Re: [syzbot] WARNING: refcount bug in sys_memfd_secret

From: Dmitry Vyukov
Date: Sun Oct 24 2021 - 03:20:42 EST

Next message: Andriy Tryshnivskyy: "Re: [PATCH v6 1/1] iio/scmi: Add reading "raw" attribute."
Previous message: Christophe JAILLET: "[PATCH] PCI: endpoint: Use 'bitmap_zalloc()' when applicable"
In reply to: Mike Rapoport: "Re: [syzbot] WARNING: refcount bug in sys_memfd_secret"
Next in thread: Matthew Wilcox: "Re: [syzbot] WARNING: refcount bug in sys_memfd_secret"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 24 Oct 2021 at 07:38, Mike Rapoport <rppt@xxxxxxxxxx> wrote:
>
> On Sat, Oct 23, 2021 at 11:46:18PM +0100, Matthew Wilcox wrote:
> > On Sat, Oct 23, 2021 at 10:03:11AM -0700, Kees Cook wrote:
> > > On October 23, 2021 8:27:28 AM PDT, Mike Rapoport <rppt@xxxxxxxxxx> wrote:
> > > >and my first reaction was to send a revert the untested commit 110860541f44
> > > >("mm/secretmem: use refcount_t instead of atomic_t").
> >
> > I think you should. This isn't a real problem.
>
> Do you mean that creation of 4 billion of file descriptors is not feasible?

FWIW I think refcount is at least capable of catching the issue I
described with the counter temporarily going below its true value.
With refcount it can be caught during fuzzing as refcount reaching 0
and then being incremented again. Basically this warning, but a true
positive.

Next message: Andriy Tryshnivskyy: "Re: [PATCH v6 1/1] iio/scmi: Add reading "raw" attribute."
Previous message: Christophe JAILLET: "[PATCH] PCI: endpoint: Use 'bitmap_zalloc()' when applicable"
In reply to: Mike Rapoport: "Re: [syzbot] WARNING: refcount bug in sys_memfd_secret"
Next in thread: Matthew Wilcox: "Re: [syzbot] WARNING: refcount bug in sys_memfd_secret"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]