Thread (17 messages) 17 messages, 5 authors, 2017-11-29

RE: [PATCH 1/4] bcache: convert cached_dev.count from atomic_t to refcount_t

From: "Reshetova, Elena" <elena.reshetova@intel.com>
Date: 2017-10-23 06:45:18
Also in: dm-devel, linux-bcache, lkml

On 10/20/2017 12:37 AM, Elena Reshetova wrote:
quoted
atomic_t variables are currently used to implement reference
counters with the following properties:
 - counter is initialized to 1 using atomic_set()
 - a resource is freed upon counter reaching zero
 - once counter reaches zero, its further
   increments aren't allowed
 - counter schema uses basic atomic operations
   (set, inc, inc_not_zero, dec_and_test, etc.)

Such atomic variables should be converted to a newly provided
refcount_t type and API that prevents accidental counter overflows
and underflows. This is important since overflows and underflows
can lead to use-after-free situation and be exploitable.

The variable cached_dev.count is used as pure reference counter.
Convert it to refcount_t and fix up the operations.

Suggested-by: Kees Cook <redacted>
Reviewed-by: David Windsor <redacted>
Reviewed-by: Hans Liljestrand <redacted>
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Reviewed-by: Michael Lyle <redacted>

Thanks for this-- I'm including it in my tree for possible inclusion in
4.15 (I've already sent my main chunk of changes upwards).
Thank you Mike! I am dropping then this patch from my list of maintained
conversions. 

Best Regards,
Elena.
Mike
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help