Avoiding page reference-count overflows

Posted Apr 16, 2019 17:07 UTC (Tue) by willy (subscriber, #9762)
In reply to: Avoiding page reference-count overflows by neilbrown
Parent article: Avoiding page reference-count overflows

> And if refcount_t isn't suitable here, is it suitable anywhere?

I think it's a question of tradeoffs (as so much of programming is). Getting an object that uses a refcount_t always succeeds. It may have the side-effect of making the object indestructible, but there's no new rarely-executed, security-critical code-path to test.

get_user_pages() can already fail, so all users should be prepared for that. If not, they're currently a security hole -- consider one thread which calls munmap() on addresses that another thread is passing to a syscall.

refcount_t isn't the appropriate fix for this problem, but is generally a better approach than a silently overflowing / wrapping atomic_t

Avoiding page reference-count overflows

Posted Apr 17, 2019 0:33 UTC (Wed) by neilbrown (subscriber, #359) [Link]

Thanks! The distinction between uses where failure must be allowed, and those where is isn't, is helpful.

I wonder if a refcount_get_may_fail() could be useful elsewhere.