Re: [PATCH 1/2] liveupdate: Use refcount_t for FLB reference counts

Next message: Thomas Gleixner: "Re: [REGRESSION] rseq: refactoring in v6.19 broke everyone on arm64 and tcmalloc everywhere"
Previous message: Jakub Kicinski: "Re: [PATCH net v2 0/6] rxrpc: Miscellaneous fixes"
In reply to: David Matlack: "Re: [PATCH 1/2] liveupdate: Use refcount_t for FLB reference counts"
Next in thread: Samiullah Khawaja: "Re: [PATCH 1/2] liveupdate: Use refcount_t for FLB reference counts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pasha Tatashin

Date: Thu Apr 23 2026 - 15:40:55 EST

On 04-23 11:49, David Matlack wrote:
> On Thu, Apr 23, 2026 at 11:11 AM Pasha Tatashin
> <pasha.tatashin@xxxxxxxxxx> wrote:
> > On 04-23 17:40, David Matlack wrote:
>
> > > @@ -126,8 +126,10 @@ static int luo_flb_file_preserve_one(struct liveupdate_flb *flb)
> > > }
> > > private->outgoing.data = args.data;
> > > private->outgoing.obj = args.obj;
> > > + refcount_set(&private->outgoing.count, 1);
> > > + } else {
> > > + refcount_inc(&private->outgoing.count);
> > > }
> > > - private->outgoing.count++;
> >
> > It should be: refcount_inc(&private->outgoing.count); for both
> > cases, as it was before.
>
> Calling refcount_inc() when the refcount is 0 triggers the
> REFCOUNT_ADD_UAF warning.

Oh you are right, sigh, in this case what you have is OK.

>
> > Additionally, please add refcount_set(&private->outgoing.count, 0) to
> > luo_flb_get_private, where the rest of the private fields are
> > initialized.
>
> Will do.

No need to do this...

>
> > In general, I prefer to avoid refcount_set() because it breaks
> > continuity and makes debugging hard. It should only be used only during
> > initialization, so moving it to where the other fields are initialized
> > is the correct approach.

Reviewed-by: Pasha Tatashin <pasha.tatashin@xxxxxxxxxx>