Received: by 10.223.176.5 with SMTP id f5csp115244wra; Thu, 8 Feb 2018 17:48:50 -0800 (PST) X-Google-Smtp-Source: AH8x2265ch8/isW8pQA/qwy+3UGTe8CupupjIQ0+0bjmzTLY1p9FtLOSY17r15qC+0YB5ZWui6kk X-Received: by 10.101.80.193 with SMTP id s1mr929902pgp.417.1518140930717; Thu, 08 Feb 2018 17:48:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518140930; cv=none; d=google.com; s=arc-20160816; b=A8QgE8UnHIGQP9l5DHf/fcyC1sqTIcs5BnNRshoNAVaCBHA0tWBTbA6izpewjmAUXB VXWQ3bVcPUrXgXVoJHJPRZrsBK1v/BUyYZpME15TpNyRW6v9H28E2fWARNg9cqmy6EwD 7mlxk0fS+21Zj3OC3muX3ZUcoKpq5uX7tgUfpVg14CedLSlTgF5tDJ+2JGJFzW0ISPjF 3VpDwIWFBYzVxr6yjgLfn0KN6AGopOEvpLfjlLbbBMm2UUCmJEbjI25/ZwqkO1Xt4Hew AMlv8YLTu5OMJ/tUZK1eg9gWPGHvobh1PQkMYtpunuzgWWwXU6XJeI7MqRrBkoJsc5eW 7RzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=lQHdmt+zeBygz2f7EFnLJqQmvEzc0W9igWrWSIl4q9k=; b=ejmQlXL+rwymJTuAiRX+Xtcu75FrJgZTg8ZLvY/wY0zJPN1dnYSaiQ0yfenmifA1mZ YCYEJ1VXKu0Ql8/i6RZKsb/JIgHAcm3oOrf5bqta9CEd9hCL1lL9VS3fKeearg/1NNdO dscKagH56B3NhCjUGzkr3xsg44VfcjQn7CHGn/9yYqc9S9jxsaqTzHfyLBUGtdAzMLXu dLVKWJp6tO3XnuCewa4tnFic1Tv3RMIc/ewjXYPjkFS7JbafBoECzuGb+JYXnszB/J7s X3KajFjfwMxj5Cf89WuYC4xh/WVpokvIcz8wN/WQ5UWDwO2/R0nyei5rtJ7veZAUOwtO LaLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=gG3fOAVt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i11si708937pgq.332.2018.02.08.17.48.35; Thu, 08 Feb 2018 17:48:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=gG3fOAVt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752227AbeBIBr7 (ORCPT + 99 others); Thu, 8 Feb 2018 20:47:59 -0500 Received: from mail-qt0-f178.google.com ([209.85.216.178]:41581 "EHLO mail-qt0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752054AbeBIBr6 (ORCPT ); Thu, 8 Feb 2018 20:47:58 -0500 Received: by mail-qt0-f178.google.com with SMTP id a9so2165252qtj.8 for ; Thu, 08 Feb 2018 17:47:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lQHdmt+zeBygz2f7EFnLJqQmvEzc0W9igWrWSIl4q9k=; b=gG3fOAVtZmIsDT20ccbhp29M5TUAG0C71ehn5vB1HFFwBKYdXqaeThPXiiVIHOcxnp ffjIeigHYUaoWcx5ucV9RIgv1Y3lj/7sPNjEvQgsyO7wKKqBY2CSW7ZV7u/kLWJLSn6F 2W/ISH+ihybEQGM6PJYm8JDfIpMdL/tqPvoLqfpa8tKJXLwgteKmNQFz17DmJnZEo3fx kUnBbmd7QBAt8MutZ6HidDP7LoBYHnRKutIdJzTYRDkwNCS+FDiucpelb5WzXXTl0Fcy i4OVPjRy1UOnm8P7xS7Mbgz2cByKDJhm/wDPJ9P+CSnxyNLCOUHNU3m0xkh4fjLXynx3 ncmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lQHdmt+zeBygz2f7EFnLJqQmvEzc0W9igWrWSIl4q9k=; b=Usx9huXjW83PxRC2YJas13xYIl3SecYCd2PL+uIoTpVRXAL958XwRrJhE1ZrQ2TF22 4TPN7FBtgoPO5o5+l3NZPvspEAV3zDUyFVE/279XLKXurATj4bN2R6neonBEx1UsJxb/ eZW4ZCs6pTuUiYSishMXRGZenMh5X6xjKK5+llT2L0jmGtIT4lz3zYt7yi4XPowcA7I8 vRJlpmaQtDIKukYNShj1yMNVsiEasQYLpwy5ng8wmaZQ4eYK/47SCG4mhr9ZqhsRLmJz uY2aOS7CGaNWS7/vTEdHjN87kJQHE9UTnGWWavoS+1eIkIWl0OIjaV2zHImkfGh6KR05 VmyQ== X-Gm-Message-State: APf1xPA8fjNHDMASJM0cn5XmJGna95YBci+dNkG5traJHY5Giff9VncL Wi6hPbcOGqQRItY3jig1fDqlFU7UR6xHWNblQLo= X-Received: by 10.200.57.132 with SMTP id v4mr2049482qte.128.1518140878067; Thu, 08 Feb 2018 17:47:58 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.38.47 with HTTP; Thu, 8 Feb 2018 17:47:57 -0800 (PST) In-Reply-To: <20180208202100.GB3424@bombadil.infradead.org> References: <20180208021112.GB14918@bombadil.infradead.org> <20180208185648.GB9524@bombadil.infradead.org> <20180208194235.GA3424@bombadil.infradead.org> <20180208202100.GB3424@bombadil.infradead.org> From: Daniel Micay Date: Thu, 8 Feb 2018 20:47:57 -0500 Message-ID: Subject: Re: [RFC] Warn the user when they could overflow mapcount To: Matthew Wilcox Cc: Jann Horn , linux-mm@kvack.org, Kernel Hardening , kernel list , "Kirill A. Shutemov" , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I think there are likely legitimate programs mapping something a bunch of times. Falling back to a global object -> count mapping (an rbtree / radix trie or whatever) with a lock once it hits saturation wouldn't risk breaking something. It would permanently leave the inline count saturated and just use the address of the inline counter as the key for the map to find the 64-bit counter. Once it gets to 0 in the map, it can delete it from the map and do the standard freeing process, avoiding leaks. It would really just make it a 64-bit reference count heavily size optimized for the common case. It would work elsewhere too, not just this case.