On Sat, May 27, 2017 at 12:58:14PM -0700, Kees Cook wrote: > FAST_REFCOUNT=n: use function-based refcount_t with cmpxvhg and > full-verification > FAST_REFCOUNT=y without arch-specific implementation: use atomic_t > with no verification (i.e. no functional change from now) > FAST_REFCOUNT=y with arch-specific implementation: use atomic_t with > overflow protection > > which means FAST_REFCOUNT would need to be default-on so that mm, > block, net users will remain happy. > > Does that sound reasonable?
I'd rather turn the options around so that the atomic_t or fast arch implementations are the defaul. But either way it needs to be configurable. Once that is done we can spread refcount_t everywhere and everyone will be better off, if only for the documentation value of the type when they use the atomic_t based implementation.
