[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 03/29] drivers, char: convert vma_data.refcnt from atomic_t to refcount_t

To: gregkh@xxxxxxxxxxxxxxxxxxx
From: Elena Reshetova <elena.reshetova@xxxxxxxxx>
Date: Mon, 6 Mar 2017 16:20:50 +0200
Cc: peterz@xxxxxxxxxxxxx, linux-pci@xxxxxxxxxxxxxxx, target-devel@xxxxxxxxxxxxxxx, linux1394-devel@xxxxxxxxxxxxxxxxxxxxx, Elena Reshetova <elena.reshetova@xxxxxxxxx>, devel@xxxxxxxxxxxxxxxxxxxx, linux-s390@xxxxxxxxxxxxxxx, linux-scsi@xxxxxxxxxxxxxxx, linux-serial@xxxxxxxxxxxxxxx, fcoe-devel@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, open-iscsi@xxxxxxxxxxxxxxxx, linux-media@xxxxxxxxxxxxxxx, Kees Cook <keescook@xxxxxxxxxxxx>, linux-raid@xxxxxxxxxxxxxxx, linux-bcache@xxxxxxxxxxxxxxx, Hans Liljestrand <ishkamiel@xxxxxxxxx>, David Windsor <dwindsor@xxxxxxxxx>, netdev@xxxxxxxxxxxxxxx, linux-usb@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, devel@xxxxxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 06 Mar 2017 14:23:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@xxxxxxxxx>
Signed-off-by: Hans Liljestrand <ishkamiel@xxxxxxxxx>
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: David Windsor <dwindsor@xxxxxxxxx>
---
 drivers/char/mspec.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/char/mspec.c b/drivers/char/mspec.c
index a9c2fa3..7b75669 100644
--- a/drivers/char/mspec.c
+++ b/drivers/char/mspec.c
@@ -43,6 +43,7 @@
 #include <linux/string.h>
 #include <linux/slab.h>
 #include <linux/numa.h>
+#include <linux/refcount.h>
 #include <asm/page.h>
 #include <asm/pgtable.h>
 #include <linux/atomic.h>
@@ -89,7 +90,7 @@ static int is_sn2;
  * protect in fork case where multiple tasks share the vma_data.
  */
 struct vma_data {
-       atomic_t refcnt;        /* Number of vmas sharing the data. */
+       refcount_t refcnt;      /* Number of vmas sharing the data. */
        spinlock_t lock;        /* Serialize access to this structure. */
        int count;              /* Number of pages allocated. */
        enum mspec_page_type type; /* Type of pages allocated. */
@@ -144,7 +145,7 @@ mspec_open(struct vm_area_struct *vma)
        struct vma_data *vdata;
 
        vdata = vma->vm_private_data;
-       atomic_inc(&vdata->refcnt);
+       refcount_inc(&vdata->refcnt);
 }
 
 /*
@@ -162,7 +163,7 @@ mspec_close(struct vm_area_struct *vma)
 
        vdata = vma->vm_private_data;
 
-       if (!atomic_dec_and_test(&vdata->refcnt))
+       if (!refcount_dec_and_test(&vdata->refcnt))
                return;
 
        last_index = (vdata->vm_end - vdata->vm_start) >> PAGE_SHIFT;
@@ -274,7 +275,7 @@ mspec_mmap(struct file *file, struct vm_area_struct *vma,
        vdata->vm_end = vma->vm_end;
        vdata->type = type;
        spin_lock_init(&vdata->lock);
-       atomic_set(&vdata->refcnt, 1);
+       refcount_set(&vdata->refcnt, 1);
        vma->vm_private_data = vdata;
 
        vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP;
-- 
2.7.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 00/29] drivers, mics refcount conversions
  - From: Elena Reshetova

Prev by Date: [Xen-devel] [PATCH 01/29] drivers, block: convert xen_blkif.refcnt from atomic_t to refcount_t
Next by Date: [Xen-devel] [PATCH 04/29] drivers, connector: convert cn_callback_entry.refcnt from atomic_t to refcount_t
Previous by thread: [Xen-devel] [PATCH 01/29] drivers, block: convert xen_blkif.refcnt from atomic_t to refcount_t
Next by thread: [Xen-devel] [PATCH 04/29] drivers, connector: convert cn_callback_entry.refcnt from atomic_t to refcount_t
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.