From patchwork Wed May  9 19:36:39 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
X-Patchwork-Id: 10390671
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B1D9660236 for <patchwork-linux-mm@patchwork.kernel.org>;
	Wed,  9 May 2018 19:38:48 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A17BB28469
	for <patchwork-linux-mm@patchwork.kernel.org>;
	Wed,  9 May 2018 19:38:48 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 95E66284D4; Wed,  9 May 2018 19:38:48 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2ED4628469
	for <patchwork-linux-mm@patchwork.kernel.org>;
	Wed,  9 May 2018 19:38:48 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 811976B0571; Wed,  9 May 2018 15:38:45 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 7C1C86B0570; Wed,  9 May 2018 15:38:45 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6AE7F6B0571; Wed,  9 May 2018 15:38:45 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-wr0-f200.google.com (mail-wr0-f200.google.com
	[209.85.128.200])
	by kanga.kvack.org (Postfix) with ESMTP id 0B8596B056F
	for <linux-mm@kvack.org>; Wed,  9 May 2018 15:38:45 -0400 (EDT)
Received: by mail-wr0-f200.google.com with SMTP id k27-v6so23814807wre.23
	for <linux-mm@kvack.org>; Wed, 09 May 2018 12:38:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-original-authentication-results:x-gm-message-state:from:to:cc
	:subject:date:message-id:in-reply-to:references:mime-version
	:content-transfer-encoding;
	bh=d3vfYJw67tZ7TMzjVFFlf2v8m4jD9BG3KOs9u1SIyZw=;
	b=j2dJVAoA5Kak5P/KXM84Rt2+GIGlHaai9KB7BY/j1xgyHviL+BSfNywgg/iYwDvn0J
	0VBPIKLvL4f3WCR8i/znRuhLvixzS6FzMc0PPYreeMQs9xXtoxHtV+Wf46HphciE+Zj3
	RgJpiEBsGgHJ4dMEDqpu6Tm21IWpGxzTgMMp/b9/rm/6qF/W26CSl37gqr64gz7kMzNt
	anHorDpaKw2PeY52OLWHavrOaQpPZVxZTAaHsUIN4WU7YnHzLJKnSriBJKTbxDTH4ZjL
	AVpqvTIF17ayQRQ/PQynCxx+rChtAde3ErpOvZMV0saoLtTAP67abTjnxyY0O+PFyGUZ
	X9qQ==
X-Original-Authentication-Results: mx.google.com;
	spf=pass (google.com: best guess record
	for domain of bigeasy@linutronix.de designates
	2a01:7a0:2:106d:700::1 as permitted sender)
	smtp.mailfrom=bigeasy@linutronix.de
X-Gm-Message-State: ALQs6tBZ8uH3WcT1oS0DY/VUNjhb9K1+KZcNoxFfFV5DC7Ig71x/WDBD
	MAH8cWc25BVe7/mVK2gAr+JKKCBi9QpgBYn1dgU6pHBsH6Ms62yJplrWrzNp/3H1btk3kbSXhWH
	QWryDu+0Na0riV7gven4wdk6VM7tImwPM2UR0edtLhVrnRtrjySum9kfxwRylvMXO9Q==
X-Received: by 2002:adf:ba4a:: with SMTP id
	t10-v6mr35277091wrg.219.1525894724543;
	Wed, 09 May 2018 12:38:44 -0700 (PDT)
X-Google-Smtp-Source: 
 AB8JxZreBpIYQKnxpF96a8p4qHa4Y82iMcFdZPSUZ+yjpK6vep8fxY6DeyARUWsvHikmLxeHetoR
X-Received: by 2002:adf:ba4a:: with SMTP id
	t10-v6mr35277077wrg.219.1525894723764;
	Wed, 09 May 2018 12:38:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525894723; cv=none;
	d=google.com; s=arc-20160816;
	b=Q+NmPR8JCAVKPjWLOENPLIMElRSObnLs8SGFb4BHUIE2RPVha9yk+R7sIiSLR55zYZ
	XLWNgLVymkvBOMLE8wunxUdTmI1aUZUU0oU2Gy67mHX96uhkfqIZMOrpgjvF6IWx5wJg
	569PLNkYIZy5zad9S98Zbp7kLAr9nVYpfMFzxsuo1q0nJpTEOpxRCEZcwKoGJi4odbuV
	vhS/8RLchTjKPWhG9+2m9FfVSOhKGGFIWeYYWNF9WKvU+3Sv2LDoD/ZyECWDtei2uBH7
	/r3ya4F6JH4u9af+6YRzTZKfUOyPdeQ1sX3oQzcOmO3PrP1ORg9I2YxaS9Bz34qGT38f
	/F0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=content-transfer-encoding:mime-version:references:in-reply-to
	:message-id:date:subject:cc:to:from:arc-authentication-results;
	bh=d3vfYJw67tZ7TMzjVFFlf2v8m4jD9BG3KOs9u1SIyZw=;
	b=vmpNor6A8pOv4URTpbxGVrBDunUIfieKHbXAPPuElL1ueAR6Egh3Q0XsfkFL3Dls3x
	tSh6+iHquhpf9HTQPKJYp+T28FhUPdf0RCcefw4cCfDHwQgtePUM2xEuMMIAnmV1b0rx
	gw0PKLsex4NTicmkSeLFePk3qn2pstqXuYePbn5AcqpInAlwD0UyeRQRkxzUSlFJJ3qV
	vsUBj1Gz16MSy1ieBfdM+XJUQiGRZsfLPhsSnjkJ3yl2XrX6RfE+QcPOonClBM0JjwcW
	uV9H+YQAe4TbMuF3HMXLBcuGtCfAa9ggvq/4qsk0WQylYndoq72YwlHdLC3kezBj4TUo
	Wlow==
ARC-Authentication-Results: i=1; mx.google.com;
	spf=pass (google.com: best guess record for domain of
	bigeasy@linutronix.de designates 2a01:7a0:2:106d:700::1 as
	permitted sender) smtp.mailfrom=bigeasy@linutronix.de
Received: from Galois.linutronix.de (Galois.linutronix.de.
	[2a01:7a0:2:106d:700::1]) by mx.google.com with ESMTPS id
	m127si8047182wmm.43.2018.05.09.12.38.43 for <linux-mm@kvack.org>
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Wed, 09 May 2018 12:38:43 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
	bigeasy@linutronix.de designates 2a01:7a0:2:106d:700::1 as
	permitted sender) client-ip=2a01:7a0:2:106d:700::1;
Authentication-Results: mx.google.com;
	spf=pass (google.com: best guess record for domain of
	bigeasy@linutronix.de designates 2a01:7a0:2:106d:700::1 as
	permitted sender) smtp.mailfrom=bigeasy@linutronix.de
Received: from localhost ([127.0.0.1] helo=bazinga.breakpoint.cc)
	by Galois.linutronix.de with esmtp (Exim 4.80)
	(envelope-from <bigeasy@linutronix.de>)
	id 1fGUv9-0005v9-Ju; Wed, 09 May 2018 21:38:39 +0200
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
To: linux-kernel@vger.kernel.org
Cc: tglx@linutronix.de, Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>, linux-mm@kvack.org,
	Shaohua Li <shli@kernel.org>, linux-raid@vger.kernel.org,
	Anna-Maria Gleixner <anna-maria@linutronix.de>,
	Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Subject: [PATCH 2/8] userns: use refcount_t for reference counting instead
	atomic_t
Date: Wed,  9 May 2018 21:36:39 +0200
Message-Id: <20180509193645.830-3-bigeasy@linutronix.de>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180509193645.830-1-bigeasy@linutronix.de>
References: <20180509193645.830-1-bigeasy@linutronix.de>
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

refcount_t type and corresponding API should be used instead of atomic_t when
the variable is used as a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free situations.

Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
---
 include/linux/sched/user.h | 5 +++--
 kernel/user.c              | 8 ++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/include/linux/sched/user.h b/include/linux/sched/user.h
index 96fe289c4c6e..39ad98c09c58 100644
--- a/include/linux/sched/user.h
+++ b/include/linux/sched/user.h
@@ -4,6 +4,7 @@
 
 #include <linux/uidgid.h>
 #include <linux/atomic.h>
+#include <linux/refcount.h>
 #include <linux/ratelimit.h>
 
 struct key;
@@ -12,7 +13,7 @@ struct key;
  * Some day this will be a full-fledged user tracking system..
  */
 struct user_struct {
-	atomic_t __count;	/* reference count */
+	refcount_t __count;	/* reference count */
 	atomic_t processes;	/* How many processes does this user have? */
 	atomic_t sigpending;	/* How many pending signals does this user have? */
 #ifdef CONFIG_FANOTIFY
@@ -59,7 +60,7 @@ extern struct user_struct root_user;
 extern struct user_struct * alloc_uid(kuid_t);
 static inline struct user_struct *get_uid(struct user_struct *u)
 {
-	atomic_inc(&u->__count);
+	refcount_inc(&u->__count);
 	return u;
 }
 extern void free_uid(struct user_struct *);
diff --git a/kernel/user.c b/kernel/user.c
index 36288d840675..5f65ef195259 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -96,7 +96,7 @@ static DEFINE_SPINLOCK(uidhash_lock);
 
 /* root_user.__count is 1, for init task cred */
 struct user_struct root_user = {
-	.__count	= ATOMIC_INIT(1),
+	.__count	= REFCOUNT_INIT(1),
 	.processes	= ATOMIC_INIT(1),
 	.sigpending	= ATOMIC_INIT(0),
 	.locked_shm     = 0,
@@ -123,7 +123,7 @@ static struct user_struct *uid_hash_find(kuid_t uid, struct hlist_head *hashent)
 
 	hlist_for_each_entry(user, hashent, uidhash_node) {
 		if (uid_eq(user->uid, uid)) {
-			atomic_inc(&user->__count);
+			refcount_inc(&user->__count);
 			return user;
 		}
 	}
@@ -170,7 +170,7 @@ void free_uid(struct user_struct *up)
 		return;
 
 	local_irq_save(flags);
-	if (atomic_dec_and_lock(&up->__count, &uidhash_lock))
+	if (refcount_dec_and_lock(&up->__count, &uidhash_lock))
 		free_user(up, flags);
 	else
 		local_irq_restore(flags);
@@ -191,7 +191,7 @@ struct user_struct *alloc_uid(kuid_t uid)
 			goto out_unlock;
 
 		new->uid = uid;
-		atomic_set(&new->__count, 1);
+		refcount_set(&new->__count, 1);
 		ratelimit_state_init(&new->ratelimit, HZ, 100);
 		ratelimit_set_flags(&new->ratelimit, RATELIMIT_MSG_ON_RELEASE);