From: Arvind Sankar <nivedita@alum.mit.edu>
To: Kees Cook <keescook@chromium.org>
Cc: Arvind Sankar <nivedita@alum.mit.edu>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 7/8] x86/kaslr: Clean up slot handling
Date: Tue, 28 Jul 2020 16:04:45 -0400 [thread overview]
Message-ID: <20200728200445.GC4150860@rani.riverdale.lan> (raw)
In-Reply-To: <202007281228.B5011DC7@keescook>
On Tue, Jul 28, 2020 at 12:34:45PM -0700, Kees Cook wrote:
> On Mon, Jul 27, 2020 at 07:08:00PM -0400, Arvind Sankar wrote:
> > The number of slots and slot areas can be unsigned int, since on 64-bit,
> > the maximum amount of memory is 2^52, the minimum alignment is 2^21, so
> > the slot number cannot be greater than 2^31. The slot areas are limited
> > by MAX_SLOT_AREA, currently 100. Replace the type used for slot number,
> > which is currently a mix of int and unsigned long, with unsigned int
> > consistently.
>
> I think it's good to standardize the type, but let's go to unsigned long
> then we don't have to think about this again in the future.
Ok, I can do that instead.
>
> > Drop unnecessary check that number of slots is not zero in
> > store_slot_info, it's guaranteed to be at least 1 by the calculation.
> >
> > Drop unnecessary alignment of image_size to CONFIG_PHYSICAL_ALIGN in
> > find_random_virt_addr, it cannot change the result: the largest valid
> > slot is the largest n that satisfies
>
> I view all of these things as robustness checks. It doesn't hurt to do
> these checks and it'll avoid crashing into problems if future
> refactoring breaks assumptions.
Well, at least the first one should really be unnecessary: the previous
line sets it as 1 + x. When I see that it actually confuses me: I think
I must be missing some edge case where it could be zero.
The second one is also unnecessary, but I agree it might require a bit
of analysis to see that it is.
> > - slots = (KERNEL_IMAGE_SIZE - minimum - image_size) /
> > - CONFIG_PHYSICAL_ALIGN + 1;
> > + slots = 1 + (KERNEL_IMAGE_SIZE - minimum - image_size) / CONFIG_PHYSICAL_ALIGN;
>
> These are the same -- why change the code?
>
It's just reformatting now that we can have more than 80-column lines. I
think it's clearer this way, more obvious that you're dividing by
CONFIG_PHYSICAL_ALIGN and adding one, rather than "did he forget the
parentheses here".
next prev parent reply other threads:[~2020-07-28 20:04 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-27 21:50 [PATCH 0/8] x86/kaslr: Cleanup and small bugfixes Arvind Sankar
2020-07-27 21:50 ` [PATCH 1/8] x86/kaslr: Make command line handling safer Arvind Sankar
2020-07-27 21:50 ` [PATCH 2/8] x86/kaslr: Remove bogus warning and unnecessary goto Arvind Sankar
2020-07-27 21:50 ` [PATCH 3/8] x86/kaslr: Fix process_efi_entries comment Arvind Sankar
2020-07-27 21:50 ` [PATCH 4/8] x86/kaslr: Initialize mem_limit to the real maximum address Arvind Sankar
2020-07-27 21:50 ` [PATCH 5/8] x86/kaslr: Simplify __process_mem_region Arvind Sankar
2020-07-28 10:57 ` Ingo Molnar
2020-07-27 21:50 ` [PATCH 6/8] x86/kaslr: Simplify process_gb_huge_pages Arvind Sankar
2020-07-28 10:58 ` Ingo Molnar
2020-07-27 21:50 ` [PATCH 7/8] x86/kaslr: Clean up slot handling Arvind Sankar
2020-07-28 10:59 ` Ingo Molnar
2020-07-27 21:50 ` [PATCH 8/8] x86/kaslr: Don't use 64-bit mem_vector for 32-bit kernel Arvind Sankar
2020-07-28 11:05 ` Ingo Molnar
2020-07-27 23:07 ` [PATCH v2 0/8] x86/kaslr: Cleanup and small bugfixes Arvind Sankar
2020-07-28 11:06 ` Ingo Molnar
2020-07-28 14:24 ` Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 00/21] " Arvind Sankar
2020-07-30 18:02 ` Arvind Sankar
2020-07-31 9:21 ` Ingo Molnar
2020-07-31 23:33 ` Kees Cook
2020-08-03 1:15 ` [PATCH 0/1] x86/kaslr: Replace strlen with strnlen Arvind Sankar
2020-08-03 1:15 ` [PATCH 1/1] " Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Replace strlen() with strnlen() tip-bot2 for Arvind Sankar
2020-08-14 22:47 ` [PATCH v3 00/21] x86/kaslr: Cleanup and small bugfixes Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 01/21] x86/kaslr: Make command line handling safer Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 02/21] x86/kaslr: Remove bogus warning and unnecessary goto Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 03/21] x86/kaslr: Fix process_efi_entries comment Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 04/21] x86/kaslr: Initialize mem_limit to the real maximum address Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 05/21] x86/kaslr: Fix off-by-one error in __process_mem_region Arvind Sankar
2020-08-06 23:39 ` [tip: x86/kaslr] x86/kaslr: Fix off-by-one error in __process_mem_region() tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 06/21] x86/kaslr: Drop redundant cur_entry from __process_mem_region Arvind Sankar
2020-08-06 23:39 ` [tip: x86/kaslr] x86/kaslr: Drop redundant cur_entry from __process_mem_region() tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 07/21] x86/kaslr: Eliminate start_orig from __process_mem_region Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Eliminate 'start_orig' local variable from __process_mem_region() tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 08/21] x86/kaslr: Drop redundant variable in __process_mem_region Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Drop redundant variable in __process_mem_region() tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 09/21] x86/kaslr: Drop some redundant checks from __process_mem_region Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Drop some redundant checks from __process_mem_region() tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 10/21] x86/kaslr: Fix off-by-one error in process_gb_huge_pages Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Fix off-by-one error in process_gb_huge_pages() tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 11/21] x86/kaslr: Short-circuit gb_huge_pages on x86-32 Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 12/21] x86/kaslr: Simplify process_gb_huge_pages Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Simplify process_gb_huge_pages() tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 13/21] x86/kaslr: Drop test for command-line parameters before parsing Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 14/21] x86/kaslr: Make the type of number of slots/slot areas consistent Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 15/21] x86/kaslr: Drop redundant check in store_slot_info Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Drop redundant check in store_slot_info() tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 16/21] x86/kaslr: Drop unnecessary alignment in find_random_virt_addr Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Drop unnecessary alignment in find_random_virt_addr() tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 17/21] x86/kaslr: Small cleanup of find_random_phys_addr Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Small cleanup of find_random_phys_addr() tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 18/21] x86/kaslr: Make minimum/image_size unsigned long Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Make minimum/image_size 'unsigned long' tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 19/21] x86/kaslr: Replace unsigned long long with u64 Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] x86/kaslr: Replace 'unsigned long long' with 'u64' tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 20/21] x86/kaslr: Make local variables 64-bit Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-28 22:57 ` [PATCH v3 21/21] x86/kaslr: Add a check that the random address is in range Arvind Sankar
2020-08-06 23:38 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-27 23:07 ` [PATCH v2 1/8] x86/kaslr: Make command line handling safer Arvind Sankar
2020-07-28 12:29 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-28 18:26 ` [PATCH v2 1/8] " Kees Cook
2020-08-06 23:39 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-27 23:07 ` [PATCH v2 2/8] x86/kaslr: Remove bogus warning and unnecessary goto Arvind Sankar
2020-07-28 12:29 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-28 18:26 ` [PATCH v2 2/8] " Kees Cook
2020-08-06 23:39 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-27 23:07 ` [PATCH v2 3/8] x86/kaslr: Fix process_efi_entries comment Arvind Sankar
2020-07-28 12:29 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-28 18:27 ` [PATCH v2 3/8] " Kees Cook
2020-08-06 23:39 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-27 23:07 ` [PATCH v2 4/8] x86/kaslr: Initialize mem_limit to the real maximum address Arvind Sankar
2020-07-28 12:29 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-28 18:49 ` [PATCH v2 4/8] " Kees Cook
2020-08-06 23:39 ` [tip: x86/kaslr] " tip-bot2 for Arvind Sankar
2020-07-27 23:07 ` [PATCH v2 5/8] x86/kaslr: Simplify __process_mem_region Arvind Sankar
2020-07-28 19:25 ` Kees Cook
2020-07-28 19:42 ` Arvind Sankar
2020-07-27 23:07 ` [PATCH v2 6/8] x86/kaslr: Simplify process_gb_huge_pages Arvind Sankar
2020-07-28 19:27 ` Kees Cook
2020-07-28 19:45 ` Arvind Sankar
2020-07-28 20:13 ` Kees Cook
2020-07-27 23:08 ` [PATCH v2 7/8] x86/kaslr: Clean up slot handling Arvind Sankar
2020-07-28 19:34 ` Kees Cook
2020-07-28 20:04 ` Arvind Sankar [this message]
2020-07-27 23:08 ` [PATCH v2 8/8] x86/kaslr: Don't use 64-bit mem_vector for 32-bit kernel Arvind Sankar
2020-07-28 19:37 ` Kees Cook
2020-07-28 20:08 ` Arvind Sankar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200728200445.GC4150860@rani.riverdale.lan \
--to=nivedita@alum.mit.edu \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).