On Wed, Nov 16, 2016 at 09:21:51AM +0100, Greg KH wrote: > > What should we do about things like this (bpf_prog_put() and callbacks > > from kernel/bpf/syscall.c): > > > > > > static void bpf_prog_uncharge_memlock(struct bpf_prog *prog) > > { > > struct user_struct *user = prog->aux->user; > > > > atomic_long_sub(prog->pages, &user->locked_vm); > > Oh that's scary. Let's just make one reference count rely on another > one and not check things...
Its not a reference count, its a resource limit thingy. Also, isn't stacking, or in general building an object graph, the entire point of reference counts? > > free_uid(user); > > } > > > > static void __bpf_prog_put_rcu(struct rcu_head *rcu) > > { > > struct bpf_prog_aux *aux = container_of(rcu, struct bpf_prog_aux, > > rcu); > > > > free_used_maps(aux); > > bpf_prog_uncharge_memlock(aux->prog); > > bpf_prog_free(aux->prog); > > } > > > > void bpf_prog_put(struct bpf_prog *prog) > > { > > if (atomic_dec_and_test(&prog->aux->refcnt)) > > call_rcu(&prog->aux->rcu, __bpf_prog_put_rcu); > > } > > > > > > Not only do we want to protect prog->aux->refcnt, but I think we want > > to protect user->locked_vm too ... I don't think it's sane for > > user->locked_vm to be a stats_t ? > > I don't think this is sane code... I once again fail to see any problems. That code is fine.