lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jKT3So5KcKG5_BOZVtw7HtBn5-g8HpzWSSspmkczZNWTA@mail.gmail.com> Date: Wed, 22 Mar 2017 12:08:03 -0700 From: Kees Cook <keescook@...omium.org> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Peter Zijlstra <peterz@...radead.org>, Herbert Xu <herbert@...dor.apana.org.au>, David Miller <davem@...emloft.net>, "Reshetova, Elena" <elena.reshetova@...el.com>, Network Development <netdev@...r.kernel.org>, bridge@...ts.linux-foundation.org, LKML <linux-kernel@...r.kernel.org>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, James Morris <jmorris@...ei.org>, Patrick McHardy <kaber@...sh.net>, Stephen Hemminger <stephen@...workplumber.org>, Hans Liljestrand <ishkamiel@...il.com>, David Windsor <dwindsor@...il.com>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH 07/17] net: convert sock.sk_refcnt from atomic_t to refcount_t On Tue, Mar 21, 2017 at 7:03 PM, Eric Dumazet <eric.dumazet@...il.com> wrote: > On Tue, 2017-03-21 at 16:51 -0700, Kees Cook wrote: > >> Am I understanding you correctly that you'd want something like: >> >> refcount.h: >> #ifdef UNPROTECTED_REFCOUNT >> #define refcount_inc(x) atomic_inc(x) >> ... >> #else >> void refcount_inc(... >> ... >> #endif >> >> some/net.c: >> #define UNPROTECTED_REFCOUNT >> #include <refcount.h> >> >> or similar? > > At first, it could be something simple like that yes. > > Note that we might define two refcount_inc() : One that does whole > tests, and refcount_inc_relaxed() that might translate to atomic_inc() > on non debug kernels. > > Then later, maybe provide a dynamic infrastructure so that we can > dynamically force the full checks even for refcount_inc_relaxed() on say > 1% of the hosts, to get better debug coverage ? Well, this isn't about finding bugs in normal workflows. This is about catching bugs that attackers have found and start exploiting to gain a use-after-free primitive. The intention is for it to be always enabled. -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists