Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S977599AbdDXUdg (ORCPT ); Mon, 24 Apr 2017 16:33:36 -0400 Received: from mail-io0-f170.google.com ([209.85.223.170]:35420 "EHLO mail-io0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S976656AbdDXUdN (ORCPT ); Mon, 24 Apr 2017 16:33:13 -0400 MIME-Version: 1.0 In-Reply-To: <58FDDAC2.11341.175B5A99@pageexec.freemail.hu> References: <20170421220939.GA65363@beast> <20170424083250.h2wv2exbi4ytigac@hirez.programming.kicks-ass.net> <58FDDAC2.11341.175B5A99@pageexec.freemail.hu> From: Kees Cook Date: Mon, 24 Apr 2017 13:33:11 -0700 X-Google-Sender-Auth: MwADEvth9Z5WPXuD7HNZYMaI-Y8 Message-ID: Subject: Re: [PATCH] x86/refcount: Implement fast refcount_t handling To: PaX Team Cc: Peter Zijlstra , LKML , Eric Biggers , Christoph Hellwig , "axboe@kernel.dk" , James Bottomley , Elena Reshetova , Hans Liljestrand , David Windsor , "x86@kernel.org" , Ingo Molnar , Arnd Bergmann , Greg Kroah-Hartman , Jann Horn , "David S. Miller" , linux-arch , "kernel-hardening@lists.openwall.com" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1092 Lines: 26 On Mon, Apr 24, 2017 at 4:00 AM, PaX Team wrote: > On 24 Apr 2017 at 10:32, Peter Zijlstra wrote: > >> On Fri, Apr 21, 2017 at 03:09:39PM -0700, Kees Cook wrote: >> > This patch ports the x86-specific atomic overflow handling from PaX's >> > PAX_REFCOUNT to the upstream refcount_t API. This is an updated version >> > from PaX that eliminates the saturation race condition by resetting the >> > atomic counter back to the INT_MAX saturation value on both overflow and >> > underflow. To win a race, a system would have to have INT_MAX threads >> > simultaneously overflow before the saturation handler runs. > > note that the above is wrong (and even contradicting itself and the code). True, this changelog could be more accurate (it resets to INT_MAX on overflow and INT_MIN on underflow). I think I'm right in saying that a system would need INT_MAX threads running a refcount_inc() (and a refcount_dec_and_test() at exactly the right moment) before the reset handler got scheduled, though, yes? I'll attempt to clarify this. -Kees -- Kees Cook Pixel Security