lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 19 Aug 2021 17:19:38 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Will Deacon <will@...nel.org>
Cc:     Andrew Morton <akpm@...ux-foundation.org>, bp@...en8.de,
        Xiyu Yang <xiyuyang19@...an.edu.cn>,
        Alistair Popple <apopple@...dia.com>,
        Yang Shi <shy828301@...il.com>,
        Shakeel Butt <shakeelb@...gle.com>,
        Hugh Dickins <hughd@...gle.com>,
        Miaohe Lin <linmiaohe@...wei.com>,
        linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        yuanxzhang@...an.edu.cn, Xin Tan <tanxin.ctf@...il.com>,
        Will Deacon <will.deacon@....com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        dhowells@...hat.com
Subject: Re: [PATCH] mm/rmap: Convert from atomic_t to refcount_t on
 anon_vma->refcount

On Thu, Aug 19, 2021 at 04:06:45PM +0200, Peter Zijlstra wrote:
> > 
> >   * We can implement (1) by checking if we hit zero (ZF=1)
> >   * We can implement (2) by checking if the new value is < 0 (SF=1).
> >     We then need to catch the case where the old value was < 0 but the
> >     new value is 0. I think this is (SF=0 && OF=1).
> > 
> > So maybe the second check is actually SF != OF? I could benefit from some
> > x86 expertise here, but hopefully you get the idea.
> 
> Right, so the first condition is ZF=1, we hit zero.
> The second condition is SF=1, the result is negative.
> 
> I'm not sure we need OF, if we hit that condition we've already lost.
> But it's easy enough to add I suppose.

If we can skip the OF... we can do something like this:

static inline bool refcount_dec_and_test(refcount_t *r)
{
	asm_volatile_goto (LOCK_PREFIX "decl %[var]\n\t"
			   "jz %l[cc_zero]\n\t"
			   "jns 1f\n\t"
			   "ud1 %[var], %%ebx\n\t"
			   "1:"
			   : : [var] "m" (r->refs.counter)
			   : "memory" : cc_zero);

	return false;

cc_zero:
	smp_acquire__after_ctrl_dep();
	return true;
}

where we encode the whole refcount_warn_saturate() thing into UD1. The
first argument is @r and the second argument the REFCOUNT_* thing
encoded in register space.

It would mean adding something 'clever' to the #UD handler that decodes
the trapping instruction and extracts these arguments, but this is the
smallest I could get it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ