Re: [kernel-hardening] Re: [RFC v4 PATCH 00/13] HARDENED_ATOMIC
From: Peter Zijlstra
Date: Fri Nov 11 2016 - 18:08:06 EST
On Fri, Nov 11, 2016 at 02:00:34PM +0100, Peter Zijlstra wrote:
> +static inline bool refcount_sub_and_test(int i, refcount_t *r)
> +{
> + unsigned int old, new, val = atomic_read(&r->refs);
> +
> + for (;;) {
regardless of the sub_and_test vs inc_and_test issue, this should
probably also have:
if (val == UINT_MAX)
return false;
such that we stay saturated. If for some reason someone can trigger more
dec's than inc's, we'd be hosed.
> + new = val - i;
> + if (new > val)
> + BUG(); /* underflow */
> +
> + old = atomic_cmpxchg_release(&r->refs, val, new);
> + if (old == val)
> + break;
> +
> + val = old;
> + }
> +
> + return !new;
> +}