On Tue, Jul 03, 2018 at 11:30:38AM -0700, Kees Cook wrote:
> On Tue, Jul 3, 2018 at 3:01 AM, Mark Rutland <mark.rutl...@arm.com> wrote:
> > In many cases, it would be useful to be able to use the full
> > sanity-checked refcount helpers regardless of CONFIG_REFCOUNT_FULL, as
> > this would help to avoid duplicate warnings where callers try to
> > sanity-check refcount manipulation.
> >
> > This patch refactors things such that the full refcount helpers were
> > always built, as refcount_${op}_checked(), such that they can be used
> > regardless of CONFIG_REFCOUNT_FULL. This will allow code which *always*
> > wants a checked refcount to opt-in, avoiding the need to duplicate the
> > logic for warnings.
> >
> > There should be no functional change as a result of this patch.
> >
> > Signed-off-by: Mark Rutland <mark.rutl...@arm.com>
> > Cc: Boqun Feng <boqun.f...@gmail.com>
> > Cc: David Sterba <dste...@suse.com>
> > Cc: Ingo Molnar <mi...@kernel.org>
> > Cc: Kees Cook <keesc...@chromium.org>
> > Cc: Peter Zijlstra <pet...@infradead.org>
> > Cc: Peter Zijlstra <pet...@infradead.org>
> > Cc: Will Deacon <will.dea...@arm.com>
>
> Looks good to me! Thanks for doing this. :)
Thank David; I rather stole his thunder here.
> Acked-by: Kees Cook <keesc...@chromium.org>
>
> > ---
> > include/linux/refcount.h | 27 +++++++++++++++++-------
> > lib/refcount.c | 53
> > +++++++++++++++++++++++-------------------------
> > 2 files changed, 45 insertions(+), 35 deletions(-)
> >
> > Dave pointed out that it would be useful to be able to opt-in to full checks
> > regardless of CONFIG_REFCOUNT_FULL, so that we can simplify callsites where
> > we
> > always want checks. I've spotted a few of these in code which is still
> > awaiting
> > conversion.
>
> Yeah, I need to go through the cocci output -- Elena had several
> outstanding patches that never got picked up.
>
> > I'm assuming that the atomics group is intended to own the refcount code,
> > even
> > though this isn't currently the case in MAINTAINERS.
>
> That's how it has landed in the past, yes, but if there is a
> dependency on these for code that will use it, maybe it should go that
> way?
That sounds reasonable to me. I was just wanted to be clear as to why I'd Cc'd
the atomics maintainers. :)
I'll spin a v2 with the fixup Andrea noted.
Thanks,
Mark.
