Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp4363684pxb;
        Tue, 10 Nov 2020 14:44:45 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwOj/uf0ydj3mO12QybYD+ACT215tVHCLXCTr6v9/CnP3NcecxWn6FZpDRtZuUXufRDAq6q
X-Received: by 2002:a05:6402:553:: with SMTP id i19mr22931067edx.194.1605048285671;
        Tue, 10 Nov 2020 14:44:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1605048285; cv=none;
        d=google.com; s=arc-20160816;
        b=UpafDLIOYtfJoIFKrf9gY+VMnZ7DIBNd7PZwPk49jnQsAcv+YFI0Mhu971ST0SbcY4
         11HAOxWoMHtZ+k43QKTRqs8l2OVMYFHIMR4R5JR1Q188GJjbWgIwyXuYpOuG6SdJUriv
         7LAIjYWikl57Lk8MGpbGqZk0ogS+bTmoAmlF6KFwAtl1/yGvhpAEncDt59Qf6f5dHp4q
         JrIrQa5jSWAhWYRj6cg2fV2g/FLtae86cyesegvGBvCjZ5ydC/aOL1ODqUne1kpubST8
         uJOKdmSAKssDxFSOzsnw+J/uvlcf3JqVqiraw4YceYwWvuppzuYQZa3nbPyAmMgU9KSN
         JDvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject:dkim-signature;
        bh=7jSf/XzZ4jyQ+1vMaLtMgIwZ1Hd3aE57H+YNIg7Vd6s=;
        b=y6FFQ4m+1+yCGnXHIMimWDpA82sdWAhIEsTLd+1kmCPMqbQbQC0Ne8t0bHFoYXZwsj
         bttZqNOrvuUvZvD8UQPFJ64rcEdBe8AuSvNCN39vZzV4fPeZN7f+EfcBn/+2Y04tpMlA
         WPx+Rwmbg0gmWe4HI0Ns9foaz6rG3X3MkeAtR++y6fppkSVo2MsHZlckWMolB9IFOZGt
         Ox7ggw34YLJWMmTQVcklJCGy0cXe5UEs5120vkZIwdpI+tVjPvIhD4kDQy548TcxPQaf
         UE6bJpMY18VbunQ2Gzd+WN2wc2oEwfdWkOQvQs6GBgLUBRSdZEIMpDit2KB3CQk+YTOa
         EVHg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=google header.b=HmAOZ27e;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dn20si21871ejc.324.2020.11.10.14.44.12;
        Tue, 10 Nov 2020 14:44:45 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=google header.b=HmAOZ27e;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732317AbgKJWmQ (ORCPT <rfc822;chenhe.dev@gmail.com>
        + 99 others); Tue, 10 Nov 2020 17:42:16 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53224 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732314AbgKJWmP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 10 Nov 2020 17:42:15 -0500
Received: from mail-il1-x141.google.com (mail-il1-x141.google.com [IPv6:2607:f8b0:4864:20::141])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AED54C0613D6
        for <linux-kernel@vger.kernel.org>; Tue, 10 Nov 2020 14:42:14 -0800 (PST)
Received: by mail-il1-x141.google.com with SMTP id e17so138103ili.5
        for <linux-kernel@vger.kernel.org>; Tue, 10 Nov 2020 14:42:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linuxfoundation.org; s=google;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=7jSf/XzZ4jyQ+1vMaLtMgIwZ1Hd3aE57H+YNIg7Vd6s=;
        b=HmAOZ27e8pHLOZtNt33kCndwJB139JyHCZFOiD/C94/+pWb2KGdTlQCvLFR1HyR9mk
         lFx1ytT/rJSJ7/tpMYshlVQIWUN/TZct4TCzlg9wYsDyPKswhZWrEi9oFiHeYSi0CMuE
         tmbYZnr4Jy0AgOqG0pqnPBmt6xrLd9kKaYRBo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=7jSf/XzZ4jyQ+1vMaLtMgIwZ1Hd3aE57H+YNIg7Vd6s=;
        b=sFOV+yrcy7AStt2CuXesTXOCOJN7STwR3Zy/KhwqmJ6royQm788ZJbSyxjagbxGESG
         eZW1ivdW0D5zEdv4L6SJ4NUcyxBfeKCcv34mD3N1QXUITfpY84QaH8tzTJkp9KPvx/Zn
         /m7l4Qn/YszfiB9MJxlJTQDZYBOo9yj9R2YxQyphXOAt8izOc+E8BjVWzNXHQbbprw4R
         4fgtz2trVGHM8Nf+QoCvad09CTxPwzibAEvuRZXvmWLmMHnQSbPcFV1oB3iIQFmFUjRb
         1ZTiJ/Yy+2WeyAIDvKyiaIP7H9DbNIcoVVzJ+8vRmhXFejZ00EHS1VCup36scKlL3dn0
         z7Kg==
X-Gm-Message-State: AOAM531ioa+uoG08LykGev2izVespS36/LxKhUKHjYY/tFplF7Ecdhv3
        dq3EuTYUu4irGnXNdG/9ExCOcg==
X-Received: by 2002:a92:99ce:: with SMTP id t75mr16441201ilk.257.1605048133972;
        Tue, 10 Nov 2020 14:42:13 -0800 (PST)
Received: from [192.168.1.112] (c-24-9-64-241.hsd1.co.comcast.net. [24.9.64.241])
        by smtp.gmail.com with ESMTPSA id e12sm38652ilq.65.2020.11.10.14.42.12
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 10 Nov 2020 14:42:13 -0800 (PST)
Subject: Re: [PATCH 00/13] Introduce seqnum_ops
To:     Alan Stern <stern@rowland.harvard.edu>
Cc:     corbet@lwn.net, keescook@chromium.org, gregkh@linuxfoundation.org,
        peterz@infradead.org, rafael@kernel.org, lenb@kernel.org,
        james.morse@arm.com, tony.luck@intel.com, bp@alien8.de,
        minyard@acm.org, arnd@arndb.de, mchehab@kernel.org,
        rric@kernel.org, valentina.manea.m@gmail.com, shuah@kernel.org,
        zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, jmorris@namei.org,
        serge@hallyn.com, linux-doc@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
        linux-acpi@vger.kernel.org,
        openipmi-developer@lists.sourceforge.net,
        linux-edac@vger.kernel.org, linux-usb@vger.kernel.org,
        linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org
References: <cover.1605027593.git.skhan@linuxfoundation.org>
 <20201110204414.GA204624@rowland.harvard.edu>
From:   Shuah Khan <skhan@linuxfoundation.org>
Message-ID: <c58fde16-4bd1-0e1e-94ce-a15c359f9f91@linuxfoundation.org>
Date:   Tue, 10 Nov 2020 15:42:11 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.3.2
MIME-Version: 1.0
In-Reply-To: <20201110204414.GA204624@rowland.harvard.edu>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/10/20 1:44 PM, Alan Stern wrote:
> On Tue, Nov 10, 2020 at 12:53:26PM -0700, Shuah Khan wrote:
>> There are a number of atomic_t usages in the kernel where atomic_t api
>> is used strictly for counting sequence numbers and other statistical
>> counters and not for managing object lifetime.
>>
>> The purpose of these Sequence Number Ops is to clearly differentiate
>> atomic_t counter usages from atomic_t usages that guard object lifetimes,
>> hence prone to overflow and underflow errors.
>>
>> The atomic_t api provides a wide range of atomic operations as a base
>> api to implement atomic counters, bitops, spinlock interfaces. The usages
>> also evolved into being used for resource lifetimes and state management.
>> The refcount_t api was introduced to address resource lifetime problems
>> related to atomic_t wrapping. There is a large overlap between the
>> atomic_t api used for resource lifetimes and just counters, stats, and
>> sequence numbers. It has become difficult to differentiate between the
>> atomic_t usages that should be converted to refcount_t and the ones that
>> can be left alone. Introducing seqnum_ops to wrap the usages that are
>> stats, counters, sequence numbers makes it easier for tools that scan
>> for underflow and overflow on atomic_t usages to detect overflow and
>> underflows to scan just the cases that are prone to errors.
>>
>> Sequence Number api provides interfaces for simple atomic_t counter usages
>> that just count, and don't guard resource lifetimes. The seqnum_ops are
>> built on top of atomic_t api, providing a smaller subset of atomic_t
>> interfaces necessary to support atomic_t usages as simple counters.
>> This api has init/set/inc/dec/read and doesn't support any other atomic_t
>> ops with the intent to restrict the use of these interfaces as simple
>> counting usages.
>>
>> Sequence Numbers wrap around to INT_MIN when it overflows and should not
>> be used to guard resource lifetimes, device usage and open counts that
>> control state changes, and pm states. Overflowing to INT_MIN is consistent
>> with the atomic_t api, which it is built on top of.
> 
> If Sequence Numbers are subject to wraparound then they aren't reliable.
> Given that they aren't reliable, why use atomic instructions at all?
> Why not just use plain regular integers with READ_ONCE and WRITE_ONCE?
> 

You still need atomic update for these numbers. The intent is to provide
atomic api for cases where the variable doesn't guard lifetimes and yet
needs atomic instructions.

Several such usages where atomic_t is used for up counting, also use
upper bounds. It is also an option to switch to seqnum64 to avoid
wrap around in case there is a concern.

thanks,
-- Shuah