| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJuCfpHB6ODCJofQs232se+=hFW8B5fKOD8ex-JWm589qa=f1Q@mail.gmail.com>
Date: Fri, 10 Jan 2025 08:29:19 -0800
From: Suren Baghdasaryan <surenb@...gle.com>
To: David Laight <david.laight.linux@...il.com>
Cc: Matthew Wilcox <willy@...radead.org>, Vlastimil Babka <vbabka@...e.cz>, akpm@...ux-foundation.org,
peterz@...radead.org, liam.howlett@...cle.com, lorenzo.stoakes@...cle.com,
mhocko@...e.com, hannes@...xchg.org, mjguzik@...il.com, oliver.sang@...el.com,
mgorman@...hsingularity.net, david@...hat.com, peterx@...hat.com,
oleg@...hat.com, dave@...olabs.net, paulmck@...nel.org, brauner@...nel.org,
dhowells@...hat.com, hdanton@...a.com, hughd@...gle.com,
lokeshgidra@...gle.com, minchan@...gle.com, jannh@...gle.com,
shakeel.butt@...ux.dev, souravpanda@...gle.com, pasha.tatashin@...een.com,
klarasmodin@...il.com, corbet@....net, linux-doc@...r.kernel.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org, kernel-team@...roid.com
Subject: Re: [PATCH v7 11/17] refcount: introduce __refcount_{add|inc}_not_zero_limited
On Fri, Jan 10, 2025 at 5:32 AM David Laight
<david.laight.linux@...il.com> wrote:
>
> On Wed, 8 Jan 2025 15:06:17 +0000
> Matthew Wilcox <willy@...radead.org> wrote:
>
> > On Wed, Jan 08, 2025 at 10:16:04AM +0100, Vlastimil Babka wrote:
> > > > static inline __must_check __signed_wrap
> > > > -bool __refcount_add_not_zero(int i, refcount_t *r, int *oldp)
> > > > +bool __refcount_add_not_zero_limited(int i, refcount_t *r, int *oldp,
> > > > + int limit)
> > > > {
> > > > int old = refcount_read(r);
> > > >
> > > > do {
> > > > if (!old)
> > > > break;
> > > > + if (limit && old + i > limit) {
> > >
> > > Should this be e.g. "old > limit - i" to avoid overflow and false negative
> > > if someone sets limit close to INT_MAX?
> >
> > Although 'i' might also be INT_MAX, whereas we know that old < limit.
> > So "i > limit - old" is the correct condition to check, IMO.
> >
> > I'd further suggest that using a limit of 0 to mean "unlimited" introduces
> > an unnecessary arithmetic operation. Make 'limit' inclusive instead
> > of exclusive, pass INT_MAX instead of 0, and Vlastimil's suggestion,
> > and this becomes:
> >
> > if (i > limit - old)
> >
> ...
>
> The problem with that is the compiler is unlikely to optimise it away.
> Perhaps:
> if (statically_true(!limit || limit == INT_MAX))
> continue;
> if (i > limit - old) {
> ...
Thanks for the comment! I think it makes sense.
For the reference, the new version of this patch is here:
https://lore.kernel.org/all/20250109023025.2242447-11-surenb@google.com/
If I apply your suggestion to that version it should look like this:
+bool __refcount_add_not_zero_limited(int i, refcount_t *r, int *oldp,
+ int limit)
{
int old = refcount_read(r);
do {
if (!old)
break;
+
+ if (statically_true(limit == INT_MAX))
+ continue;
+
+ if (i > limit - old) {
+ if (oldp)
+ *oldp = old;
+ return false;
+ }
} while (!atomic_try_cmpxchg_relaxed(&r->refs, &old, old + i));
I'll update the patch with this and let's see if everyone agrees.
>
> David
>
>
Powered by blists - more mailing lists