On 25 Apr 2017 at 15:56, Kees Cook wrote: > This protection is a modified version of the x86 PAX_REFCOUNT > implementation from PaX/grsecurity. This speeds up the refcount_t API by > duplicating the existing atomic_t implementation with a single instruction > added to detect if the refcount has wrapped past INT_MAX (or below 0) > resulting in a signed value. 'signed value' sounds somewhat ambiguous given that in C a signed type (such as the one beneath refcount_t) can have both negative and positive values yet you didn't mean the latter here i guess. > Various differences from PaX: > - uses "js" instead of "jo" to trap all signed results instead of just > under/overflow transitions there're differences in my 4.11 port but this isn't one of them.