Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2269890pxb; Mon, 18 Jan 2021 12:59:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJy22jLbhRlQObXBMAGgSNZ+8dRYUzftaAIVqa+W8/BCH/qeFjt9OVKyM6ulvOREoK/GcI89 X-Received: by 2002:a17:906:3603:: with SMTP id q3mr932781ejb.382.1611003591793; Mon, 18 Jan 2021 12:59:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611003591; cv=none; d=google.com; s=arc-20160816; b=DVxsEyDT2d5WgvFKQrvulgnZYNDjNgbCAWbjl4XAN3XpXhDtvt93JK5WKQvILZmvvg KNeMLxQbawIHfULZ8cKIbn1WRGqXo7vJAp+80tazV0xKPX5u0T1DJggROmRgcADg79ZM HecKCbqlTggPLS9Fu993SonfWZrDmtRMd8h9VwTtREE8GBZ9srapctXBfIUInzRPNBNM a1dTmc4q5K5Pxh8NttwyEStGfjgEmZp/N2XcjHcJATtI/+zt28zzqtu0wQp5gzmbtQv9 5XVii1MvYZuCxdnC1m9xV4KDU2q1sXTMpFwnT1jtZ1f/VXSrq2B8xvcwK8eO61lq7Nst +pGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=1OshodKWIpvbKnwWKMjj5B9YehUZNpBMCUqG5evRQHo=; b=0860XkwqvPvvXocynoLpTd5YPsWzf8ETQMLnJzCCs/4mC+rjaMMANmQH/tVugf2vSp aQhHg+UnRk+sjNTB26T4fJ6wh5I9ibqO8zCJkco53i2QnzLVE1I04ZP8nTkWak+iicFN FsVxzo268hd6VdSPzVjypHflVzKWR4RzDZu3zGLZrp7PYVxyw8Dd69BQzomyxX03bFej uYZDXmfjpJYCIvtJ93UxipJZ7BMKwe4l34D4QIY1hepIU4bWk6VlTSSzg8Feh6Zcfyfn QxSNWgJnsT591JoYmi1AeY9Ejo/0Y8njL540RsuvJ6Zm10sHEJE3xwvktzmDRNVOC+1e Vg+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n22si471415eji.534.2021.01.18.12.59.28; Mon, 18 Jan 2021 12:59:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389656AbhARU5p (ORCPT + 99 others); Mon, 18 Jan 2021 15:57:45 -0500 Received: from raptor.unsafe.ru ([5.9.43.93]:40720 "EHLO raptor.unsafe.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388520AbhARU5k (ORCPT ); Mon, 18 Jan 2021 15:57:40 -0500 Received: from example.org (ip-89-103-122-167.net.upcbroadband.cz [89.103.122.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by raptor.unsafe.ru (Postfix) with ESMTPSA id AA00720479; Mon, 18 Jan 2021 20:56:34 +0000 (UTC) Date: Mon, 18 Jan 2021 21:56:29 +0100 From: Alexey Gladkov To: Linus Torvalds Cc: LKML , io-uring , Kernel Hardening , Linux Containers , Linux-MM , Andrew Morton , Christian Brauner , "Eric W . Biederman" , Jann Horn , Jens Axboe , Kees Cook , Oleg Nesterov Subject: Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting Message-ID: <20210118205629.zro2qkd3ut42bpyq@example.org> References: <116c7669744404364651e3b380db2d82bb23f983.1610722473.git.gladkov.alexey@gmail.com> <20210118194551.h2hrwof7b3q5vgoi@example.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.1 (raptor.unsafe.ru [5.9.43.93]); Mon, 18 Jan 2021 20:56:57 +0000 (UTC) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 18, 2021 at 12:34:29PM -0800, Linus Torvalds wrote: > On Mon, Jan 18, 2021 at 11:46 AM Alexey Gladkov > wrote: > > > > Sorry about that. I thought that this code is not needed when switching > > from int to refcount_t. I was wrong. > > Well, you _may_ be right. I personally didn't check how the return > value is used. > > I only reacted to "it certainly _may_ be used, and there is absolutely > no comment anywhere about why it wouldn't matter". I have not found examples where checked the overflow after calling refcount_inc/refcount_add. For example in kernel/fork.c:2298 : current->signal->nr_threads++; atomic_inc(¤t->signal->live); refcount_inc(¤t->signal->sigcnt); $ semind search signal_struct.sigcnt def include/linux/sched/signal.h:83 refcount_t sigcnt; m-- kernel/fork.c:723 put_signal_struct if (refcount_dec_and_test(&sig->sigcnt)) m-- kernel/fork.c:1571 copy_signal refcount_set(&sig->sigcnt, 1); m-- kernel/fork.c:2298 copy_process refcount_inc(¤t->signal->sigcnt); It seems to me that the only way is to use __refcount_inc and then compare the old value with REFCOUNT_MAX Since I have not seen examples of such checks, I thought that this is acceptable. Sorry once again. I have not tried to hide these changes. -- Rgrds, legion