Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp3443433ybf; Tue, 3 Mar 2020 06:11:17 -0800 (PST) X-Google-Smtp-Source: ADFU+vsjsGMecXaZ+h832leA/6mgSU3NeE/g0anpjKLQNz9FibRfkJirOtkqMpBphj1fbJJZhtZ9 X-Received: by 2002:a9d:6951:: with SMTP id p17mr3350235oto.24.1583244677604; Tue, 03 Mar 2020 06:11:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583244677; cv=none; d=google.com; s=arc-20160816; b=W8nn57WdJFMhnEELLH1HTUmylUCLh8uQ+3caRPP60t5UY7+SfuIk9WyOYXKLHBAtj3 pPSEagVuoTljHjj495h9AO+IMDt1cP9nNPB7uB12DoMsjf/n4m6Mqy0w0SLsOjCi1Z1N 7f+wVnfCja4s+e4qQ4f4SbwEcfPyhpS90b2sHXszuB338pwYLvFZqoMXmHivzZY45kRZ 6fDbUyg+FDtFGJYjc3E/EEJQ7odQTNycdhDikyu9+IHklaR46v0eFAanej3Ts96vrktp ZBfKhxbS3xaiDyHeBTIwRq0ndT9Cz+ozAzjzJ5mfpRtgPR3kpTHb2RQwBT/fF8QYTZEF HZrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=jbcRkVBxSbJptVd45Z925xp04oFQnSe/xFiehp4Z2HY=; b=XLO/NEuzlhozUyZy7vVsrxzrKEc79P9DEgItyk7ZiL5J921tmAi4UxEeVbwhd5lwTz ZMxqohFuDJeQY9/ycAHleZJRzZMw7NbhQHmIQgkqdey6hJaa4zlWhVkG/uo22Bzr16x5 YxPa5BFrBz3ezHc5NdkoYLlFUiLHLP8R/UyMsCkfZX4t+/hdpS1CFcAPQu7BjefXtYHl rqbEdlg73M2gUWcG4oVbEwBtaNUCIizzy0qIfYLPIobY6Edrr99TJbF67WlzidOclRLO eCStflfpkvN4WSc58j6D/f9VKRrssUKzyLl8YYB7eoMOX5DS+57VAOfuaQgh+R309lki G9Sg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=DwhrlK2S; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 9si8189454ois.90.2020.03.03.06.10.55; Tue, 03 Mar 2020 06:11:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=DwhrlK2S; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729026AbgCCN6U (ORCPT + 99 others); Tue, 3 Mar 2020 08:58:20 -0500 Received: from mail-ot1-f67.google.com ([209.85.210.67]:36985 "EHLO mail-ot1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728018AbgCCN6T (ORCPT ); Tue, 3 Mar 2020 08:58:19 -0500 Received: by mail-ot1-f67.google.com with SMTP id b3so3066476otp.4 for ; Tue, 03 Mar 2020 05:58:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jbcRkVBxSbJptVd45Z925xp04oFQnSe/xFiehp4Z2HY=; b=DwhrlK2SAnNEc310PFtb/wtiEb9o2QG+UHkXx02enw/+bZgoV6Vd5k8t+bCxIS1KL0 CiIHCR8bIHYIzYgCbotrzwPNaxWcGCBo6bso4emMvUjLbFuXSSHRESWkUWD1Uu5k7FRM 4Vp1SoFKTD3zxA2iouOs+1gHuAxgPAHCjdmx9y3Z64VomIGs1W9TJARAEn9XvapU495J 4uzCui4iWa676vBWfxjW4CTO6BjHIQ1Lckvx+aAJsinjy77isJjFM9chRYG35xDZGopB KL5XmcSMPD2RhSW0TpDuMNH3knppvSaAvflJgJyYCfpOQQnkPBwctXg5GgtAQnOfAh4L 8qCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jbcRkVBxSbJptVd45Z925xp04oFQnSe/xFiehp4Z2HY=; b=dmEXVxKIWDxDZlviGRYJBvLgJZjTZlLrSPusJ0XtFrJa4CyYagwJSyZrbyoml6CZ0c MQ/2pkUcbjla95VAmkcva60DwoXzW6PC/q9L3L4a1X24E5yV1Tl675HFuji1xvVwCA/n /xYRjkEDrjhQWoQIKHgA0ceEYAHueeEt6TOurScPHIvpnEBReEOore0ORA1BnN0GPi1D ZzfLLHYWvlewD6kry1bpczskvhUIc6H2hxxMkZUCKLSyJXLeEGzCJE+d0uzpQ0GS8BQf QdKwcwBFm7V6BP1M2PVD6I9T74xZFTg3is3gKmHXZJ4GOLYlf0rBJBebgofkOoblq5iz SVbw== X-Gm-Message-State: ANhLgQ2ZJ2ZCXoXFeK4wj/0gqDxiratcATcFqd3RfAvSkGB3G5xrrpTG bd4pi83EQyjrkTOpGkVSVhDj5SSGFQGV21bAJ6el+Q== X-Received: by 2002:a05:6830:11a:: with SMTP id i26mr3553549otp.180.1583243886992; Tue, 03 Mar 2020 05:58:06 -0800 (PST) MIME-Version: 1.0 References: <20200303105427.260620-1-jannh@google.com> In-Reply-To: From: Jann Horn Date: Tue, 3 Mar 2020 14:57:40 +0100 Message-ID: Subject: Re: [PATCH v2] lib/refcount: Document interaction with PID_MAX_LIMIT To: Ard Biesheuvel Cc: Will Deacon , Kees Cook , Ingo Molnar , Peter Zijlstra , kernel list , Elena Reshetova , Hanjun Guo , Jan Glauber , Kernel Hardening Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 3, 2020 at 2:07 PM Ard Biesheuvel wrote: > On Tue, 3 Mar 2020 at 11:54, Jann Horn wrote: > > > > Document the circumstances under which refcount_t's saturation mechanism > > works deterministically. > > > > Signed-off-by: Jann Horn > > I /think/ the main point of Kees's suggestion was that FUTEX_TID_MASK > is UAPI, so unlikely to change. Yeah, but it has already changed three times in git history: 76b81e2b0e224 ("[PATCH] lightweight robust futexes updates 2"): 0x1fffffff -> 0x3fffffff d0aa7a70bf03b ("futex_requeue_pi optimization"): 0x3fffffff -> 0x0fffffff bd197234b0a6 ("Revert "futex_requeue_pi optimization""): 0x0fffffff -> 0x3fffffff I just sent a patch to fix up a comment that still claimed the mask was 0x1fffffff... so I didn't want to explicitly write the new value here. While making the value *bigger* would probably be a bit hard (and unnecessary), making it smaller would be fairly easy here - the field is populated by userspace, so even though the mask is 0x3fffffff, userspace will never set the upper bits, so they're effectively reserved bits with value 0.