| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <24720.1559306541@warthog.procyon.org.uk>
Date: Fri, 31 May 2019 13:42:21 +0100
From: David Howells <dhowells@...hat.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: dhowells@...hat.com, viro@...iv.linux.org.uk, raven@...maw.net,
linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org,
linux-block@...r.kernel.org, keyrings@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/7] General notification queue with user mmap()'able ring buffer
Greg KH <gregkh@...uxfoundation.org> wrote:
> > kref_put() enforces a very specific destructor signature. I know of places
> > where that doesn't work because the destructor takes more than one argument
> > (granted that this is not the case here). So why does kref_put() exist at
> > all? Why not kref_dec_and_test()?
>
> The destructor only takes one object pointer as you are finally freeing
> that object. What more do you need/want to "know" at that point in
> time?
Imagine that I have an object that's on a list rooted in a namespace and that
I have a lot of these objects. Imagine further that any time I want to put a
ref on one of these objects, it's in a context that has the namespace pinned.
I therefore don't need to store a pointer to the namespace in every object
because I can pass that in to the put function
Indeed, I can still access the namespace even after the decrement didn't
reduce the usage count to 0 - say for doing statistics.
> What would kref_dec_and_test() be needed for?
Why do you need kref_put() to take a destructor function pointer? Why cannot
that be replaced with, say:
static inline bool __kref_put(struct kref *k)
{
return refcount_dec_and_test(&k->refcount);
}
and then one could do:
void put_foo(struct foo_net *ns, struct foo *f)
{
if (__kref_put(&f->refcount)) {
// destroy foo
}
}
that way the destruction code does not have to be offloaded into its own
function and you still have your pattern to look for.
For tracing purposes, I could live with something like:
static inline
bool __kref_put_return(struct kref *k, unsigned int *_usage)
{
return refcount_dec_and_test_return(&k->refcount, _usage);
}
and then I could do:
void put_foo(struct foo_net *ns, struct foo *f)
{
unsigned int u;
bool is_zero = __kref_put_return(&f->refcount, &u);
trace_foo_refcount(f, u);
if (is_zero) {
// destroy foo
}
}
then it could be made such that you can disable the ability of
refcount_dec_and_test_return() to pass back a useful refcount value if you
want a bit of extra speed.
Or even if refcount_dec_return() is guaranteed to return 0 if the count hits
the floor and non-zero otherwise and there's a config switch to impose a
stronger guarantee that it will return a value that's appropriately
transformed to look as if I was using atomic_dec_return().
Similarly for refcount_inc_return() - it could just return gibberish unless
the same config switch is enabled.
Question for AMD/Intel guys: I'm curious if LOCK DECL faster than LOCK XADD -1
on x86_64?
> > Why doesn't refcount_t get merged into kref, or vice versa? Having both
> > would seem redundant.
>
> kref uses refcount_t and provides a different functionality on top of
> it. Not all uses of a refcount in the kernel is for object lifecycle
> reference counting, as you know :)
I do? I can't think of one offhand. Not that I'm saying you're wrong on
that - there's an awful lot of kernel.
David
Powered by blists - more mailing lists