From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com Date: Fri, 11 Nov 2016 21:05:00 +0100 From: Peter Zijlstra Message-ID: <20161111200500.GP3117@twins.programming.kicks-ass.net> References: <1478809488-18303-1-git-send-email-elena.reshetova@intel.com> <20161110203749.GV3117@twins.programming.kicks-ass.net> <20161110204838.GE17134@arm.com> <20161110211310.GX3117@twins.programming.kicks-ass.net> <20161110222744.GD8086@kroah.com> <20161110233835.GA23164@kroah.com> <20161111183118.GO11945@leverpostej> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161111183118.GO11945@leverpostej> Subject: Re: [kernel-hardening] Re: [RFC v4 PATCH 00/13] HARDENED_ATOMIC To: Mark Rutland Cc: kernel-hardening@lists.openwall.com, Will Deacon , Greg KH , David Windsor , Elena Reshetova , Arnd Bergmann , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" List-ID: On Fri, Nov 11, 2016 at 06:31:18PM +0000, Mark Rutland wrote: > On Fri, Nov 11, 2016 at 09:43:00AM -0800, Kees Cook wrote: > > (And now Greg went missing from the reply? Re-added...) > > > > On Thu, Nov 10, 2016 at 11:50 PM, David Windsor wrote: > > > On Thu, Nov 10, 2016 at 6:38 PM, Greg KH wrote: > > >> On Thu, Nov 10, 2016 at 03:15:44PM -0800, Kees Cook wrote: > > > As far as refcount_t is concerned, I worry using cmpxchg will be too > > costly, but it's worth benchmarking. > > If that does turn out to be a problem, we could allow architectures to > provide their own implementations of the API, with a generic fallback > otherwise, as we do for other features. Note that only LL/SC archs can do somewhat better. x86/s390/sparc64 etc al must use cmpxchg, there's just no other way to get an actual atomic inc/dec with over/under-flow detection. The proposed x86 implementation is non-atomic and therefore a complete nonstarter.