From: Xiyu Yang <xiyuyang19@fudan.edu.cn>
To: David Woodhouse <dwmw2@infradead.org>,
Richard Weinberger <richard@nod.at>,
Xin Tan <tanxin.ctf@gmail.com>,
Xiyu Yang <xiyuyang19@fudan.edu.cn>,
linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org
Cc: yuanxzhang@fudan.edu.cn
Subject: [PATCH] jffs2: Convert from atomic_t to refcount_t on jffs2_xattr_datum->refcnt
Date: Fri, 16 Jul 2021 18:08:12 +0800 [thread overview]
Message-ID: <1626430101-26718-1-git-send-email-xiyuyang19@fudan.edu.cn> (raw)
refcount_t type and corresponding API can protect refcounters from
accidental underflow and overflow and further use-after-free situations
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
---
fs/jffs2/xattr.c | 14 +++++++-------
fs/jffs2/xattr.h | 3 ++-
2 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c
index da3e18503c65..f7e959817ff1 100644
--- a/fs/jffs2/xattr.c
+++ b/fs/jffs2/xattr.c
@@ -352,7 +352,7 @@ static struct jffs2_xattr_datum *create_xattr_datum(struct jffs2_sb_info *c,
&& xd->value_len==xsize
&& !strcmp(xd->xname, xname)
&& !memcmp(xd->xvalue, xvalue, xsize)) {
- atomic_inc(&xd->refcnt);
+ refcount_inc(&xd->refcnt);
return xd;
}
}
@@ -372,7 +372,7 @@ static struct jffs2_xattr_datum *create_xattr_datum(struct jffs2_sb_info *c,
strcpy(data, xname);
memcpy(data + name_len + 1, xvalue, xsize);
- atomic_set(&xd->refcnt, 1);
+ refcount_set(&xd->refcnt, 1);
xd->xid = ++c->highest_xid;
xd->flags |= JFFS2_XFLAGS_HOT;
xd->xprefix = xprefix;
@@ -404,7 +404,7 @@ static struct jffs2_xattr_datum *create_xattr_datum(struct jffs2_sb_info *c,
static void unrefer_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
{
/* must be called under down_write(xattr_sem) */
- if (atomic_dec_and_lock(&xd->refcnt, &c->erase_completion_lock)) {
+ if (refcount_dec_and_lock(&xd->refcnt, &c->erase_completion_lock)) {
unload_xattr_datum(c, xd);
xd->flags |= JFFS2_XFLAGS_DEAD;
if (xd->node == (void *)xd) {
@@ -621,7 +621,7 @@ void jffs2_xattr_free_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *i
for (ref = ic->xref; ref; ref = _ref) {
_ref = ref->next;
xd = ref->xd;
- if (atomic_dec_and_test(&xd->refcnt)) {
+ if (refcount_dec_and_test(&xd->refcnt)) {
unload_xattr_datum(c, xd);
jffs2_free_xattr_datum(xd);
}
@@ -851,7 +851,7 @@ void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c)
}
ref->xd = xd;
ref->ic = ic;
- atomic_inc(&xd->refcnt);
+ refcount_inc(&xd->refcnt);
ref->next = ic->xref;
ic->xref = ref;
}
@@ -862,7 +862,7 @@ void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c)
list_for_each_entry_safe(xd, _xd, &c->xattrindex[i], xindex) {
xdatum_count++;
list_del_init(&xd->xindex);
- if (!atomic_read(&xd->refcnt)) {
+ if (!refcount_read(&xd->refcnt)) {
dbg_xattr("xdatum(xid=%u, version=%u) is orphan.\n",
xd->xid, xd->version);
xd->flags |= JFFS2_XFLAGS_DEAD;
@@ -1322,7 +1322,7 @@ int jffs2_verify_xattr(struct jffs2_sb_info *c)
void jffs2_release_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
{
/* must be called under spin_lock(&c->erase_completion_lock) */
- if (atomic_read(&xd->refcnt) || xd->node != (void *)xd)
+ if (refcount_read(&xd->refcnt) || xd->node != (void *)xd)
return;
list_del(&xd->xindex);
diff --git a/fs/jffs2/xattr.h b/fs/jffs2/xattr.h
index 720007b2fd65..75742f948d20 100644
--- a/fs/jffs2/xattr.h
+++ b/fs/jffs2/xattr.h
@@ -14,6 +14,7 @@
#include <linux/xattr.h>
#include <linux/list.h>
+#include <linux/refcount.h>
#define JFFS2_XFLAGS_HOT (0x01) /* This datum is HOT */
#define JFFS2_XFLAGS_BIND (0x02) /* This datum is not reclaimed */
@@ -29,7 +30,7 @@ struct jffs2_xattr_datum
uint16_t xprefix; /* see JFFS2_XATTR_PREFIX_* */
struct list_head xindex; /* chained from c->xattrindex[n] */
- atomic_t refcnt; /* # of xattr_ref refers this */
+ refcount_t refcnt; /* # of xattr_ref refers this */
uint32_t xid;
uint32_t version;
--
2.7.4
reply other threads:[~2021-07-16 10:09 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1626430101-26718-1-git-send-email-xiyuyang19@fudan.edu.cn \
--to=xiyuyang19@fudan.edu.cn \
--cc=dwmw2@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=richard@nod.at \
--cc=tanxin.ctf@gmail.com \
--cc=yuanxzhang@fudan.edu.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).