lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 11 Jul 2018 06:49:46 +0100
From:   Mark Rutland <mark.rutland@....com>
To:     dsterba@...e.cz, linux-kernel@...r.kernel.org,
        Will Deacon <will.deacon@....com>,
        Kees Cook <keescook@...omium.org>,
        Boqun Feng <boqun.feng@...il.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...nel.org>
Subject: Re: [PATCH] refcount: always allow checked forms

On Wed, Jul 04, 2018 at 10:46:41AM +0200, David Sterba wrote:
> On Tue, Jul 03, 2018 at 11:01:02AM +0100, Mark Rutland wrote:
> > In many cases, it would be useful to be able to use the full
> > sanity-checked refcount helpers regardless of CONFIG_REFCOUNT_FULL, as
> > this would help to avoid duplicate warnings where callers try to
> > sanity-check refcount manipulation.
> > 
> > This patch refactors things such that the full refcount helpers were
> > always built, as refcount_${op}_checked(), such that they can be used
> > regardless of CONFIG_REFCOUNT_FULL. This will allow code which *always*
> > wants a checked refcount to opt-in, avoiding the need to duplicate the
> > logic for warnings.
> > 
> > There should be no functional change as a result of this patch.
> > 
> > Signed-off-by: Mark Rutland <mark.rutland@....com>
> > Cc: Boqun Feng <boqun.feng@...il.com>
> > Cc: David Sterba <dsterba@...e.com>
> > Cc: Ingo Molnar <mingo@...nel.org>
> > Cc: Kees Cook <keescook@...omium.org>
> > Cc: Peter Zijlstra <peterz@...radead.org>
> > Cc: Peter Zijlstra <peterz@...radead.org>
> > Cc: Will Deacon <will.deacon@....com>
> 
> I dare to give it my
> 
> Reviewed-by: David Sterba <dsterba@...e.com>

Cheers!

> as my POC implementations were crap and Mark's version is much better.

Please don't think that your implementations were bad; I just already had an
idea as to what this could look like.

> > ---
> >  include/linux/refcount.h | 27 +++++++++++++++++-------
> >  lib/refcount.c           | 53 +++++++++++++++++++++++-------------------------
> >  2 files changed, 45 insertions(+), 35 deletions(-)
> > 
> > Dave pointed out that it would be useful to be able to opt-in to full checks
> > regardless of CONFIG_REFCOUNT_FULL, so that we can simplify callsites where we
> > always want checks. I've spotted a few of these in code which is still awaiting
> > conversion.
> 
> The motivation was code like
> 
> 	WARN_ON(refcount_read(&ref));
> 	if (refcount_dec_and_test(&ref)) { ... }
> 
> so the warning is redundant for REFCOUNT_FULL, but I'm going to use the
> _checked versions everywhere the performance of refcounts is not
> critical.

If you will have conversion patches, do you want to pick this up as the start
of a series?

Thanks,
Mark.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ