Re: [kernel-hardening] Re: [RFC v4 PATCH 00/13] HARDENED_ATOMIC

From: Rik van Riel
Date: Thu Nov 10 2016 - 23:35:07 EST

Next message: kbuild test robot: "Re: [PATCH 05/35] staging: lustre: llog: fix wrong offset in llog_process_thread()"
Previous message: Stefan Agner: "Re: [PATCH v2 1/3] ARM: dts: imx6qdl-apalis: Do not rely on DDC I2C bus bitbang for HDMI"
In reply to: Kees Cook: "Re: [RFC v4 PATCH 00/13] HARDENED_ATOMIC"
Next in thread: Greg KH: "Re: [kernel-hardening] Re: [RFC v4 PATCH 00/13] HARDENED_ATOMIC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2016-11-10 at 13:23 -0800, Kees Cook wrote:

> If we don't use opt-out for atomics, we're going to be in the same
> situation where we have to constantly review every commit with an
> atomic for exploitable refcount flaws. Kicking this down from
> "privilege escalation" to "DoS" is a significant change in the
> kernel's weaknesses.

The only way I see around that would be to totally get
rid of the name atomic_t, forcing people with out of
tree code to use kref_t, or whatever name we pick for
the variable type that can wrap.

Something like checkpatch or a patch checking bot
could warn whenever new code is submitted that uses
the counter type that can wrap.

Not sure whether I like my idea :)

--
All Rights Reversed.

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: kbuild test robot: "Re: [PATCH 05/35] staging: lustre: llog: fix wrong offset in llog_process_thread()"
Previous message: Stefan Agner: "Re: [PATCH v2 1/3] ARM: dts: imx6qdl-apalis: Do not rely on DDC I2C bus bitbang for HDMI"
In reply to: Kees Cook: "Re: [RFC v4 PATCH 00/13] HARDENED_ATOMIC"
Next in thread: Greg KH: "Re: [kernel-hardening] Re: [RFC v4 PATCH 00/13] HARDENED_ATOMIC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]