refcount_t type and corresponding API can protect refcounters from
accidental underflow and overflow and further use-after-free situations
Signed-off-by: Xiyu Yang <[email protected]>
Signed-off-by: Xin Tan <[email protected]>
---
fs/jffs2/xattr.c | 14 +++++++-------
fs/jffs2/xattr.h | 3 ++-
2 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c
index da3e18503c65..f7e959817ff1 100644
--- a/fs/jffs2/xattr.c
+++ b/fs/jffs2/xattr.c
@@ -352,7 +352,7 @@ static struct jffs2_xattr_datum *create_xattr_datum(struct jffs2_sb_info *c,
&& xd->value_len==xsize
&& !strcmp(xd->xname, xname)
&& !memcmp(xd->xvalue, xvalue, xsize)) {
- atomic_inc(&xd->refcnt);
+ refcount_inc(&xd->refcnt);
return xd;
}
}
@@ -372,7 +372,7 @@ static struct jffs2_xattr_datum *create_xattr_datum(struct jffs2_sb_info *c,
strcpy(data, xname);
memcpy(data + name_len + 1, xvalue, xsize);
- atomic_set(&xd->refcnt, 1);
+ refcount_set(&xd->refcnt, 1);
xd->xid = ++c->highest_xid;
xd->flags |= JFFS2_XFLAGS_HOT;
xd->xprefix = xprefix;
@@ -404,7 +404,7 @@ static struct jffs2_xattr_datum *create_xattr_datum(struct jffs2_sb_info *c,
static void unrefer_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
{
/* must be called under down_write(xattr_sem) */
- if (atomic_dec_and_lock(&xd->refcnt, &c->erase_completion_lock)) {
+ if (refcount_dec_and_lock(&xd->refcnt, &c->erase_completion_lock)) {
unload_xattr_datum(c, xd);
xd->flags |= JFFS2_XFLAGS_DEAD;
if (xd->node == (void *)xd) {
@@ -621,7 +621,7 @@ void jffs2_xattr_free_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *i
for (ref = ic->xref; ref; ref = _ref) {
_ref = ref->next;
xd = ref->xd;
- if (atomic_dec_and_test(&xd->refcnt)) {
+ if (refcount_dec_and_test(&xd->refcnt)) {
unload_xattr_datum(c, xd);
jffs2_free_xattr_datum(xd);
}
@@ -851,7 +851,7 @@ void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c)
}
ref->xd = xd;
ref->ic = ic;
- atomic_inc(&xd->refcnt);
+ refcount_inc(&xd->refcnt);
ref->next = ic->xref;
ic->xref = ref;
}
@@ -862,7 +862,7 @@ void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c)
list_for_each_entry_safe(xd, _xd, &c->xattrindex[i], xindex) {
xdatum_count++;
list_del_init(&xd->xindex);
- if (!atomic_read(&xd->refcnt)) {
+ if (!refcount_read(&xd->refcnt)) {
dbg_xattr("xdatum(xid=%u, version=%u) is orphan.\n",
xd->xid, xd->version);
xd->flags |= JFFS2_XFLAGS_DEAD;
@@ -1322,7 +1322,7 @@ int jffs2_verify_xattr(struct jffs2_sb_info *c)
void jffs2_release_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
{
/* must be called under spin_lock(&c->erase_completion_lock) */
- if (atomic_read(&xd->refcnt) || xd->node != (void *)xd)
+ if (refcount_read(&xd->refcnt) || xd->node != (void *)xd)
return;
list_del(&xd->xindex);
diff --git a/fs/jffs2/xattr.h b/fs/jffs2/xattr.h
index 720007b2fd65..75742f948d20 100644
--- a/fs/jffs2/xattr.h
+++ b/fs/jffs2/xattr.h
@@ -14,6 +14,7 @@
#include <linux/xattr.h>
#include <linux/list.h>
+#include <linux/refcount.h>
#define JFFS2_XFLAGS_HOT (0x01) /* This datum is HOT */
#define JFFS2_XFLAGS_BIND (0x02) /* This datum is not reclaimed */
@@ -29,7 +30,7 @@ struct jffs2_xattr_datum
uint16_t xprefix; /* see JFFS2_XATTR_PREFIX_* */
struct list_head xindex; /* chained from c->xattrindex[n] */
- atomic_t refcnt; /* # of xattr_ref refers this */
+ refcount_t refcnt; /* # of xattr_ref refers this */
uint32_t xid;
uint32_t version;
--
2.7.4