> > > >
> > > > void sgx_dec_usage_count(void)
> > > > {
> > > > - return;
> > > > + sgx_usage_count--;
> > > > }
> > >
> > > How is a plain int-- safe?
> > >
> > > Where's the locking?
> >
> > Sorry I missed this during review too.
>
> My line of thinking went that we don't actually
> care or act on decrement (it is not a true ref counter)
> and therefore, races here are ok. What I forgot is that
> we loose basic atomicity also with plain int ((
>
> I would personally like to go back to atomic (this is
> what it is exactly for), but I can also just add another
> mutex here. Preferences?
You don't need another mutex AFAICT, just use the one you already have.
The problem of the raw 'count--' is it is not multiple threads safe, e.g.,
IIUC, you could effectively lose one or more subtractions here, leading to
counter never reaching to 0.
From the perspective of functionality, to me there's no difference between
mutex vs atomic_t, so either would be fine. But as shown in your v7 [*],
it appears atomic_t version is still slightly more complicated than the
mutex.
So since we are already here, I would say just use the mutex:
void sgx_dec_usage_count(void)
{
guard(mutex)(&sgx_svn_lock);
sgx_usage_count--;
}
Am I missing anything?
[*]
https://lore.kernel.org/linux-sgx/20250711165212.1354943-1-elena.reshet...@intel.com/T/#me3d9ca942330039a59e2dd6e1d14b81c6670f87a
