From: "Tobin C. Harding" <me@tobin.cc>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: kernel-hardening@lists.openwall.com,
Theodore Ts'o <tytso@mit.edu>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Tycho Andersen <tycho@docker.com>,
"Roberts, William C" <william.c.roberts@intel.com>,
Tejun Heo <tj@kernel.org>,
Jordan Glover <Golden_Miller83@protonmail.ch>,
Greg KH <gregkh@linuxfoundation.org>,
Petr Mladek <pmladek@suse.com>, Joe Perches <joe@perches.com>,
Ian Campbell <ijc@hellion.org.uk>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <wilal.deacon@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@google.com>,
Daniel Micay <danielmicay@gmail.com>,
Djalal Harouni <tixxdz@gmail.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: [kernel-hardening] Re: [PATCH v7] printk: hash addresses printed with %p
Date: Wed, 25 Oct 2017 21:05:59 +1100 [thread overview]
Message-ID: <20171025100559.GH15832@eros> (raw)
In-Reply-To: <CAHmME9rZE0oSOq6KecY1pTMsJa4dK2sCyuMRZbFjnamZkHXViA@mail.gmail.com>
On Wed, Oct 25, 2017 at 06:00:21AM +0200, Jason A. Donenfeld wrote:
> On Wed, Oct 25, 2017 at 5:49 AM, Tobin C. Harding <me@tobin.cc> wrote:
> > static_branch_disable(&no_ptr_secret) : Doesn't sleep, just atomic read
> > and set and maybe a WARN_ONCE.
>
> Are you sure about that? I just looked myself, and though there is a
> !HAVE_JUMP_LABEL ifdef that does what you described, there's also a
> HAVE_JUMP_LABEL that takes a mutex, which sleeps:
>
> static_branch_disable
> static_key_disable
> cpus_read_lock
> percpu_down_read
> percpu_down_read_preempt_disable
> might_sleep
Hilarious, the actual function name is 'might_sleep' and I missed it. I
love being wrong, it means I'm learning. Thanks for taking the time to
point this out.
> > Now for the 'executes from process context' stuff.
>
> Er, sorry, I meant to write non-process context in my original
> message, which is generally where you're worried about sleeping.
Tomorrow I'm going to re-read 'sleeping' sections from ldd3 and Love.
> > If the callback mechanism is utilized (i.e print before randomness is
> > ready) then the call back will be executed the next time the randomness
> > pool gets added to
>
> So it sounds to me like this might be called in non-process context.
> Disaster. I realize the static_key thing was my idea in the original
> email, so sorry for leading you astray.
You bastard.
> But moving to do this in
> early_initcall wound up fixing other issues too, so all and all a net
> good in going this direction.
I wanted to know how to do this since Linus said 'boot time variable' in
one of the first comments on this topic. So I'm super glad you pointed
it out.
> Two options: you stick with static_branch, because it's cool and speed
> is fun, and work around all of the above with a call to queue_work so
> that static_branch_enable is called only from process context.
>
> Or, you give up on static_key, because it's not actually super
> necessary, and instead just use an atomic, and reason that using `if
> (unlikely(!atomic_read(&whatever)))` is probably good enough. In this
> option, the code would be pretty much the same as v7, except you'd
> s/static_branch/atomic_t/, and change the helpers, etc. This is
> probably the more reasonable way.
I'm going to sleep, then re-reading these bits.
thanks Jason, appreciate your input big time.
Cheers,
Tobin.
WARNING: multiple messages have this Message-ID (diff)
From: "Tobin C. Harding" <me@tobin.cc>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: kernel-hardening@lists.openwall.com,
"Theodore Ts'o" <tytso@mit.edu>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Tycho Andersen <tycho@docker.com>,
"Roberts, William C" <william.c.roberts@intel.com>,
Tejun Heo <tj@kernel.org>,
Jordan Glover <Golden_Miller83@protonmail.ch>,
Greg KH <gregkh@linuxfoundation.org>,
Petr Mladek <pmladek@suse.com>, Joe Perches <joe@perches.com>,
Ian Campbell <ijc@hellion.org.uk>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <wilal.deacon@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@google.com>,
Daniel Micay <danielmicay@gmail.com>,
Djalal Harouni <tixxdz@gmail.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v7] printk: hash addresses printed with %p
Date: Wed, 25 Oct 2017 21:05:59 +1100 [thread overview]
Message-ID: <20171025100559.GH15832@eros> (raw)
In-Reply-To: <CAHmME9rZE0oSOq6KecY1pTMsJa4dK2sCyuMRZbFjnamZkHXViA@mail.gmail.com>
On Wed, Oct 25, 2017 at 06:00:21AM +0200, Jason A. Donenfeld wrote:
> On Wed, Oct 25, 2017 at 5:49 AM, Tobin C. Harding <me@tobin.cc> wrote:
> > static_branch_disable(&no_ptr_secret) : Doesn't sleep, just atomic read
> > and set and maybe a WARN_ONCE.
>
> Are you sure about that? I just looked myself, and though there is a
> !HAVE_JUMP_LABEL ifdef that does what you described, there's also a
> HAVE_JUMP_LABEL that takes a mutex, which sleeps:
>
> static_branch_disable
> static_key_disable
> cpus_read_lock
> percpu_down_read
> percpu_down_read_preempt_disable
> might_sleep
Hilarious, the actual function name is 'might_sleep' and I missed it. I
love being wrong, it means I'm learning. Thanks for taking the time to
point this out.
> > Now for the 'executes from process context' stuff.
>
> Er, sorry, I meant to write non-process context in my original
> message, which is generally where you're worried about sleeping.
Tomorrow I'm going to re-read 'sleeping' sections from ldd3 and Love.
> > If the callback mechanism is utilized (i.e print before randomness is
> > ready) then the call back will be executed the next time the randomness
> > pool gets added to
>
> So it sounds to me like this might be called in non-process context.
> Disaster. I realize the static_key thing was my idea in the original
> email, so sorry for leading you astray.
You bastard.
> But moving to do this in
> early_initcall wound up fixing other issues too, so all and all a net
> good in going this direction.
I wanted to know how to do this since Linus said 'boot time variable' in
one of the first comments on this topic. So I'm super glad you pointed
it out.
> Two options: you stick with static_branch, because it's cool and speed
> is fun, and work around all of the above with a call to queue_work so
> that static_branch_enable is called only from process context.
>
> Or, you give up on static_key, because it's not actually super
> necessary, and instead just use an atomic, and reason that using `if
> (unlikely(!atomic_read(&whatever)))` is probably good enough. In this
> option, the code would be pretty much the same as v7, except you'd
> s/static_branch/atomic_t/, and change the helpers, etc. This is
> probably the more reasonable way.
I'm going to sleep, then re-reading these bits.
thanks Jason, appreciate your input big time.
Cheers,
Tobin.
next prev parent reply other threads:[~2017-10-25 10:05 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-25 4:00 [kernel-hardening] Re: [PATCH v7] printk: hash addresses printed with %p Jason A. Donenfeld
2017-10-25 4:00 ` Jason A. Donenfeld
2017-10-25 10:05 ` Tobin C. Harding [this message]
2017-10-25 10:05 ` Tobin C. Harding
2017-10-25 22:27 ` [kernel-hardening] " Tobin C. Harding
2017-10-25 22:27 ` Tobin C. Harding
2017-10-25 22:59 ` [kernel-hardening] " Jason A. Donenfeld
2017-10-25 22:59 ` Jason A. Donenfeld
2017-10-25 23:11 ` [kernel-hardening] " Tobin C. Harding
2017-10-25 23:11 ` Tobin C. Harding
2017-10-26 7:00 ` [kernel-hardening] " Greg KH
2017-10-26 7:00 ` Greg KH
2017-10-26 9:10 ` [kernel-hardening] " Tobin C. Harding
2017-10-26 9:10 ` Tobin C. Harding
-- strict thread matches above, loose matches on Subject: below --
2017-10-23 22:33 [kernel-hardening] " Tobin C. Harding
2017-10-23 23:00 ` [kernel-hardening] " Jason A. Donenfeld
2017-10-24 0:31 ` Tobin C. Harding
2017-10-24 11:25 ` Jason A. Donenfeld
2017-10-24 20:45 ` Tobin C. Harding
2017-10-25 3:49 ` Tobin C. Harding
2017-10-30 20:22 ` Steven Rostedt
2017-10-30 21:24 ` Tobin C. Harding
2017-10-31 14:22 ` Jason A. Donenfeld
2017-10-24 19:25 ` Rasmus Villemoes
2017-10-24 21:52 ` Tobin C. Harding
2017-10-24 23:57 ` Tobin C. Harding
2017-10-25 19:02 ` Rasmus Villemoes
2017-10-25 22:14 ` Tobin C. Harding
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171025100559.GH15832@eros \
--to=me@tobin.cc \
--cc=Golden_Miller83@protonmail.ch \
--cc=Jason@zx2c4.com \
--cc=catalin.marinas@arm.com \
--cc=cfries@google.com \
--cc=danielmicay@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=ijc@hellion.org.uk \
--cc=joe@perches.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olorin@google.com \
--cc=pbonzini@redhat.com \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky@gmail.com \
--cc=tixxdz@gmail.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tycho@docker.com \
--cc=tytso@mit.edu \
--cc=wilal.deacon@arm.com \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.