Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp2387925ybl; Sat, 31 Aug 2019 13:55:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqydOGWq+Vt8LNr/oy7S7KAABZIpt5Ii01ePR8XbHxDwMczfWlSi04SOLL3neozVcdbLrxkS X-Received: by 2002:a17:90a:148:: with SMTP id z8mr5452312pje.96.1567284930043; Sat, 31 Aug 2019 13:55:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567284930; cv=none; d=google.com; s=arc-20160816; b=ErIWM5vJ63IskqYFIfwNkJAnUoJztphv1KxP6qXR72WpXd64dQkfY4Rq7NUnc1ldqD GWMFKUsUIczmJ4roN2oW+XzKdlA9O3yI7LsEqHsaF/JLGYGJCarjjbxTSYWFwvdefP5W 0l6FRg2agurF7zbBa1Nf3COWcYCwFK50lH9nXLWxKkr0J8LDqKSMIysQp1yImY+/7a9i XsLHY+1HzsK6EgYaKlYxOvySqNEJfJEGtFBvaG3A7yDXS7hq/pbqQuiDqvOQgwyF79jf e1sE6DpsH5RzKtj3ORyPPA0b2WlruW0oE1gUxJlTOLTsAtxRmTMpfRIq3ZVbxT3QtxWG pfxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=vVpAvUDIIJB/rBiWdRSCp24noGQbpHdLhKRNzvEE/U4=; b=KN6LnsThg5qJR046oCtBkaEyHYBiVhFu9r0H0xkPWbkB1/KYFvUgywLl3iyw2C+J0D VSXlpFr6iV9OmhJJRJE9syQYvo4Q+t1Ke4C619EaSTWh5FmvvHrbb4PVpE7Pa4r7ovyx OG/3kt7kTjJPYP7DgaPvf8tj1b1CTsK5jDVLtjsPu+wHq22gp2j6HkM6n9X8xx5l1uya XRePglqMLFPCdsRHyrXGCyLt73mpZs13AWo7WMrayLSGDTv8kNEWsyHezqJDmmySRfrN vjo+s0GNjhlFjPkRpuaudulPZbm7J5oxOvtZgZTVRMabD+1NK+84Xq+O4E1/kz5U3vX8 5GLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=nsOW6T6L; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a203si2504344pfa.82.2019.08.31.13.55.14; Sat, 31 Aug 2019 13:55:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=nsOW6T6L; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728555AbfHaUyY (ORCPT + 99 others); Sat, 31 Aug 2019 16:54:24 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:40663 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728512AbfHaUyX (ORCPT ); Sat, 31 Aug 2019 16:54:23 -0400 Received: by mail-wr1-f66.google.com with SMTP id c3so10206214wrd.7 for ; Sat, 31 Aug 2019 13:54:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vVpAvUDIIJB/rBiWdRSCp24noGQbpHdLhKRNzvEE/U4=; b=nsOW6T6Ln7H6VoO1w0TdKL+n+bCxdQIg5mV76Up0msQFVNLwvZmlf44egKbADEp2/T /QfnTIbzeVyGiKDdY4eR5ETL/U9c6HwLawqimpMtuWepi+TaJjXVff1nNLFAHMTYPkH/ wsrd36zt7GdmCrrN3xFmPQwRAZV8laLqDazcovK9H10t3nn89uicx22wJGA8yK4N9QCE lRbFRL2+vIz5Q3CNumVrnlX+xygjtPKqNmudodf/I/oOZ+8NHMfc07REAE938MVz37ck /swarB07BIgtGigOP4JZ2Og0bwZIiKR7JEPIxZTPw748Vu6uJbsFWYPdpKTWQCLl6Cf2 R0iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vVpAvUDIIJB/rBiWdRSCp24noGQbpHdLhKRNzvEE/U4=; b=MtmyathDbqDuFiKLVzE3ViBaGCjz3XQ0Csv68U4UkBx5RRoZtJjXKBGFXBTgFRYr7I 2Du8hRtSjlQIth7XwRQyfGL4nPWoJq+cDb50f4eV6g667g/SyK1Evv00cQK7g2+Qmq5Q DCRtXka4ydbXfNyjIAEwSp9QZYltaO6bhoj2WBC6MyIPIcobRYUx9TXuIon1RnFmYrs4 2JwB4FFoOutYogsFBYj36S+D1UtBYefkyuPqWuzkv1OpZ/Zc6xRtowJ6By9J7+1J83z5 QjPuGH+o8sct6V8BuAXxwVNGa+xEUCEmro4yYmGFmcMeYSqi0/HqWqyVhV9iMMDmN9dp Dteg== X-Gm-Message-State: APjAAAX9eA/ivFZ5HGp3LenpP/FqY45XUwqAh93vdiWw6UIlwDS0M/I2 EgGvi7OV8r69YOKjNYWF09C2mGFxpMU6KG4ElB1Htg== X-Received: by 2002:adf:9e09:: with SMTP id u9mr26622524wre.169.1567284862130; Sat, 31 Aug 2019 13:54:22 -0700 (PDT) MIME-Version: 1.0 References: <20190827163204.29903-1-will@kernel.org> <20190828073052.GL2332@hirez.programming.kicks-ass.net> <20190828141439.sqnpm5ff4tgyn66r@willie-the-truck> <201908281353.0EFD0776@keescook> <201908311200.926B5C0F@keescook> In-Reply-To: <201908311200.926B5C0F@keescook> From: Ard Biesheuvel Date: Sat, 31 Aug 2019 23:54:11 +0300 Message-ID: Subject: Re: [PATCH v2 0/6] Rework REFCOUNT_FULL using atomic_fetch_* operations To: Kees Cook Cc: Will Deacon , Peter Zijlstra , Linux Kernel Mailing List , Ingo Molnar , Elena Reshetova , Hanjun Guo , Jan Glauber Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 31 Aug 2019 at 22:02, Kees Cook wrote: > > On Sat, Aug 31, 2019 at 08:48:56PM +0300, Ard Biesheuvel wrote: > > It's been ~2 years since I looked at this code in detail, but IIRC, it > > looked like the inc-from-zero check was missing from the x86 > > implementation because it requires a load/compare/increment/store > > sequence instead of a single increment instruction taking a memory > > operand. Was there more rationale at the time for omitting this > > particular case, and if so, was it based on a benchmark? Can we run it > > against this implementation as well? > > It was based on providing a protection against the pre-exploitation case > (overflow: "something bad is about to happen, let's stop it") rather > than the post-exploitation case (inc from zero, "something bad already > happened, eek") with absolutely the fewest possible extra cycles, as > various subsystem maintainers had zero tolerance for any measurable > changes in refcounting performance. > Ah, of course. > I much prefer the full coverage, even if it's a tiny bit slower. And > based on the worse-case timings (where literally nothing else is > happening) it seems like these changes should be WELL under the noise. > Agreed.