From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Christoph Hellwig <hch@infradead.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andrew Morton <akpm@linux-foundation.org>,
Jann Horn <jannh@google.com>, Eric Biggers <ebiggers3@gmail.com>,
Elena Reshetova <elena.reshetova@intel.com>,
Hans Liljestrand <ishkamiel@gmail.com>,
Greg KH <gregkh@linuxfoundation.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
arozansk@redhat.com, Davidlohr Bueso <dave@stgolabs.net>,
Manfred Spraul <manfred@colorfullife.com>,
"axboe@kernel.dk" <axboe@kernel.dk>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
"x86@kernel.org" <x86@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
"David S. Miller" <davem@davemloft.net>,
Rik van Riel <riel@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: Re: [PATCH v6 2/2] x86/refcount: Implement fast refcount overflow protection
Date: Wed, 19 Jul 2017 14:52:49 -0500 [thread overview]
Message-ID: <20170719195249.akr6m2x65mhtsyvf@treble> (raw)
In-Reply-To: <CAGXu5jKqqRJ3H0fwwc5W14U14p-QzTe1=UWJggA2yxLuj23ZTA@mail.gmail.com>
On Wed, Jul 19, 2017 at 12:45:19PM -0700, Kees Cook wrote:
> > diff --git a/arch/x86/include/asm/refcount.h b/arch/x86/include/asm/refcount.h
> > index 13b91e850a02..e7587db3487c 100644
> > --- a/arch/x86/include/asm/refcount.h
> > +++ b/arch/x86/include/asm/refcount.h
> > @@ -15,6 +15,7 @@
> > ".pushsection .text.unlikely\n" \
> > "111:\tlea %[counter], %%" _ASM_CX "\n" \
> > "112:\t" ASM_UD0 "\n" \
> > + ASM_UNREACHABLE \
> > ".popsection\n" \
> > "113:\n" \
> > _ASM_EXTABLE_REFCOUNT(112b, 113b)
> > diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
> > index cd4bbe8242bd..85e0b8f42ca0 100644
> > --- a/include/linux/compiler-gcc.h
> > +++ b/include/linux/compiler-gcc.h
> > @@ -202,15 +202,25 @@
> > #endif
> >
> > #ifdef CONFIG_STACK_VALIDATION
> > +
> > #define annotate_unreachable() ({ \
> > asm("%c0:\t\n" \
> > - ".pushsection .discard.unreachable\t\n" \
> > - ".long %c0b - .\t\n" \
> > - ".popsection\t\n" : : "i" (__LINE__)); \
> > + ".pushsection .discard.unreachable\n\t" \
> > + ".long %c0b - .\n\t" \
> > + ".popsection\n\t" : : "i" (__LINE__)); \
>
> Is this just an indentation change?
This was sneaking in a fix to put the tab after the newline instead of
before it. I figured it's not worth its own commit.
> > })
> > +
> > +#define ASM_UNREACHABLE \
> > + "999: .pushsection .discard.unreachable\n\t" \
> > + ".long 999b - .\n\t" \
> > + ".popsection\n\t"
>
> Just so I understand, we'll get a single byte added for each exception
> case, but it'll get discarded during final link?
I think it's four bytes actually, but yeah, the section gets stripped at
vmlinux link time.
--
Josh
WARNING: multiple messages have this Message-ID (diff)
From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Christoph Hellwig <hch@infradead.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andrew Morton <akpm@linux-foundation.org>,
Jann Horn <jannh@google.com>, Eric Biggers <ebiggers3@gmail.com>,
Elena Reshetova <elena.reshetova@intel.com>,
Hans Liljestrand <ishkamiel@gmail.com>,
Greg KH <gregkh@linuxfoundation.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
arozansk@redhat.com, Davidlohr Bueso <dave@stgolabs.net>,
Manfred Spraul <manfred@colorfullife.com>,
"axboe@kernel.dk" <axboe@kernel.dk>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
"x86@kernel.org" <x86@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
"David S. Miller" <davem@davemloft.>
Subject: Re: [PATCH v6 2/2] x86/refcount: Implement fast refcount overflow protection
Date: Wed, 19 Jul 2017 14:52:49 -0500 [thread overview]
Message-ID: <20170719195249.akr6m2x65mhtsyvf@treble> (raw)
In-Reply-To: <CAGXu5jKqqRJ3H0fwwc5W14U14p-QzTe1=UWJggA2yxLuj23ZTA@mail.gmail.com>
On Wed, Jul 19, 2017 at 12:45:19PM -0700, Kees Cook wrote:
> > diff --git a/arch/x86/include/asm/refcount.h b/arch/x86/include/asm/refcount.h
> > index 13b91e850a02..e7587db3487c 100644
> > --- a/arch/x86/include/asm/refcount.h
> > +++ b/arch/x86/include/asm/refcount.h
> > @@ -15,6 +15,7 @@
> > ".pushsection .text.unlikely\n" \
> > "111:\tlea %[counter], %%" _ASM_CX "\n" \
> > "112:\t" ASM_UD0 "\n" \
> > + ASM_UNREACHABLE \
> > ".popsection\n" \
> > "113:\n" \
> > _ASM_EXTABLE_REFCOUNT(112b, 113b)
> > diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
> > index cd4bbe8242bd..85e0b8f42ca0 100644
> > --- a/include/linux/compiler-gcc.h
> > +++ b/include/linux/compiler-gcc.h
> > @@ -202,15 +202,25 @@
> > #endif
> >
> > #ifdef CONFIG_STACK_VALIDATION
> > +
> > #define annotate_unreachable() ({ \
> > asm("%c0:\t\n" \
> > - ".pushsection .discard.unreachable\t\n" \
> > - ".long %c0b - .\t\n" \
> > - ".popsection\t\n" : : "i" (__LINE__)); \
> > + ".pushsection .discard.unreachable\n\t" \
> > + ".long %c0b - .\n\t" \
> > + ".popsection\n\t" : : "i" (__LINE__)); \
>
> Is this just an indentation change?
This was sneaking in a fix to put the tab after the newline instead of
before it. I figured it's not worth its own commit.
> > })
> > +
> > +#define ASM_UNREACHABLE \
> > + "999: .pushsection .discard.unreachable\n\t" \
> > + ".long 999b - .\n\t" \
> > + ".popsection\n\t"
>
> Just so I understand, we'll get a single byte added for each exception
> case, but it'll get discarded during final link?
I think it's four bytes actually, but yeah, the section gets stripped at
vmlinux link time.
--
Josh
WARNING: multiple messages have this Message-ID (diff)
From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Christoph Hellwig <hch@infradead.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andrew Morton <akpm@linux-foundation.org>,
Jann Horn <jannh@google.com>, Eric Biggers <ebiggers3@gmail.com>,
Elena Reshetova <elena.reshetova@intel.com>,
Hans Liljestrand <ishkamiel@gmail.com>,
Greg KH <gregkh@linuxfoundation.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
arozansk@redhat.com, Davidlohr Bueso <dave@stgolabs.net>,
Manfred Spraul <manfred@colorfullife.com>,
"axboe@kernel.dk" <axboe@kernel.dk>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
"x86@kernel.org" <x86@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
"David S. Miller" <davem@davemloft.net>,
Rik van Riel <riel@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: [kernel-hardening] Re: [PATCH v6 2/2] x86/refcount: Implement fast refcount overflow protection
Date: Wed, 19 Jul 2017 14:52:49 -0500 [thread overview]
Message-ID: <20170719195249.akr6m2x65mhtsyvf@treble> (raw)
In-Reply-To: <CAGXu5jKqqRJ3H0fwwc5W14U14p-QzTe1=UWJggA2yxLuj23ZTA@mail.gmail.com>
On Wed, Jul 19, 2017 at 12:45:19PM -0700, Kees Cook wrote:
> > diff --git a/arch/x86/include/asm/refcount.h b/arch/x86/include/asm/refcount.h
> > index 13b91e850a02..e7587db3487c 100644
> > --- a/arch/x86/include/asm/refcount.h
> > +++ b/arch/x86/include/asm/refcount.h
> > @@ -15,6 +15,7 @@
> > ".pushsection .text.unlikely\n" \
> > "111:\tlea %[counter], %%" _ASM_CX "\n" \
> > "112:\t" ASM_UD0 "\n" \
> > + ASM_UNREACHABLE \
> > ".popsection\n" \
> > "113:\n" \
> > _ASM_EXTABLE_REFCOUNT(112b, 113b)
> > diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
> > index cd4bbe8242bd..85e0b8f42ca0 100644
> > --- a/include/linux/compiler-gcc.h
> > +++ b/include/linux/compiler-gcc.h
> > @@ -202,15 +202,25 @@
> > #endif
> >
> > #ifdef CONFIG_STACK_VALIDATION
> > +
> > #define annotate_unreachable() ({ \
> > asm("%c0:\t\n" \
> > - ".pushsection .discard.unreachable\t\n" \
> > - ".long %c0b - .\t\n" \
> > - ".popsection\t\n" : : "i" (__LINE__)); \
> > + ".pushsection .discard.unreachable\n\t" \
> > + ".long %c0b - .\n\t" \
> > + ".popsection\n\t" : : "i" (__LINE__)); \
>
> Is this just an indentation change?
This was sneaking in a fix to put the tab after the newline instead of
before it. I figured it's not worth its own commit.
> > })
> > +
> > +#define ASM_UNREACHABLE \
> > + "999: .pushsection .discard.unreachable\n\t" \
> > + ".long 999b - .\n\t" \
> > + ".popsection\n\t"
>
> Just so I understand, we'll get a single byte added for each exception
> case, but it'll get discarded during final link?
I think it's four bytes actually, but yeah, the section gets stripped at
vmlinux link time.
--
Josh
next prev parent reply other threads:[~2017-07-19 19:52 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-19 0:03 [PATCH v6 0/2] x86: Implement fast refcount overflow protection Kees Cook
2017-07-19 0:03 ` [kernel-hardening] " Kees Cook
2017-07-19 0:03 ` Kees Cook
2017-07-19 0:03 ` Kees Cook
2017-07-19 0:03 ` [PATCH v6 1/2] x86/asm: Add suffix macro for GEN_*_RMWcc() Kees Cook
2017-07-19 0:03 ` [kernel-hardening] " Kees Cook
2017-07-19 0:03 ` Kees Cook
2017-07-19 0:03 ` Kees Cook
2017-07-19 0:03 ` [PATCH v6 2/2] x86/refcount: Implement fast refcount overflow protection Kees Cook
2017-07-19 0:03 ` [kernel-hardening] " Kees Cook
2017-07-19 0:03 ` Kees Cook
2017-07-19 0:03 ` Kees Cook
2017-07-19 19:37 ` Josh Poimboeuf
2017-07-19 19:37 ` [kernel-hardening] " Josh Poimboeuf
2017-07-19 19:37 ` Josh Poimboeuf
2017-07-19 19:37 ` Josh Poimboeuf
2017-07-19 19:45 ` Kees Cook
2017-07-19 19:45 ` [kernel-hardening] " Kees Cook
2017-07-19 19:45 ` Kees Cook
2017-07-19 19:45 ` Kees Cook
2017-07-19 19:52 ` Josh Poimboeuf [this message]
2017-07-19 19:52 ` [kernel-hardening] " Josh Poimboeuf
2017-07-19 19:52 ` Josh Poimboeuf
2017-07-19 19:52 ` Josh Poimboeuf
2017-07-19 22:50 ` Kees Cook
2017-07-19 22:50 ` [kernel-hardening] " Kees Cook
2017-07-19 22:50 ` Kees Cook
2017-07-19 22:50 ` Kees Cook
2017-07-19 23:01 ` Josh Poimboeuf
2017-07-19 23:01 ` [kernel-hardening] " Josh Poimboeuf
2017-07-19 23:01 ` Josh Poimboeuf
2017-07-19 23:01 ` Josh Poimboeuf
2017-07-19 23:12 ` Kees Cook
2017-07-19 23:12 ` [kernel-hardening] " Kees Cook
2017-07-19 23:12 ` Kees Cook
2017-07-19 23:12 ` Kees Cook
2017-07-19 23:30 ` Josh Poimboeuf
2017-07-19 23:30 ` [kernel-hardening] " Josh Poimboeuf
2017-07-19 23:30 ` Josh Poimboeuf
2017-07-19 23:30 ` Josh Poimboeuf
2017-07-20 9:11 ` [PATCH v6 0/2] x86: " Ingo Molnar
2017-07-20 9:11 ` [kernel-hardening] " Ingo Molnar
2017-07-20 9:11 ` Ingo Molnar
2017-07-20 9:11 ` Ingo Molnar
2017-07-20 17:15 ` Kees Cook
2017-07-20 17:15 ` [kernel-hardening] " Kees Cook
2017-07-20 17:15 ` Kees Cook
2017-07-20 17:15 ` Kees Cook
2017-07-20 22:53 ` Kees Cook
2017-07-20 22:53 ` [kernel-hardening] " Kees Cook
2017-07-20 22:53 ` Kees Cook
2017-07-20 22:53 ` Kees Cook
2017-07-21 7:50 ` Ingo Molnar
2017-07-21 7:50 ` [kernel-hardening] " Ingo Molnar
2017-07-21 7:50 ` Ingo Molnar
2017-07-21 7:50 ` Ingo Molnar
2017-07-21 21:22 ` Andrew Morton
2017-07-21 21:22 ` [kernel-hardening] " Andrew Morton
2017-07-21 21:22 ` Andrew Morton
2017-07-21 21:22 ` Andrew Morton
2017-07-22 3:33 ` Kees Cook
2017-07-22 3:33 ` [kernel-hardening] " Kees Cook
2017-07-22 3:33 ` Kees Cook
2017-07-22 3:33 ` Kees Cook
2017-07-24 6:38 ` Michael Ellerman
2017-07-24 6:38 ` [kernel-hardening] " Michael Ellerman
2017-07-24 6:38 ` Michael Ellerman
2017-07-24 6:38 ` Michael Ellerman
2017-07-24 8:44 ` Peter Zijlstra
2017-07-24 8:44 ` [kernel-hardening] " Peter Zijlstra
2017-07-24 8:44 ` Peter Zijlstra
2017-07-24 8:44 ` Peter Zijlstra
2017-07-24 12:09 ` Michael Ellerman
2017-07-24 12:09 ` [kernel-hardening] " Michael Ellerman
2017-07-24 12:09 ` Michael Ellerman
2017-07-24 12:09 ` Michael Ellerman
2017-07-24 12:23 ` Peter Zijlstra
2017-07-24 12:23 ` [kernel-hardening] " Peter Zijlstra
2017-07-24 12:23 ` Peter Zijlstra
2017-07-24 12:23 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170719195249.akr6m2x65mhtsyvf@treble \
--to=jpoimboe@redhat.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=arozansk@redhat.com \
--cc=axboe@kernel.dk \
--cc=dave@stgolabs.net \
--cc=davem@davemloft.net \
--cc=ebiederm@xmission.com \
--cc=ebiggers3@gmail.com \
--cc=elena.reshetova@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=ishkamiel@gmail.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=manfred@colorfullife.com \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=riel@redhat.com \
--cc=serge@hallyn.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.