| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170322125740.85337-1-dvyukov@google.com>
Date: Wed, 22 Mar 2017 13:57:40 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: akpm@...ux-foundation.org, arnd@...db.de, aryabinin@...tuozzo.com
Cc: Dmitry Vyukov <dvyukov@...gle.com>,
Mark Rutland <mark.rutland@....com>,
Peter Zijlstra <peterz@...radead.org>,
Will Deacon <will.deacon@....com>, linux-mm@...ck.org,
x86@...nel.org, linux-kernel@...r.kernel.org,
kasan-dev@...glegroups.com
Subject: [PATCH v2] x86: s/READ_ONCE_NOCHECK/READ_ONCE/ in arch_atomic[64]_read()
Two problems was reported with READ_ONCE_NOCHECK in arch_atomic_read:
1. Andrey Ryabinin reported significant binary size increase
(+400K of text). READ_ONCE_NOCHECK is intentionally compiled to
non-inlined function call, and I counted 640 copies of it in my vmlinux.
2. Arnd Bergmann reported a new splat of too large frame sizes.
A single inlined KASAN check is very cheap, a non-inlined function
call with KASAN/KCOV instrumentation can easily be more expensive.
Switch to READ_ONCE() in arch_atomic[64]_read().
Signed-off-by: Dmitry Vyukov <dvyukov@...gle.com>
Reported-by: Arnd Bergmann <arnd@...db.de>
Reported-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Mark Rutland <mark.rutland@....com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Will Deacon <will.deacon@....com>
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-mm@...ck.org
Cc: x86@...nel.org
Cc: linux-kernel@...r.kernel.org
Cc: kasan-dev@...glegroups.com
Signed-off-by: Dmitry Vyukov <dvyukov@...gle.com>
---
Changes since v1:
- also change arch_atomic64_read()
---
arch/x86/include/asm/atomic.h | 15 ++++++---------
arch/x86/include/asm/atomic64_64.h | 2 +-
2 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
index 0cde164f058a..46e53bbf7ce3 100644
--- a/arch/x86/include/asm/atomic.h
+++ b/arch/x86/include/asm/atomic.h
@@ -24,10 +24,13 @@
static __always_inline int arch_atomic_read(const atomic_t *v)
{
/*
- * We use READ_ONCE_NOCHECK() because atomic_read() contains KASAN
- * instrumentation. Double instrumentation is unnecessary.
+ * Note: READ_ONCE() here leads to double instrumentation as
+ * both READ_ONCE() and atomic_read() contain instrumentation.
+ * This is deliberate choice. READ_ONCE_NOCHECK() is compiled to a
+ * non-inlined function call that considerably increases binary size
+ * and stack usage under KASAN.
*/
- return READ_ONCE_NOCHECK((v)->counter);
+ return READ_ONCE((v)->counter);
}
/**
@@ -39,12 +42,6 @@ static __always_inline int arch_atomic_read(const atomic_t *v)
*/
static __always_inline void arch_atomic_set(atomic_t *v, int i)
{
- /*
- * We could use WRITE_ONCE_NOCHECK() if it exists, similar to
- * READ_ONCE_NOCHECK() in arch_atomic_read(). But there is no such
- * thing at the moment, and introducing it for this case does not
- * worth it.
- */
WRITE_ONCE(v->counter, i);
}
diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h
index de9555d35cb0..d47e880e346b 100644
--- a/arch/x86/include/asm/atomic64_64.h
+++ b/arch/x86/include/asm/atomic64_64.h
@@ -18,7 +18,7 @@
*/
static inline long arch_atomic64_read(const atomic64_t *v)
{
- return READ_ONCE_NOCHECK((v)->counter);
+ return READ_ONCE((v)->counter);
}
/**
--
2.12.1.500.gab5fba24ee-goog
Powered by blists - more mailing lists