Thread (20 messages) 20 messages, 3 authors, 2017-05-22

RE: [PATCH 06/16] drivers, net, mlx5: convert mlx5_cq.refcount from atomic_t to refcount_t

From: "Reshetova, Elena" <elena.reshetova@intel.com>
Date: 2017-03-28 14:00:12
Also in: linux-arm-kernel, linux-hams, linux-rdma, lkml, netdev 

From: Elena Reshetova
quoted
Sent: 28 March 2017 09:57

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
I can't help feeling that you ought to find a scheme
that will detect extra decrements and extra increments
before the counter wraps 32 bits.

If an extra reference is requested every 100us it takes 4.8 days
for the counter to increment back to zero.
Simple tests aren't doing to find that - but it can easily happen
on a system that is running for several years.
So, you are proposing to try detecting this case instead of preventing overflows?
Not sure how this would look like in a generic form...



	David
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help