From: Andrew Morton <akpm@linux-foundation.org>
To: Kees Cook <keescook@chromium.org>
Cc: linux-hardening@vger.kernel.org,
Elena Reshetova <elena.reshetova@intel.com>,
David Windsor <dwindsor@gmail.com>,
Hans Liljestrand <ishkamiel@gmail.com>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Anna Schumaker <anna@kernel.org>,
Chuck Lever <chuck.lever@oracle.com>,
Jeff Layton <jlayton@kernel.org>, Neil Brown <neilb@suse.de>,
Olga Kornievskaia <kolga@netapp.com>,
Dai Ngo <Dai.Ngo@oracle.com>, Tom Talpey <tom@talpey.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Alexey Gladkov <legion@kernel.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Yu Zhao <yuzhao@google.com>,
linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org,
netdev@vger.kernel.org
Subject: Re: [PATCH v2] creds: Convert cred.usage to refcount_t
Date: Fri, 18 Aug 2023 10:55:42 -0700 [thread overview]
Message-ID: <20230818105542.a6b7c41c47d4c6b9ff2e8839@linux-foundation.org> (raw)
In-Reply-To: <20230818041740.gonna.513-kees@kernel.org>
On Thu, 17 Aug 2023 21:17:41 -0700 Kees Cook <keescook@chromium.org> wrote:
> From: Elena Reshetova <elena.reshetova@intel.com>
>
> atomic_t variables are currently used to implement reference counters
> with the following properties:
> - counter is initialized to 1 using atomic_set()
> - a resource is freed upon counter reaching zero
> - once counter reaches zero, its further
> increments aren't allowed
> - counter schema uses basic atomic operations
> (set, inc, inc_not_zero, dec_and_test, etc.)
>
> Such atomic variables should be converted to a newly provided
> refcount_t type and API that prevents accidental counter overflows and
> underflows. This is important since overflows and underflows can lead
> to use-after-free situation and be exploitable.
ie, if we have bugs which we have no reason to believe presently exist,
let's bloat and slow down the kernel just in case we add some in the
future? Or something like that. dangnabbit, that refcount_t.
x86_64 defconfig:
before:
text data bss dec hex filename
3869 552 8 4429 114d kernel/cred.o
6140 724 16 6880 1ae0 net/sunrpc/auth.o
after:
text data bss dec hex filename
4573 552 8 5133 140d kernel/cred.o
6236 724 16 6976 1b40 net/sunrpc/auth.o
Please explain, in a non handwavy and non cargoculty fashion why this
speed and space cost is justified.
next prev parent reply other threads:[~2023-08-18 17:55 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-18 4:17 [PATCH v2] creds: Convert cred.usage to refcount_t Kees Cook
2023-08-18 17:55 ` Andrew Morton [this message]
2023-08-18 18:17 ` Jann Horn
2023-08-18 18:48 ` Kees Cook
2023-08-18 19:31 ` Andrew Morton
2023-08-18 20:10 ` Jeff Layton
2023-08-18 20:24 ` Kees Cook
2023-08-18 21:07 ` Eric W. Biederman
2023-08-21 10:18 ` David Laight
2023-08-18 20:16 ` Kees Cook
2023-08-18 20:54 ` Jann Horn
2023-08-18 18:46 ` Kees Cook
2023-08-18 20:21 ` David Windsor
2023-08-18 20:12 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230818105542.a6b7c41c47d4c6b9ff2e8839@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=Dai.Ngo@oracle.com \
--cc=anna@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dwindsor@gmail.com \
--cc=ebiederm@xmission.com \
--cc=edumazet@google.com \
--cc=elena.reshetova@intel.com \
--cc=ishkamiel@gmail.com \
--cc=jlayton@kernel.org \
--cc=keescook@chromium.org \
--cc=kolga@netapp.com \
--cc=kuba@kernel.org \
--cc=legion@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=senozhatsky@chromium.org \
--cc=tom@talpey.com \
--cc=trond.myklebust@hammerspace.com \
--cc=yuzhao@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).