From: Elena Reshetova <elena.reshetova@intel.com>
To: linux-kernel@vger.kernel.org
Cc: cgroups@vger.kernel.org, linux-audit@redhat.com,
linux-fsdevel@vger.kernel.org, peterz@infradead.org,
gregkh@linuxfoundation.org, viro@zeniv.linux.org.uk,
tj@kernel.org, mingo@redhat.com, hannes@cmpxchg.org,
lizefan@huawei.com, acme@kernel.org,
alexander.shishkin@linux.intel.com, paul@paul-moore.com,
eparis@redhat.com, akpm@linux-foundation.org, arnd@arndb.de,
luto@kernel.org, Elena Reshetova <elena.reshetova@intel.com>,
Hans Liljestrand <ishkamiel@gmail.com>,
Kees Cook <keescook@chromium.org>,
David Windsor <dwindsor@gmail.com>
Subject: [PATCH 05/19] kernel: convert task_struct.stack_refcount from atomic_t to refcount_t
Date: Mon, 20 Feb 2017 12:18:54 +0200 [thread overview]
Message-ID: <1487585948-6401-6-git-send-email-elena.reshetova@intel.com> (raw)
In-Reply-To: <1487585948-6401-1-git-send-email-elena.reshetova@intel.com>
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
---
include/linux/init_task.h | 3 ++-
include/linux/sched.h | 4 ++--
kernel/fork.c | 6 +++---
3 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index 1c6df0b..c452c57 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -12,6 +12,7 @@
#include <linux/securebits.h>
#include <linux/seqlock.h>
#include <linux/rbtree.h>
+#include <linux/refcount.h>
#include <net/net_namespace.h>
#include <linux/sched/rt.h>
@@ -205,7 +206,7 @@ extern struct task_group root_task_group;
#ifdef CONFIG_THREAD_INFO_IN_TASK
# define INIT_TASK_TI(tsk) \
.thread_info = INIT_THREAD_INFO(tsk), \
- .stack_refcount = ATOMIC_INIT(1),
+ .stack_refcount = REFCOUNT_INIT(1),
#else
# define INIT_TASK_TI(tsk)
#endif
diff --git a/include/linux/sched.h b/include/linux/sched.h
index d760ad6..41a2e52 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1969,7 +1969,7 @@ struct task_struct {
#endif
#ifdef CONFIG_THREAD_INFO_IN_TASK
/* A live task holds one reference. */
- atomic_t stack_refcount;
+ refcount_t stack_refcount;
#endif
/* CPU-specific state of this task */
struct thread_struct thread;
@@ -3260,7 +3260,7 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#ifdef CONFIG_THREAD_INFO_IN_TASK
static inline void *try_get_task_stack(struct task_struct *tsk)
{
- return atomic_inc_not_zero(&tsk->stack_refcount) ?
+ return refcount_inc_not_zero(&tsk->stack_refcount) ?
task_stack_page(tsk) : NULL;
}
diff --git a/kernel/fork.c b/kernel/fork.c
index b9b3296..31c887c 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -331,7 +331,7 @@ static void release_task_stack(struct task_struct *tsk)
#ifdef CONFIG_THREAD_INFO_IN_TASK
void put_task_stack(struct task_struct *tsk)
{
- if (atomic_dec_and_test(&tsk->stack_refcount))
+ if (refcount_dec_and_test(&tsk->stack_refcount))
release_task_stack(tsk);
}
#endif
@@ -349,7 +349,7 @@ void free_task(struct task_struct *tsk)
* If the task had a separate stack allocation, it should be gone
* by now.
*/
- WARN_ON_ONCE(atomic_read(&tsk->stack_refcount) != 0);
+ WARN_ON_ONCE(refcount_read(&tsk->stack_refcount) != 0);
#endif
rt_mutex_debug_task_free(tsk);
ftrace_graph_exit_task(tsk);
@@ -504,7 +504,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
tsk->stack_vm_area = stack_vm_area;
#endif
#ifdef CONFIG_THREAD_INFO_IN_TASK
- atomic_set(&tsk->stack_refcount, 1);
+ refcount_set(&tsk->stack_refcount, 1);
#endif
if (err)
--
2.7.4
next prev parent reply other threads:[~2017-02-20 10:28 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-20 10:18 [PATCH 00/19] Kernel subsystem refcounter conversions Elena Reshetova
2017-02-20 10:18 ` [PATCH 01/19] kernel: convert sighand_struct.count from atomic_t to refcount_t Elena Reshetova
2017-02-20 12:30 ` kbuild test robot
2017-02-20 12:42 ` kbuild test robot
2017-02-20 10:18 ` [PATCH 02/19] kernel: convert signal_struct.sigcnt " Elena Reshetova
2017-02-20 10:18 ` [PATCH 03/19] kernel: convert user_struct.__count " Elena Reshetova
2017-02-20 10:18 ` [PATCH 04/19] kernel: convert task_struct.usage " Elena Reshetova
2017-02-20 10:18 ` Elena Reshetova [this message]
2017-02-20 10:18 ` [PATCH 06/19] kernel: convert perf_event_context.refcount " Elena Reshetova
2017-02-20 10:28 ` Peter Zijlstra
2017-02-20 12:14 ` Reshetova, Elena
2017-02-20 10:18 ` [PATCH 07/19] kernel: convert ring_buffer.refcount " Elena Reshetova
2017-02-20 10:18 ` [PATCH 08/19] kernel: convert ring_buffer.aux_refcount " Elena Reshetova
2017-02-20 10:18 ` [PATCH 09/19] kernel: convert uprobe.ref " Elena Reshetova
2017-02-20 10:18 ` [PATCH 10/19] kernel: convert nsproxy.count " Elena Reshetova
2017-02-20 10:19 ` [PATCH 11/19] kernel: convert cgroup_namespace.count " Elena Reshetova
2017-03-06 19:55 ` Tejun Heo
2017-02-20 10:19 ` [PATCH 12/19] kernel: convert css_set.refcount " Elena Reshetova
2017-03-06 19:54 ` Tejun Heo
2017-03-07 19:12 ` Reshetova, Elena
2017-03-07 19:21 ` Tejun Heo
2017-02-20 10:19 ` [PATCH 13/19] kernel: convert group_info.usage " Elena Reshetova
2017-02-20 10:19 ` [PATCH 14/19] kernel: convert cred.usage " Elena Reshetova
2017-02-20 10:19 ` [PATCH 15/19] kernel: convert audit_tree.count " Elena Reshetova
2017-02-20 22:07 ` Paul Moore
2017-02-21 7:15 ` Reshetova, Elena
2017-02-28 22:11 ` Paul Moore
2017-03-01 0:16 ` Kees Cook
2017-03-01 19:35 ` Paul Moore
2017-03-01 23:04 ` Kees Cook
2017-04-11 19:01 ` Paul Moore
2017-04-18 6:33 ` Reshetova, Elena
2017-02-20 10:19 ` [PATCH 16/19] kernel: convert audit_watch.count " Elena Reshetova
2017-02-20 10:19 ` [PATCH 17/19] kernel: convert numa_group.refcount " Elena Reshetova
2017-02-20 10:19 ` [PATCH 18/19] kernel: convert futex_pi_state.refcount " Elena Reshetova
2017-02-20 10:19 ` [PATCH 19/19] kernel: convert kcov.refcount " Elena Reshetova
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1487585948-6401-6-git-send-email-elena.reshetova@intel.com \
--to=elena.reshetova@intel.com \
--cc=acme@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=arnd@arndb.de \
--cc=cgroups@vger.kernel.org \
--cc=dwindsor@gmail.com \
--cc=eparis@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hannes@cmpxchg.org \
--cc=ishkamiel@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-audit@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=paul@paul-moore.com \
--cc=peterz@infradead.org \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).