On Wed, Mar 8, 2017 at 7:50 AM, Christoph Hellwig <h...@infradead.org> wrote: >> - ASSERT(atomic_read(&ticket->t_ref) > 0); >> - atomic_inc(&ticket->t_ref); >> + ASSERT(refcount_read(&ticket->t_ref) > 0); >> + refcount_inc(&ticket->t_ref); > > With strict refcount semantics refcount_inc should check that > the count is larger than 0, otherwise we'd need to use > recount_inc_not_zero or whatever you're going to call it. > > Is that something the recount code does / could do?
Yes, refcount_inc() will not increment from 0 and WARNs. It looks like xfs's ASSERT is also a warn (though with XFS-specific formatting), so perhaps the ASSERT could be dropped? IIUC, Elena's approach to these changes was to be conservative about removing the existing checks. -Kees -- Kees Cook Pixel Security
