On Wed, May 08, 2024 at 12:54:31PM +0800, Zhang, Xiong Y wrote:
> On 5/7/2024 4:41 PM, Peter Zijlstra wrote:
> > On Mon, May 06, 2024 at 05:29:31AM +0000, Mingwei Zhang wrote:
> >> +void perf_put_mediated_pmu(void)
> >> +{
> >> + if (!refcount_dec_not_one(&nr_mediated_pmu_vms))
> >> + refcount_set(&nr_mediated_pmu_vms, 0);
> >
> > I'm sorry, but this made the WTF'o'meter go 'ding'.
> >
> > Isn't that simply refcount_dec() ?
> when nr_mediated_pmu_vms is 1, refcount_dec(&nr_mediated_pmu_vms) has an
> error and call trace: refcount_t: decrement hit 0; leaking memory.
>
> Similar when nr_mediated_pmu_vms is 0, refcount_inc(&nr_mediated_pmu_vms)
> has an error and call trace also: refcount_t: addition on 0; use_after_free.
>
> it seems refcount_set() should be used to set 1 or 0 to refcount_t.
Ah, yes, you need refcount_dec_and_test() in order to free. But if this
is the case, then you simply shouldn't be using refcount.
