From: Elena Reshetova <elena.reshetova@intel.com>
To: kernel-hardening@lists.openwall.com
Cc: keescook@chromium.org, arnd@arndb.de, tglx@linutronix.de,
mingo@redhat.com, h.peter.anvin@intel.com, peterz@infradead.org,
will.deacon@arm.com, David Windsor <dwindsor@gmail.com>,
Hans Liljestrand <ishkamiel@gmail.com>,
Elena Reshetova <elena.reshetova@intel.com>
Subject: [kernel-hardening] [RFC v4 PATCH 08/13] security: identify wrapping atomic usage
Date: Thu, 10 Nov 2016 22:24:43 +0200 [thread overview]
Message-ID: <1478809488-18303-9-git-send-email-elena.reshetova@intel.com> (raw)
In-Reply-To: <1478809488-18303-1-git-send-email-elena.reshetova@intel.com>
From: David Windsor <dwindsor@gmail.com>
In some cases atomic is not used for reference
counting and therefore should be allowed to overflow.
Identify such cases and make a switch to non-hardened
atomic version.
The copyright for the original PAX_REFCOUNT code:
- all REFCOUNT code in general: PaX Team <pageexec@freemail.hu>
- various false positive fixes: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: David Windsor <dwindsor@gmail.com>
---
security/integrity/ima/ima.h | 4 ++--
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_fs.c | 4 ++--
security/integrity/ima/ima_queue.c | 2 +-
security/selinux/avc.c | 7 ++++---
5 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index db25f54..4f10f05 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -130,8 +130,8 @@ int ima_init_template(void);
extern spinlock_t ima_queue_lock;
struct ima_h_table {
- atomic_long_t len; /* number of stored measurements in the list */
- atomic_long_t violations;
+ atomic_long_wrap_t len; /* number of stored measurements in the list */
+ atomic_long_wrap_t violations;
struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
};
extern struct ima_h_table ima_htable;
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 9df26a2..097bd47 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -138,7 +138,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
int result;
/* can overflow, only indicator */
- atomic_long_inc(&ima_htable.violations);
+ atomic_long_inc_wrap(&ima_htable.violations);
result = ima_alloc_init_template(&event_data, &entry);
if (result < 0) {
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index c07a384..675e597 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -31,12 +31,12 @@ static DEFINE_MUTEX(ima_write_mutex);
static int valid_policy = 1;
#define TMPBUFLEN 12
static ssize_t ima_show_htable_value(char __user *buf, size_t count,
- loff_t *ppos, atomic_long_t *val)
+ loff_t *ppos, atomic_long_wrap_t *val)
{
char tmpbuf[TMPBUFLEN];
ssize_t len;
- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
+ len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read_wrap(val));
return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
}
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 32f6ac0..b46999e 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -84,7 +84,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
INIT_LIST_HEAD(&qe->later);
list_add_tail_rcu(&qe->later, &ima_measurements);
- atomic_long_inc(&ima_htable.len);
+ atomic_long_inc_wrap(&ima_htable.len);
key = ima_hash_key(entry->digest);
hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
return 0;
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index e60c79d..6fa5ace 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -71,7 +71,7 @@ struct avc_xperms_node {
struct avc_cache {
struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */
spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */
- atomic_t lru_hint; /* LRU hint for reclaim scan */
+ atomic_wrap_t lru_hint; /* LRU hint for reclaim scan */
atomic_t active_nodes;
u32 latest_notif; /* latest revocation notification */
};
@@ -183,7 +183,7 @@ void __init avc_init(void)
spin_lock_init(&avc_cache.slots_lock[i]);
}
atomic_set(&avc_cache.active_nodes, 0);
- atomic_set(&avc_cache.lru_hint, 0);
+ atomic_set_wrap(&avc_cache.lru_hint, 0);
avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
0, SLAB_PANIC, NULL);
@@ -521,7 +521,8 @@ static inline int avc_reclaim_node(void)
spinlock_t *lock;
for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
- hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
+ hvalue = atomic_inc_return_wrap(&avc_cache.lru_hint) &
+ (AVC_CACHE_SLOTS - 1);
head = &avc_cache.slots[hvalue];
lock = &avc_cache.slots_lock[hvalue];
--
2.7.4
next prev parent reply other threads:[~2016-11-10 20:24 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-10 20:24 [kernel-hardening] [RFC v4 PATCH 00/13] HARDENED_ATOMIC Elena Reshetova
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 01/13] Add architecture independent hardened atomic base Elena Reshetova
2016-11-10 20:41 ` [kernel-hardening] " David Windsor
2016-11-10 21:09 ` Peter Zijlstra
2016-11-10 21:35 ` Peter Zijlstra
2016-11-11 9:06 ` Reshetova, Elena
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 02/13] percpu-refcount: leave atomic counter unprotected Elena Reshetova
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 03/13] kernel: identify wrapping atomic usage Elena Reshetova
2016-11-10 21:58 ` [kernel-hardening] " Peter Zijlstra
2016-11-11 8:49 ` [kernel-hardening] " Reshetova, Elena
2016-11-19 13:28 ` [kernel-hardening] " Paul E. McKenney
2016-11-19 21:39 ` Kees Cook
2016-11-21 20:13 ` Paul E. McKenney
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 04/13] mm: " Elena Reshetova
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 05/13] fs: " Elena Reshetova
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 06/13] net: " Elena Reshetova
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 07/13] net: atm: " Elena Reshetova
2016-11-10 20:24 ` Elena Reshetova [this message]
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 09/13] drivers: identify wrapping atomic usage (part 1/2) Elena Reshetova
2016-11-10 21:48 ` [kernel-hardening] " Will Deacon
2016-11-11 8:57 ` [kernel-hardening] " Reshetova, Elena
2016-11-11 12:35 ` Mark Rutland
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 10/13] drivers: identify wrapping atomic usage (part 2/2) Elena Reshetova
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 11/13] x86: identify wrapping atomic usage Elena Reshetova
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 12/13] x86: implementation for HARDENED_ATOMIC Elena Reshetova
2016-11-10 20:40 ` [kernel-hardening] " Peter Zijlstra
2016-11-10 21:04 ` Kees Cook
2016-11-10 21:16 ` Peter Zijlstra
2016-11-10 21:32 ` Kees Cook
2016-11-10 21:46 ` Peter Zijlstra
2016-11-10 22:50 ` Peter Zijlstra
2016-11-10 23:07 ` Kees Cook
2016-11-10 23:30 ` Peter Zijlstra
2016-11-11 9:32 ` [kernel-hardening] " Reshetova, Elena
2016-11-11 10:29 ` [kernel-hardening] " Peter Zijlstra
2016-11-11 18:00 ` Kees Cook
2016-11-11 20:19 ` Peter Zijlstra
2016-11-10 21:33 ` Peter Zijlstra
2016-11-11 9:20 ` [kernel-hardening] " Reshetova, Elena
2016-11-10 20:24 ` [kernel-hardening] [RFC v4 PATCH 13/13] lkdtm: add tests for atomic over-/underflow Elena Reshetova
2016-11-10 20:37 ` [RFC v4 PATCH 00/13] HARDENED_ATOMIC Peter Zijlstra
2016-11-10 20:37 ` [kernel-hardening] " Peter Zijlstra
2016-11-10 20:48 ` Will Deacon
2016-11-10 20:48 ` [kernel-hardening] " Will Deacon
2016-11-10 21:01 ` Kees Cook
2016-11-10 21:01 ` [kernel-hardening] " Kees Cook
2016-11-10 21:23 ` David Windsor
2016-11-10 21:27 ` Kees Cook
2016-11-10 21:27 ` Kees Cook
2016-11-10 21:39 ` David Windsor
2016-11-10 21:39 ` David Windsor
2016-11-10 21:39 ` Peter Zijlstra
2016-11-10 21:13 ` Peter Zijlstra
2016-11-10 21:13 ` [kernel-hardening] " Peter Zijlstra
2016-11-10 21:23 ` Kees Cook
2016-11-10 21:23 ` [kernel-hardening] " Kees Cook
2016-11-11 4:25 ` Rik van Riel
2016-11-10 22:27 ` Greg KH
2016-11-10 23:15 ` Kees Cook
2016-11-10 23:15 ` Kees Cook
2016-11-10 23:38 ` Greg KH
2016-11-10 23:38 ` Greg KH
2016-11-11 7:50 ` David Windsor
2016-11-11 17:43 ` Kees Cook
2016-11-11 17:46 ` Peter Zijlstra
2016-11-11 18:04 ` Kees Cook
2016-11-11 20:17 ` Peter Zijlstra
2016-11-14 20:31 ` Kees Cook
2016-11-15 8:01 ` Peter Zijlstra
2016-11-15 16:50 ` Rik van Riel
2016-11-15 17:23 ` Kees Cook
2016-11-16 17:09 ` Rik van Riel
2016-11-16 17:32 ` Peter Zijlstra
2016-11-16 17:41 ` Rik van Riel
2016-11-16 17:34 ` Reshetova, Elena
2016-11-17 8:37 ` Peter Zijlstra
2016-11-17 9:04 ` Reshetova, Elena
2016-11-17 9:36 ` Peter Zijlstra
2016-11-17 9:36 ` Julia Lawall
2016-11-17 10:16 ` Peter Zijlstra
2016-11-17 11:19 ` Mark Rutland
2016-11-17 11:32 ` Julia Lawall
2016-11-17 12:59 ` Julia Lawall
2016-11-11 18:47 ` Mark Rutland
2016-11-11 19:39 ` Will Deacon
2016-11-11 18:31 ` Mark Rutland
2016-11-11 20:05 ` Peter Zijlstra
2016-11-15 10:36 ` Mark Rutland
2016-11-15 11:21 ` Peter Zijlstra
2016-11-15 18:02 ` Mark Rutland
2016-11-10 23:57 ` Peter Zijlstra
2016-11-10 23:57 ` Peter Zijlstra
2016-11-11 0:29 ` Colin Vidal
2016-11-11 12:41 ` Mark Rutland
2016-11-11 12:47 ` Peter Zijlstra
2016-11-11 13:00 ` Peter Zijlstra
2016-11-11 14:39 ` Thomas Gleixner
2016-11-11 14:48 ` Peter Zijlstra
2016-11-11 23:07 ` Peter Zijlstra
2016-11-13 11:03 ` Greg KH
2016-11-13 11:03 ` Greg KH
2016-11-10 20:56 ` Kees Cook
2016-11-10 20:56 ` [kernel-hardening] " Kees Cook
2016-11-11 3:20 ` David Windsor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1478809488-18303-9-git-send-email-elena.reshetova@intel.com \
--to=elena.reshetova@intel.com \
--cc=arnd@arndb.de \
--cc=dwindsor@gmail.com \
--cc=h.peter.anvin@intel.com \
--cc=ishkamiel@gmail.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.