On Tue, 2016-11-15 at 09:23 -0800, Kees Cook wrote: > On Tue, Nov 15, 2016 at 8:50 AM, Rik van Riel > wrote: > > > > On Mon, 2016-11-14 at 12:31 -0800, Kees Cook wrote: > > >  > > > Keeping the implementation details of refcount_t and stats_t > > > opaque > > > to > > > the users should discourage misuse... > > > > I suspect a lack of inc_not_zero and dec_and_test would > > be the biggest things discouraging misuse of stats_t > > for reference counting :) > > Right, but it's the continuing atomic_t use that concerns me... Can we remove inc_not_zero and dec_and_test functionality from the atomic_t macros? It would require fixing all of the in tree code, and after that people with out of tree code would have to switch to refcount_t to make their code work again. -- All Rights Reversed.