lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 2 Aug 2019 10:52:28 -0400
From:   Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:     Chuhong Yuan <hslester96@...il.com>
Cc:     Vishal Kulkarni <vishal@...lsio.com>,
        "David S . Miller" <davem@...emloft.net>,
        Network Development <netdev@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 1/2] cxgb4: sched: Use refcount_t for refcount

On Fri, Aug 2, 2019 at 10:27 AM Chuhong Yuan <hslester96@...il.com> wrote:
>
> Willem de Bruijn <willemdebruijn.kernel@...il.com> 于2019年8月2日周五 下午9:40写道:
> >
> > On Fri, Aug 2, 2019 at 4:36 AM Chuhong Yuan <hslester96@...il.com> wrote:
> > >
> > > refcount_t is better for reference counters since its
> > > implementation can prevent overflows.
> > > So convert atomic_t ref counters to refcount_t.
> > >
> > > Signed-off-by: Chuhong Yuan <hslester96@...il.com>
> > > ---
> > > Changes in v2:
> > >   - Convert refcount from 0-base to 1-base.
> >
> > This changes the initial value from 0 to 1, but does not change the
> > release condition. So this introduces an accounting bug?
>
> I have noticed this problem and have checked other files which use refcount_t.
> I find although the refcounts are 1-based, they still use
> refcount_dec_and_test()
> to check whether the resource should be released.
> One example is drivers/char/mspec.c.
> Therefore I think this is okay and do not change the release condition.

Indeed it is fine to use refcount_t with a model where the initial
allocation already accounts for the first reference and thus
initializes with refcount_set(.., 1).

But it is not correct to just change a previously zero initialization
to one. As now an extra refcount_dec will be needed to release state.
But the rest of the code has not changed, so this extra decrement will
not happen.

For a correct conversion, see for instance commits

  commit db5bce32fbe19f0c7482fb5a40a33178bbe7b11b
  net: prepare (struct ubuf_info)->refcnt conversion

and

  commit c1d1b437816f0afa99202be3cb650c9d174667bc
  net: convert (struct ubuf_info)->refcnt to refcount_t

The second makes a search-and-replace style API change like your
patches (though also notice the additional required #include).

But the other patch is needed first to change both the initial
atomic_set *and* at least one atomic_inc, to maintain the same
reference count over the object's lifetime.

That change requires understanding of the object's lifecycle, so I
suggest only making those changes when aware of that whole data path.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ