Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754210Ab2K2UmU (ORCPT ); Thu, 29 Nov 2012 15:42:20 -0500 Received: from mga09.intel.com ([134.134.136.24]:21247 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753833Ab2K2UmS (ORCPT ); Thu, 29 Nov 2012 15:42:18 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.84,186,1355126400"; d="scan'208";a="249420574" From: Andi Kleen To: Kent Overstreet Cc: Benjamin LaHaise , linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-fsdevel@vger.kernel.org, zab@redhat.com, jmoyer@redhat.com, axboe@kernel.dk, viro@zeniv.linux.org.uk Subject: Re: [PATCH 22/25] Generic dynamic per cpu refcounting References: <1354121029-1376-1-git-send-email-koverstreet@google.com> <1354121029-1376-23-git-send-email-koverstreet@google.com> <20121129185720.GE15094@google.com> <20121129185953.GW16230@one.firstfloor.org> <20121129191214.GG15094@google.com> <20121129192003.GX16230@one.firstfloor.org> <20121129192925.GH15094@google.com> <20121129193452.GI19042@kvack.org> <20121129202231.GJ15094@google.com> Date: Thu, 29 Nov 2012 12:42:17 -0800 In-Reply-To: <20121129202231.GJ15094@google.com> (Kent Overstreet's message of "Thu, 29 Nov 2012 12:22:31 -0800") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1279 Lines: 29 Kent Overstreet writes: > On Thu, Nov 29, 2012 at 02:34:52PM -0500, Benjamin LaHaise wrote: >> On Thu, Nov 29, 2012 at 11:29:25AM -0800, Kent Overstreet wrote: >> > There's some kind of symmetry going on here, and if I'd been awake more >> > in college I could probably say exactly why it works, but it does. >> >> I think the catch is that using only a 32 bit counter is something the >> user could arbitrarily control the sum of all parts. I think a 64 bit >> counter may be required to ensure no overflow occurs. Otherwise, an >> overflow could result in a premature free when there are still 2^32 >> objects active thanks to a malicious user (possible on systems with lots >> of memory these days -- remote, but possible). > > That's no different from regular atomic_t - but you're right, we > should be using size_t for anything userspace can manipulate. The regular atomic_t is limited in ways that you are not. See my original mail. -Andi -- ak@linux.intel.com -- Speaking for myself only -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/