From: Jeff Layton <jlayton@poochiereds.net>
To: Trond Myklebust <trondmy@primarydata.com>,
"elena.reshetova@intel.com" <elena.reshetova@intel.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"peterz@infradead.org" <peterz@infradead.org>,
"ralf@linux-mips.org" <ralf@linux-mips.org>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
"ishkamiel@gmail.com" <ishkamiel@gmail.com>,
"bfields@fieldses.org" <bfields@fieldses.org>,
"steffen.klassert@secunet.com" <steffen.klassert@secunet.com>,
"nhorman@tuxdriver.com" <nhorman@tuxdriver.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"jreuter@yaina.de" <jreuter@yaina.de>,
"santosh.shilimkar@oracle.com" <santosh.shilimkar@oracle.com>,
"linux-hams@vger.kernel.org" <linux-hams@vger.kernel.org>,
"dwindsor@gmail.com" <dwindsor@gmail.com>,
"keescook@chromium.org" <keescook@chromium.org>,
"zyan@redhat.com" <zyan@redhat.com>,
"sage@redha
Subject: Re: [PATCH 01/23] net, sunrpc: convert rpc_cred.cr_count from atomic_t to refcount_t
Date: Fri, 17 Mar 2017 09:02:16 -0400 [thread overview]
Message-ID: <1489755736.2810.10.camel@poochiereds.net> (raw)
In-Reply-To: <1489755011.6453.1.camel@primarydata.com>
On Fri, 2017-03-17 at 12:50 +0000, Trond Myklebust wrote:
> On Fri, 2017-03-17 at 14:10 +0200, Elena Reshetova wrote:
> > refcount_t type and corresponding API should be
> > used instead of atomic_t when the variable is used as
> > a reference counter. This allows to avoid accidental
> > refcounter overflows that might lead to use-after-free
> > situations.
> >
> > Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
> > Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > Signed-off-by: David Windsor <dwindsor@gmail.com>
> > ---
> > include/linux/sunrpc/auth.h | 8 ++++----
> > net/sunrpc/auth.c | 12 ++++++------
> > 2 files changed, 10 insertions(+), 10 deletions(-)
> >
> > diff --git a/include/linux/sunrpc/auth.h
> > b/include/linux/sunrpc/auth.h
> > index b1bc62b..bd36e0b 100644
> > --- a/include/linux/sunrpc/auth.h
> > +++ b/include/linux/sunrpc/auth.h
> > @@ -15,7 +15,7 @@
> > #include <linux/sunrpc/msg_prot.h>
> > #include <linux/sunrpc/xdr.h>
> >
> > -#include <linux/atomic.h>
> > +#include <linux/refcount.h>
> > #include <linux/rcupdate.h>
> > #include <linux/uidgid.h>
> > #include <linux/utsname.h>
> > @@ -68,7 +68,7 @@ struct rpc_cred {
> > #endif
> > unsigned long cr_expire; /* when to gc
> > */
> > unsigned long cr_flags; /* various
> > flags */
> > - atomic_t cr_count; /* ref count */
> > + refcount_t cr_count; /* ref count */
> >
>
> NACK. That's going to be hitting WARN_ONCE(!refcount_inc_not_zero(r),
> "refcount_t: increment on 0; use-after-free.\n") like there's no
> tomorrow...
>
> Please stop with these automated conversions. They are going to cause a
> lot more bugs than they fix.
>
Agreed. These patchsets are touching places where we've already banged
out most of the refcounting bugs. I'm against doing large scale
conversions like this without a damned good reason.
I think it may be best to do this sort of thing in a more piecemeal
fashion. Pick a subsystem or two and do the conversions there to prove
that they're better than what we have. If the subsystem already has
problems with its refcounting, then so much the better. Point to bugs
that this new infrastructure helped find.
Encourage people to adopt your new infrastructure as new refcounted
objects are introduced into the kernel. You might even consider a LWN
article about this.
Eventually we'll get around to changing existing code to use it, once
there is a sufficient advantage to doing so. Most likely when we're
reworking the code for other reasons, or when we're chasing some horrid
refcounting bug and think that this might help find it.
--
Jeff Layton <jlayton@poochiereds.net>
next prev parent reply other threads:[~2017-03-17 13:02 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-17 12:10 [PATCH 00/23] various networking refcount conversions, part 2 Elena Reshetova
2017-03-17 12:10 ` [PATCH 01/23] net, sunrpc: convert rpc_cred.cr_count from atomic_t to refcount_t Elena Reshetova
[not found] ` <1489752646-8749-2-git-send-email-elena.reshetova-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-03-17 12:50 ` Trond Myklebust
2017-03-17 13:02 ` Jeff Layton [this message]
[not found] ` <1489755736.2810.10.camel-vpEMnDpepFuMZCB2o+C8xQ@public.gmane.org>
2017-03-17 14:28 ` Trond Myklebust
2017-03-20 16:15 ` Reshetova, Elena
2017-03-17 12:10 ` [PATCH 02/23] net, sunrpc: convert gss_cl_ctx.count " Elena Reshetova
2017-03-17 12:10 ` [PATCH 03/23] net, sunrpc: convert gss_upcall_msg.count " Elena Reshetova
2017-03-17 12:10 ` [PATCH 04/23] net, ceph: convert ceph_snap_context.nref " Elena Reshetova
2017-03-24 13:20 ` Ilya Dryomov
2017-03-17 12:10 ` [PATCH 05/23] net, ceph: convert ceph_osd.o_ref " Elena Reshetova
[not found] ` <1489752646-8749-6-git-send-email-elena.reshetova-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-03-24 13:49 ` Ilya Dryomov
2017-03-17 12:10 ` [PATCH 06/23] net, ceph: convert ceph_pagelist.refcnt " Elena Reshetova
[not found] ` <1489752646-8749-7-git-send-email-elena.reshetova-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-03-24 13:49 ` Ilya Dryomov
2017-03-17 12:10 ` [PATCH 07/23] net, rds: convert rds_ib_device.refcount " Elena Reshetova
2017-03-17 12:10 ` [PATCH 08/23] net, rds: convert rds_incoming.i_refcount " Elena Reshetova
2017-03-17 12:10 ` [PATCH 09/23] net, rds: convert rds_mr.r_refcount " Elena Reshetova
2017-03-17 12:10 ` [PATCH 11/23] net, x25: convert x25_route.refcnt " Elena Reshetova
2017-03-17 12:10 ` [PATCH 12/23] net, x25: convert x25_neigh.refcnt " Elena Reshetova
[not found] ` <1489752646-8749-1-git-send-email-elena.reshetova-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-03-17 12:10 ` [PATCH 10/23] net, rds: convert rds_message.m_refcount " Elena Reshetova
2017-03-17 12:10 ` [PATCH 13/23] net, xfrm: convert xfrm_state.refcnt " Elena Reshetova
2017-03-17 12:10 ` [PATCH 14/23] net, xfrm: convert xfrm_policy.refcnt " Elena Reshetova
2017-03-17 12:10 ` [PATCH 18/23] net, sctp: convert sctp_chunk.refcnt " Elena Reshetova
2017-03-17 12:10 ` [PATCH 19/23] net, sctp: convert sctp_transport.refcnt " Elena Reshetova
2017-03-17 12:10 ` [PATCH 21/23] net, ax25: convert ax25_uid_assoc.refcount " Elena Reshetova
2017-03-17 12:10 ` [PATCH 22/23] net, ax25: convert ax25_route.refcount " Elena Reshetova
2017-03-17 12:10 ` [PATCH 15/23] net, xfrm: convert sec_path.refcnt " Elena Reshetova
2017-03-17 12:10 ` [PATCH 16/23] net, sctp: convert sctp_auth_bytes.refcnt " Elena Reshetova
2017-03-17 12:10 ` [PATCH 17/23] net, sctp: convert sctp_datamsg.refcnt " Elena Reshetova
2017-03-17 12:10 ` [PATCH 20/23] net, sctp: convert sctp_ep_common.refcnt " Elena Reshetova
2017-03-17 12:10 ` [PATCH 23/23] net, ax25: convert ax25_cb.refcount " Elena Reshetova
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1489755736.2810.10.camel@poochiereds.net \
--to=jlayton@poochiereds.net \
--cc=bfields@fieldses.org \
--cc=dwindsor@gmail.com \
--cc=elena.reshetova@intel.com \
--cc=ishkamiel@gmail.com \
--cc=jreuter@yaina.de \
--cc=keescook@chromium.org \
--cc=linux-hams@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=peterz@infradead.org \
--cc=ralf@linux-mips.org \
--cc=santosh.shilimkar@oracle.com \
--cc=steffen.klassert@secunet.com \
--cc=trondmy@primarydata.com \
--cc=zyan@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).