From: Greg KH <greg@kroah.com>
To: Valdis.Kletnieks@vt.edu
Cc: Akinobu Mita <mita@miraclelinux.com>,
linux-kernel@vger.kernel.org, akpm@osdl.org
Subject: Re: [patch 1/4] kref: warn kref_put() with unreferenced kref
Date: Mon, 24 Apr 2006 22:11:19 -0700 [thread overview]
Message-ID: <20060425051119.GC23373@kroah.com> (raw)
In-Reply-To: <200604250419.k3P4JGvR005842@turing-police.cc.vt.edu>
On Tue, Apr 25, 2006 at 12:19:15AM -0400, Valdis.Kletnieks@vt.edu wrote:
> On Mon, 24 Apr 2006 20:51:28 PDT, Greg KH said:
> > On Mon, Apr 24, 2006 at 04:33:34PM +0800, Akinobu Mita wrote:
>
> > > --- 2.6-git.orig/lib/kref.c
> > > +++ 2.6-git/lib/kref.c
> > > @@ -49,6 +49,7 @@ void kref_get(struct kref *kref)
> > > */
> > > int kref_put(struct kref *kref, void (*release)(struct kref *kref))
> > > {
> > > + WARN_ON(atomic_read(&kref->refcount) < 1);
> >
> > How can this ever be true? If the refcount _ever_ goes below 1, the
> > object is freed.
>
> Maybe it should BUG_ON instead in that case. ;)
>
> And strictly speaking, as long as the kref.c stuff is the only stuff to
> play with ->refcount, that *should* be true. On the other hand, if somebody
> has a bad pointer that just did a fandango on core, it would be a nice thing
> to know that. Looking at the *next* few lines:
>
> if ((atomic_read(&kref->refcount) == 1) ||
> (atomic_dec_and_test(&kref->refcount))) {
> release(kref);
> return 1;
> }
> return 0;
>
> If we managed to get a -1 smashed in there, this won't actually trigger
> for another 2**32-2 or so kref_put calls - the first test is for "exactly 1",
> and the dec_and_test is for "exactly zero"...
Those two lines were recently added to make this test faster. See the
archives for details. If you are really worried about some memory
getting clobbered in there, we should worry about this for the entire
kernel :)
thanks,
greg k-h
next prev parent reply other threads:[~2006-04-25 5:16 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-24 8:33 [patch 0/4] kref debugging Akinobu Mita
2006-04-24 8:33 ` [patch 1/4] kref: warn kref_put() with unreferenced kref Akinobu Mita
2006-04-25 3:51 ` Greg KH
2006-04-25 4:19 ` Valdis.Kletnieks
2006-04-25 5:11 ` Greg KH [this message]
2006-04-25 4:34 ` Akinobu Mita
2006-04-25 5:09 ` Greg KH
2006-04-25 6:27 ` Akinobu Mita
2006-04-27 11:45 ` Rogier Wolff
2006-04-24 8:33 ` [patch 2/4] kref debugging config option Akinobu Mita
2006-04-24 21:38 ` Andrew Morton
2006-04-25 4:53 ` Akinobu Mita
2006-04-25 5:08 ` Greg KH
2006-04-25 3:52 ` Greg KH
2006-04-24 8:33 ` [patch 3/4] dynamic configurable kref debugging Akinobu Mita
2006-04-25 3:55 ` Greg KH
2006-04-24 8:33 ` [patch 4/4] change slab poison pattern Akinobu Mita
2006-04-24 9:20 ` Pekka Enberg
2006-04-24 10:23 ` Akinobu Mita
2006-04-24 15:33 ` Matt Mackall
2006-04-25 3:49 ` [patch 0/4] kref debugging Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060425051119.GC23373@kroah.com \
--to=greg@kroah.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mita@miraclelinux.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.