From: Thomas Gleixner <tglx@linutronix.de>
To: "Reshetova, Elena" <elena.reshetova@intel.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"cgroups@vger.kernel.org" <cgroups@vger.kernel.org>,
"linux-audit@redhat.com" <linux-audit@redhat.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"peterz@infradead.org" <peterz@infradead.org>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
"tj@kernel.org" <tj@kernel.org>,
"mingo@redhat.com" <mingo@redhat.com>,
"hannes@cmpxchg.org" <hannes@cmpxchg.org>,
"lizefan@huawei.com" <lizefan@huawei.com>,
"acme@kernel.org" <acme@kernel.org>,
"alexander.shishkin@linux.intel.com"
<alexander.shishkin@linux.intel.com>,
"eparis@redhat.com" <eparis@redhat.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
arnd@ar
Subject: RE: [PATCH 14/15] kernel: convert futex_pi_state.refcount from atomic_t to refcount_t
Date: Mon, 17 Jul 2017 19:57:34 +0200 (CEST) [thread overview]
Message-ID: <alpine.DEB.2.20.1707171938070.2185@nanos> (raw)
In-Reply-To: <2236FBA76BA1254E88B949DDB74E612B6FF265B9@IRSMSX102.ger.corp.intel.com>
On Mon, 17 Jul 2017, Reshetova, Elena wrote:
> > On Mon, 17 Jul 2017, Elena Reshetova wrote:
> > > refcount_t type and corresponding API should be
> > > used instead of atomic_t when the variable is used as
> > > a reference counter. This allows to avoid accidental
> > > refcounter overflows that might lead to use-after-free
> > > situations.
> >
> > Copying the same sentence over and over avoids thinking about a proper
> > changelog, right? You fail to explain, how you come to the conclusion that
> > futex_pi_state.refcount is a pure reference counter (aside of the name) and
> > therefor can be safely converted to refcount_t.
> OK, this is not very useful for many cases. Yes, I am using automated log
> on these patches, because I used to have 240 of them and writing manual
> logs for them would be fun.
Been there, done that.
> Moreover, in many cases, writing manual logs don't bring any value since
> I would have to repeat the same things all over again: xyz conversions
> was found by using *.cocci pattern first, then looked at manually and it
> looked like a standard reference counter that frees the things after
> calling refcount_dec_and_test() (or its variation with lock which is
> rare). Other things also looked correct, like I didn't see increments
> from zero, counter starts at 1 etc. I would really have to repeat the
> same thing in each changelog. Does it really bring value?
You don't have to go into that level of detail, but you can provide enough
information with a template as well, e.g.:
atomic_t variables are often used to implement pure reference counters:
- starting at 1
- freeing a resource after reaching zero
- only using basic atomic operations (init, inc, dec_and_test)
These variables should be converted to refcount_t because the refcount_t
operations can catch and prevent accidental underflows and overflows.
The variable FOO is used as a pure reference counter. Convert it to
refcount_t and fix up the operations.
That gives enough context for someone who looks at a patch because then the
reviewer can look for:
starts at 1, frees at 0, does not use any fancy operations
and has not to use Gurgle to figure out what your understanding of
reference counters is.
Replacing FOO with the real variable name can be done with a script easy
enough.
Thanks,
tglx
next prev parent reply other threads:[~2017-07-17 17:57 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 10:43 [PATCH 00/15] v3 kernel core pieces refcount conversions Elena Reshetova
2017-07-17 10:43 ` [PATCH 01/15] kernel: convert sighand_struct.count from atomic_t to refcount_t Elena Reshetova
2017-07-17 10:43 ` [PATCH 02/15] kernel: convert signal_struct.sigcnt " Elena Reshetova
2017-07-17 10:43 ` [PATCH 03/15] kernel: convert user_struct.__count " Elena Reshetova
2017-07-17 10:43 ` [PATCH 04/15] kernel: convert task_struct.usage " Elena Reshetova
2017-07-17 10:43 ` [PATCH 05/15] kernel: convert task_struct.stack_refcount " Elena Reshetova
2017-07-17 10:43 ` [PATCH 06/15] kernel: convert perf_event_context.refcount " Elena Reshetova
2017-07-17 10:43 ` [PATCH 07/15] kernel: convert ring_buffer.refcount " Elena Reshetova
2017-07-17 10:43 ` [PATCH 08/15] kernel: convert ring_buffer.aux_refcount " Elena Reshetova
2017-07-17 10:43 ` [PATCH 09/15] kernel: convert uprobe.ref " Elena Reshetova
2017-07-17 10:43 ` [PATCH 10/15] kernel: convert nsproxy.count " Elena Reshetova
2017-07-17 10:43 ` [PATCH 11/15] kernel: convert group_info.usage " Elena Reshetova
2017-07-17 10:43 ` [PATCH 12/15] kernel: convert cred.usage " Elena Reshetova
2017-07-17 10:43 ` [PATCH 13/15] sched: convert numa_group.refcount " Elena Reshetova
2017-07-17 10:43 ` [PATCH 14/15] kernel: convert futex_pi_state.refcount " Elena Reshetova
2017-07-17 14:25 ` Thomas Gleixner
2017-07-17 16:51 ` Reshetova, Elena
2017-07-17 17:57 ` Thomas Gleixner [this message]
2017-07-18 9:39 ` Reshetova, Elena
2017-07-17 10:43 ` [PATCH 15/15] kernel: convert kcov.refcount " Elena Reshetova
-- strict thread matches above, loose matches on Subject: below --
2017-07-07 9:04 [PATCH 00/15] v2 kernel core refcount conversions Elena Reshetova
2017-07-07 9:04 ` [PATCH 14/15] kernel: convert futex_pi_state.refcount from atomic_t to refcount_t Elena Reshetova
2017-07-07 9:26 ` Peter Zijlstra
2017-07-07 9:52 ` Thomas Gleixner
2017-07-07 10:27 ` Reshetova, Elena
2017-07-07 10:35 ` Ingo Molnar
2017-07-07 13:22 ` gregkh
2017-07-07 10:24 ` Reshetova, Elena
[not found] ` <2236FBA76BA1254E88B949DDB74E612B6FF21DBE-kPTMFJFq+rFP9JyJpTNKArfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2017-07-07 11:11 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1707171938070.2185@nanos \
--to=tglx@linutronix.de \
--cc=acme@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=arnd@ar \
--cc=cgroups@vger.kernel.org \
--cc=elena.reshetova@intel.com \
--cc=eparis@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hannes@cmpxchg.org \
--cc=linux-audit@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox