Re: [PATCH 0/6] Rework REFCOUNT_FULL using atomic_fetch_* operations

From: Peter Zijlstra
Date: Fri Aug 02 2019 - 14:50:12 EST

Next message: Peter Zijlstra: "Re: [PATCH 4/6] lib/refcount: Move bulk of REFCOUNT_FULL implementation into header"
Previous message: John Hubbard: "Re: [PATCH 06/34] drm/i915: convert put_page() to put_user_page*()"
In reply to: Will Deacon: "[PATCH 3/6] lib/refcount: Remove unused refcount_*_checked() variants"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 02, 2019 at 11:09:54AM +0100, Will Deacon wrote:

> Although the revised implementation passes all of the lkdtm REFCOUNT
> tests, there is a race condition introduced by the deferred saturation
> whereby if INT_MIN + 2 tasks take a reference on a refcount at
> REFCOUNT_MAX and are each preempted between detecting overflow and
> writing the saturated value without being rescheduled, then another task
> may end up erroneously freeing the object when it drops the refcount and
> sees zero. It doesn't feel like a particularly realistic case to me, but
> I thought I should mention it in case somebody else knows better.

So my OCD has always found that hole objectionable. Also I suppose the
cmpxchg ones are simpler to understand.

Maybe make this fancy stuff depend on !FULL ?

Next message: Peter Zijlstra: "Re: [PATCH 4/6] lib/refcount: Move bulk of REFCOUNT_FULL implementation into header"
Previous message: John Hubbard: "Re: [PATCH 06/34] drm/i915: convert put_page() to put_user_page*()"
In reply to: Will Deacon: "[PATCH 3/6] lib/refcount: Remove unused refcount_*_checked() variants"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]