lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 20 Feb 2017 12:30:30 +0000
From:   "Reshetova, Elena" <>
To:     Andy Shevchenko <>
CC:     "" <>,
        "Peter Zijlstra (Intel)" <>,
        Greg Kroah-Hartman <>,
        Andrew Morton <>,
        "" <>,
        Ingo Molnar <>,
        Alexey Dobriyan <>,
        "Serge E. Hallyn" <>,
        "" <>,
        "" <>
Subject: RE: [PATCH 0/3] ipc subsystem refcounter conversions

> On Mon, Feb 20, 2017 at 1:29 PM, Elena Reshetova
> <> wrote:
> > Now when new refcount_t type and API are finally merged
> > (see include/linux/refcount.h), the following
> > patches convert various refcounters in the ipc susystem from atomic_t
> > to refcount_t. By doing this we prevent intentional or accidental
> > underflows or overflows that can led to use-after-free vulnerabilities.
> >
> > The below patches are fully independent and can be cherry-picked separately.
> > Since we convert all kernel subsystems in the same fashion, resulting
> > in about 300 patches, we have to group them for sending at least in some
> > fashion to be manageable. Please excuse the long cc list.
> Is that done using coccinelle?

Yes and no. 
The *finding* of cases that should be converted was done using coccinelle, but actual conversion was done manually for each case and not via semantic patch. 
There were many false-positives and all kind of other issues, so we had to analyse each variable separately to the extend we understand the code.  

> Can I see the semantic patch (sorry if I missed it earlier)?

Attached is the one we used to initially find variables. 

Best Regards,

Download attachment "atomic_as_refount.cocci" of type "application/octet-stream" (1339 bytes)

Powered by blists - more mailing lists