From: Weihang Li <liweihang@huawei.com>
To: <dledford@redhat.com>, <jgg@nvidia.com>
Cc: <leon@kernel.org>, <linux-rdma@vger.kernel.org>,
<linuxarm@huawei.com>, Weihang Li <liweihang@huawei.com>
Subject: [PATCH v4 for-next 06/12] RDMA/core: Use refcount_t instead of atomic_t on refcount of mcast_group
Date: Fri, 28 May 2021 17:37:37 +0800 [thread overview]
Message-ID: <1622194663-2383-7-git-send-email-liweihang@huawei.com> (raw)
In-Reply-To: <1622194663-2383-1-git-send-email-liweihang@huawei.com>
The refcount_t API will WARN on underflow and overflow of a reference
counter, and avoid use-after-free risks. Increase refcount_t from 0 to 1 is
regarded as there is a risk about use-after-free. So it should be set to 1
directly during initialization.
Signed-off-by: Weihang Li <liweihang@huawei.com>
---
drivers/infiniband/core/multicast.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/drivers/infiniband/core/multicast.c b/drivers/infiniband/core/multicast.c
index a236532..17abc21 100644
--- a/drivers/infiniband/core/multicast.c
+++ b/drivers/infiniband/core/multicast.c
@@ -103,7 +103,7 @@ struct mcast_group {
struct list_head active_list;
struct mcast_member *last_join;
int members[NUM_JOIN_MEMBERSHIP_TYPES];
- atomic_t refcount;
+ refcount_t refcount;
enum mcast_group_state state;
struct ib_sa_query *query;
u16 pkey_index;
@@ -188,7 +188,7 @@ static void release_group(struct mcast_group *group)
unsigned long flags;
spin_lock_irqsave(&port->lock, flags);
- if (atomic_dec_and_test(&group->refcount)) {
+ if (refcount_dec_and_test(&group->refcount)) {
rb_erase(&group->node, &port->table);
spin_unlock_irqrestore(&port->lock, flags);
kfree(group);
@@ -212,7 +212,7 @@ static void queue_join(struct mcast_member *member)
list_add_tail(&member->list, &group->pending_list);
if (group->state == MCAST_IDLE) {
group->state = MCAST_BUSY;
- atomic_inc(&group->refcount);
+ refcount_inc(&group->refcount);
queue_work(mcast_wq, &group->work);
}
spin_unlock_irqrestore(&group->lock, flags);
@@ -565,8 +565,11 @@ static struct mcast_group *acquire_group(struct mcast_port *port,
if (!is_mgid0) {
spin_lock_irqsave(&port->lock, flags);
group = mcast_find(port, mgid);
- if (group)
+ if (group) {
+ refcount_inc(&group->refcount);
goto found;
+ }
+
spin_unlock_irqrestore(&port->lock, flags);
}
@@ -590,8 +593,10 @@ static struct mcast_group *acquire_group(struct mcast_port *port,
group = cur_group;
} else
refcount_inc(&port->refcount);
+
+ refcount_set(&group->refcount, 1);
+
found:
- atomic_inc(&group->refcount);
spin_unlock_irqrestore(&port->lock, flags);
return group;
}
@@ -780,7 +785,7 @@ static void mcast_groups_event(struct mcast_port *port,
group = rb_entry(node, struct mcast_group, node);
spin_lock(&group->lock);
if (group->state == MCAST_IDLE) {
- atomic_inc(&group->refcount);
+ refcount_inc(&group->refcount);
queue_work(mcast_wq, &group->work);
}
if (group->state != MCAST_GROUP_ERROR)
--
2.7.4
next prev parent reply other threads:[~2021-05-28 9:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-28 9:37 [PATCH v4 for-next 00/12] RDMA: Use refcount_t for reference counting Weihang Li
2021-05-28 9:37 ` [PATCH v4 for-next 01/12] RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private Weihang Li
2021-05-28 9:37 ` [PATCH v4 for-next 02/12] RDMA/core: Use refcount_t instead of atomic_t on refcount of iwpm_admin_data Weihang Li
2021-05-28 9:37 ` [PATCH v4 for-next 03/12] RDMA/core: Use refcount_t instead of atomic_t on refcount of ib_mad_snoop_private Weihang Li
2021-06-08 18:04 ` Jason Gunthorpe
2021-06-09 3:27 ` liweihang
2021-05-28 9:37 ` [PATCH v4 for-next 04/12] RDMA/core: Use refcount_t instead of atomic_t on refcount of mcast_member Weihang Li
2021-05-28 9:37 ` [PATCH v4 for-next 05/12] RDMA/core: Use refcount_t instead of atomic_t on refcount of mcast_port Weihang Li
2021-05-28 9:37 ` Weihang Li [this message]
2021-06-08 17:55 ` [PATCH v4 for-next 06/12] RDMA/core: Use refcount_t instead of atomic_t on refcount of mcast_group Jason Gunthorpe
2021-06-09 3:45 ` liweihang
2021-05-28 9:37 ` [PATCH v4 for-next 07/12] RDMA/core: Use refcount_t instead of atomic_t on refcount of ib_uverbs_device Weihang Li
2021-05-28 9:37 ` [PATCH v4 for-next 08/12] RDMA/hns: Use refcount_t instead of atomic_t for CQ reference counting Weihang Li
2021-05-28 9:37 ` [PATCH v4 for-next 09/12] RDMA/hns: Use refcount_t instead of atomic_t for SRQ " Weihang Li
2021-05-28 9:37 ` [PATCH v4 for-next 10/12] RDMA/hns: Use refcount_t instead of atomic_t for QP " Weihang Li
2021-05-28 9:37 ` [PATCH v4 for-next 11/12] RDMA/cxgb4: Use refcount_t instead of atomic_t for " Weihang Li
2021-05-28 9:37 ` [PATCH v4 for-next 12/12] RDMA/ipoib: " Weihang Li
2021-06-08 18:08 ` [PATCH v4 for-next 00/12] RDMA: Use refcount_t " Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1622194663-2383-7-git-send-email-liweihang@huawei.com \
--to=liweihang@huawei.com \
--cc=dledford@redhat.com \
--cc=jgg@nvidia.com \
--cc=leon@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linuxarm@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.