote:
> On Fri, Feb 17, 2012 at 3:39 PM, Djalal Harouni <tixxdz@opendz.org> wrote:
> >> 2) what to do with architectures-loosers?
> > There is lib/atomic64.c but with a static hashed array of raw_spinlocks.
> 
> Even leaving aside performance impact of atomic64_t (and probably
> in most cases the performance of kref is not important at all), it is
> unfortunate to bloat the size from 4 bytes to 8 bytes.
> 
> It seems much better to have some out-of-line code for overflow
> checking rather than increasing the size of every data structure
> that embeds a kref.

Please realize that kref is an in-line structure now.

> Greg, I'm not sure why you're opposed to adding this checking...
> it's pretty clear that buggy error paths that forget to do a put are
> pretty common and will continue to be common in new code, and
> making them harder to exploit seems pretty sane to me.
> 
> What's the downside?

The downside is that there has not even been a patch sent for any of
this.  Combine that with a lack of understanding about reference
counting and atomic_t usages in the kernel, and the whole thing is ripe
for misunderstanding and confusion.

greg k-h

  parent reply	other threads:[~2012-02-18 16:18 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-16 14:02 [kernel-hardening] Add overflow protection to kref David Windsor
2012-02-16 20:45 ` [kernel-hardening] " Kees Cook
2012-02-16 20:45   ` Kees Cook
2012-02-17  0:24   ` [kernel-hardening] " Greg Kroah-Hartman
2012-02-17  0:24     ` Greg Kroah-Hartman
2012-02-17  1:06     ` [kernel-hardening] " Kees Cook
2012-02-17  1:06       ` Kees Cook
2012-02-17  1:40       ` [kernel-hardening] " Greg KH
2012-02-17  1:40         ` Greg KH
2012-02-17  2:11         ` [kernel-hardening] Re: [ubuntu-hardened] " Kees Cook
2012-02-17  2:11           ` Kees Cook
2012-02-17  2:48           ` [kernel-hardening] " David Windsor
2012-02-17  2:48             ` David Windsor
2012-02-17  3:32             ` [kernel-hardening] " Greg KH
2012-02-17  3:32               ` Greg KH
2012-02-17  6:33             ` [kernel-hardening] " Alexey Dobriyan
2012-02-17  6:33               ` Alexey Dobriyan
2012-02-17 13:23         ` [kernel-hardening] " pageexec
2012-02-17 13:23           ` pageexec
2012-02-17  7:59     ` [kernel-hardening] " Vasiliy Kulikov
2012-02-17  7:59       ` Vasiliy Kulikov
2012-02-17 17:53       ` Greg KH
2012-02-17 17:54       ` Greg KH
2012-02-17 19:37         ` Vasiliy Kulikov
2012-02-17 23:39           ` Djalal Harouni
2012-02-18  1:44             ` Roland Dreier
2012-02-18 16:15               ` David Windsor
2012-02-18 16:35                 ` Vasiliy Kulikov
2012-02-18 16:18               ` Greg KH [this message]
2012-02-24 17:58                 ` David Windsor
2012-02-24 18:37                   ` Greg KH
2012-02-24 18:52                     ` Kees Cook
2012-02-24 19:05                       ` Nick Bowler
2012-02-24 19:13                         ` Vasiliy Kulikov
2012-02-24 19:35                           ` Nick Bowler
2012-02-24 21:59                           ` PaX Team
2012-02-24 18:58                     ` Vasiliy Kulikov
2012-02-24 19:41                       ` Greg KH
2012-02-24 20:04                         ` Kees Cook
2012-02-24 19:04                     ` David Windsor
2012-02-24 22:14                       ` PaX Team

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120218161849.GA4176@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=dwindsor@gmail.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pageexec@freemail.hu \
    --cc=roland@purestorage.com \
    --cc=segoon@openwall.com \
    --cc=spender@grsecurity.net \
    --cc=tixxdz@opendz.org \
    --cc=ubuntu-hardened@lists.ubuntu.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.