lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 2 Aug 2019 11:14:10 -0400
From:   Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:     Chuhong Yuan <hslester96@...il.com>
Cc:     Vishal Kulkarni <vishal@...lsio.com>,
        "David S . Miller" <davem@...emloft.net>,
        Network Development <netdev@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 1/2] cxgb4: sched: Use refcount_t for refcount

On Fri, Aug 2, 2019 at 11:10 AM Chuhong Yuan <hslester96@...il.com> wrote:
>
> Willem de Bruijn <willemdebruijn.kernel@...il.com> 于2019年8月2日周五 下午10:53写道:
> >
> > On Fri, Aug 2, 2019 at 10:27 AM Chuhong Yuan <hslester96@...il.com> wrote:
> > >
> > > Willem de Bruijn <willemdebruijn.kernel@...il.com> 于2019年8月2日周五 下午9:40写道:
> > > >
> > > > On Fri, Aug 2, 2019 at 4:36 AM Chuhong Yuan <hslester96@...il.com> wrote:
> > > > >
> > > > > refcount_t is better for reference counters since its
> > > > > implementation can prevent overflows.
> > > > > So convert atomic_t ref counters to refcount_t.
> > > > >
> > > > > Signed-off-by: Chuhong Yuan <hslester96@...il.com>
> > > > > ---
> > > > > Changes in v2:
> > > > >   - Convert refcount from 0-base to 1-base.
> > > >
> > > > This changes the initial value from 0 to 1, but does not change the
> > > > release condition. So this introduces an accounting bug?
> > >
> > > I have noticed this problem and have checked other files which use refcount_t.
> > > I find although the refcounts are 1-based, they still use
> > > refcount_dec_and_test()
> > > to check whether the resource should be released.
> > > One example is drivers/char/mspec.c.
> > > Therefore I think this is okay and do not change the release condition.
> >
> > Indeed it is fine to use refcount_t with a model where the initial
> > allocation already accounts for the first reference and thus
> > initializes with refcount_set(.., 1).
> >
> > But it is not correct to just change a previously zero initialization
> > to one. As now an extra refcount_dec will be needed to release state.
> > But the rest of the code has not changed, so this extra decrement will
> > not happen.
> >
> > For a correct conversion, see for instance commits
> >
> >   commit db5bce32fbe19f0c7482fb5a40a33178bbe7b11b
> >   net: prepare (struct ubuf_info)->refcnt conversion
> >
> > and
> >
> >   commit c1d1b437816f0afa99202be3cb650c9d174667bc
> >   net: convert (struct ubuf_info)->refcnt to refcount_t
> >
> > The second makes a search-and-replace style API change like your
> > patches (though also notice the additional required #include).
> >
>
> Thanks for your examples!
> I will fix the #include in those no base changed patches.
>
> > But the other patch is needed first to change both the initial
> > atomic_set *and* at least one atomic_inc, to maintain the same
> > reference count over the object's lifetime.
> >
> > That change requires understanding of the object's lifecycle, so I
> > suggest only making those changes when aware of that whole data path.
>
> I think I had better focus on the 1-based cases first.

Yes, sounds good. And please try a single driver first and get that
accepted, before moving on to multiple concurrent submissions.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ