Re: [PATCH] block: switch to atomic_t for request references
From: Kees Cook <hidden>
Date: 2021-12-06 20:51:24
Also in:
lkml
On Mon, Dec 06, 2021 at 11:13:20AM -0700, Jens Axboe wrote:
On 12/6/21 10:35 AM, Linus Torvalds wrote:quoted
On Mon, Dec 6, 2021 at 12:31 AM Peter Zijlstra [off-list ref] wrote:quoted
Quite; and for something that pretends to be about performance, it also lacks any actual numbers to back that claim. The proposed implementation also doesn't do nearly as much as the refcount_t one does.Stop pretending refcoutn_t is that great. It's horrid. The code it generators is disgusting. It should never have been inlines in the first place, and the design decsisions were questionable to begin with. There's a reason core stuff (like the page counters) DO NOT USE REFCOUNT_T. I seriously believe that refcount_t should be used for things like device reference counting or similar issues, and not for _any_ truly core code.
I'd like core code to be safe too, though. :)
Maybe we just need to embrace it generically, took a quick stab at it which is attached. Totally untested...
As long as we have an API that can't end up in a pathological state, I'm happy. The problem with prior atomic_t use was that it never noticed when it was entering a condition that could be used to confuse system state (use-after-free, etc). Depending on people to "use it correctly" or never make mistakes is not sufficient: we need an API that protects itself. We have to assume there are, and will continue to be, bugs with refcounting. -- Kees Cook