On Wed, Nov 28, 2018 at 07:30:10AM +0000, Yang Xiao wrote:
> From: Young Xiao <YangX92@xxxxxxxxxxx>
>
> refcount_t type and corresponding API should be
^^^^^^
ITYM "could"
> used instead of atomic_t when the variable is used as
> a reference counter. This allows to avoid accidental
> refcounter overflows that might lead to use-after-free
> situations.
> static inline void get_mnt_ns(struct mnt_namespace *ns)
> {
> - atomic_inc(&ns->count);
> + if (ns)
> + refcount_inc(&ns->count);
> }
And this can be called with NULL ns... how, exactly?
> void put_mnt_ns(struct mnt_namespace *ns)
> {
> - if (!atomic_dec_and_test(&ns->count))
> + if (!ns || !refcount_dec_and_test(&ns->count))
> return;
Ditto. Incidentally, if you are into "defensive programming"
voodoo, how do you choose between checking for NULL and checking
for ERR_PTR(...)?
This kind of "just in case" stuff has its place, but it should
never be used mindlessly. NAK, unless you add a decent analysis
of the situation and a better rationale.
