On Sat, Oct 05, 2024 at 02:42:25PM -0700, Linus Torvalds wrote: > Also, honestly, the only reason the file counting is using a "long" is > because the code does *NOT* do overflow checking. But once you start > looking at the sign and do conditional increments, you can actually > just make the whole refcount be a "int" instead, and make "struct > file" potentially smaller. I wouldn't bet on that. You *can* get over 2G references on 64bit box with arseloads of memory, and we have no way to make fget() et.al. fail when refcount gets that high - no valid error to return and a serious DoS potential if we start doing that. Overflow on leaks is one thing, a huge pile of real references is a different story, and yes, we can get that. And boxen with 1Tb RAM are not as exotic these days as they used to be...
