[PATCH] drm/i915/gvt: Convert from atomic_t to refcount_t on intel_vgpu_ppgtt_spt->refcount

From: Xiyu Yang
Date: Fri Jul 16 2021 - 06:42:16 EST

Next message: Ming Lei: "Re: New warning in nvme_setup_discard"
Previous message: Pavel Begunkov: "Re: [syzbot] INFO: task hung in io_sq_thread_park (2)"
Next in thread: Zhenyu Wang: "Re: [PATCH] drm/i915/gvt: Convert from atomic_t to refcount_t on intel_vgpu_ppgtt_spt->refcount"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

refcount_t type and corresponding API can protect refcounters from
accidental underflow and overflow and further use-after-free situations

Signed-off-by: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
Signed-off-by: Xin Tan <tanxin.ctf@xxxxxxxxx>
---
drivers/gpu/drm/i915/gvt/gtt.c | 11 ++++++-----
drivers/gpu/drm/i915/gvt/gtt.h | 3 ++-
2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
index cc2c05e18206..62f3daff5a36 100644
--- a/drivers/gpu/drm/i915/gvt/gtt.c
+++ b/drivers/gpu/drm/i915/gvt/gtt.c
@@ -841,7 +841,7 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_alloc_spt(
}

spt->vgpu = vgpu;
- atomic_set(&spt->refcount, 1);
+ refcount_set(&spt->refcount, 1);
INIT_LIST_HEAD(&spt->post_shadow_list);

/*
@@ -927,18 +927,19 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_alloc_spt_gfn(

static inline void ppgtt_get_spt(struct intel_vgpu_ppgtt_spt *spt)
{
- int v = atomic_read(&spt->refcount);
+ int v = refcount_read(&spt->refcount);

trace_spt_refcount(spt->vgpu->id, "inc", spt, v, (v + 1));
- atomic_inc(&spt->refcount);
+ refcount_inc(&spt->refcount);
}

static inline int ppgtt_put_spt(struct intel_vgpu_ppgtt_spt *spt)
{
- int v = atomic_read(&spt->refcount);
+ int v = refcount_read(&spt->refcount);

trace_spt_refcount(spt->vgpu->id, "dec", spt, v, (v - 1));
- return atomic_dec_return(&spt->refcount);
+ refcount_dec(&spt->refcount);
+ return refcount_read(&spt->refcount);
}

static int ppgtt_invalidate_spt(struct intel_vgpu_ppgtt_spt *spt);
diff --git a/drivers/gpu/drm/i915/gvt/gtt.h b/drivers/gpu/drm/i915/gvt/gtt.h
index 3bf45672ef98..944c2d0739df 100644
--- a/drivers/gpu/drm/i915/gvt/gtt.h
+++ b/drivers/gpu/drm/i915/gvt/gtt.h
@@ -38,6 +38,7 @@
#include <linux/kref.h>
#include <linux/mutex.h>
#include <linux/radix-tree.h>
+#include <linux/refcount.h>

#include "gt/intel_gtt.h"

@@ -243,7 +244,7 @@ struct intel_vgpu_oos_page {

/* Represent a vgpu shadow page table. */
struct intel_vgpu_ppgtt_spt {
- atomic_t refcount;
+ refcount_t refcount;
struct intel_vgpu *vgpu;

struct {
--
2.7.4

Next message: Ming Lei: "Re: New warning in nvme_setup_discard"
Previous message: Pavel Begunkov: "Re: [syzbot] INFO: task hung in io_sq_thread_park (2)"
Next in thread: Zhenyu Wang: "Re: [PATCH] drm/i915/gvt: Convert from atomic_t to refcount_t on intel_vgpu_ppgtt_spt->refcount"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]