[PATCH v3] refcount: Create unchecked atomic_t implementation

[PATCH v3] refcount: Create unchecked atomic_t implementation

[Kees Cook]

Many subsystems will not use refcount_t unless there is a way to build the
kernel so that there is no regression in speed compared to atomic_t. This
adds CONFIG_REFCOUNT_FULL to enable the full refcount_t implementation
which has the validation but is slightly slower. When not enabled,
refcount_t uses the basic unchecked atomic_t routines, which results in
no code changes compared to just using atomic_t directly.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
v3: unbreak slightly long lines; Ingo. Add Greg's Ack.
v2: use better atomic ops; Elena and Peter.
---
 arch/Kconfig             |  9 +++++++++
 include/linux/refcount.h | 42 ++++++++++++++++++++++++++++++++++++++++++
 lib/refcount.c           |  3 +++
 3 files changed, 54 insertions(+)

diff --git a/arch/Kconfig b/arch/Kconfig
index 6c00e5b00f8b..fba3bf186728 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -867,4 +867,13 @@ config STRICT_MODULE_RWX
 config ARCH_WANT_RELAX_ORDER
 	bool
 
+config REFCOUNT_FULL
+	bool "Perform full reference count validation at the expense of speed"
+	help
+	  Enabling this switches the refcounting infrastructure from a fast
+	  unchecked atomic_t implementation to a fully state checked
+	  implementation, which can be slower but provides protections
+	  against various use-after-free conditions that can be used in
+	  security flaw exploits.
+
 source "kernel/gcov/Kconfig"
diff --git a/include/linux/refcount.h b/include/linux/refcount.h
index b34aa649d204..bb71f2871dac 100644
--- a/include/linux/refcount.h
+++ b/include/linux/refcount.h
@@ -41,6 +41,7 @@ static inline unsigned int refcount_read(const refcount_t *r)
 	return atomic_read(&r->refs);
 }
 
+#ifdef CONFIG_REFCOUNT_FULL
 extern __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r);
 extern void refcount_add(unsigned int i, refcount_t *r);
 
@@ -52,6 +53,47 @@ extern void refcount_sub(unsigned int i, refcount_t *r);
 
 extern __must_check bool refcount_dec_and_test(refcount_t *r);
 extern void refcount_dec(refcount_t *r);
+#else
+static inline __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r)
+{
+	return atomic_add_unless(&r->refs, i, 0);
+}
+
+static inline void refcount_add(unsigned int i, refcount_t *r)
+{
+	atomic_add(i, &r->refs);
+}
+
+static inline __must_check bool refcount_inc_not_zero(refcount_t *r)
+{
+	return atomic_add_unless(&r->refs, 1, 0);
+}
+
+static inline void refcount_inc(refcount_t *r)
+{
+	atomic_inc(&r->refs);
+}
+
+static inline __must_check bool refcount_sub_and_test(unsigned int i, refcount_t *r)
+{
+	return atomic_sub_and_test(i, &r->refs);
+}
+
+static inline void refcount_sub(unsigned int i, refcount_t *r)
+{
+	atomic_sub(i, &r->refs);
+}
+
+static inline __must_check bool refcount_dec_and_test(refcount_t *r)
+{
+	return atomic_dec_and_test(&r->refs);
+}
+
+static inline void refcount_dec(refcount_t *r)
+{
+	atomic_dec(&r->refs);
+}
+#endif /* CONFIG_REFCOUNT_FULL */
 
 extern __must_check bool refcount_dec_if_one(refcount_t *r);
 extern __must_check bool refcount_dec_not_one(refcount_t *r);
diff --git a/lib/refcount.c b/lib/refcount.c
index 9f906783987e..5d0582a9480c 100644
--- a/lib/refcount.c
+++ b/lib/refcount.c
@@ -37,6 +37,8 @@
 #include <linux/refcount.h>
 #include <linux/bug.h>
 
+#ifdef CONFIG_REFCOUNT_FULL
+
 /**
  * refcount_add_not_zero - add a value to a refcount unless it is 0
  * @i: the value to add to the refcount
@@ -225,6 +227,7 @@ void refcount_dec(refcount_t *r)
 	WARN_ONCE(refcount_dec_and_test(r), "refcount_t: decrement hit 0; leaking memory.\n");
 }
 EXPORT_SYMBOL(refcount_dec);
+#endif /* CONFIG_REFCOUNT_FULL */
 
 /**
  * refcount_dec_if_one - decrement a refcount if it is 1
-- 
2.7.4


-- 
Kees Cook
Pixel Security

[PATCH v3] refcount: Create unchecked atomic_t implementation

[Kees Cook]

Many subsystems will not use refcount_t unless there is a way to build the
kernel so that there is no regression in speed compared to atomic_t. This
adds CONFIG_REFCOUNT_FULL to enable the full refcount_t implementation
which has the validation but is slightly slower. When not enabled,
refcount_t uses the basic unchecked atomic_t routines, which results in
no code changes compared to just using atomic_t directly.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
v3: unbreak slightly long lines; Ingo. Add Greg's Ack.
v2: use better atomic ops; Elena and Peter.
---
 arch/Kconfig             |  9 +++++++++
 include/linux/refcount.h | 42 ++++++++++++++++++++++++++++++++++++++++++
 lib/refcount.c           |  3 +++
 3 files changed, 54 insertions(+)

diff --git a/arch/Kconfig b/arch/Kconfig
index 6c00e5b00f8b..fba3bf186728 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -867,4 +867,13 @@ config STRICT_MODULE_RWX
 config ARCH_WANT_RELAX_ORDER
 	bool
 
+config REFCOUNT_FULL
+	bool "Perform full reference count validation at the expense of speed"
+	help
+	  Enabling this switches the refcounting infrastructure from a fast
+	  unchecked atomic_t implementation to a fully state checked
+	  implementation, which can be slower but provides protections
+	  against various use-after-free conditions that can be used in
+	  security flaw exploits.
+
 source "kernel/gcov/Kconfig"
diff --git a/include/linux/refcount.h b/include/linux/refcount.h
index b34aa649d204..bb71f2871dac 100644
--- a/include/linux/refcount.h
+++ b/include/linux/refcount.h
@@ -41,6 +41,7 @@ static inline unsigned int refcount_read(const refcount_t *r)
 	return atomic_read(&r->refs);
 }
 
+#ifdef CONFIG_REFCOUNT_FULL
 extern __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r);
 extern void refcount_add(unsigned int i, refcount_t *r);
 
@@ -52,6 +53,47 @@ extern void refcount_sub(unsigned int i, refcount_t *r);
 
 extern __must_check bool refcount_dec_and_test(refcount_t *r);
 extern void refcount_dec(refcount_t *r);
+#else
+static inline __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r)
+{
+	return atomic_add_unless(&r->refs, i, 0);
+}
+
+static inline void refcount_add(unsigned int i, refcount_t *r)
+{
+	atomic_add(i, &r->refs);
+}
+
+static inline __must_check bool refcount_inc_not_zero(refcount_t *r)
+{
+	return atomic_add_unless(&r->refs, 1, 0);
+}
+
+static inline void refcount_inc(refcount_t *r)
+{
+	atomic_inc(&r->refs);
+}
+
+static inline __must_check bool refcount_sub_and_test(unsigned int i, refcount_t *r)
+{
+	return atomic_sub_and_test(i, &r->refs);
+}
+
+static inline void refcount_sub(unsigned int i, refcount_t *r)
+{
+	atomic_sub(i, &r->refs);
+}
+
+static inline __must_check bool refcount_dec_and_test(refcount_t *r)
+{
+	return atomic_dec_and_test(&r->refs);
+}
+
+static inline void refcount_dec(refcount_t *r)
+{
+	atomic_dec(&r->refs);
+}
+#endif /* CONFIG_REFCOUNT_FULL */
 
 extern __must_check bool refcount_dec_if_one(refcount_t *r);
 extern __must_check bool refcount_dec_not_one(refcount_t *r);
diff --git a/lib/refcount.c b/lib/refcount.c
index 9f906783987e..5d0582a9480c 100644
--- a/lib/refcount.c
+++ b/lib/refcount.c
@@ -37,6 +37,8 @@
 #include <linux/refcount.h>
 #include <linux/bug.h>
 
+#ifdef CONFIG_REFCOUNT_FULL
+
 /**
  * refcount_add_not_zero - add a value to a refcount unless it is 0
  * @i: the value to add to the refcount
@@ -225,6 +227,7 @@ void refcount_dec(refcount_t *r)
 	WARN_ONCE(refcount_dec_and_test(r), "refcount_t: decrement hit 0; leaking memory.\n");
 }
 EXPORT_SYMBOL(refcount_dec);
+#endif /* CONFIG_REFCOUNT_FULL */
 
 /**
  * refcount_dec_if_one - decrement a refcount if it is 1
-- 
2.7.4


-- 
Kees Cook
Pixel Security

[tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[tip-bot for Kees Cook]

Commit-ID:  87f7583e9205fe5220677d0775f3a4d2b8fe8827
Gitweb:     http://git.kernel.org/tip/87f7583e9205fe5220677d0775f3a4d2b8fe8827
Author:     Kees Cook <keescook@chromium.org>
AuthorDate: Wed, 21 Jun 2017 13:00:26 -0700
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Thu, 22 Jun 2017 10:36:25 +0200

locking/refcount: Create unchecked atomic_t implementation

Many subsystems will not use refcount_t unless there is a way to build the
kernel so that there is no regression in speed compared to atomic_t. This
adds CONFIG_REFCOUNT_FULL to enable the full refcount_t implementation
which has the validation but is slightly slower. When not enabled,
refcount_t uses the basic unchecked atomic_t routines, which results in
no code changes compared to just using atomic_t directly.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: David S. Miller <davem@davemloft.net>
Cc: David Windsor <dwindsor@gmail.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Cc: Eric Biggers <ebiggers3@gmail.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Hans Liljestrand <ishkamiel@gmail.com>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: Jann Horn <jannh@google.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Serge E. Hallyn <serge@hallyn.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: arozansk@redhat.com
Cc: axboe@kernel.dk
Cc: linux-arch <linux-arch@vger.kernel.org>
Link: http://lkml.kernel.org/r/20170621200026.GA115679@beast
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/Kconfig             |  9 +++++++++
 include/linux/refcount.h | 42 ++++++++++++++++++++++++++++++++++++++++++
 lib/refcount.c           |  3 +++
 3 files changed, 54 insertions(+)

diff --git a/arch/Kconfig b/arch/Kconfig
index 6c00e5b..f76b214 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -867,4 +867,13 @@ config STRICT_MODULE_RWX
 config ARCH_WANT_RELAX_ORDER
 	bool
 
+config REFCOUNT_FULL
+	bool "Perform full reference count validation at the expense of speed"
+	help
+	  Enabling this switches the refcounting infrastructure from a fast
+	  unchecked atomic_t implementation to a fully state checked
+	  implementation, which can be (slightly) slower but provides protections
+	  against various use-after-free conditions that can be used in
+	  security flaw exploits.
+
 source "kernel/gcov/Kconfig"
diff --git a/include/linux/refcount.h b/include/linux/refcount.h
index b34aa64..bb71f28 100644
--- a/include/linux/refcount.h
+++ b/include/linux/refcount.h
@@ -41,6 +41,7 @@ static inline unsigned int refcount_read(const refcount_t *r)
 	return atomic_read(&r->refs);
 }
 
+#ifdef CONFIG_REFCOUNT_FULL
 extern __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r);
 extern void refcount_add(unsigned int i, refcount_t *r);
 
@@ -52,6 +53,47 @@ extern void refcount_sub(unsigned int i, refcount_t *r);
 
 extern __must_check bool refcount_dec_and_test(refcount_t *r);
 extern void refcount_dec(refcount_t *r);
+#else
+static inline __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r)
+{
+	return atomic_add_unless(&r->refs, i, 0);
+}
+
+static inline void refcount_add(unsigned int i, refcount_t *r)
+{
+	atomic_add(i, &r->refs);
+}
+
+static inline __must_check bool refcount_inc_not_zero(refcount_t *r)
+{
+	return atomic_add_unless(&r->refs, 1, 0);
+}
+
+static inline void refcount_inc(refcount_t *r)
+{
+	atomic_inc(&r->refs);
+}
+
+static inline __must_check bool refcount_sub_and_test(unsigned int i, refcount_t *r)
+{
+	return atomic_sub_and_test(i, &r->refs);
+}
+
+static inline void refcount_sub(unsigned int i, refcount_t *r)
+{
+	atomic_sub(i, &r->refs);
+}
+
+static inline __must_check bool refcount_dec_and_test(refcount_t *r)
+{
+	return atomic_dec_and_test(&r->refs);
+}
+
+static inline void refcount_dec(refcount_t *r)
+{
+	atomic_dec(&r->refs);
+}
+#endif /* CONFIG_REFCOUNT_FULL */
 
 extern __must_check bool refcount_dec_if_one(refcount_t *r);
 extern __must_check bool refcount_dec_not_one(refcount_t *r);
diff --git a/lib/refcount.c b/lib/refcount.c
index 9f90678..5d0582a 100644
--- a/lib/refcount.c
+++ b/lib/refcount.c
@@ -37,6 +37,8 @@
 #include <linux/refcount.h>
 #include <linux/bug.h>
 
+#ifdef CONFIG_REFCOUNT_FULL
+
 /**
  * refcount_add_not_zero - add a value to a refcount unless it is 0
  * @i: the value to add to the refcount
@@ -225,6 +227,7 @@ void refcount_dec(refcount_t *r)
 	WARN_ONCE(refcount_dec_and_test(r), "refcount_t: decrement hit 0; leaking memory.\n");
 }
 EXPORT_SYMBOL(refcount_dec);
+#endif /* CONFIG_REFCOUNT_FULL */
 
 /**
  * refcount_dec_if_one - decrement a refcount if it is 1

[tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[tip-bot for Kees Cook]

Commit-ID:  fd25d19f6b8da315332bb75936605fb45d3ea981
Gitweb:     http://git.kernel.org/tip/fd25d19f6b8da315332bb75936605fb45d3ea981
Author:     Kees Cook <keescook@chromium.org>
AuthorDate: Wed, 21 Jun 2017 13:00:26 -0700
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Wed, 28 Jun 2017 18:54:46 +0200

locking/refcount: Create unchecked atomic_t implementation

Many subsystems will not use refcount_t unless there is a way to build the
kernel so that there is no regression in speed compared to atomic_t. This
adds CONFIG_REFCOUNT_FULL to enable the full refcount_t implementation
which has the validation but is slightly slower. When not enabled,
refcount_t uses the basic unchecked atomic_t routines, which results in
no code changes compared to just using atomic_t directly.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: David S. Miller <davem@davemloft.net>
Cc: David Windsor <dwindsor@gmail.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Cc: Eric Biggers <ebiggers3@gmail.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Hans Liljestrand <ishkamiel@gmail.com>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: Jann Horn <jannh@google.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Serge E. Hallyn <serge@hallyn.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: arozansk@redhat.com
Cc: axboe@kernel.dk
Cc: linux-arch <linux-arch@vger.kernel.org>
Link: http://lkml.kernel.org/r/20170621200026.GA115679@beast
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/Kconfig             |  9 +++++++++
 include/linux/refcount.h | 42 ++++++++++++++++++++++++++++++++++++++++++
 lib/refcount.c           |  3 +++
 3 files changed, 54 insertions(+)

diff --git a/arch/Kconfig b/arch/Kconfig
index 6c00e5b..f76b214 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -867,4 +867,13 @@ config STRICT_MODULE_RWX
 config ARCH_WANT_RELAX_ORDER
 	bool
 
+config REFCOUNT_FULL
+	bool "Perform full reference count validation at the expense of speed"
+	help
+	  Enabling this switches the refcounting infrastructure from a fast
+	  unchecked atomic_t implementation to a fully state checked
+	  implementation, which can be (slightly) slower but provides protections
+	  against various use-after-free conditions that can be used in
+	  security flaw exploits.
+
 source "kernel/gcov/Kconfig"
diff --git a/include/linux/refcount.h b/include/linux/refcount.h
index b34aa64..bb71f28 100644
--- a/include/linux/refcount.h
+++ b/include/linux/refcount.h
@@ -41,6 +41,7 @@ static inline unsigned int refcount_read(const refcount_t *r)
 	return atomic_read(&r->refs);
 }
 
+#ifdef CONFIG_REFCOUNT_FULL
 extern __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r);
 extern void refcount_add(unsigned int i, refcount_t *r);
 
@@ -52,6 +53,47 @@ extern void refcount_sub(unsigned int i, refcount_t *r);
 
 extern __must_check bool refcount_dec_and_test(refcount_t *r);
 extern void refcount_dec(refcount_t *r);
+#else
+static inline __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r)
+{
+	return atomic_add_unless(&r->refs, i, 0);
+}
+
+static inline void refcount_add(unsigned int i, refcount_t *r)
+{
+	atomic_add(i, &r->refs);
+}
+
+static inline __must_check bool refcount_inc_not_zero(refcount_t *r)
+{
+	return atomic_add_unless(&r->refs, 1, 0);
+}
+
+static inline void refcount_inc(refcount_t *r)
+{
+	atomic_inc(&r->refs);
+}
+
+static inline __must_check bool refcount_sub_and_test(unsigned int i, refcount_t *r)
+{
+	return atomic_sub_and_test(i, &r->refs);
+}
+
+static inline void refcount_sub(unsigned int i, refcount_t *r)
+{
+	atomic_sub(i, &r->refs);
+}
+
+static inline __must_check bool refcount_dec_and_test(refcount_t *r)
+{
+	return atomic_dec_and_test(&r->refs);
+}
+
+static inline void refcount_dec(refcount_t *r)
+{
+	atomic_dec(&r->refs);
+}
+#endif /* CONFIG_REFCOUNT_FULL */
 
 extern __must_check bool refcount_dec_if_one(refcount_t *r);
 extern __must_check bool refcount_dec_not_one(refcount_t *r);
diff --git a/lib/refcount.c b/lib/refcount.c
index 9f90678..5d0582a 100644
--- a/lib/refcount.c
+++ b/lib/refcount.c
@@ -37,6 +37,8 @@
 #include <linux/refcount.h>
 #include <linux/bug.h>
 
+#ifdef CONFIG_REFCOUNT_FULL
+
 /**
  * refcount_add_not_zero - add a value to a refcount unless it is 0
  * @i: the value to add to the refcount
@@ -225,6 +227,7 @@ void refcount_dec(refcount_t *r)
 	WARN_ONCE(refcount_dec_and_test(r), "refcount_t: decrement hit 0; leaking memory.\n");
 }
 EXPORT_SYMBOL(refcount_dec);
+#endif /* CONFIG_REFCOUNT_FULL */
 
 /**
  * refcount_dec_if_one - decrement a refcount if it is 1

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Peter Zijlstra]

On Wed, Jun 28, 2017 at 09:58:15AM -0700, tip-bot for Kees Cook wrote:
> locking/refcount: Create unchecked atomic_t implementation

This seems to do only half the job. Here's the rest.

---
Subject: locking/refcount: Finish unchecked atomic_t implementation

For some reason the unchecked atomic_t implementation stopped half-way
through, complete it it.

Fixes: fd25d19f6b8d ("locking/refcount: Create unchecked atomic_t implementation")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
 include/linux/refcount.h | 35 ++++++++++++++++++++++++++++++-----
 lib/Makefile             |  7 +++----
 lib/refcount.c           |  3 ---
 3 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/include/linux/refcount.h b/include/linux/refcount.h
index 48b7c9c68c4d..ef714e4347d9 100644
--- a/include/linux/refcount.h
+++ b/include/linux/refcount.h
@@ -52,10 +52,17 @@ extern __must_check bool refcount_sub_and_test(unsigned int i, refcount_t *r);
 
 extern __must_check bool refcount_dec_and_test(refcount_t *r);
 extern void refcount_dec(refcount_t *r);
+
+extern __must_check bool refcount_dec_if_one(refcount_t *r);
+extern __must_check bool refcount_dec_not_one(refcount_t *r);
+extern __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock);
+extern __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock);
+
 #else
 # ifdef CONFIG_ARCH_HAS_REFCOUNT
 #  include <asm/refcount.h>
 # else
+
 static inline __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r)
 {
 	return atomic_add_unless(&r->refs, i, 0);
@@ -90,12 +97,30 @@ static inline void refcount_dec(refcount_t *r)
 {
 	atomic_dec(&r->refs);
 }
+
+static inline __must_check bool refcount_dec_if_one(refcount_t *r)
+{
+	int val = 1;
+
+	return atomic_try_cmpxchg_release(&r->refs, &val, 0);
+}
+
+static inline __must_check bool refcount_dec_not_one(refcount_t *r)
+{
+	return atomic_add_unless(&r->refs, -1, 1);
+}
+
+static inline __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock)
+{
+	return atomic_dec_and_mutex_lock(&r->refs, lock);
+}
+
+static inline __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock)
+{
+	return atomic_dec_and_lock(&r->refs, lock);
+}
+
 # endif /* !CONFIG_ARCH_HAS_REFCOUNT */
 #endif /* CONFIG_REFCOUNT_FULL */
 
-extern __must_check bool refcount_dec_if_one(refcount_t *r);
-extern __must_check bool refcount_dec_not_one(refcount_t *r);
-extern __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock);
-extern __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock);
-
 #endif /* _LINUX_REFCOUNT_H */
diff --git a/lib/Makefile b/lib/Makefile
index 40c18372b301..b96859e69c57 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -38,12 +38,11 @@ obj-y += bcd.o div64.o sort.o parser.o debug_locks.o random32.o \
 	 gcd.o lcm.o list_sort.o uuid.o flex_array.o iov_iter.o clz_ctz.o \
 	 bsearch.o find_bit.o llist.o memweight.o kfifo.o \
 	 percpu-refcount.o percpu_ida.o rhashtable.o reciprocal_div.o \
-	 once.o refcount.o usercopy.o errseq.o
-obj-y += string_helpers.o
+	 once.o usercopy.o errseq.o string_helpers.o hexdump.o kstrtox.o
+
+obj-$(CONFIG_REFCOUNT_FULL) += refcount.o
 obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
-obj-y += hexdump.o
 obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o
-obj-y += kstrtox.o
 obj-$(CONFIG_TEST_BPF) += test_bpf.o
 obj-$(CONFIG_TEST_FIRMWARE) += test_firmware.o
 obj-$(CONFIG_TEST_SYSCTL) += test_sysctl.o
diff --git a/lib/refcount.c b/lib/refcount.c
index 5d0582a9480c..9f906783987e 100644
--- a/lib/refcount.c
+++ b/lib/refcount.c
@@ -37,8 +37,6 @@
 #include <linux/refcount.h>
 #include <linux/bug.h>
 
-#ifdef CONFIG_REFCOUNT_FULL
-
 /**
  * refcount_add_not_zero - add a value to a refcount unless it is 0
  * @i: the value to add to the refcount
@@ -227,7 +225,6 @@ void refcount_dec(refcount_t *r)
 	WARN_ONCE(refcount_dec_and_test(r), "refcount_t: decrement hit 0; leaking memory.\n");
 }
 EXPORT_SYMBOL(refcount_dec);
-#endif /* CONFIG_REFCOUNT_FULL */
 
 /**
  * refcount_dec_if_one - decrement a refcount if it is 1

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Peter Zijlstra]

On Wed, Jun 28, 2017 at 09:58:15AM -0700, tip-bot for Kees Cook wrote:
> locking/refcount: Create unchecked atomic_t implementation

This seems to do only half the job. Here's the rest.

---
Subject: locking/refcount: Finish unchecked atomic_t implementation

For some reason the unchecked atomic_t implementation stopped half-way
through, complete it it.

Fixes: fd25d19f6b8d ("locking/refcount: Create unchecked atomic_t implementation")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
 include/linux/refcount.h | 35 ++++++++++++++++++++++++++++++-----
 lib/Makefile             |  7 +++----
 lib/refcount.c           |  3 ---
 3 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/include/linux/refcount.h b/include/linux/refcount.h
index 48b7c9c68c4d..ef714e4347d9 100644
--- a/include/linux/refcount.h
+++ b/include/linux/refcount.h
@@ -52,10 +52,17 @@ extern __must_check bool refcount_sub_and_test(unsigned int i, refcount_t *r);
 
 extern __must_check bool refcount_dec_and_test(refcount_t *r);
 extern void refcount_dec(refcount_t *r);
+
+extern __must_check bool refcount_dec_if_one(refcount_t *r);
+extern __must_check bool refcount_dec_not_one(refcount_t *r);
+extern __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock);
+extern __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock);
+
 #else
 # ifdef CONFIG_ARCH_HAS_REFCOUNT
 #  include <asm/refcount.h>
 # else
+
 static inline __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r)
 {
 	return atomic_add_unless(&r->refs, i, 0);
@@ -90,12 +97,30 @@ static inline void refcount_dec(refcount_t *r)
 {
 	atomic_dec(&r->refs);
 }
+
+static inline __must_check bool refcount_dec_if_one(refcount_t *r)
+{
+	int val = 1;
+
+	return atomic_try_cmpxchg_release(&r->refs, &val, 0);
+}
+
+static inline __must_check bool refcount_dec_not_one(refcount_t *r)
+{
+	return atomic_add_unless(&r->refs, -1, 1);
+}
+
+static inline __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock)
+{
+	return atomic_dec_and_mutex_lock(&r->refs, lock);
+}
+
+static inline __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock)
+{
+	return atomic_dec_and_lock(&r->refs, lock);
+}
+
 # endif /* !CONFIG_ARCH_HAS_REFCOUNT */
 #endif /* CONFIG_REFCOUNT_FULL */
 
-extern __must_check bool refcount_dec_if_one(refcount_t *r);
-extern __must_check bool refcount_dec_not_one(refcount_t *r);
-extern __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock);
-extern __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock);
-
 #endif /* _LINUX_REFCOUNT_H */
diff --git a/lib/Makefile b/lib/Makefile
index 40c18372b301..b96859e69c57 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -38,12 +38,11 @@ obj-y += bcd.o div64.o sort.o parser.o debug_locks.o random32.o \
 	 gcd.o lcm.o list_sort.o uuid.o flex_array.o iov_iter.o clz_ctz.o \
 	 bsearch.o find_bit.o llist.o memweight.o kfifo.o \
 	 percpu-refcount.o percpu_ida.o rhashtable.o reciprocal_div.o \
-	 once.o refcount.o usercopy.o errseq.o
-obj-y += string_helpers.o
+	 once.o usercopy.o errseq.o string_helpers.o hexdump.o kstrtox.o
+
+obj-$(CONFIG_REFCOUNT_FULL) += refcount.o
 obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
-obj-y += hexdump.o
 obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o
-obj-y += kstrtox.o
 obj-$(CONFIG_TEST_BPF) += test_bpf.o
 obj-$(CONFIG_TEST_FIRMWARE) += test_firmware.o
 obj-$(CONFIG_TEST_SYSCTL) += test_sysctl.o
diff --git a/lib/refcount.c b/lib/refcount.c
index 5d0582a9480c..9f906783987e 100644
--- a/lib/refcount.c
+++ b/lib/refcount.c
@@ -37,8 +37,6 @@
 #include <linux/refcount.h>
 #include <linux/bug.h>
 
-#ifdef CONFIG_REFCOUNT_FULL
-
 /**
  * refcount_add_not_zero - add a value to a refcount unless it is 0
  * @i: the value to add to the refcount
@@ -227,7 +225,6 @@ void refcount_dec(refcount_t *r)
 	WARN_ONCE(refcount_dec_and_test(r), "refcount_t: decrement hit 0; leaking memory.\n");
 }
 EXPORT_SYMBOL(refcount_dec);
-#endif /* CONFIG_REFCOUNT_FULL */
 
 /**
  * refcount_dec_if_one - decrement a refcount if it is 1

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Kees Cook]

On Mon, Sep 4, 2017 at 5:37 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> On Wed, Jun 28, 2017 at 09:58:15AM -0700, tip-bot for Kees Cook wrote:
>> locking/refcount: Create unchecked atomic_t implementation
>
> This seems to do only half the job. Here's the rest.
>
> ---
> Subject: locking/refcount: Finish unchecked atomic_t implementation
>
> For some reason the unchecked atomic_t implementation stopped half-way
> through, complete it it.

Hmm? The reason is that the implementation of the remaining functions
is unchanged between full, unchecked, and x86.

>
> Fixes: fd25d19f6b8d ("locking/refcount: Create unchecked atomic_t implementation")
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
>  include/linux/refcount.h | 35 ++++++++++++++++++++++++++++++-----
>  lib/Makefile             |  7 +++----
>  lib/refcount.c           |  3 ---
>  3 files changed, 33 insertions(+), 12 deletions(-)
>
> diff --git a/include/linux/refcount.h b/include/linux/refcount.h
> index 48b7c9c68c4d..ef714e4347d9 100644
> --- a/include/linux/refcount.h
> +++ b/include/linux/refcount.h
> @@ -52,10 +52,17 @@ extern __must_check bool refcount_sub_and_test(unsigned int i, refcount_t *r);
>
>  extern __must_check bool refcount_dec_and_test(refcount_t *r);
>  extern void refcount_dec(refcount_t *r);
> +
> +extern __must_check bool refcount_dec_if_one(refcount_t *r);
> +extern __must_check bool refcount_dec_not_one(refcount_t *r);
> +extern __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock);
> +extern __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock);
> +
>  #else
>  # ifdef CONFIG_ARCH_HAS_REFCOUNT
>  #  include <asm/refcount.h>
>  # else
> +
>  static inline __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r)
>  {
>         return atomic_add_unless(&r->refs, i, 0);
> @@ -90,12 +97,30 @@ static inline void refcount_dec(refcount_t *r)
>  {
>         atomic_dec(&r->refs);
>  }
> +
> +static inline __must_check bool refcount_dec_if_one(refcount_t *r)
> +{
> +       int val = 1;
> +
> +       return atomic_try_cmpxchg_release(&r->refs, &val, 0);
> +}
> +
> +static inline __must_check bool refcount_dec_not_one(refcount_t *r)
> +{
> +       return atomic_add_unless(&r->refs, -1, 1);
> +}
> +
> +static inline __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock)
> +{
> +       return atomic_dec_and_mutex_lock(&r->refs, lock);
> +}
> +
> +static inline __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock)
> +{
> +       return atomic_dec_and_lock(&r->refs, lock);
> +}
> +
>  # endif /* !CONFIG_ARCH_HAS_REFCOUNT */
>  #endif /* CONFIG_REFCOUNT_FULL */
>
> -extern __must_check bool refcount_dec_if_one(refcount_t *r);
> -extern __must_check bool refcount_dec_not_one(refcount_t *r);
> -extern __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock);
> -extern __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock);
> -
>  #endif /* _LINUX_REFCOUNT_H */
> diff --git a/lib/Makefile b/lib/Makefile
> index 40c18372b301..b96859e69c57 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -38,12 +38,11 @@ obj-y += bcd.o div64.o sort.o parser.o debug_locks.o random32.o \
>          gcd.o lcm.o list_sort.o uuid.o flex_array.o iov_iter.o clz_ctz.o \
>          bsearch.o find_bit.o llist.o memweight.o kfifo.o \
>          percpu-refcount.o percpu_ida.o rhashtable.o reciprocal_div.o \
> -        once.o refcount.o usercopy.o errseq.o
> -obj-y += string_helpers.o
> +        once.o usercopy.o errseq.o string_helpers.o hexdump.o kstrtox.o
> +
> +obj-$(CONFIG_REFCOUNT_FULL) += refcount.o
>  obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
> -obj-y += hexdump.o
>  obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o
> -obj-y += kstrtox.o
>  obj-$(CONFIG_TEST_BPF) += test_bpf.o
>  obj-$(CONFIG_TEST_FIRMWARE) += test_firmware.o
>  obj-$(CONFIG_TEST_SYSCTL) += test_sysctl.o
> diff --git a/lib/refcount.c b/lib/refcount.c
> index 5d0582a9480c..9f906783987e 100644
> --- a/lib/refcount.c
> +++ b/lib/refcount.c
> @@ -37,8 +37,6 @@
>  #include <linux/refcount.h>
>  #include <linux/bug.h>
>
> -#ifdef CONFIG_REFCOUNT_FULL
> -
>  /**
>   * refcount_add_not_zero - add a value to a refcount unless it is 0
>   * @i: the value to add to the refcount
> @@ -227,7 +225,6 @@ void refcount_dec(refcount_t *r)
>         WARN_ONCE(refcount_dec_and_test(r), "refcount_t: decrement hit 0; leaking memory.\n");
>  }
>  EXPORT_SYMBOL(refcount_dec);
> -#endif /* CONFIG_REFCOUNT_FULL */
>
>  /**
>   * refcount_dec_if_one - decrement a refcount if it is 1



-- 
Kees Cook
Pixel Security

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Kees Cook]

On Mon, Sep 4, 2017 at 5:37 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> On Wed, Jun 28, 2017 at 09:58:15AM -0700, tip-bot for Kees Cook wrote:
>> locking/refcount: Create unchecked atomic_t implementation
>
> This seems to do only half the job. Here's the rest.
>
> ---
> Subject: locking/refcount: Finish unchecked atomic_t implementation
>
> For some reason the unchecked atomic_t implementation stopped half-way
> through, complete it it.

Hmm? The reason is that the implementation of the remaining functions
is unchanged between full, unchecked, and x86.

>
> Fixes: fd25d19f6b8d ("locking/refcount: Create unchecked atomic_t implementation")
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
>  include/linux/refcount.h | 35 ++++++++++++++++++++++++++++++-----
>  lib/Makefile             |  7 +++----
>  lib/refcount.c           |  3 ---
>  3 files changed, 33 insertions(+), 12 deletions(-)
>
> diff --git a/include/linux/refcount.h b/include/linux/refcount.h
> index 48b7c9c68c4d..ef714e4347d9 100644
> --- a/include/linux/refcount.h
> +++ b/include/linux/refcount.h
> @@ -52,10 +52,17 @@ extern __must_check bool refcount_sub_and_test(unsigned int i, refcount_t *r);
>
>  extern __must_check bool refcount_dec_and_test(refcount_t *r);
>  extern void refcount_dec(refcount_t *r);
> +
> +extern __must_check bool refcount_dec_if_one(refcount_t *r);
> +extern __must_check bool refcount_dec_not_one(refcount_t *r);
> +extern __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock);
> +extern __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock);
> +
>  #else
>  # ifdef CONFIG_ARCH_HAS_REFCOUNT
>  #  include <asm/refcount.h>
>  # else
> +
>  static inline __must_check bool refcount_add_not_zero(unsigned int i, refcount_t *r)
>  {
>         return atomic_add_unless(&r->refs, i, 0);
> @@ -90,12 +97,30 @@ static inline void refcount_dec(refcount_t *r)
>  {
>         atomic_dec(&r->refs);
>  }
> +
> +static inline __must_check bool refcount_dec_if_one(refcount_t *r)
> +{
> +       int val = 1;
> +
> +       return atomic_try_cmpxchg_release(&r->refs, &val, 0);
> +}
> +
> +static inline __must_check bool refcount_dec_not_one(refcount_t *r)
> +{
> +       return atomic_add_unless(&r->refs, -1, 1);
> +}
> +
> +static inline __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock)
> +{
> +       return atomic_dec_and_mutex_lock(&r->refs, lock);
> +}
> +
> +static inline __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock)
> +{
> +       return atomic_dec_and_lock(&r->refs, lock);
> +}
> +
>  # endif /* !CONFIG_ARCH_HAS_REFCOUNT */
>  #endif /* CONFIG_REFCOUNT_FULL */
>
> -extern __must_check bool refcount_dec_if_one(refcount_t *r);
> -extern __must_check bool refcount_dec_not_one(refcount_t *r);
> -extern __must_check bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock);
> -extern __must_check bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock);
> -
>  #endif /* _LINUX_REFCOUNT_H */
> diff --git a/lib/Makefile b/lib/Makefile
> index 40c18372b301..b96859e69c57 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -38,12 +38,11 @@ obj-y += bcd.o div64.o sort.o parser.o debug_locks.o random32.o \
>          gcd.o lcm.o list_sort.o uuid.o flex_array.o iov_iter.o clz_ctz.o \
>          bsearch.o find_bit.o llist.o memweight.o kfifo.o \
>          percpu-refcount.o percpu_ida.o rhashtable.o reciprocal_div.o \
> -        once.o refcount.o usercopy.o errseq.o
> -obj-y += string_helpers.o
> +        once.o usercopy.o errseq.o string_helpers.o hexdump.o kstrtox.o
> +
> +obj-$(CONFIG_REFCOUNT_FULL) += refcount.o
>  obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
> -obj-y += hexdump.o
>  obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o
> -obj-y += kstrtox.o
>  obj-$(CONFIG_TEST_BPF) += test_bpf.o
>  obj-$(CONFIG_TEST_FIRMWARE) += test_firmware.o
>  obj-$(CONFIG_TEST_SYSCTL) += test_sysctl.o
> diff --git a/lib/refcount.c b/lib/refcount.c
> index 5d0582a9480c..9f906783987e 100644
> --- a/lib/refcount.c
> +++ b/lib/refcount.c
> @@ -37,8 +37,6 @@
>  #include <linux/refcount.h>
>  #include <linux/bug.h>
>
> -#ifdef CONFIG_REFCOUNT_FULL
> -
>  /**
>   * refcount_add_not_zero - add a value to a refcount unless it is 0
>   * @i: the value to add to the refcount
> @@ -227,7 +225,6 @@ void refcount_dec(refcount_t *r)
>         WARN_ONCE(refcount_dec_and_test(r), "refcount_t: decrement hit 0; leaking memory.\n");
>  }
>  EXPORT_SYMBOL(refcount_dec);
> -#endif /* CONFIG_REFCOUNT_FULL */
>
>  /**
>   * refcount_dec_if_one - decrement a refcount if it is 1



-- 
Kees Cook
Pixel Security

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Alexey Dobriyan]

On Mon, Sep 04, 2017 at 02:37:24PM +0200, Peter Zijlstra wrote:
> -	 once.o refcount.o usercopy.o errseq.o
> -obj-y += string_helpers.o
> +	 once.o usercopy.o errseq.o string_helpers.o hexdump.o kstrtox.o
> +
> +obj-$(CONFIG_REFCOUNT_FULL) += refcount.o
>  obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
> -obj-y += hexdump.o
>  obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o
> -obj-y += kstrtox.o

File per line so everything is not lumped together even if it is obj-y.

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Alexey Dobriyan]

On Mon, Sep 04, 2017 at 02:37:24PM +0200, Peter Zijlstra wrote:
> -	 once.o refcount.o usercopy.o errseq.o
> -obj-y += string_helpers.o
> +	 once.o usercopy.o errseq.o string_helpers.o hexdump.o kstrtox.o
> +
> +obj-$(CONFIG_REFCOUNT_FULL) += refcount.o
>  obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
> -obj-y += hexdump.o
>  obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o
> -obj-y += kstrtox.o

File per line so everything is not lumped together even if it is obj-y.

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Peter Zijlstra]

On Mon, Sep 04, 2017 at 10:11:37AM -0700, Kees Cook wrote:
> On Mon, Sep 4, 2017 at 5:37 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> > On Wed, Jun 28, 2017 at 09:58:15AM -0700, tip-bot for Kees Cook wrote:
> >> locking/refcount: Create unchecked atomic_t implementation
> >
> > This seems to do only half the job. Here's the rest.
> >
> > ---
> > Subject: locking/refcount: Finish unchecked atomic_t implementation
> >
> > For some reason the unchecked atomic_t implementation stopped half-way
> > through, complete it it.
> 
> Hmm? The reason is that the implementation of the remaining functions
> is unchanged between full, unchecked, and x86.

But they're wasted code if !arch because the existing atomic functions
are adequate (and I would argue better in case of atomic_add_unless).

And arch implementations would certainly want to reimplement dec_not_one.

Plus, you completely failed mention any of this.

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Peter Zijlstra]

On Mon, Sep 04, 2017 at 10:11:37AM -0700, Kees Cook wrote:
> On Mon, Sep 4, 2017 at 5:37 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> > On Wed, Jun 28, 2017 at 09:58:15AM -0700, tip-bot for Kees Cook wrote:
> >> locking/refcount: Create unchecked atomic_t implementation
> >
> > This seems to do only half the job. Here's the rest.
> >
> > ---
> > Subject: locking/refcount: Finish unchecked atomic_t implementation
> >
> > For some reason the unchecked atomic_t implementation stopped half-way
> > through, complete it it.
> 
> Hmm? The reason is that the implementation of the remaining functions
> is unchanged between full, unchecked, and x86.

But they're wasted code if !arch because the existing atomic functions
are adequate (and I would argue better in case of atomic_add_unless).

And arch implementations would certainly want to reimplement dec_not_one.

Plus, you completely failed mention any of this.

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Peter Zijlstra]

On Mon, Sep 04, 2017 at 08:34:44PM +0300, Alexey Dobriyan wrote:
> On Mon, Sep 04, 2017 at 02:37:24PM +0200, Peter Zijlstra wrote:
> > -	 once.o refcount.o usercopy.o errseq.o
> > -obj-y += string_helpers.o
> > +	 once.o usercopy.o errseq.o string_helpers.o hexdump.o kstrtox.o
> > +
> > +obj-$(CONFIG_REFCOUNT_FULL) += refcount.o
> >  obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
> > -obj-y += hexdump.o
> >  obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o
> > -obj-y += kstrtox.o
> 
> File per line so everything is not lumped together even if it is obj-y.

If that is policy mass convert everything and be done with it. Otherwise
I'll continue to use the predominant pattern, which in this case is a
giant obj-y +=. But mixed stuff is terribly annoying.

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Alexey Dobriyan]

On Mon, Sep 04, 2017 at 09:36:43PM +0200, Peter Zijlstra wrote:
> On Mon, Sep 04, 2017 at 08:34:44PM +0300, Alexey Dobriyan wrote:
> > On Mon, Sep 04, 2017 at 02:37:24PM +0200, Peter Zijlstra wrote:
> > > -	 once.o refcount.o usercopy.o errseq.o
> > > -obj-y += string_helpers.o
> > > +	 once.o usercopy.o errseq.o string_helpers.o hexdump.o kstrtox.o
> > > +
> > > +obj-$(CONFIG_REFCOUNT_FULL) += refcount.o
> > >  obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
> > > -obj-y += hexdump.o
> > >  obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o
> > > -obj-y += kstrtox.o
> > 
> > File per line so everything is not lumped together even if it is obj-y.
> 
> If that is policy mass convert everything and be done with it. Otherwise
> I'll continue to use the predominant pattern, which in this case is a
> giant obj-y +=. But mixed stuff is terribly annoying.

It is not a policy, just a "grassroot" movement to give people good
example and wait until someone is annoyed enough to mass convert
everything. -)

Worked for fs/proc/Makefile .

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Peter Zijlstra]

On Tue, Sep 05, 2017 at 09:15:36PM +0300, Alexey Dobriyan wrote:

> It is not a policy, just a "grassroot" movement to give people good
> example and wait until someone is annoyed enough to mass convert
> everything. -)

Well, its a mess and I cleaned up the outliers.

> Worked for fs/proc/Makefile .

No, that file is still a mess; the below is what it would take to clean
up according to your preferred pattern.

So go spend an hour or so and write a script that cleans this all up and
convince Linus to run it. Otherwise I really can't be arsed with this
nonsense.

---
diff --git a/fs/proc/Makefile b/fs/proc/Makefile
index 12c6922c913c..8c19ab50eb7f 100644
--- a/fs/proc/Makefile
+++ b/fs/proc/Makefile
@@ -5,29 +5,35 @@
 obj-y   += proc.o
 
 CFLAGS_task_mmu.o	+= $(call cc-option,-Wno-override-init,)
+
 proc-y			:= nommu.o task_nommu.o
 proc-$(CONFIG_MMU)	:= task_mmu.o
 
-proc-y       += inode.o root.o base.o generic.o array.o \
-		fd.o
-proc-$(CONFIG_TTY)      += proc_tty.o
-proc-y	+= cmdline.o
-proc-y	+= consoles.o
-proc-y	+= cpuinfo.o
-proc-y	+= devices.o
-proc-y	+= interrupts.o
-proc-y	+= loadavg.o
-proc-y	+= meminfo.o
-proc-y	+= stat.o
-proc-y	+= uptime.o
-proc-y	+= version.o
-proc-y	+= softirqs.o
-proc-y	+= namespaces.o
-proc-y	+= self.o
-proc-y	+= thread_self.o
-proc-$(CONFIG_PROC_SYSCTL)	+= proc_sysctl.o
-proc-$(CONFIG_NET)		+= proc_net.o
-proc-$(CONFIG_PROC_KCORE)	+= kcore.o
-proc-$(CONFIG_PROC_VMCORE)	+= vmcore.o
-proc-$(CONFIG_PRINTK)	+= kmsg.o
-proc-$(CONFIG_PROC_PAGE_MONITOR)	+= page.o
+proc-y += array.o
+proc-y += base.o
+proc-y += cmdline.o
+proc-y += consoles.o
+proc-y += cpuinfo.o
+proc-y += devices.o
+proc-y += fd.o
+proc-y += generic.o
+proc-y += inode.o
+proc-y += interrupts.o
+proc-y += loadavg.o
+proc-y += meminfo.o
+proc-y += namespaces.o
+proc-y += root.o
+proc-y += self.o
+proc-y += softirqs.o
+proc-y += stat.o
+proc-y += thread_self.o
+proc-y += uptime.o
+proc-y += version.o
+
+PROC-$(config_net)		+= PROC_NET.O
+PROC-$(config_printk)		+= KMSG.O
+PROC-$(config_proc_kcore)	+= KCORE.O
+PROC-$(config_proc_page_monitor)+= PAGE.O
+PROC-$(config_proc_sysctl)	+= PROC_SYSCTL.O
+PROC-$(config_proc_vmcore)	+= VMCORE.O
+PROC-$(config_tty)		+= PROC_TTY.O

Re: [tip:locking/core] locking/refcount: Create unchecked atomic_t implementation

[Peter Zijlstra]

On Tue, Sep 05, 2017 at 09:15:36PM +0300, Alexey Dobriyan wrote:

> It is not a policy, just a "grassroot" movement to give people good
> example and wait until someone is annoyed enough to mass convert
> everything. -)

Well, its a mess and I cleaned up the outliers.

> Worked for fs/proc/Makefile .

No, that file is still a mess; the below is what it would take to clean
up according to your preferred pattern.

So go spend an hour or so and write a script that cleans this all up and
convince Linus to run it. Otherwise I really can't be arsed with this
nonsense.

---
diff --git a/fs/proc/Makefile b/fs/proc/Makefile
index 12c6922c913c..8c19ab50eb7f 100644
--- a/fs/proc/Makefile
+++ b/fs/proc/Makefile
@@ -5,29 +5,35 @@
 obj-y   += proc.o
 
 CFLAGS_task_mmu.o	+= $(call cc-option,-Wno-override-init,)
+
 proc-y			:= nommu.o task_nommu.o
 proc-$(CONFIG_MMU)	:= task_mmu.o
 
-proc-y       += inode.o root.o base.o generic.o array.o \
-		fd.o
-proc-$(CONFIG_TTY)      += proc_tty.o
-proc-y	+= cmdline.o
-proc-y	+= consoles.o
-proc-y	+= cpuinfo.o
-proc-y	+= devices.o
-proc-y	+= interrupts.o
-proc-y	+= loadavg.o
-proc-y	+= meminfo.o
-proc-y	+= stat.o
-proc-y	+= uptime.o
-proc-y	+= version.o
-proc-y	+= softirqs.o
-proc-y	+= namespaces.o
-proc-y	+= self.o
-proc-y	+= thread_self.o
-proc-$(CONFIG_PROC_SYSCTL)	+= proc_sysctl.o
-proc-$(CONFIG_NET)		+= proc_net.o
-proc-$(CONFIG_PROC_KCORE)	+= kcore.o
-proc-$(CONFIG_PROC_VMCORE)	+= vmcore.o
-proc-$(CONFIG_PRINTK)	+= kmsg.o
-proc-$(CONFIG_PROC_PAGE_MONITOR)	+= page.o
+proc-y += array.o
+proc-y += base.o
+proc-y += cmdline.o
+proc-y += consoles.o
+proc-y += cpuinfo.o
+proc-y += devices.o
+proc-y += fd.o
+proc-y += generic.o
+proc-y += inode.o
+proc-y += interrupts.o
+proc-y += loadavg.o
+proc-y += meminfo.o
+proc-y += namespaces.o
+proc-y += root.o
+proc-y += self.o
+proc-y += softirqs.o
+proc-y += stat.o
+proc-y += thread_self.o
+proc-y += uptime.o
+proc-y += version.o
+
+PROC-$(config_net)		+= PROC_NET.O
+PROC-$(config_printk)		+= KMSG.O
+PROC-$(config_proc_kcore)	+= KCORE.O
+PROC-$(config_proc_page_monitor)+= PAGE.O
+PROC-$(config_proc_sysctl)	+= PROC_SYSCTL.O
+PROC-$(config_proc_vmcore)	+= VMCORE.O
+PROC-$(config_tty)		+= PROC_TTY.O