| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABeNrKWW6P0STsmxyL7yOASn63fKyLrCqv=ksomqOJP+ry8PPw@mail.gmail.com>
Date: Wed, 23 Apr 2025 14:35:18 -0700
From: Kane York <kanepyork@...il.com>
To: kees@...nel.org
Cc: kent.overstreet@...ux.dev, linux-bcachefs@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-hardening@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/3] enumarated refcounts, for debugging refcount issues
On Sun, 20 Apr 2025 20:09:50 -0700, Kees Cook wrote:
> On Sun, Apr 20, 2025 at 09:27:26PM -0400, Kent Overstreet wrote:
> > On Sun, Apr 20, 2025 at 06:08:41PM -0700, Kees Cook wrote:
> > > On Sun, Apr 20, 2025 at 11:59:13AM -0400, Kent Overstreet wrote:
> > > > Not sure we have a list for library code, but this might be of interest
> > > > to anyone who's had to debug refcount issues on refs with lots of users
> > > > (filesystem people), and I know the hardening folks deal with refcounts
> > > > a lot.
> > >
> > > Why not use refcount_t instead of atomic_t?
> > Out of curiousity, has overflow of an atomic_long_t refcount ever been
> > observed?
>
> Not to my knowledge. :)
Equivalent systems have observed it, but only in the presence of compiler
optimizations that deduce they could increment the refcount multiple times.
NEVER_INLINE void naughty_ref_increment(ref* ref) {
long i;
for (i = 0; i < LONG_MAX/2; i++) {
ref_get(ref);
}
}
Running the above code 3 times will saturate the refcount, if it ever
terminates in our lifetimes (due to being optimized into an
atomic_fetch_add(LONG_MAX/2)).
So: don't write the above code!
Powered by blists - more mailing lists