lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Nov 2016 11:34:49 -0800 From: Kees Cook <keescook@...omium.org> To: Peter Zijlstra <peterz@...radead.org> Cc: Greg KH <gregkh@...uxfoundation.org>, Will Deacon <will.deacon@....com>, "Reshetova, Elena" <elena.reshetova@...el.com>, Arnd Bergmann <arnd@...db.de>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, David Windsor <dave@...gbits.org>, LKML <linux-kernel@...r.kernel.org>, Alexei Starovoitov <alexei.starovoitov@...il.com>, Daniel Borkmann <daniel@...earbox.net> Subject: Re: [RFC][PATCH 2/7] kref: Add kref_read() On Thu, Nov 17, 2016 at 12:34 AM, Peter Zijlstra <peterz@...radead.org> wrote: > On Wed, Nov 16, 2016 at 10:58:38AM -0800, Kees Cook wrote: >> What I mean to say is that while the refcnt here should clearly be >> converted to kref or refcount_t, it looks like locked_vm should become >> a new stats_t. However, it seems weird for locked_vm to ever wrap >> either... > > No, its not a statistic. Also, I'm far from convinced stats_t is an > actually useful thing to have. It's useful because its introduction creates a type that can't be trivially used for refcounting (i.e. hard to make the mistake of using stats_t for refcounting), and replacing atomic_t statistic counters with stats_t reduces the effort required to do the initial (and on-going) audit for misuse of atomic_t as a refcounter. > refcount_t brought special semantics that clearly are different from > regular atomic_t, stats_t would not, so why would it need to exist. Your original suggestion about stats_t showed how its accessor API would be a very small subset of the regular atomic_t set. I think that reduction in accidental misuse has value. > Not to mention that you seem over eager to apply it, which doesn't > inspire confidence. I'd like to get to the point where auditing for mistakes in this area is tractable. :) If atomic_t is only used for non-stats and non-refcount, it's much much easier to examine and reason about. -Kees -- Kees Cook Nexus Security
Powered by blists - more mailing lists