Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3865600pxf; Mon, 15 Mar 2021 22:50:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxO0+P4ZZxYZwdVOSatCa4hJFmRY1S3jk2slc2LRSXiddg6HWPZBDJ1YrvDPZJOYoCIDKaV X-Received: by 2002:a17:907:a042:: with SMTP id gz2mr27264507ejc.174.1615873837146; Mon, 15 Mar 2021 22:50:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1615873837; cv=none; d=google.com; s=arc-20160816; b=cIgkqjDBBeLgpp61L1mCZpGADkhmK75Yp0YnwqbeJ3mZ4TdI/kjcu8SUcajlS1uBKF ENjdzbQ7WwFJMK088R5ly1G7ecolX/BuwNvw0CxMDZK4S2NpP85kXtgwX9FhcKKlqZqz LgjTEAXHIkxz4aGpiQF0DTFeFf63uuoxhQjSomH3LS0Of4K0AI3YjfVUwmhxI0usouVO xxnSTLEMagil5LYOhoE/M9Se6fs7KsEnOwL/GtvV5yl6LmXyYsUwhX33jGokEuXjNygN nZOV5VDb+ey/IQoz6Zsat+ALudQPOY4HAtGrNxNP0OsxTcOQ4Dpsud4S4ixE16wGda87 kO9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=JHuD9L12GwXv9CMjuewy7NJi4UEeZj8gMIMY0fXoMjo=; b=0t6bhUHD3lhpuukxZHxeHv6PyEFWCPyNU4Ty2s29jvWE0wLvmvrDTm0q6Jnc7bSWne PoxeNBVqTj/TTkY94BnK8mcgTQBFyFnB5xfKZfixZ1lQ/mkRIPHu0PSwc7O7JfIXGmUm DZK+jG2CP9gnilFPvoGUWhGOmH+/JZ2s/OoQ0br/AylsZArBmtZEuuDIWutmKBHiaD14 B1xA7Nh+cNYylqCDBMWeqKWkP52dPtyGVod352SiHbKP7phXTtbsc0VZP7svc6QWDANO /gsTSry4+FJoJ9QutffD6xiCVonXaRj/dYQmpVxzWHjgOAqRk3fFSlzLA+APfogc7lYY +VuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=S+PBvkiN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s28si13732654edw.110.2021.03.15.22.50.15; Mon, 15 Mar 2021 22:50:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=S+PBvkiN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231534AbhCOWTr (ORCPT + 99 others); Mon, 15 Mar 2021 18:19:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40476 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229824AbhCOWTh (ORCPT ); Mon, 15 Mar 2021 18:19:37 -0400 Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15448C06174A for ; Mon, 15 Mar 2021 15:19:37 -0700 (PDT) Received: by mail-lj1-x22b.google.com with SMTP id z8so18143727ljm.12 for ; Mon, 15 Mar 2021 15:19:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JHuD9L12GwXv9CMjuewy7NJi4UEeZj8gMIMY0fXoMjo=; b=S+PBvkiNvoS7h8zAD5cjsSRJz4FVPn0bUbOW1vAx3cSOxv0XYlgWOMD63ht2EW+UvG WqRwvdt1hEocnp30SVofJDviTh5NFMlDuAZFdZ0CFQTPQzKAvpCn4FZXTYX5F2Q7x0TA w6hkZe/5rBy3BNMBjtwIU8r7P3WUEjnalDrr4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JHuD9L12GwXv9CMjuewy7NJi4UEeZj8gMIMY0fXoMjo=; b=Ir5+9cbqpbIRKH1EBJ3UALwD7MFhoYawcGo0X0asjUzbnpUyI4MkifShLT1FHn7Px3 UnvKuK3PcVgF1LRRXZC/iNt5QdpxDW3eS5gogRRNUVHrDovubaz5My4Zf97inzWTzN6o 6ll2q5DIMgUhhuimzcPWg7jMNKVMHp07iuToaWS/T9xEzcUwMu0lPYuQZCD41fByEfY4 mFNkWilRZICkGhBISVBgX6xB1CkPJJatrnVruELSjnTCiX00QYXRFPCnRpic4oWXedu5 uMTloTd25DD3dWYkP4ZtB5NumKVUMPUMq0bod+dtxZAyBHVU+UEujPEjo9xJaFnhS6C0 /QZg== X-Gm-Message-State: AOAM532Tpt0z7tyoOBpZ2SH1oEJqLzv+Dht2tvbblvFSo9wVLnfLcHwL ocxmD6haL2YwEkwbj9PeQi9X2xnF3XG6jg== X-Received: by 2002:a2e:9055:: with SMTP id n21mr704367ljg.248.1615846775226; Mon, 15 Mar 2021 15:19:35 -0700 (PDT) Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com. [209.85.208.179]) by smtp.gmail.com with ESMTPSA id 192sm3011870ljj.95.2021.03.15.15.19.33 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Mar 2021 15:19:34 -0700 (PDT) Received: by mail-lj1-f179.google.com with SMTP id s17so18149693ljc.5 for ; Mon, 15 Mar 2021 15:19:33 -0700 (PDT) X-Received: by 2002:a2e:a589:: with SMTP id m9mr729361ljp.220.1615846773296; Mon, 15 Mar 2021 15:19:33 -0700 (PDT) MIME-Version: 1.0 References: <59ee3289194cd97d70085cce701bc494bfcb4fd2.1615372955.git.gladkov.alexey@gmail.com> <202103151426.ED27141@keescook> In-Reply-To: <202103151426.ED27141@keescook> From: Linus Torvalds Date: Mon, 15 Mar 2021 15:19:17 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting To: Kees Cook Cc: Alexey Gladkov , LKML , io-uring , Kernel Hardening , Linux Containers , Linux-MM , Alexey Gladkov , Andrew Morton , Christian Brauner , "Eric W . Biederman" , Jann Horn , Jens Axboe , Oleg Nesterov Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 15, 2021 at 3:03 PM Kees Cook wrote: > > On Wed, Mar 10, 2021 at 01:01:28PM +0100, Alexey Gladkov wrote: > > The current implementation of the ucounts reference counter requires the > > use of spin_lock. We're going to use get_ucounts() in more performance > > critical areas like a handling of RLIMIT_SIGPENDING. > > This really looks like it should be refcount_t. No. refcount_t didn't have the capabilities required. It just saturates, and doesn't have the "don't do this" case, which the ucounts case *DOES* have. In other words, refcount_t is entirely misdesigned for this - because it's literally designed for "people can't handle overflow, so we warn and saturate". ucounts can never saturate, because they replace saturation with "don't do that then". In other words, ucounts work like the page counts do (which also don't saturate, they just say "ok, you can't get a reference". I know you are attached to refcounts, but really: they are not only more expensive, THEY LITERALLY DO THE WRONG THING. Linus