linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "PaX Team" <pageexec@freemail.hu>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Kees Cook <keescook@chromium.org>,
	linux-kernel@vger.kernel.org, Eric Biggers <ebiggers3@gmail.com>,
	Christoph Hellwig <hch@infradead.org>,
	"axboe@kernel.dk" <axboe@kernel.dk>,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	Elena Reshetova <elena.reshetova@intel.com>,
	Hans Liljestrand <ishkamiel@gmail.com>,
	David Windsor <dwindsor@gmail.com>,
	x86@kernel.org, Ingo Molnar <mingo@kernel.org>,
	Arnd Bergmann <arnd@arndb.de>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Jann Horn <jann@thejh.net>,
	davem@davemloft.net, linux-arch@vger.kernel.org,
	kernel-hardening@lists.openwall.com
Subject: Re: [PATCH] x86/refcount: Implement fast refcount_t handling
Date: Mon, 24 Apr 2017 15:08:20 +0200	[thread overview]
Message-ID: <58FDF8C4.5120.17D092B7@pageexec.freemail.hu> (raw)
In-Reply-To: <20170424111553.p3kbyir4ztsldc56@hirez.programming.kicks-ass.net>

On 24 Apr 2017 at 13:15, Peter Zijlstra wrote:

> On Mon, Apr 24, 2017 at 01:00:18PM +0200, PaX Team wrote:
> > On 24 Apr 2017 at 10:32, Peter Zijlstra wrote:
> 
> > > Also, you forgot nr_cpus in your bound. Afaict the worst case here is
> > > O(nr_tasks + 3*nr_cpus).
> > 
> > what does nr_cpus have to do with winning the race?
> 
> The CPUs could each run nested softirq/hardirq/nmi context poking at the
> refcount, irrespective of the (preempted) task context.

that's fine but are you also assuming that the code executed in each of
those contexts leaks the same refcount? otherwise whatever they do to the
refcount is no more relevant than a non-leaking preemptible path that runs
to completion in a bounded amount of time (i.e., you get temporary bumps
and thus need to win yet another set of races to get their effects at once).

> > > Because PaX does it, is not a correctness argument. And this really
> > > wants one.
> > 
> > heh, do you want to tell me about how checking for a 0 refcount prevents
> > exploiting a bug?
> 
> Not the point. All I said was that saying somebody else does it (anybody
> else, doesn't matter it was you) isn't an argument for correctness.

that was exactly my point: all this applies to you as well. so let me ask
the 3rd time: what is your "argument for correctness" for a 0 refcount
value check? how does it prevent exploitation?

  reply	other threads:[~2017-04-24 13:10 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-21 22:09 [PATCH] x86/refcount: Implement fast refcount_t handling Kees Cook
2017-04-24  8:32 ` Peter Zijlstra
2017-04-24  8:53   ` [kernel-hardening] " Jann Horn
2017-04-24  9:20     ` Peter Zijlstra
2017-04-24 11:00   ` PaX Team
2017-04-24 11:15     ` Peter Zijlstra
2017-04-24 13:08       ` PaX Team [this message]
2017-04-24 13:33         ` Peter Zijlstra
2017-04-24 15:15           ` PaX Team
2017-04-24 20:40             ` Kees Cook
2017-04-24 22:01               ` Peter Zijlstra
2017-04-24 22:37                 ` Kees Cook
2017-04-25  1:11                   ` [kernel-hardening] " Rik van Riel
2017-04-25  9:05                   ` Peter Zijlstra
2017-04-25 11:26                 ` PaX Team
2017-04-25 16:36                   ` Kees Cook
2017-04-24 20:33     ` Kees Cook
2017-04-25 11:26       ` PaX Team
2017-04-25 16:39         ` Kees Cook
2017-04-26  2:14           ` PaX Team
2017-04-26  4:42             ` Kees Cook
2017-04-24 20:16   ` Kees Cook
2017-04-24 10:45 ` Peter Zijlstra
2017-04-24 20:19   ` Kees Cook
2017-04-24 10:48 ` Peter Zijlstra
2017-04-24 20:21   ` Kees Cook
2017-04-25 10:23 ` Peter Zijlstra
2017-04-25 11:26   ` PaX Team

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=58FDF8C4.5120.17D092B7@pageexec.freemail.hu \
    --to=pageexec@freemail.hu \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=arnd@arndb.de \
    --cc=axboe@kernel.dk \
    --cc=davem@davemloft.net \
    --cc=dwindsor@gmail.com \
    --cc=ebiggers3@gmail.com \
    --cc=elena.reshetova@intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hch@infradead.org \
    --cc=ishkamiel@gmail.com \
    --cc=jann@thejh.net \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).