From patchwork Thu Mar 2 10:43:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Reshetova, Elena" X-Patchwork-Id: 9599961 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 746F160414 for ; Thu, 2 Mar 2017 10:47:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 54E8C20144 for ; Thu, 2 Mar 2017 10:47:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 49AA4285A9; Thu, 2 Mar 2017 10:47:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DDFD220144 for ; Thu, 2 Mar 2017 10:46:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752028AbdCBKot (ORCPT ); Thu, 2 Mar 2017 05:44:49 -0500 Received: from mga01.intel.com ([192.55.52.88]:30688 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750915AbdCBKoN (ORCPT ); Thu, 2 Mar 2017 05:44:13 -0500 Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Mar 2017 02:43:35 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,230,1484035200"; d="scan'208";a="231414719" Received: from bheise-mobl.ger.corp.intel.com (HELO elena-ThinkPad-X230.ger.corp.intel.com) ([10.249.41.240]) by fmsmga004.fm.intel.com with ESMTP; 02 Mar 2017 02:43:30 -0800 From: Elena Reshetova To: linux-kernel@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-nilfs@vger.kernel.org, linux-cachefs@redhat.com, linux-cifs@vger.kernel.org, peterz@infradead.org, gregkh@linuxfoundation.org, viro@zeniv.linux.org.uk, dhowells@redhat.com, sfrench@samba.org, eparis@parisplace.org, konishi.ryusuke@lab.ntt.co.jp, john@johnmccutchan.com, rlove@rlove.org, paul@paul-moore.com, Elena Reshetova , Hans Liljestrand , Kees Cook , David Windsor Subject: [PATCH 02/10] fs, cachefiles: convert cachefiles_object.usage from atomic_t to refcount_t Date: Thu, 2 Mar 2017 12:43:09 +0200 Message-Id: <1488451397-3365-3-git-send-email-elena.reshetova@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488451397-3365-1-git-send-email-elena.reshetova@intel.com> References: <1488451397-3365-1-git-send-email-elena.reshetova@intel.com> Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova Signed-off-by: Hans Liljestrand Signed-off-by: Kees Cook Signed-off-by: David Windsor --- fs/cachefiles/bind.c | 2 +- fs/cachefiles/interface.c | 18 +++++++++--------- fs/cachefiles/internal.h | 3 ++- fs/cachefiles/namei.c | 2 +- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 3ff867f..341864e 100644 --- a/fs/cachefiles/bind.c +++ b/fs/cachefiles/bind.c @@ -109,7 +109,7 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) ASSERTCMP(fsdef->backer, ==, NULL); - atomic_set(&fsdef->usage, 1); + refcount_set(&fsdef->usage, 1); fsdef->type = FSCACHE_COOKIE_TYPE_INDEX; _debug("- fsdef %p", fsdef); diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c index e7f16a7..d3f87c3 100644 --- a/fs/cachefiles/interface.c +++ b/fs/cachefiles/interface.c @@ -51,7 +51,7 @@ static struct fscache_object *cachefiles_alloc_object( ASSERTCMP(object->backer, ==, NULL); BUG_ON(test_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags)); - atomic_set(&object->usage, 1); + refcount_set(&object->usage, 1); fscache_object_init(&object->fscache, cookie, &cache->cache); @@ -182,13 +182,13 @@ struct fscache_object *cachefiles_grab_object(struct fscache_object *_object) struct cachefiles_object *object = container_of(_object, struct cachefiles_object, fscache); - _enter("{OBJ%x,%d}", _object->debug_id, atomic_read(&object->usage)); + _enter("{OBJ%x,%d}", _object->debug_id, refcount_read(&object->usage)); #ifdef CACHEFILES_DEBUG_SLAB - ASSERT((atomic_read(&object->usage) & 0xffff0000) != 0x6b6b0000); + ASSERT((refcount_read(&object->usage) & 0xffff0000) != 0x6b6b0000); #endif - atomic_inc(&object->usage); + refcount_inc(&object->usage); return &object->fscache; } @@ -261,13 +261,13 @@ static void cachefiles_drop_object(struct fscache_object *_object) object = container_of(_object, struct cachefiles_object, fscache); _enter("{OBJ%x,%d}", - object->fscache.debug_id, atomic_read(&object->usage)); + object->fscache.debug_id, refcount_read(&object->usage)); cache = container_of(object->fscache.cache, struct cachefiles_cache, cache); #ifdef CACHEFILES_DEBUG_SLAB - ASSERT((atomic_read(&object->usage) & 0xffff0000) != 0x6b6b0000); + ASSERT((refcount_read(&object->usage) & 0xffff0000) != 0x6b6b0000); #endif /* We need to tidy the object up if we did in fact manage to open it. @@ -319,16 +319,16 @@ static void cachefiles_put_object(struct fscache_object *_object) object = container_of(_object, struct cachefiles_object, fscache); _enter("{OBJ%x,%d}", - object->fscache.debug_id, atomic_read(&object->usage)); + object->fscache.debug_id, refcount_read(&object->usage)); #ifdef CACHEFILES_DEBUG_SLAB - ASSERT((atomic_read(&object->usage) & 0xffff0000) != 0x6b6b0000); + ASSERT((refcount_read(&object->usage) & 0xffff0000) != 0x6b6b0000); #endif ASSERTIFCMP(object->fscache.parent, object->fscache.parent->n_children, >, 0); - if (atomic_dec_and_test(&object->usage)) { + if (refcount_dec_and_test(&object->usage)) { _debug("- kill object OBJ%x", object->fscache.debug_id); ASSERT(!test_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags)); diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index cd1effe..61771e6 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -21,6 +21,7 @@ #include #include #include +#include struct cachefiles_cache; struct cachefiles_object; @@ -43,7 +44,7 @@ struct cachefiles_object { loff_t i_size; /* object size */ unsigned long flags; #define CACHEFILES_OBJECT_ACTIVE 0 /* T if marked active */ - atomic_t usage; /* object usage count */ + refcount_t usage; /* object usage count */ uint8_t type; /* object type */ uint8_t new; /* T if object new */ spinlock_t work_lock; diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c index 41df8a2..e3bc512 100644 --- a/fs/cachefiles/namei.c +++ b/fs/cachefiles/namei.c @@ -197,7 +197,7 @@ static int cachefiles_mark_object_active(struct cachefiles_cache *cache, cachefiles_printk_object(object, xobject); BUG(); } - atomic_inc(&xobject->usage); + refcount_inc(&xobject->usage); write_unlock(&cache->active_lock); if (test_bit(CACHEFILES_OBJECT_ACTIVE, &xobject->flags)) {