lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z36UafdgGTcbvaun@casper.infradead.org>
Date: Wed, 8 Jan 2025 15:06:17 +0000
From: Matthew Wilcox <willy@...radead.org>
To: Vlastimil Babka <vbabka@...e.cz>
Cc: Suren Baghdasaryan <surenb@...gle.com>, akpm@...ux-foundation.org,
	peterz@...radead.org, liam.howlett@...cle.com,
	lorenzo.stoakes@...cle.com, mhocko@...e.com, hannes@...xchg.org,
	mjguzik@...il.com, oliver.sang@...el.com,
	mgorman@...hsingularity.net, david@...hat.com, peterx@...hat.com,
	oleg@...hat.com, dave@...olabs.net, paulmck@...nel.org,
	brauner@...nel.org, dhowells@...hat.com, hdanton@...a.com,
	hughd@...gle.com, lokeshgidra@...gle.com, minchan@...gle.com,
	jannh@...gle.com, shakeel.butt@...ux.dev, souravpanda@...gle.com,
	pasha.tatashin@...een.com, klarasmodin@...il.com, corbet@....net,
	linux-doc@...r.kernel.org, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org, kernel-team@...roid.com
Subject: Re: [PATCH v7 11/17] refcount: introduce
 __refcount_{add|inc}_not_zero_limited

On Wed, Jan 08, 2025 at 10:16:04AM +0100, Vlastimil Babka wrote:
> >  static inline __must_check __signed_wrap
> > -bool __refcount_add_not_zero(int i, refcount_t *r, int *oldp)
> > +bool __refcount_add_not_zero_limited(int i, refcount_t *r, int *oldp,
> > +				     int limit)
> >  {
> >  	int old = refcount_read(r);
> >  
> >  	do {
> >  		if (!old)
> >  			break;
> > +		if (limit && old + i > limit) {
> 
> Should this be e.g. "old > limit - i" to avoid overflow and false negative
> if someone sets limit close to INT_MAX?

Although 'i' might also be INT_MAX, whereas we know that old < limit.
So "i > limit - old" is the correct condition to check, IMO.

I'd further suggest that using a limit of 0 to mean "unlimited" introduces
an unnecessary arithmetic operation.  Make 'limit' inclusive instead
of exclusive, pass INT_MAX instead of 0, and Vlastimil's suggestion,
and this becomes:

		if (i > limit - old)

> > +			if (oldp)
> > +				*oldp = old;
> > +			return false;
> > +		}
> >  	} while (!atomic_try_cmpxchg_relaxed(&r->refs, &old, old + i));

...

> > +static inline __must_check __signed_wrap
> > +bool __refcount_add_not_zero(int i, refcount_t *r, int *oldp)
> > +{
> > +	return __refcount_add_not_zero_limited(i, r, oldp, 0);

Just to be clear, this becomes:

	return __refcount_add_not_zero_limited(i, r, oldp, INT_MAX);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ