Re: [PATCH 1/2] liveupdate: Use refcount_t for FLB reference counts

Next message: patchwork-bot+netdevbpf: "Re: [PATCH net v3 0/2] tcp: symmetric challenge ACK for SEG.ACK &gt; SND.NXT"
Previous message: Mark Brown: "Re: [PATCH v2 1/2] spi: sun6i: Honor CS setup delay on the first transfer with native CS"
In reply to: Pasha Tatashin: "Re: [PATCH 1/2] liveupdate: Use refcount_t for FLB reference counts"
Next in thread: Pasha Tatashin: "Re: [PATCH 1/2] liveupdate: Use refcount_t for FLB reference counts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Matlack

Date: Thu Apr 23 2026 - 14:50:26 EST

On Thu, Apr 23, 2026 at 11:11 AM Pasha Tatashin
<pasha.tatashin@xxxxxxxxxx> wrote:
> On 04-23 17:40, David Matlack wrote:

> > @@ -126,8 +126,10 @@ static int luo_flb_file_preserve_one(struct liveupdate_flb *flb)
> > }
> > private->outgoing.data = args.data;
> > private->outgoing.obj = args.obj;
> > + refcount_set(&private->outgoing.count, 1);
> > + } else {
> > + refcount_inc(&private->outgoing.count);
> > }
> > - private->outgoing.count++;
>
> It should be: refcount_inc(&private->outgoing.count); for both
> cases, as it was before.

Calling refcount_inc() when the refcount is 0 triggers the
REFCOUNT_ADD_UAF warning.

> Additionally, please add refcount_set(&private->outgoing.count, 0) to
> luo_flb_get_private, where the rest of the private fields are
> initialized.

Will do.

> In general, I prefer to avoid refcount_set() because it breaks
> continuity and makes debugging hard. It should only be used only during
> initialization, so moving it to where the other fields are initialized
> is the correct approach.