From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from zeniv.linux.org.uk ([195.92.253.2]:37768 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727872AbeK2BfI (ORCPT ); Wed, 28 Nov 2018 20:35:08 -0500 Date: Wed, 28 Nov 2018 14:33:13 +0000 From: Al Viro To: Yang Xiao Cc: "linux-fsdevel@vger.kernel.org" Subject: Re: [PATCH] fs: namespace: convert mnt_namespace.count from atomic_t to refcount_t Message-ID: <20181128143313.GF2217@ZenIV.linux.org.uk> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Wed, Nov 28, 2018 at 07:30:10AM +0000, Yang Xiao wrote: > From: Young Xiao > > refcount_t type and corresponding API should be ^^^^^^ ITYM "could" > used instead of atomic_t when the variable is used as > a reference counter. This allows to avoid accidental > refcounter overflows that might lead to use-after-free > situations. > static inline void get_mnt_ns(struct mnt_namespace *ns) > { > - atomic_inc(&ns->count); > + if (ns) > + refcount_inc(&ns->count); > } And this can be called with NULL ns... how, exactly? > void put_mnt_ns(struct mnt_namespace *ns) > { > - if (!atomic_dec_and_test(&ns->count)) > + if (!ns || !refcount_dec_and_test(&ns->count)) > return; Ditto. Incidentally, if you are into "defensive programming" voodoo, how do you choose between checking for NULL and checking for ERR_PTR(...)? This kind of "just in case" stuff has its place, but it should never be used mindlessly. NAK, unless you add a decent analysis of the situation and a better rationale.