Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting

2021-03-16 Thread Kees Cook
On Tue, Mar 16, 2021 at 12:26:05PM -0700, Linus Torvalds wrote: > Note that the above very intentionally does allow the "we can go over > the limit" case for another reason: we still have that regular > *unconditional* get_page(), that has a "I absolutely need a temporary > ref to this page, but I

Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting

2021-03-16 Thread Linus Torvalds
On Tue, Mar 16, 2021 at 11:49 AM Kees Cook wrote: > > Right -- I saw that when digging through the thread. I'm honestly > curious, though, why did the 0-day bot find a boot crash? (I can't > imagine ucounts wrapped in 0.4 seconds.) So it looked like an > increment-from-zero case, which seems like

Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting

2021-03-16 Thread Kees Cook
On Mon, Mar 15, 2021 at 03:19:17PM -0700, Linus Torvalds wrote: > It just saturates, and doesn't have the "don't do this" case, which > the ucounts case *DOES* have. Right -- I saw that when digging through the thread. I'm honestly curious, though, why did the 0-day bot find a boot crash? (I can't

Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting

2021-03-15 Thread Linus Torvalds
On Mon, Mar 15, 2021 at 3:03 PM Kees Cook wrote: > > On Wed, Mar 10, 2021 at 01:01:28PM +0100, Alexey Gladkov wrote: > > The current implementation of the ucounts reference counter requires the > > use of spin_lock. We're going to use get_ucounts() in more performance > > critical areas like a han

Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting

2021-03-15 Thread Kees Cook
On Wed, Mar 10, 2021 at 01:01:28PM +0100, Alexey Gladkov wrote: > The current implementation of the ucounts reference counter requires the > use of spin_lock. We're going to use get_ucounts() in more performance > critical areas like a handling of RLIMIT_SIGPENDING. This really looks like it shoul

Re: [PATCH v8 3/8] Use atomic_t for ucounts reference counting

2021-03-10 Thread Linus Torvalds
On Wed, Mar 10, 2021 at 4:01 AM Alexey Gladkov wrote: > > > +/* 127: arbitrary random number, small enough to assemble well */ > +#define refcount_zero_or_close_to_overflow(ucounts) \ > + ((unsigned int) atomic_read(&ucounts->count) + 127u <= 127u) > + > +struct ucounts *get_ucounts(struct u

[PATCH v8 3/8] Use atomic_t for ucounts reference counting

2021-03-10 Thread Alexey Gladkov
The current implementation of the ucounts reference counter requires the use of spin_lock. We're going to use get_ucounts() in more performance critical areas like a handling of RLIMIT_SIGPENDING. Now we need to use spin_lock only if we want to change the hashtable. Signed-off-by: Alexey Gladkov