[PATCH 14/17] fs, btrfs: convert scrub_block.refs from atomic_t to refcount_t

From: Elena Reshetova
Date: Fri Mar 03 2017 - 04:53:24 EST

Next message: Borislav Petkov: "Re: [RFC PATCH v4 11/28] x86: Add support to determine the E820 type of an address"
Previous message: Michal Hocko: "Re: [PATCH v3] lockdep: Teach lockdep about memalloc_noio_save"
In reply to: Elena Reshetova: "[PATCH 08/17] fs, btrfs: convert btrfs_delayed_item.refs from atomic_t to refcount_t"
Next in thread: Elena Reshetova: "[PATCH 13/17] fs, btrfs: convert scrub_page.refs from atomic_t to refcount_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@xxxxxxxxx>
Signed-off-by: Hans Liljestrand <ishkamiel@xxxxxxxxx>
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: David Windsor <dwindsor@xxxxxxxxx>
---
fs/btrfs/scrub.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index 8299f64..08895d8 100644
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -112,7 +112,7 @@ struct scrub_block {
struct scrub_page *pagev[SCRUB_MAX_PAGES_PER_BLOCK];
int page_count;
atomic_t outstanding_pages;
- atomic_t refs; /* free mem on transition to zero */
+ refcount_t refs; /* free mem on transition to zero */
struct scrub_ctx *sctx;
struct scrub_parity *sparity;
struct {
@@ -1998,12 +1998,12 @@ static int scrub_checksum_super(struct scrub_block *sblock)

static void scrub_block_get(struct scrub_block *sblock)
{
- atomic_inc(&sblock->refs);
+ refcount_inc(&sblock->refs);
}

static void scrub_block_put(struct scrub_block *sblock)
{
- if (atomic_dec_and_test(&sblock->refs)) {
+ if (refcount_dec_and_test(&sblock->refs)) {
int i;

if (sblock->sparity)
@@ -2255,7 +2255,7 @@ static int scrub_pages(struct scrub_ctx *sctx, u64 logical, u64 len,

/* one ref inside this function, plus one for each page added to
* a bio later on */
- atomic_set(&sblock->refs, 1);
+ refcount_set(&sblock->refs, 1);
sblock->sctx = sctx;
sblock->no_io_error_seen = 1;

@@ -2555,7 +2555,7 @@ static int scrub_pages_for_parity(struct scrub_parity *sparity,

/* one ref inside this function, plus one for each page added to
* a bio later on */
- atomic_set(&sblock->refs, 1);
+ refcount_set(&sblock->refs, 1);
sblock->sctx = sctx;
sblock->no_io_error_seen = 1;
sblock->sparity = sparity;
--
2.7.4

Next message: Borislav Petkov: "Re: [RFC PATCH v4 11/28] x86: Add support to determine the E820 type of an address"
Previous message: Michal Hocko: "Re: [PATCH v3] lockdep: Teach lockdep about memalloc_noio_save"
In reply to: Elena Reshetova: "[PATCH 08/17] fs, btrfs: convert btrfs_delayed_item.refs from atomic_t to refcount_t"
Next in thread: Elena Reshetova: "[PATCH 13/17] fs, btrfs: convert scrub_page.refs from atomic_t to refcount_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]