On Mon, Dec 06, 2021 at 11:13:20AM -0700, Jens Axboe wrote: > On 12/6/21 10:35 AM, Linus Torvalds wrote: > > On Mon, Dec 6, 2021 at 12:31 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > >> > >> Quite; and for something that pretends to be about performance, it also > >> lacks any actual numbers to back that claim. > >> > >> The proposed implementation also doesn't do nearly as much as the > >> refcount_t one does. > > > > Stop pretending refcoutn_t is that great. > > > > It's horrid. The code it generators is disgusting. It should never > > have been inlines in the first place, and the design decsisions were > > questionable to begin with. > > > > There's a reason core stuff (like the page counters) DO NOT USE REFCOUNT_T. > > > > I seriously believe that refcount_t should be used for things like > > device reference counting or similar issues, and not for _any_ truly > > core code. I'd like core code to be safe too, though. :) > Maybe we just need to embrace it generically, took a quick stab at it > which is attached. Totally untested... As long as we have an API that can't end up in a pathological state, I'm happy. The problem with prior atomic_t use was that it never noticed when it was entering a condition that could be used to confuse system state (use-after-free, etc). Depending on people to "use it correctly" or never make mistakes is not sufficient: we need an API that protects itself. We have to assume there are, and will continue to be, bugs with refcounting. -- Kees Cook
