LinuxLists.cc - Re: [PATCH] padata: Convert from atomic_t to refcount_t on parallel

2021-07-19 22:33:55

Subject: Re: [PATCH] padata: Convert from atomic_t to refcount_t on parallel_data->refcnt

On Mon, Jul 19, 2021 at 04:37:33PM +0800, Xiyu Yang wrote:
> refcount_t type and corresponding API can protect refcounters from
> accidental underflow and overflow and further use-after-free situations.
>
> Signed-off-by: Xiyu Yang <[email protected]>
> Signed-off-by: Xin Tan <[email protected]>

This patch run on a big server didn't turn up anything, but it's
probably useful to have the extra checking.

Acked-by: Daniel Jordan <[email protected]>

2021-07-20 15:18:02

by Daniel Jordan

[permalink] [raw]

Subject: [PATCH] padata: Convert from atomic_t to refcount_t on parallel_data->refcnt

From: Xiyu Yang <[email protected]>

refcount_t type and corresponding API can protect refcounters from
accidental underflow and overflow and further use-after-free situations.

Signed-off-by: Xiyu Yang <[email protected]>
Signed-off-by: Xin Tan <[email protected]>
Acked-by: Daniel Jordan <[email protected]>
---

This seems not to have made it to the lists even though they were
originally cc'd. Reposting.

include/linux/padata.h | 3 ++-
kernel/padata.c | 8 ++++----
2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/include/linux/padata.h b/include/linux/padata.h
index a433f13fc4bf..495b16b6b4d7 100644
--- a/include/linux/padata.h
+++ b/include/linux/padata.h
@@ -12,6 +12,7 @@
#ifndef PADATA_H
#define PADATA_H

+#include <linux/refcount.h>
#include <linux/compiler_types.h>
#include <linux/workqueue.h>
#include <linux/spinlock.h>
@@ -96,7 +97,7 @@ struct parallel_data {
struct padata_shell *ps;
struct padata_list __percpu *reorder_list;
struct padata_serial_queue __percpu *squeue;
- atomic_t refcnt;
+ refcount_t refcnt;
unsigned int seq_nr;
unsigned int processed;
int cpu;
diff --git a/kernel/padata.c b/kernel/padata.c
index d4d3ba6e1728..378c36080781 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -211,7 +211,7 @@ int padata_do_parallel(struct padata_shell *ps,
if ((pinst->flags & PADATA_RESET))
goto out;

- atomic_inc(&pd->refcnt);
+ refcount_inc(&pd->refcnt);
padata->pd = pd;
padata->cb_cpu = *cb_cpu;

@@ -383,7 +383,7 @@ static void padata_serial_worker(struct work_struct *serial_work)
}
local_bh_enable();

- if (atomic_sub_and_test(cnt, &pd->refcnt))
+ if (refcount_sub_and_test(cnt, &pd->refcnt))
padata_free_pd(pd);
}

@@ -593,7 +593,7 @@ static struct parallel_data *padata_alloc_pd(struct padata_shell *ps)
padata_init_reorder_list(pd);
padata_init_squeues(pd);
pd->seq_nr = -1;
- atomic_set(&pd->refcnt, 1);
+ refcount_set(&pd->refcnt, 1);
spin_lock_init(&pd->lock);
pd->cpu = cpumask_first(pd->cpumask.pcpu);
INIT_WORK(&pd->reorder_work, invoke_padata_reorder);
@@ -667,7 +667,7 @@ static int padata_replace(struct padata_instance *pinst)
synchronize_rcu();

list_for_each_entry_continue_reverse(ps, &pinst->pslist, list)
- if (atomic_dec_and_test(&ps->opd->refcnt))
+ if (refcount_dec_and_test(&ps->opd->refcnt))
padata_free_pd(ps->opd);

pinst->flags &= ~PADATA_RESET;
--
2.32.0