On Thu, Nov 29, 2012 at 12:42:17PM -0800, Andi Kleen wrote: > Kent Overstreet <koverstreet@xxxxxxxxxx> writes: > > > On Thu, Nov 29, 2012 at 02:34:52PM -0500, Benjamin LaHaise wrote: > >> On Thu, Nov 29, 2012 at 11:29:25AM -0800, Kent Overstreet wrote: > >> > There's some kind of symmetry going on here, and if I'd been awake more > >> > in college I could probably say exactly why it works, but it does. > >> > >> I think the catch is that using only a 32 bit counter is something the > >> user could arbitrarily control the sum of all parts. I think a 64 bit > >> counter may be required to ensure no overflow occurs. Otherwise, an > >> overflow could result in a premature free when there are still 2^32 > >> objects active thanks to a malicious user (possible on systems with lots > >> of memory these days -- remote, but possible). > > > > That's no different from regular atomic_t - but you're right, we > > should be using size_t for anything userspace can manipulate. > > The regular atomic_t is limited in ways that you are not. > See my original mail. I don't follow, can you explain? -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
