From: Elena Reshetova <elena.reshetova@intel.com>
To: linux-kernel@vger.kernel.org
Cc: cgroups@vger.kernel.org, linux-audit@redhat.com,
linux-fsdevel@vger.kernel.org, peterz@infradead.org,
gregkh@linuxfoundation.org, viro@zeniv.linux.org.uk,
tj@kernel.org, mingo@redhat.com, hannes@cmpxchg.org,
lizefan@huawei.com, acme@kernel.org,
alexander.shishkin@linux.intel.com, eparis@redhat.com,
akpm@linux-foundation.org, arnd@arndb.de, luto@kernel.org,
keescook@chromium.org, tglx@linutronix.de,
Elena Reshetova <elena.reshetova@intel.com>
Subject: [PATCH 10/15] kernel: convert nsproxy.count from atomic_t to refcount_t
Date: Mon, 17 Jul 2017 13:43:21 +0300 [thread overview]
Message-ID: <1500288206-12074-11-git-send-email-elena.reshetova@intel.com> (raw)
In-Reply-To: <1500288206-12074-1-git-send-email-elena.reshetova@intel.com>
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Suggested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: David Windsor <dwindsor@gmail.com>
Reviewed-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
---
include/linux/nsproxy.h | 6 +++---
kernel/nsproxy.c | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
index ac0d65b..f862ba8 100644
--- a/include/linux/nsproxy.h
+++ b/include/linux/nsproxy.h
@@ -28,7 +28,7 @@ struct fs_struct;
* nsproxy is copied.
*/
struct nsproxy {
- atomic_t count;
+ refcount_t count;
struct uts_namespace *uts_ns;
struct ipc_namespace *ipc_ns;
struct mnt_namespace *mnt_ns;
@@ -74,14 +74,14 @@ int __init nsproxy_cache_init(void);
static inline void put_nsproxy(struct nsproxy *ns)
{
- if (atomic_dec_and_test(&ns->count)) {
+ if (refcount_dec_and_test(&ns->count)) {
free_nsproxy(ns);
}
}
static inline void get_nsproxy(struct nsproxy *ns)
{
- atomic_inc(&ns->count);
+ refcount_inc(&ns->count);
}
#endif
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index f6c5d33..5bfe691 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -31,7 +31,7 @@
static struct kmem_cache *nsproxy_cachep;
struct nsproxy init_nsproxy = {
- .count = ATOMIC_INIT(1),
+ .count = REFCOUNT_INIT(1),
.uts_ns = &init_uts_ns,
#if defined(CONFIG_POSIX_MQUEUE) || defined(CONFIG_SYSVIPC)
.ipc_ns = &init_ipc_ns,
@@ -52,7 +52,7 @@ static inline struct nsproxy *create_nsproxy(void)
nsproxy = kmem_cache_alloc(nsproxy_cachep, GFP_KERNEL);
if (nsproxy)
- atomic_set(&nsproxy->count, 1);
+ refcount_set(&nsproxy->count, 1);
return nsproxy;
}
@@ -225,7 +225,7 @@ void switch_task_namespaces(struct task_struct *p, struct nsproxy *new)
p->nsproxy = new;
task_unlock(p);
- if (ns && atomic_dec_and_test(&ns->count))
+ if (ns && refcount_dec_and_test(&ns->count))
free_nsproxy(ns);
}
--
2.7.4
next prev parent reply other threads:[~2017-07-17 10:46 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 10:43 [PATCH 00/15] v3 kernel core pieces refcount conversions Elena Reshetova
2017-07-17 10:43 ` [PATCH 01/15] kernel: convert sighand_struct.count from atomic_t to refcount_t Elena Reshetova
2017-07-17 10:43 ` [PATCH 02/15] kernel: convert signal_struct.sigcnt " Elena Reshetova
2017-07-17 10:43 ` [PATCH 03/15] kernel: convert user_struct.__count " Elena Reshetova
2017-07-17 10:43 ` [PATCH 04/15] kernel: convert task_struct.usage " Elena Reshetova
2017-07-17 10:43 ` [PATCH 05/15] kernel: convert task_struct.stack_refcount " Elena Reshetova
2017-07-17 10:43 ` [PATCH 06/15] kernel: convert perf_event_context.refcount " Elena Reshetova
2017-07-17 10:43 ` [PATCH 07/15] kernel: convert ring_buffer.refcount " Elena Reshetova
2017-07-17 10:43 ` [PATCH 08/15] kernel: convert ring_buffer.aux_refcount " Elena Reshetova
2017-07-17 10:43 ` [PATCH 09/15] kernel: convert uprobe.ref " Elena Reshetova
2017-07-17 10:43 ` Elena Reshetova [this message]
2017-07-17 10:43 ` [PATCH 11/15] kernel: convert group_info.usage " Elena Reshetova
2017-07-17 10:43 ` [PATCH 12/15] kernel: convert cred.usage " Elena Reshetova
2017-07-17 10:43 ` [PATCH 13/15] sched: convert numa_group.refcount " Elena Reshetova
2017-07-17 10:43 ` [PATCH 14/15] kernel: convert futex_pi_state.refcount " Elena Reshetova
2017-07-17 14:25 ` Thomas Gleixner
2017-07-17 16:51 ` Reshetova, Elena
2017-07-17 17:57 ` Thomas Gleixner
2017-07-18 9:39 ` Reshetova, Elena
2017-07-17 10:43 ` [PATCH 15/15] kernel: convert kcov.refcount " Elena Reshetova
-- strict thread matches above, loose matches on Subject: below --
2017-07-07 9:04 [PATCH 00/15] v2 kernel core refcount conversions Elena Reshetova
2017-07-07 9:04 ` [PATCH 10/15] kernel: convert nsproxy.count from atomic_t to refcount_t Elena Reshetova
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1500288206-12074-11-git-send-email-elena.reshetova@intel.com \
--to=elena.reshetova@intel.com \
--cc=acme@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=arnd@arndb.de \
--cc=cgroups@vger.kernel.org \
--cc=eparis@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hannes@cmpxchg.org \
--cc=keescook@chromium.org \
--cc=linux-audit@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).