On Fri, Feb 3, 2017 at 5:25 AM, Peter Zijlstra <pet...@infradead.org> wrote: > Provide refcount_t, an atomic_t like primitive built just for > refcounting. > > It provides saturation semantics such that overflow becomes impossible > and thereby 'spurious' use-after-free is avoided.
Wheee :) Thanks for working on this > > Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org> > --- > [...] > --- a/lib/Kconfig.debug > +++ b/lib/Kconfig.debug > @@ -716,6 +716,19 @@ source "lib/Kconfig.kmemcheck" > > source "lib/Kconfig.kasan" > > +config DEBUG_REFCOUNT > + bool "Verbose refcount checks" > + --help-- Quick feedback as I start playing with this: this isn't valid Kconfig syntax (build breaks). It should either be "---help---" or just "help", latter preferred. > + Say Y here if you want reference counters (refcount_t and kref) to > + generate WARNs on dubious usage. Without this refcount_t will still > + be a saturating counter and avoid Use-After-Free by turning it into > + a resource leak Denial-Of-Service. > + > + Use of this option will increase kernel text size but will alert the > + admin of potential abuse. > + > + If in doubt, say "N". > + > endmenu # "Memory Debugging" > > config ARCH_HAS_KCOV > > -Kees -- Kees Cook Pixel Security
