On Fri, Nov 11, 2016 at 12:57:14AM +0100, Peter Zijlstra wrote:
> On Thu, Nov 10, 2016 at 03:15:44PM -0800, Kees Cook wrote:
> > On Thu, Nov 10, 2016 at 2:27 PM, Greg KH wrote:
> > > On Thu, Nov 10, 2016 at 10:13:10PM +0100, Peter Zijlstra wrote:
>
> > >> As it stands kref is a pointless wrapper.
On Fri, Nov 11, 2016 at 02:00:34PM +0100, Peter Zijlstra wrote:
> +static inline bool refcount_sub_and_test(int i, refcount_t *r)
> +{
> + unsigned int old, new, val = atomic_read(&r->refs);
> +
> + for (;;) {
regardless of the sub_and_test vs inc_and_test issue, this should
probably also
On Fri, Nov 11, 2016 at 03:39:05PM +0100, Thomas Gleixner wrote:
> On Fri, 11 Nov 2016, Peter Zijlstra wrote:
> > A wee bit like so...
> > +
> > +static inline bool refcount_sub_and_test(int i, refcount_t *r)
>
> Why would we want to expose that at all? refcount_inc() and
> refcount_dec_and_test()
On Fri, 11 Nov 2016, Peter Zijlstra wrote:
> A wee bit like so...
> +
> +static inline bool refcount_sub_and_test(int i, refcount_t *r)
Why would we want to expose that at all? refcount_inc() and
refcount_dec_and_test() is what is required for refcounting.
I know there are a few users of kref_sub
On Fri, Nov 11, 2016 at 01:47:55PM +0100, Peter Zijlstra wrote:
> On Fri, Nov 11, 2016 at 12:41:27PM +, Mark Rutland wrote:
> > Regardless of atomic_t semantics, a refcount_t would be far more obvious
> > to developers than atomic_t and/or kref, and better documents the intent
> > of code usin
On Fri, Nov 11, 2016 at 12:41:27PM +, Mark Rutland wrote:
> On Fri, Nov 11, 2016 at 01:29:21AM +0100, Colin Vidal wrote:
> > I wonder if we didn't make a confusion between naming and
> > specifications. I have thought about Kees idea and what you're saying:
> >
> > - The name "atomic_t" name
On Fri, Nov 11, 2016 at 01:29:21AM +0100, Colin Vidal wrote:
> On Fri, 2016-11-11 at 00:57 +0100, Peter Zijlstra wrote:
> > On Thu, Nov 10, 2016 at 03:15:44PM -0800, Kees Cook wrote:
> > > On Thu, Nov 10, 2016 at 2:27 PM, Greg KH
> > > wrote:
> > > > On Thu, Nov 10, 2016 at 10:13:10PM +0100, Pete
On Thu, 2016-11-10 at 13:23 -0800, Kees Cook wrote:
> If we don't use opt-out for atomics, we're going to be in the same
> situation where we have to constantly review every commit with an
> atomic for exploitable refcount flaws. Kicking this down from
> "privilege escalation" to "DoS" is a signif
On Thu, Nov 10, 2016 at 3:56 PM, Kees Cook wrote:
> On Thu, Nov 10, 2016 at 12:37 PM, Peter Zijlstra wrote:
>> On Thu, Nov 10, 2016 at 10:24:35PM +0200, Elena Reshetova wrote:
>>> This series brings the PaX/Grsecurity PAX_REFCOUNT
>>> feature support to the upstream kernel. All credit for the
>>>
On Fri, 2016-11-11 at 00:57 +0100, Peter Zijlstra wrote:
> On Thu, Nov 10, 2016 at 03:15:44PM -0800, Kees Cook wrote:
> >
> > On Thu, Nov 10, 2016 at 2:27 PM, Greg KH wrote:
> > >
> > > On Thu, Nov 10, 2016 at 10:13:10PM +0100, Peter Zijlstra wrote:
>
> >
> > >
> > > >
> > > > As it stands k
On Thu, Nov 10, 2016 at 03:15:44PM -0800, Kees Cook wrote:
> On Thu, Nov 10, 2016 at 2:27 PM, Greg KH wrote:
> > On Thu, Nov 10, 2016 at 10:13:10PM +0100, Peter Zijlstra wrote:
> >> As it stands kref is a pointless wrapper. If it were to provide
> >> something actually useful, like wrap protectio
On Thu, Nov 10, 2016 at 03:15:44PM -0800, Kees Cook wrote:
> (PeterZ went missing from your reply? I've added him back to the thread...)
argh, not intentional at all, thanks for that...
> On Thu, Nov 10, 2016 at 2:27 PM, Greg KH wrote:
> > On Thu, Nov 10, 2016 at 10:13:10PM +0100, Peter Zijlstra
(PeterZ went missing from your reply? I've added him back to the thread...)
On Thu, Nov 10, 2016 at 2:27 PM, Greg KH wrote:
> On Thu, Nov 10, 2016 at 10:13:10PM +0100, Peter Zijlstra wrote:
>> On Thu, Nov 10, 2016 at 08:48:38PM +, Will Deacon wrote:
>> > > That said, I still don't much like t
On Thu, Nov 10, 2016 at 10:13:10PM +0100, Peter Zijlstra wrote:
> On Thu, Nov 10, 2016 at 08:48:38PM +, Will Deacon wrote:
> > > That said, I still don't much like this.
> > >
> > > I would much rather you make kref useful and use that. It still means
> > > you get to audit all refcounts in th
On Thu, Nov 10, 2016 at 4:27 PM, Kees Cook wrote:
> On Thu, Nov 10, 2016 at 1:23 PM, David Windsor wrote:
>> On Thu, Nov 10, 2016 at 4:01 PM, Kees Cook wrote:
>>> On Thu, Nov 10, 2016 at 12:48 PM, Will Deacon wrote:
On Thu, Nov 10, 2016 at 09:37:49PM +0100, Peter Zijlstra wrote:
> On T
On Thu, Nov 10, 2016 at 04:23:08PM -0500, David Windsor wrote:
> Discussions have been occurring since KSPP has begun: do we need a
Note that I was not included in any of that. If you hide in a corner on
the intartubes don't be surprised people have no clue what you're on
about.
> specialized typ
On Thu, Nov 10, 2016 at 1:23 PM, David Windsor wrote:
> On Thu, Nov 10, 2016 at 4:01 PM, Kees Cook wrote:
>> On Thu, Nov 10, 2016 at 12:48 PM, Will Deacon wrote:
>>> On Thu, Nov 10, 2016 at 09:37:49PM +0100, Peter Zijlstra wrote:
On Thu, Nov 10, 2016 at 10:24:35PM +0200, Elena Reshetova wro
On Thu, Nov 10, 2016 at 4:01 PM, Kees Cook wrote:
> On Thu, Nov 10, 2016 at 12:48 PM, Will Deacon wrote:
>> On Thu, Nov 10, 2016 at 09:37:49PM +0100, Peter Zijlstra wrote:
>>> On Thu, Nov 10, 2016 at 10:24:35PM +0200, Elena Reshetova wrote:
>>> > This series brings the PaX/Grsecurity PAX_REFCOUNT
18 matches
Mail list logo