From: Paolo Bonzini <pbonzini@redhat.com>
To: Elena Reshetova <elena.reshetova@intel.com>,
linux-kernel@vger.kernel.org
Cc: linux-edac@vger.kernel.org, x86@kernel.org,
sparclinux@vger.kernel.org, linux-s390@vger.kernel.org,
kvm@vger.kernel.org, peterz@infradead.org,
gregkh@linuxfoundation.org, davem@davemloft.net,
tglx@linutronix.de, mingo@redhat.com, tony.luck@intel.com,
hpa@zytor.com, Hans Liljestrand <ishkamiel@gmail.com>,
Kees Cook <keescook@chromium.org>,
David Windsor <dwindsor@gmail.com>
Subject: Re: [PATCH 4/4] kvm: convert kvm.users_count from atomic_t to refcount_t
Date: Mon, 20 Feb 2017 12:37:15 +0100 [thread overview]
Message-ID: <220f229f-0e3e-2a72-62c1-1677021c3987@redhat.com> (raw)
In-Reply-To: <1487588781-15123-5-git-send-email-elena.reshetova@intel.com>
On 20/02/2017 12:06, Elena Reshetova wrote:
> refcount_t type and corresponding API should be
> used instead of atomic_t when the variable is used as
> a reference counter. This allows to avoid accidental
> refcounter overflows that might lead to use-after-free
> situations.
>
> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: David Windsor <dwindsor@gmail.com>
Looks good, will apply after the merge window.
Paolo
> ---
> include/linux/kvm_host.h | 3 ++-
> virt/kvm/kvm_main.c | 8 ++++----
> 2 files changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> index cda457b..7fa05a5 100644
> --- a/include/linux/kvm_host.h
> +++ b/include/linux/kvm_host.h
> @@ -26,6 +26,7 @@
> #include <linux/context_tracking.h>
> #include <linux/irqbypass.h>
> #include <linux/swait.h>
> +#include <linux/refcount.h>
> #include <asm/signal.h>
>
> #include <linux/kvm.h>
> @@ -402,7 +403,7 @@ struct kvm {
> #endif
> struct kvm_vm_stat stat;
> struct kvm_arch arch;
> - atomic_t users_count;
> + refcount_t users_count;
> #ifdef KVM_COALESCED_MMIO_PAGE_OFFSET
> struct kvm_coalesced_mmio_ring *coalesced_mmio_ring;
> spinlock_t ring_lock;
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index dcd1c12..6ae5775 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -622,7 +622,7 @@ static struct kvm *kvm_create_vm(unsigned long type)
> mutex_init(&kvm->lock);
> mutex_init(&kvm->irq_lock);
> mutex_init(&kvm->slots_lock);
> - atomic_set(&kvm->users_count, 1);
> + refcount_set(&kvm->users_count, 1);
> INIT_LIST_HEAD(&kvm->devices);
>
> r = kvm_arch_init_vm(kvm, type);
> @@ -745,13 +745,13 @@ static void kvm_destroy_vm(struct kvm *kvm)
>
> void kvm_get_kvm(struct kvm *kvm)
> {
> - atomic_inc(&kvm->users_count);
> + refcount_inc(&kvm->users_count);
> }
> EXPORT_SYMBOL_GPL(kvm_get_kvm);
>
> void kvm_put_kvm(struct kvm *kvm)
> {
> - if (atomic_dec_and_test(&kvm->users_count))
> + if (refcount_dec_and_test(&kvm->users_count))
> kvm_destroy_vm(kvm);
> }
> EXPORT_SYMBOL_GPL(kvm_put_kvm);
> @@ -3640,7 +3640,7 @@ static int kvm_debugfs_open(struct inode *inode, struct file *file,
> * To avoid the race between open and the removal of the debugfs
> * directory we test against the users count.
> */
> - if (!atomic_add_unless(&stat_data->kvm->users_count, 1, 0))
> + if (!refcount_inc_not_zero(&stat_data->kvm->users_count))
> return -ENOENT;
>
> if (simple_attr_open(inode, file, get, set, fmt)) {
>
WARNING: multiple messages have this Message-ID (diff)
From: Paolo Bonzini <pbonzini@redhat.com>
To: Elena Reshetova <elena.reshetova@intel.com>,
linux-kernel@vger.kernel.org
Cc: linux-edac@vger.kernel.org, x86@kernel.org,
sparclinux@vger.kernel.org, linux-s390@vger.kernel.org,
kvm@vger.kernel.org, peterz@infradead.org,
gregkh@linuxfoundation.org, davem@davemloft.net,
tglx@linutronix.de, mingo@redhat.com, tony.luck@intel.com,
hpa@zytor.com, Hans Liljestrand <ishkamiel@gmail.com>,
Kees Cook <keescook@chromium.org>,
David Windsor <dwindsor@gmail.com>
Subject: Re: [PATCH 4/4] kvm: convert kvm.users_count from atomic_t to refcount_t
Date: Mon, 20 Feb 2017 11:37:15 +0000 [thread overview]
Message-ID: <220f229f-0e3e-2a72-62c1-1677021c3987@redhat.com> (raw)
In-Reply-To: <1487588781-15123-5-git-send-email-elena.reshetova@intel.com>
On 20/02/2017 12:06, Elena Reshetova wrote:
> refcount_t type and corresponding API should be
> used instead of atomic_t when the variable is used as
> a reference counter. This allows to avoid accidental
> refcounter overflows that might lead to use-after-free
> situations.
>
> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: David Windsor <dwindsor@gmail.com>
Looks good, will apply after the merge window.
Paolo
> ---
> include/linux/kvm_host.h | 3 ++-
> virt/kvm/kvm_main.c | 8 ++++----
> 2 files changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> index cda457b..7fa05a5 100644
> --- a/include/linux/kvm_host.h
> +++ b/include/linux/kvm_host.h
> @@ -26,6 +26,7 @@
> #include <linux/context_tracking.h>
> #include <linux/irqbypass.h>
> #include <linux/swait.h>
> +#include <linux/refcount.h>
> #include <asm/signal.h>
>
> #include <linux/kvm.h>
> @@ -402,7 +403,7 @@ struct kvm {
> #endif
> struct kvm_vm_stat stat;
> struct kvm_arch arch;
> - atomic_t users_count;
> + refcount_t users_count;
> #ifdef KVM_COALESCED_MMIO_PAGE_OFFSET
> struct kvm_coalesced_mmio_ring *coalesced_mmio_ring;
> spinlock_t ring_lock;
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index dcd1c12..6ae5775 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -622,7 +622,7 @@ static struct kvm *kvm_create_vm(unsigned long type)
> mutex_init(&kvm->lock);
> mutex_init(&kvm->irq_lock);
> mutex_init(&kvm->slots_lock);
> - atomic_set(&kvm->users_count, 1);
> + refcount_set(&kvm->users_count, 1);
> INIT_LIST_HEAD(&kvm->devices);
>
> r = kvm_arch_init_vm(kvm, type);
> @@ -745,13 +745,13 @@ static void kvm_destroy_vm(struct kvm *kvm)
>
> void kvm_get_kvm(struct kvm *kvm)
> {
> - atomic_inc(&kvm->users_count);
> + refcount_inc(&kvm->users_count);
> }
> EXPORT_SYMBOL_GPL(kvm_get_kvm);
>
> void kvm_put_kvm(struct kvm *kvm)
> {
> - if (atomic_dec_and_test(&kvm->users_count))
> + if (refcount_dec_and_test(&kvm->users_count))
> kvm_destroy_vm(kvm);
> }
> EXPORT_SYMBOL_GPL(kvm_put_kvm);
> @@ -3640,7 +3640,7 @@ static int kvm_debugfs_open(struct inode *inode, struct file *file,
> * To avoid the race between open and the removal of the debugfs
> * directory we test against the users count.
> */
> - if (!atomic_add_unless(&stat_data->kvm->users_count, 1, 0))
> + if (!refcount_inc_not_zero(&stat_data->kvm->users_count))
> return -ENOENT;
>
> if (simple_attr_open(inode, file, get, set, fmt)) {
>
next prev parent reply other threads:[~2017-02-20 11:37 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-20 11:06 [PATCH 0/4] arch subsystem refcounter conversions Elena Reshetova
2017-02-20 11:06 ` Elena Reshetova
2017-02-20 11:06 ` [PATCH 1/4] s390: convert debug_info.ref_count from atomic_t to refcount_t Elena Reshetova
2017-02-20 11:06 ` Elena Reshetova
2017-02-20 13:24 ` Heiko Carstens
2017-02-20 13:24 ` Heiko Carstens
2017-02-20 13:34 ` Heiko Carstens
2017-02-20 13:34 ` Heiko Carstens
2017-02-20 13:35 ` Reshetova, Elena
2017-02-20 13:39 ` Peter Zijlstra
2017-02-20 13:39 ` Peter Zijlstra
2017-02-20 11:06 ` [PATCH 2/4] x86: convert threshold_bank.cpus " Elena Reshetova
2017-02-20 11:06 ` Elena Reshetova
2017-02-20 11:17 ` Borislav Petkov
2017-02-20 11:17 ` Borislav Petkov
2017-02-20 12:20 ` Reshetova, Elena
2017-02-20 12:20 ` Reshetova, Elena
2017-02-20 12:30 ` Borislav Petkov
2017-02-20 12:30 ` Borislav Petkov
2017-02-21 20:45 ` Kees Cook
2017-02-21 20:45 ` Kees Cook
2017-02-22 9:27 ` Borislav Petkov
2017-02-22 9:27 ` Borislav Petkov
2017-02-20 11:06 ` [PATCH 3/4] sparc: convert mdesc_handle.refcnt " Elena Reshetova
2017-02-20 11:06 ` Elena Reshetova
2017-02-20 14:56 ` David Miller
2017-02-20 14:56 ` David Miller
2017-04-03 7:28 ` Reshetova, Elena
2017-04-03 7:28 ` Reshetova, Elena
2017-04-03 13:12 ` David Miller
2017-04-03 13:12 ` David Miller
2017-04-03 16:06 ` Reshetova, Elena
2017-04-03 16:06 ` Reshetova, Elena
2017-04-03 16:16 ` David Miller
2017-04-03 16:16 ` David Miller
2017-02-20 11:06 ` [PATCH 4/4] kvm: convert kvm.users_count " Elena Reshetova
2017-02-20 11:06 ` Elena Reshetova
2017-02-20 11:37 ` Paolo Bonzini [this message]
2017-02-20 11:37 ` Paolo Bonzini
2017-02-20 12:22 ` Reshetova, Elena
2017-02-20 12:22 ` Reshetova, Elena
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=220f229f-0e3e-2a72-62c1-1677021c3987@redhat.com \
--to=pbonzini@redhat.com \
--cc=davem@davemloft.net \
--cc=dwindsor@gmail.com \
--cc=elena.reshetova@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=ishkamiel@gmail.com \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-edac@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=sparclinux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.