[PATCH 24/29] drivers: convert iblock_req.pending from atomic_t to refcount_t

From: Elena Reshetova
Date: Mon Mar 06 2017 - 09:25:46 EST

Next message: Elena Reshetova: "[PATCH 26/29] drivers, usb: convert dev_data.count from atomic_t to refcount_t"
Previous message: Dmitry Vyukov: "Re: [PATCH] x86, kasan: add KASAN checks to atomic operations"
In reply to: Elena Reshetova: "[PATCH 00/29] drivers, mics refcount conversions"
Next in thread: Elena Reshetova: "[PATCH 26/29] drivers, usb: convert dev_data.count from atomic_t to refcount_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@xxxxxxxxx>
Signed-off-by: Hans Liljestrand <ishkamiel@xxxxxxxxx>
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: David Windsor <dwindsor@xxxxxxxxx>
---
drivers/target/target_core_iblock.c | 12 ++++++------
drivers/target/target_core_iblock.h | 3 ++-
2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/drivers/target/target_core_iblock.c b/drivers/target/target_core_iblock.c
index d316ed5..bb069eb 100644
--- a/drivers/target/target_core_iblock.c
+++ b/drivers/target/target_core_iblock.c
@@ -279,7 +279,7 @@ static void iblock_complete_cmd(struct se_cmd *cmd)
struct iblock_req *ibr = cmd->priv;
u8 status;

- if (!atomic_dec_and_test(&ibr->pending))
+ if (!refcount_dec_and_test(&ibr->pending))
return;

if (atomic_read(&ibr->ib_bio_err_cnt))
@@ -487,7 +487,7 @@ iblock_execute_write_same(struct se_cmd *cmd)
bio_list_init(&list);
bio_list_add(&list, bio);

- atomic_set(&ibr->pending, 1);
+ refcount_set(&ibr->pending, 1);

while (sectors) {
while (bio_add_page(bio, sg_page(sg), sg->length, sg->offset)
@@ -498,7 +498,7 @@ iblock_execute_write_same(struct se_cmd *cmd)
if (!bio)
goto fail_put_bios;

- atomic_inc(&ibr->pending);
+ refcount_inc(&ibr->pending);
bio_list_add(&list, bio);
}

@@ -706,7 +706,7 @@ iblock_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents,
cmd->priv = ibr;

if (!sgl_nents) {
- atomic_set(&ibr->pending, 1);
+ refcount_set(&ibr->pending, 1);
iblock_complete_cmd(cmd);
return 0;
}
@@ -719,7 +719,7 @@ iblock_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents,
bio_list_init(&list);
bio_list_add(&list, bio);

- atomic_set(&ibr->pending, 2);
+ refcount_set(&ibr->pending, 2);
bio_cnt = 1;

for_each_sg(sgl, sg, sgl_nents, i) {
@@ -740,7 +740,7 @@ iblock_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents,
if (!bio)
goto fail_put_bios;

- atomic_inc(&ibr->pending);
+ refcount_inc(&ibr->pending);
bio_list_add(&list, bio);
bio_cnt++;
}
diff --git a/drivers/target/target_core_iblock.h b/drivers/target/target_core_iblock.h
index 718d3fc..f2a5797 100644
--- a/drivers/target/target_core_iblock.h
+++ b/drivers/target/target_core_iblock.h
@@ -2,6 +2,7 @@
#define TARGET_CORE_IBLOCK_H

#include <linux/atomic.h>
+#include <linux/refcount.h>
#include <target/target_core_base.h>

#define IBLOCK_VERSION "4.0"
@@ -10,7 +11,7 @@
#define IBLOCK_LBA_SHIFT 9

struct iblock_req {
- atomic_t pending;
+ refcount_t pending;
atomic_t ib_bio_err_cnt;
} ____cacheline_aligned;

--
2.7.4

Next message: Elena Reshetova: "[PATCH 26/29] drivers, usb: convert dev_data.count from atomic_t to refcount_t"
Previous message: Dmitry Vyukov: "Re: [PATCH] x86, kasan: add KASAN checks to atomic operations"
In reply to: Elena Reshetova: "[PATCH 00/29] drivers, mics refcount conversions"
Next in thread: Elena Reshetova: "[PATCH 26/29] drivers, usb: convert dev_data.count from atomic_t to refcount_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]