On Tue, 2017-03-21 at 16:51 -0700, Kees Cook wrote: > Am I understanding you correctly that you'd want something like: > > refcount.h: > #ifdef UNPROTECTED_REFCOUNT > #define refcount_inc(x) atomic_inc(x) > ... > #else > void refcount_inc(... > ... > #endif > > some/net.c: > #define UNPROTECTED_REFCOUNT > #include <refcount.h> > > or similar? At first, it could be something simple like that yes. Note that we might define two refcount_inc() : One that does whole tests, and refcount_inc_relaxed() that might translate to atomic_inc() on non debug kernels. Then later, maybe provide a dynamic infrastructure so that we can dynamically force the full checks even for refcount_inc_relaxed() on say 1% of the hosts, to get better debug coverage ?
