RE: [PATCH 06/16] drivers, net, mlx5: convert mlx5_cq.refcount from atomic_t to refcount_t

From: David Laight
Date: Tue Mar 28 2017 - 05:35:08 EST

Next message: Gregory CLEMENT: "Re: [PATCH v2 1/7] pinctrl: dt-bindings: Add documentation for Armada 37xx pin controllers"
Previous message: Linus Walleij: "Re: [PATCH] MAINTAINERS: pinctrl: Add git tree to Samsung pinctrl entry"
In reply to: Elena Reshetova: "[PATCH 06/16] drivers, net, mlx5: convert mlx5_cq.refcount from atomic_t to refcount_t"
Next in thread: Reshetova, Elena: "RE: [PATCH 06/16] drivers, net, mlx5: convert mlx5_cq.refcount from atomic_t to refcount_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Elena Reshetova
> Sent: 28 March 2017 09:57
>
> refcount_t type and corresponding API should be
> used instead of atomic_t when the variable is used as
> a reference counter. This allows to avoid accidental
> refcounter overflows that might lead to use-after-free
> situations.

I can't help feeling that you ought to find a scheme
that will detect extra decrements and extra increments
before the counter wraps 32 bits.

If an extra reference is requested every 100us it takes 4.8 days
for the counter to increment back to zero.
Simple tests aren't doing to find that - but it can easily happen
on a system that is running for several years.

David

Next message: Gregory CLEMENT: "Re: [PATCH v2 1/7] pinctrl: dt-bindings: Add documentation for Armada 37xx pin controllers"
Previous message: Linus Walleij: "Re: [PATCH] MAINTAINERS: pinctrl: Add git tree to Samsung pinctrl entry"
In reply to: Elena Reshetova: "[PATCH 06/16] drivers, net, mlx5: convert mlx5_cq.refcount from atomic_t to refcount_t"
Next in thread: Reshetova, Elena: "RE: [PATCH 06/16] drivers, net, mlx5: convert mlx5_cq.refcount from atomic_t to refcount_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]