Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp337148pxb; Thu, 21 Jan 2021 08:16:01 -0800 (PST) X-Google-Smtp-Source: ABdhPJzjNMA50uA5URs3aThlu0hU+GQeggVKrebV0eZoJWvXzlYnlBf3/l7kAQJcwHfJG9eW6SER X-Received: by 2002:aa7:c3c4:: with SMTP id l4mr8650280edr.255.1611245761782; Thu, 21 Jan 2021 08:16:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611245761; cv=none; d=google.com; s=arc-20160816; b=M9XBvtxyFYENQpY1XaUkRUjh7KZSDZAPWkcrWKLeslc90Hx8ryYmxz27LRbm0Bicpn noDktIb3W67sjT5JhYyZIzvfB+E2kTmLX80dDjbDi1nbkWxIJ6kb0NAvh1wHV22j+O0b hNIiEW6kqUee/UvXBPqRschevwqzNJc0Qa2usWKHBel4yIvagErqXKxKyN9rmer+QYxH 74w04FkpUShE0fCVgx0L70ifhnzDMq91peNJ2Z0k4kq5i3bBDXlyskn1XRQOQf1U2WGf OJ+GcGqzWDTIxL21EzLgUqkioHhL2ofOvrn1Aht3biOMKwpXWAxF2feW4mPtamBxsDB0 fh/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=pso62C3np00vqzwhT2/NLASjN7eJ/kzm4SHjdwNwsf4=; b=S91XVmcVJpYWIUAU6owbUI4/8x3lr3nuSGhJEkb6GqpMELLrOFPiH6IuzeH+o8aYhu 5lJ84cUTawQib0yjNW8e1RYGcfq74dsR0YvfMk5ZDxA3lLa2zaFGc9ELoE69c7n8xf8c /7fKYsBgNkaI0SjMh9Q0uLLCRAfpgf1zCId3/ByDoQla9Pqj7QS5R2Cgd+j5C9KzIMnI DiV5NvUkPen0yjNz5B2lSwGTbTrGyJOga49HddK2gnQuCyCiAG2MOhKTNqK6u5jH1qwt 6R4S3ViOM+NvBZ3liFC+JAphEDhAtfygFEFPi6FKicTzSh+Q1MFyX9+nnKMPbpcISr7R SGVQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id va10si1975567ejb.247.2021.01.21.08.15.36; Thu, 21 Jan 2021 08:16:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732100AbhAUQOg (ORCPT + 99 others); Thu, 21 Jan 2021 11:14:36 -0500 Received: from raptor.unsafe.ru ([5.9.43.93]:52832 "EHLO raptor.unsafe.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732178AbhAUQIq (ORCPT ); Thu, 21 Jan 2021 11:08:46 -0500 Received: from example.org (ip-94-112-41-137.net.upcbroadband.cz [94.112.41.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by raptor.unsafe.ru (Postfix) with ESMTPSA id D51E2209D4; Thu, 21 Jan 2021 16:07:46 +0000 (UTC) Date: Thu, 21 Jan 2021 17:07:42 +0100 From: Alexey Gladkov To: "Eric W. Biederman" Cc: Linus Torvalds , LKML , io-uring , Kernel Hardening , Linux Containers , Linux-MM , Andrew Morton , Christian Brauner , Jann Horn , Jens Axboe , Kees Cook , Oleg Nesterov Subject: Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting Message-ID: <20210121160742.evd3632lepfytlxb@example.org> References: <116c7669744404364651e3b380db2d82bb23f983.1610722473.git.gladkov.alexey@gmail.com> <20210118194551.h2hrwof7b3q5vgoi@example.org> <20210118205629.zro2qkd3ut42bpyq@example.org> <87eeig74kv.fsf@x220.int.ebiederm.org> <20210121120427.iiggfmw3tpsmyzeb@example.org> <87ft2u2ss5.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87ft2u2ss5.fsf@x220.int.ebiederm.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.1 (raptor.unsafe.ru [5.9.43.93]); Thu, 21 Jan 2021 16:08:00 +0000 (UTC) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 21, 2021 at 09:50:34AM -0600, Eric W. Biederman wrote: > >> The current ucount code does check for overflow and fails the increment > >> in every case. > >> > >> So arguably it will be a regression and inferior error handling behavior > >> if the code switches to the ``better'' refcount_t data structure. > >> > >> I originally didn't use refcount_t because silently saturating and not > >> bothering to handle the error makes me uncomfortable. > >> > >> Not having to acquire the ucounts_lock every time seems nice. Perhaps > >> the path forward would be to start with stupid/correct code that always > >> takes the ucounts_lock for every increment of ucounts->count, that is > >> later replaced with something more optimal. > >> > >> Not impacting performance in the non-namespace cases and having good > >> performance in the other cases is a fundamental requirement of merging > >> code like this. > > > > Did I understand your suggestion correctly that you suggest to use > > spin_lock for atomic_read and atomic_inc ? > > > > If so, then we are already incrementing the counter under ucounts_lock. > > > > ... > > if (atomic_read(&ucounts->count) == INT_MAX) > > ucounts = NULL; > > else > > atomic_inc(&ucounts->count); > > spin_unlock_irq(&ucounts_lock); > > return ucounts; > > > > something like this ? > > Yes. But without atomics. Something a bit more like: > > ... > > if (ucounts->count == INT_MAX) > > ucounts = NULL; > > else > > ucounts->count++; > > spin_unlock_irq(&ucounts_lock); > > return ucounts; This is the original code. > I do believe at some point we will want to say using the spin_lock for > ucounts->count is cumbersome, and suboptimal and we want to change it to > get a better performing implementation. > > Just for getting the semantics correct we should be able to use just > ucounts_lock for locking. Then when everything is working we can > profile and optimize the code. > > I just don't want figuring out what is needed to get hung up over little > details that we can change later. OK. So I will drop this my change for now. -- Rgrds, legion