Re: [tip:locking/core] refcount_t: Introduce a special purpose refcount type
From: Kees Cook
Date: Mon Feb 13 2017 - 12:49:01 EST
On Mon, Feb 13, 2017 at 6:34 AM, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> On Fri, Feb 10, 2017 at 12:31:15AM -0800, tip-bot for Peter Zijlstra wrote:
>> Commit-ID: f405df5de3170c00e5c54f8b7cf4766044a032ba
>> Gitweb: http://git.kernel.org/tip/f405df5de3170c00e5c54f8b7cf4766044a032ba
>> Author: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
>> AuthorDate: Mon, 14 Nov 2016 18:06:19 +0100
>> Committer: Ingo Molnar <mingo@xxxxxxxxxx>
>> CommitDate: Fri, 10 Feb 2017 09:04:19 +0100
>>
>> refcount_t: Introduce a special purpose refcount type
>>
>> Provide refcount_t, an atomic_t like primitive built just for
>> refcounting.
>>
>> It provides saturation semantics such that overflow becomes impossible
>> and thereby 'spurious' use-after-free is avoided.
>>
>> Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
>
> ---
> Subject: refcount: Out-of-line everything
> From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Date: Fri Feb 10 16:27:52 CET 2017
>
> Linus asked to please make this real C code.
No objection from me, but I'm curious to see the conversation. Where
did this discussion happen? (I'm curious to see the reasoning behind
the decisions about the various trade-offs.)
> And since size then isn't an issue what so ever anymore, remove the
> debug knob and make all WARN()s unconditional.
Are you still going to land the x86 WARN_ON improvements?
-Kees
--
Kees Cook
Pixel Security