> On Wed, Mar 8, 2017 at 7:50 AM, Christoph Hellwig <h...@infradead.org> wrote: > >> - ASSERT(atomic_read(&ticket->t_ref) > 0); > >> - atomic_inc(&ticket->t_ref); > >> + ASSERT(refcount_read(&ticket->t_ref) > 0); > >> + refcount_inc(&ticket->t_ref); > > > > With strict refcount semantics refcount_inc should check that > > the count is larger than 0, otherwise we'd need to use > > recount_inc_not_zero or whatever you're going to call it. > > > > Is that something the recount code does / could do? > > Yes, refcount_inc() will not increment from 0 and WARNs. It looks like > xfs's ASSERT is also a warn (though with XFS-specific formatting), so > perhaps the ASSERT could be dropped? IIUC, Elena's approach to these > changes was to be conservative about removing the existing checks.
I am removing the existing WARNs now where they are 100% not needed, but leaving the ones like this ASSERT, because I am thinking that you might have test cases that are dependent on these ASSERTs with specific formatting and I don't want to break them. If you don't need them, I can remove them also. Best Regards, Elena > > -Kees > > -- > Kees Cook > Pixel Security
