grsecurity forums

[johnspaul92]

When i tried to apply the GrSecurity patch on linux kernel 3.10 and there the patch actually modifies atomic_set to atomic_set_unchecked. When i checked the gcc patch to compile this code it just redefines atomic_set as atomic_set_unchecked. So what is the use of changing the function name.?? Am I missing something here(i.e have they given a new definition for this function anywhere else). And i would also like to know what this function(atomic_set_unchecked. I know about the atomic_set function) is used for.

[PaX Team]

PaX has a feature called REFCOUNT that protects against refcount overflows at runtime. this feature is based on the observation that most refcounts in the kernel use the atomic types and corresponding accessors so we instrument them for signed overflow detection. now it so happens that some of the atomic type users in the kernel are not actual refcounts and can legitimately overflow (or at least overflowing them has no immediate security impact) so we have to special case them, this is done by the *_unchecked types and accessors which omit the instrumentation to detect overflow. as for supporting 3.10, we'll move to it when it gets released, our current latest supported version is 3.9.