All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jann Horn <jann@thejh.net>
To: Colin Vidal <colin@cvidal.org>
Cc: kernel-hardening@lists.openwall.com
Subject: Re: [kernel-hardening] self introduction
Date: Sun, 9 Oct 2016 21:37:31 +0200	[thread overview]
Message-ID: <20161009193731.GD14666@pc.thejh.net> (raw)
In-Reply-To: <1476040182.2329.72.camel@cvidal.org>

[-- Attachment #1: Type: text/plain, Size: 1675 bytes --]

On Sun, Oct 09, 2016 at 09:09:42PM +0200, Colin Vidal wrote:
> Hi David,
> 
> > If you're interested, the HARDENED_ATOMIC team is looking for people
> > to help porting the feature to other architectures.  ARM is a
> > reasonable candidate for someone new to the project.  I have begun
> > this effort myself, but if you'd like to collaborate I'd be
> > grateful.
> 
> Sounds good!
> 
> > It essentially involves porting the original arch-specific features
> > from PAX_REFCOUNT into Elena Reshetova's official HARDENED_ATOMIC
> > tree, which can be found at
> > https://github.com/esreshetova/linux-stable
> 
> The link seems broken (https://github.com/esreshetova too). I found
> https://github.com/dwindsor/hardened-atomic but it is empty. Did I
> miss something/Github filter?

Typo in the link, I think?
https://github.com/ereshetova/linux-stable


> > Please contact me if you have any questions; I'd be glad to help!
> 
> I actually have question. :-) As far as I understand, PAX_REFCOUNT [1]
> is mainly a x86-only

No, PAX_REFCOUNT also supports a bunch of other architectures. As far as
I can tell from a quick look: ARM, MIPS, PowerPC and SPARC.

> port from PaX project

It is part of the PaX patch.

> in order to avoid overflow
> on atomic_t variable (and avoid use-after-free exploits)

Yes - overflow (beyond INT_MAX) and underflow (beyond INT_MIN).

. I am a
> little bit confused about the Elena patch-set HARDENED_ATOMIC [2]. It
> is a more mature/recent version of the port, isn't it ?

HARDENED_ATOMIC is a patch based on PAX_REFCOUNT that is developed with
the intent to merge it into the upstream kernel.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

  reply	other threads:[~2016-10-09 19:37 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-10-09 12:34 [kernel-hardening] self introduction Colin Vidal
2016-10-09 14:04 ` David Windsor
2016-10-09 19:09   ` Colin Vidal
2016-10-09 19:37     ` Jann Horn [this message]
2016-10-10  6:02       ` Reshetova, Elena
2016-10-10 16:01         ` Colin Vidal
2016-10-10 17:01           ` Reshetova, Elena
2016-10-10 21:05           ` Kees Cook
2016-10-12  3:19             ` Gengjia Chen
2016-10-12 22:31               ` Kees Cook
2016-10-13 11:14                 ` Gengjia Chen
2016-10-13 18:50                   ` Kees Cook
2016-10-17 11:57                     ` Gengjia Chen
2016-10-17 20:15                       ` Kees Cook
2016-10-18 11:52                         ` Gengjia Chen
2016-10-18 21:21                           ` Kees Cook
2016-10-12  8:25             ` Colin Vidal
2016-10-12 22:35               ` Kees Cook
2016-10-13 13:54                 ` Reshetova, Elena
2016-10-13 18:53         ` Kees Cook
2016-10-13 19:26           ` Hans Liljestrand
2016-10-10 20:57 ` Kees Cook
2016-10-12  8:27   ` Colin Vidal
2016-10-12 22:40     ` Kees Cook
2016-10-14 18:32   ` Andy Lutomirski
  -- strict thread matches above, loose matches on Subject: below --
2015-12-09 17:21 [kernel-hardening] Self Introduction David Brown
2015-12-09 22:19 ` Kees Cook
2015-12-10  0:00   ` David Brown
2015-12-10  0:14     ` Kees Cook
2015-12-10  0:26       ` David Brown
2015-12-10  0:41         ` Kees Cook
2015-12-10 17:14           ` Stephen Smalley
2015-12-10 17:49             ` Kees Cook
2015-12-10 17:55               ` Daniel Micay
2015-12-10 18:42                 ` Kees Cook
2015-12-10 19:07                   ` Daniel Micay
2015-12-10 19:23                     ` Kees Cook
2015-12-10 19:38                       ` Schaufler, Casey
2015-12-10 19:45                         ` Kees Cook
2015-12-11 17:54                           ` Valdis.Kletnieks
2015-12-11 18:44                             ` Kees Cook
2015-12-12 11:40                       ` Heiko Carstens
2015-12-10 22:38                   ` PaX Team
2015-12-10 23:04                     ` Daniel Micay
2015-12-10 18:42               ` Catalin Marinas
2015-12-10 18:47                 ` Kees Cook
2015-12-10 23:52                 ` Kees Cook
2015-12-11  1:04                   ` David Brown
2016-01-11 18:33                   ` David Brown
2016-01-12 19:31                     ` Kees Cook
2016-01-13 11:29                       ` Catalin Marinas
2016-01-13 11:31                       ` Catalin Marinas
2016-01-14  1:04                         ` Ben Hutchings
2016-01-14 11:11                           ` Catalin Marinas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161009193731.GD14666@pc.thejh.net \
    --to=jann@thejh.net \
    --cc=colin@cvidal.org \
    --cc=kernel-hardening@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.