From: "Reshetova, Elena" <elena.reshetova@intel.com>
To: "kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Cc: Hans Liljestrand <ishkamiel@gmail.com>,
David Windsor <dwindsor@gmail.com>
Subject: RE: [kernel-hardening] Re: [RFC PATCH 01/13] Add architecture independent hardened atomic base
Date: Wed, 12 Oct 2016 17:25:29 +0000 [thread overview]
Message-ID: <2236FBA76BA1254E88B949DDB74E612B41BDDB97@IRSMSX102.ger.corp.intel.com> (raw)
In-Reply-To: <20161012082634.GK19531@linaro.org>
Hi!
<snip>
> > -ATOMIC_LONG_ADD_SUB_OP(sub, _relaxed) -ATOMIC_LONG_ADD_SUB_OP(sub,
> > _acquire) -ATOMIC_LONG_ADD_SUB_OP(sub, _release)
> > +ATOMIC_LONG_ADD_SUB_OP(add,,)
> > +ATOMIC_LONG_ADD_SUB_OP(add,,_wrap)
> > +ATOMIC_LONG_ADD_SUB_OP(add, _relaxed,) ATOMIC_LONG_ADD_SUB_OP(add,
> > +_acquire,) ATOMIC_LONG_ADD_SUB_OP(add, _release,)
> > +ATOMIC_LONG_ADD_SUB_OP(sub,,)
> > +//ATOMIC_LONG_ADD_SUB_OP(sub,,_wrap) todo: check if this is really
> > +not needed
>
> Let's get this question answered. Seems like it'd make sense to create
> complete function coverage?
>I'd love to know the answer since there tons of variants of atomic operations.
So, the approach we have taken so far is to define only functions that are used/needed so far in the changes that we did in subsystems.
This obviously doesn't cover all possible options. I guess in order to support future changes we need a full coverage, indeed...
<snip>
> > -ATOMIC_LONG_OP(add)
> > -ATOMIC_LONG_OP(sub)
> > -ATOMIC_LONG_OP(and)
> > -ATOMIC_LONG_OP(andnot)
> > -ATOMIC_LONG_OP(or)
> > -ATOMIC_LONG_OP(xor)
> > +ATOMIC_LONG_OP(add,)
> > +ATOMIC_LONG_OP(add,_wrap)
> > +ATOMIC_LONG_OP(sub,)
> > +ATOMIC_LONG_OP(sub,_wrap)
> > +ATOMIC_LONG_OP(and,)
> > +ATOMIC_LONG_OP(or,)
> > +ATOMIC_LONG_OP(xor,)
> > +ATOMIC_LONG_OP(andnot,)
>For instance, are we sure that we would never call atomic_long_and_wrap() to atomic_long_wrap_t variable?
Yes, same story, now we are not calling it, but things change obviously. We wanted to start somewhere, and this set is already quite big even with the current needs.
So, does everyone agree that we should provide full coverage?
<snip>
> >
> > +#ifndef CONFIG_HARDENED_ATOMIC
> > +#define atomic_read_wrap(v) atomic_read(v) #define
> > +atomic_set_wrap(v, i) atomic_set((v), (i)) #define
> > +atomic_add_wrap(i, v) atomic_add((i), (v)) #define
> > +atomic_add_unless_wrap(v, i, j) atomic_add_unless((v), (i), (j))
> > +#define atomic_sub_wrap(i, v) atomic_sub((i), (v)) #define
> > +atomic_inc_wrap(v) atomic_inc(v) #define
> > +atomic_inc_and_test_wrap(v) atomic_inc_and_test(v) #define
> > +atomic_inc_return_wrap(v) atomic_inc_return(v) #define
> > +atomic_add_return_wrap(i, v) atomic_add_return((i), (v)) #define
> > +atomic_dec_wrap(v) atomic_dec(v) #define atomic_cmpxchg_wrap(v, o,
> > +n) atomic_cmpxchg((v), (o), (n)) #define atomic_xchg_wrap(v, i)
> > +atomic_xchg((v), (i)) #define atomic_long_read_wrap(v)
> > +atomic_long_read(v) #define atomic_long_set_wrap(v, i)
> > +atomic_long_set((v), (i)) #define atomic_long_add_wrap(i, v)
> > +atomic_long_add((i), (v)) #define atomic_long_sub_wrap(i, v)
> > +atomic_long_sub((i), (v)) #define atomic_long_inc_wrap(v)
> > +atomic_long_inc(v) #define atomic_long_add_return_wrap(i, v)
> > +atomic_long_add_return((i), (v)) #define
> > +atomic_long_inc_return_wrap(v) atomic_long_inc_return(v) #define
> > +atomic_long_sub_and_test_wrap(v) atomic_long_sub_and_test(v)
> > +#define atomic_long_dec_wrap(v) atomic_long_dec(v) #define
> > +atomic_long_xchg_wrap(v, i) atomic_long_xchg((v), (i)) #endif /*
> > +CONFIG_HARDENED_ATOMIC */
>It seems that there are missing function definitions here if atomic_long should have all the counterparts to atomic:
> atomic_long_add_unless_wrap()
> atomic_long_cmpxchg_wrap()
Again, this is based on the current usage of atomic_long_wrap_t, not the full coverage.
Best Regards,
Elena.
next prev parent reply other threads:[~2016-10-12 17:25 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-03 6:41 [kernel-hardening] [RFC PATCH 00/13] HARDENING_ATOMIC feature Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 01/13] Add architecture independent hardened atomic base Elena Reshetova
2016-10-03 21:10 ` [kernel-hardening] " Kees Cook
2016-10-03 21:26 ` David Windsor
2016-10-03 21:38 ` Kees Cook
2016-10-04 7:05 ` [kernel-hardening] " Reshetova, Elena
2016-10-05 15:37 ` [kernel-hardening] " Dave Hansen
2016-10-04 7:07 ` [kernel-hardening] " Reshetova, Elena
2016-10-04 6:54 ` Reshetova, Elena
2016-10-04 7:23 ` Reshetova, Elena
2016-10-12 8:26 ` [kernel-hardening] " AKASHI Takahiro
2016-10-12 17:25 ` Reshetova, Elena [this message]
2016-10-12 22:50 ` Kees Cook
2016-10-13 14:31 ` Hans Liljestrand
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 02/13] percpu-refcount: leave atomic counter unprotected Elena Reshetova
2016-10-03 21:12 ` [kernel-hardening] " Kees Cook
2016-10-04 6:24 ` [kernel-hardening] " Reshetova, Elena
2016-10-04 13:06 ` [kernel-hardening] " Hans Liljestrand
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 03/13] kernel: identify wrapping atomic usage Elena Reshetova
2016-10-03 21:13 ` [kernel-hardening] " Kees Cook
2016-10-04 6:28 ` [kernel-hardening] " Reshetova, Elena
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 04/13] mm: " Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 05/13] fs: " Elena Reshetova
2016-10-03 21:57 ` Jann Horn
2016-10-03 22:21 ` Kees Cook
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 06/13] net: " Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 07/13] net: atm: " Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 08/13] security: " Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 09/13] drivers: identify wrapping atomic usage (part 1/2) Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 10/13] drivers: identify wrapping atomic usage (part 2/2) Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 11/13] x86: identify wrapping atomic usage Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 12/13] x86: x86 implementation for HARDENED_ATOMIC Elena Reshetova
2016-10-03 9:47 ` Jann Horn
2016-10-04 7:15 ` Reshetova, Elena
2016-10-04 12:46 ` Jann Horn
2016-10-03 19:27 ` Dave Hansen
2016-10-03 22:49 ` David Windsor
2016-10-04 12:41 ` Jann Horn
2016-10-04 18:51 ` Kees Cook
2016-10-04 19:48 ` Jann Horn
2016-10-05 15:39 ` Dave Hansen
2016-10-05 16:18 ` Jann Horn
2016-10-05 16:32 ` Dave Hansen
2016-10-03 21:29 ` [kernel-hardening] " Kees Cook
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 13/13] lkdtm: add tests for atomic over-/underflow Elena Reshetova
2016-10-03 21:35 ` [kernel-hardening] " Kees Cook
2016-10-04 6:27 ` [kernel-hardening] " Reshetova, Elena
2016-10-04 6:40 ` [kernel-hardening] " Hans Liljestrand
2016-10-03 8:14 ` [kernel-hardening] [RFC PATCH 00/13] HARDENING_ATOMIC feature AKASHI Takahiro
2016-10-03 8:13 ` Reshetova, Elena
2016-10-03 21:01 ` [kernel-hardening] " Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2236FBA76BA1254E88B949DDB74E612B41BDDB97@IRSMSX102.ger.corp.intel.com \
--to=elena.reshetova@intel.com \
--cc=dwindsor@gmail.com \
--cc=ishkamiel@gmail.com \
--cc=kernel-hardening@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.