Re: [PATCH 08/29] drivers, md: convert mddev.active from atomic_t to refcount_t

From: Shaohua Li
Date: Tue Mar 07 2017 - 14:11:32 EST

Next message: Nicolas Iooss: "Re: [PATCH v4 1/1] x86, relocs: add printf attribute to die()"
Previous message: Paul E. McKenney: "Re: rcu: WARNING in rcu_seq_end"
In reply to: Elena Reshetova: "[PATCH 08/29] drivers, md: convert mddev.active from atomic_t to refcount_t"
Next in thread: Elena Reshetova: "[PATCH 10/29] drivers, md: convert stripe_head.count from atomic_t to refcount_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 06, 2017 at 04:20:55PM +0200, Elena Reshetova wrote:
> refcount_t type and corresponding API should be
> used instead of atomic_t when the variable is used as
> a reference counter. This allows to avoid accidental
> refcounter overflows that might lead to use-after-free
> situations.

Looks good. Let me know how do you want to route the patch to upstream.

> Signed-off-by: Elena Reshetova <elena.reshetova@xxxxxxxxx>
> Signed-off-by: Hans Liljestrand <ishkamiel@xxxxxxxxx>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Signed-off-by: David Windsor <dwindsor@xxxxxxxxx>
> ---
> drivers/md/md.c | 6 +++---
> drivers/md/md.h | 3 ++-
> 2 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/md/md.c b/drivers/md/md.c
> index 985374f..94c8ebf 100644
> --- a/drivers/md/md.c
> +++ b/drivers/md/md.c
> @@ -449,7 +449,7 @@ EXPORT_SYMBOL(md_unplug);
>
> static inline struct mddev *mddev_get(struct mddev *mddev)
> {
> - atomic_inc(&mddev->active);
> + refcount_inc(&mddev->active);
> return mddev;
> }
>
> @@ -459,7 +459,7 @@ static void mddev_put(struct mddev *mddev)
> {
> struct bio_set *bs = NULL;
>
> - if (!atomic_dec_and_lock(&mddev->active, &all_mddevs_lock))
> + if (!refcount_dec_and_lock(&mddev->active, &all_mddevs_lock))
> return;
> if (!mddev->raid_disks && list_empty(&mddev->disks) &&
> mddev->ctime == 0 && !mddev->hold_active) {
> @@ -495,7 +495,7 @@ void mddev_init(struct mddev *mddev)
> INIT_LIST_HEAD(&mddev->all_mddevs);
> setup_timer(&mddev->safemode_timer, md_safemode_timeout,
> (unsigned long) mddev);
> - atomic_set(&mddev->active, 1);
> + refcount_set(&mddev->active, 1);
> atomic_set(&mddev->openers, 0);
> atomic_set(&mddev->active_io, 0);
> spin_lock_init(&mddev->lock);
> diff --git a/drivers/md/md.h b/drivers/md/md.h
> index b8859cb..4811663 100644
> --- a/drivers/md/md.h
> +++ b/drivers/md/md.h
> @@ -22,6 +22,7 @@
> #include <linux/list.h>
> #include <linux/mm.h>
> #include <linux/mutex.h>
> +#include <linux/refcount.h>
> #include <linux/timer.h>
> #include <linux/wait.h>
> #include <linux/workqueue.h>
> @@ -360,7 +361,7 @@ struct mddev {
> */
> struct mutex open_mutex;
> struct mutex reconfig_mutex;
> - atomic_t active; /* general refcount */
> + refcount_t active; /* general refcount */
> atomic_t openers; /* number of active opens */
>
> int changed; /* True if we might need to
> --
> 2.7.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-raid" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html

Next message: Nicolas Iooss: "Re: [PATCH v4 1/1] x86, relocs: add printf attribute to die()"
Previous message: Paul E. McKenney: "Re: rcu: WARNING in rcu_seq_end"
In reply to: Elena Reshetova: "[PATCH 08/29] drivers, md: convert mddev.active from atomic_t to refcount_t"
Next in thread: Elena Reshetova: "[PATCH 10/29] drivers, md: convert stripe_head.count from atomic_t to refcount_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]