Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAGXu5jLqy1UchipmcgsUrXiWP0zfwjGAgfxcKUYkbQ9a_e2V_g@mail.gmail.com>
Date: Tue, 24 Nov 2015 12:04:18 -0800
From: Kees Cook <keescook@...omium.org>
To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: status: PAX_REFCOUNT

On Tue, Nov 24, 2015 at 11:37 AM, David Windsor <dave@...141.net> wrote:
> I'm currently in the process of splitting PAX_REFCOUNT.
>
> It looks to touch a massive number of files.  Many of the modifications
> occur in drivers:
>
> dave@...ontium:~/src/linux-grsec-4.2$ grep -ril "atomic.*unchecked" | wc -l
> 402
> dave@...ontium:~/src/linux-grsec-4.2$ grep -ril "atomic.*unchecked" drivers/
> | wc -l
> 158

Interesting there are so many intentional overflows. I think the
hardest part for getting this series upstream will be sticking to our
principle of not needing a developer to "opt in" to the protection. I
still think this is a compelling reason to keep it as-is, but it
should be an interesting discussion. :)

> As it stands, I'm trying to come up with a good way to split the patches.
> I'm currently going with a scheme of creating separate patches per kernel
> subsystem, further separating by component type (filesystems, drivers,
> etc.).  For instance, for patches touching fs/, I've created a patch for
> filesystem-independent changes, then separate patches for each individual
> filesystem's changes.  Extrapolated over the entire kernel, I estimate this
> strategy will produce approximately between 50 and 75 patches.

That'll be a lot of patches. I wonder if we could break it up by
top-level maintainer? i.e. everything in drivers would go in one
patch, etc?

> I'm moving my way through the tree and will hopefully have an RFC submission
> soon.

Great! Are you working on this full-time? (If not, would potential CII
funding help at all?)

I'll send an lkdtm patch that'll twiddle the atomic type, so you have
something to validate it with.

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.