From: Peter Zijlstra <peterz@infradead.org>
To: David Windsor <dwindsor@gmail.com>
Cc: Liljestrand Hans <ishkamiel@gmail.com>,
"Reshetova, Elena" <elena.reshetova@intel.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Greg KH <gregkh@linuxfoundation.org>,
Kees Cook <keescook@chromium.org>,
"will.deacon@arm.com" <will.deacon@arm.com>,
Boqun Feng <boqun.feng@gmail.com>,
"aik@ozlabs.ru" <aik@ozlabs.ru>,
"david@gibson.dropbear.id.au" <david@gibson.dropbear.id.au>
Subject: [kernel-hardening] Re: Conversion from atomic_t to refcount_t: summary of issues
Date: Wed, 7 Dec 2016 17:26:18 +0100 [thread overview]
Message-ID: <20161207162618.GP3124@twins.programming.kicks-ass.net> (raw)
In-Reply-To: <CAEXv5_ia+iR_4k0Tc-isv=q0o8QKEeJwJ0nGBptwESj7rJra3g@mail.gmail.com>
On Wed, Dec 07, 2016 at 10:59:47AM -0500, David Windsor wrote:
> On Wed, Dec 7, 2016 at 8:52 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> > All in all I'm not inclined to add {add,sub.inc,dec}_return() to
> > refcount, as previously stated, they don't make sense.
>
> Is the plan now to audit all {add,sub,inc,dec}_return() call sites?
> This should probably happen anyway, due to the amount of funkiness
> uncovered by Hans' mini-audit. Then we can rewrite actual reference
> counting code that calls the unsupported {add,sub,inc,dec}_return() to
> use something else?
The ip_vs_dest cache thing would receive 2 patches, one doing the global
+1, the second conversion to refcount_t.
For BPF we'd need to talk to Alexei to see if the custom limit still
makes sense, but I'd be inclined to simply drop that in the refcount_t
conversion.
As to the tty and usb-gadget ones, those constructs are actually racy,
but I'm not sure the races matter. But I would certainly prefer to
rework then to be race-free.
But I wouldn't go so far as to audit all *_return calls, just those that
pop up while hunting refcounts.
next prev parent reply other threads:[~2016-12-07 16:26 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-28 11:56 [kernel-hardening] Conversion from atomic_t to refcount_t: summary of issues Reshetova, Elena
2016-11-28 12:13 ` [kernel-hardening] " Peter Zijlstra
2016-11-28 12:44 ` Peter Zijlstra
2016-11-28 12:48 ` Peter Zijlstra
2016-11-28 14:12 ` [kernel-hardening] " Reshetova, Elena
2016-11-29 3:19 ` [kernel-hardening] " Alexey Kardashevskiy
2016-11-29 9:31 ` Peter Zijlstra
2016-11-30 0:23 ` Alexey Kardashevskiy
2016-11-29 15:35 ` [kernel-hardening] " Reshetova, Elena
2016-11-29 15:47 ` Peter Zijlstra
2016-12-01 19:15 ` [kernel-hardening] " Peter Zijlstra
2016-12-01 21:31 ` David Windsor
2016-12-01 23:03 ` Peter Zijlstra
2016-12-01 23:20 ` Kees Cook
2016-12-01 23:29 ` David Windsor
2016-12-02 1:17 ` Boqun Feng
2016-12-02 20:25 ` David Windsor
2016-12-07 13:24 ` Peter Zijlstra
2016-12-07 19:03 ` David Windsor
2016-12-09 14:48 ` David Windsor
2016-12-07 13:36 ` Peter Zijlstra
2016-12-01 23:20 ` David Windsor
2016-12-07 13:21 ` Peter Zijlstra
2016-12-02 15:44 ` Liljestrand Hans
2016-12-02 16:14 ` Greg KH
2016-12-07 13:52 ` Peter Zijlstra
2016-12-07 15:59 ` David Windsor
2016-12-07 16:26 ` Peter Zijlstra [this message]
2016-12-07 16:31 ` David Windsor
2016-12-16 12:10 ` [kernel-hardening] " Reshetova, Elena
2016-12-16 14:01 ` [kernel-hardening] " Peter Zijlstra
2016-12-19 7:55 ` [kernel-hardening] " Reshetova, Elena
2016-12-19 10:12 ` [kernel-hardening] " Peter Zijlstra
2016-12-20 9:13 ` [kernel-hardening] " Reshetova, Elena
2016-12-20 9:30 ` [kernel-hardening] " Greg KH
2016-12-20 9:40 ` [kernel-hardening] " Reshetova, Elena
2016-12-20 9:51 ` [kernel-hardening] " Greg KH
2016-12-20 9:55 ` [kernel-hardening] " Reshetova, Elena
2016-12-20 10:26 ` [kernel-hardening] " Greg KH
2016-12-20 9:41 ` Peter Zijlstra
2016-12-20 9:58 ` [kernel-hardening] " Reshetova, Elena
2016-12-20 10:55 ` [kernel-hardening] " Liljestrand Hans
2016-12-20 13:13 ` Peter Zijlstra
2016-12-20 13:35 ` Reshetova, Elena
2016-12-20 15:20 ` Liljestrand Hans
2016-12-20 15:52 ` Peter Zijlstra
2017-01-10 14:58 ` Peter Zijlstra
2016-12-07 14:13 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161207162618.GP3124@twins.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=aik@ozlabs.ru \
--cc=boqun.feng@gmail.com \
--cc=david@gibson.dropbear.id.au \
--cc=dwindsor@gmail.com \
--cc=elena.reshetova@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=ishkamiel@gmail.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.