From: Weihang Li <liweihang@huawei.com>
To: <dledford@redhat.com>, <jgg@nvidia.com>
Cc: <leon@kernel.org>, <linux-rdma@vger.kernel.org>,
<linuxarm@huawei.com>, Weihang Li <liweihang@huawei.com>
Subject: [PATCH v3 for-next 06/13] RDMA/core: Use refcount_t instead of atomic_t on refcount of mcast_group
Date: Tue, 25 May 2021 14:51:37 +0800 [thread overview]
Message-ID: <1621925504-33019-7-git-send-email-liweihang@huawei.com> (raw)
In-Reply-To: <1621925504-33019-1-git-send-email-liweihang@huawei.com>
The refcount_t API will WARN on underflow and overflow of a reference
counter, and avoid use-after-free risks. Increase refcount_t from 0 to 1 is
regarded as there is a risk about use-after-free. So it should be set to 1
directly during initialization.
Signed-off-by: Weihang Li <liweihang@huawei.com>
---
drivers/infiniband/core/multicast.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/drivers/infiniband/core/multicast.c b/drivers/infiniband/core/multicast.c
index a236532..17abc21 100644
--- a/drivers/infiniband/core/multicast.c
+++ b/drivers/infiniband/core/multicast.c
@@ -103,7 +103,7 @@ struct mcast_group {
struct list_head active_list;
struct mcast_member *last_join;
int members[NUM_JOIN_MEMBERSHIP_TYPES];
- atomic_t refcount;
+ refcount_t refcount;
enum mcast_group_state state;
struct ib_sa_query *query;
u16 pkey_index;
@@ -188,7 +188,7 @@ static void release_group(struct mcast_group *group)
unsigned long flags;
spin_lock_irqsave(&port->lock, flags);
- if (atomic_dec_and_test(&group->refcount)) {
+ if (refcount_dec_and_test(&group->refcount)) {
rb_erase(&group->node, &port->table);
spin_unlock_irqrestore(&port->lock, flags);
kfree(group);
@@ -212,7 +212,7 @@ static void queue_join(struct mcast_member *member)
list_add_tail(&member->list, &group->pending_list);
if (group->state == MCAST_IDLE) {
group->state = MCAST_BUSY;
- atomic_inc(&group->refcount);
+ refcount_inc(&group->refcount);
queue_work(mcast_wq, &group->work);
}
spin_unlock_irqrestore(&group->lock, flags);
@@ -565,8 +565,11 @@ static struct mcast_group *acquire_group(struct mcast_port *port,
if (!is_mgid0) {
spin_lock_irqsave(&port->lock, flags);
group = mcast_find(port, mgid);
- if (group)
+ if (group) {
+ refcount_inc(&group->refcount);
goto found;
+ }
+
spin_unlock_irqrestore(&port->lock, flags);
}
@@ -590,8 +593,10 @@ static struct mcast_group *acquire_group(struct mcast_port *port,
group = cur_group;
} else
refcount_inc(&port->refcount);
+
+ refcount_set(&group->refcount, 1);
+
found:
- atomic_inc(&group->refcount);
spin_unlock_irqrestore(&port->lock, flags);
return group;
}
@@ -780,7 +785,7 @@ static void mcast_groups_event(struct mcast_port *port,
group = rb_entry(node, struct mcast_group, node);
spin_lock(&group->lock);
if (group->state == MCAST_IDLE) {
- atomic_inc(&group->refcount);
+ refcount_inc(&group->refcount);
queue_work(mcast_wq, &group->work);
}
if (group->state != MCAST_GROUP_ERROR)
--
2.7.4
next prev parent reply other threads:[~2021-05-25 6:51 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-25 6:51 [PATCH v3 for-next 00/13] RDMA: Use refcount_t for reference counting Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 01/13] RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 02/13] RDMA/core: Use refcount_t instead of atomic_t on refcount of iwpm_admin_data Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 03/13] RDMA/core: Use refcount_t instead of atomic_t on refcount of ib_mad_snoop_private Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 04/13] RDMA/core: Use refcount_t instead of atomic_t on refcount of mcast_member Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 05/13] RDMA/core: Use refcount_t instead of atomic_t on refcount of mcast_port Weihang Li
2021-05-25 6:51 ` Weihang Li [this message]
2021-05-25 6:51 ` [PATCH v3 for-next 07/13] RDMA/core: Use refcount_t instead of atomic_t on refcount of ib_uverbs_device Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 08/13] RDMA/hns: Use refcount_t instead of atomic_t for CQ reference counting Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 09/13] RDMA/hns: Use refcount_t instead of atomic_t for SRQ " Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 10/13] RDMA/hns: Use refcount_t instead of atomic_t for QP " Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 11/13] RDMA/cxgb4: Use refcount_t instead of atomic_t for " Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 12/13] RDMA/ipoib: " Weihang Li
2021-05-25 6:51 ` [PATCH v3 for-next 13/13] RDMA/rdmavt: Use refcount_t instead of atomic_t on refcount of rvt_mcast Weihang Li
2021-05-27 13:08 ` Marciniszyn, Mike
2021-05-27 13:15 ` Jason Gunthorpe
2021-05-28 3:58 ` liweihang
2021-05-28 7:01 ` Peter Zijlstra
2021-05-28 8:22 ` liweihang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1621925504-33019-7-git-send-email-liweihang@huawei.com \
--to=liweihang@huawei.com \
--cc=dledford@redhat.com \
--cc=jgg@nvidia.com \
--cc=leon@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linuxarm@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox