Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751704AbcKQIxx (ORCPT ); Thu, 17 Nov 2016 03:53:53 -0500 Received: from merlin.infradead.org ([205.233.59.134]:42448 "EHLO merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750790AbcKQIxv (ORCPT ); Thu, 17 Nov 2016 03:53:51 -0500 Date: Thu, 17 Nov 2016 09:53:42 +0100 From: Peter Zijlstra To: Alexei Starovoitov Cc: Kees Cook , Greg KH , Will Deacon , "Reshetova, Elena" , Arnd Bergmann , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , David Windsor , LKML , Daniel Borkmann Subject: Re: [RFC][PATCH 2/7] kref: Add kref_read() Message-ID: <20161117085342.GB3142@twins.programming.kicks-ass.net> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23.1 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 945 Lines: 29 On Wed, Nov 16, 2016 at 12:08:52PM -0800, Alexei Starovoitov wrote: > I prefer to avoid 'fixing' things that are not broken. > Note, prog->aux->refcnt already has explicit checks for overflow. > locked_vm is used for resource accounting and not refcnt, > so I don't see issues there either. The idea is to use something along the lines of: http://lkml.kernel.org/r/20161115104608.GH3142@twins.programming.kicks-ass.net for all refcounts in the kernel. Also note that your: struct bpf_prog *bpf_prog_add(struct bpf_prog *prog, int i) { if (atomic_add_return(i, &prog->aux->refcnt) > BPF_MAX_REFCNT) { atomic_sub(i, &prog->aux->refcnt); return ERR_PTR(-EBUSY); } return prog; } is actually broken in the face of an actual overflow. Suppose @i is big enough to wrap refcnt into negative space. Also, the current sentiment is to strongly discourage add/sub operations for refcounts.