On 10/23/2017 12:10 AM, Reshetova, Elena wrote:
>> On 10/20/2017 12:57 AM, Elena Reshetova wrote:
>>> atomic_t variables are currently used to implement reference
>>> counters with the following properties:
>>> - counter is initialized to 1 using atomic_set()
>>> - a resource is freed upon counter reaching zero
>>> - once counter reaches zero, its further
>>> increments aren't allowed
>>> - counter schema uses basic atomic operations
>>> (set, inc, inc_not_zero, dec_and_test, etc.)
>>>
>>> Such atomic variables should be converted to a newly provided
>>> refcount_t type and API that prevents accidental counter overflows
>>> and underflows. This is important since overflows and underflows
>>> can lead to use-after-free situation and be exploitable.
>>>
>>> The variable mdesc_handle.refcnt is used as pure reference counter.
>>> Convert it to refcount_t and fix up the operations.
>>>
>>> Suggested-by: Kees Cook <[email protected]>
>>> Reviewed-by: David Windsor <[email protected]>
>>> Reviewed-by: Hans Liljestrand <[email protected]>
>>> Signed-off-by: Elena Reshetova <[email protected]>
>>
>> Acked-by: Shannon Nelson <[email protected]>
>
> Thank you Shannon! Would you be able to take this patch into the respective tree
> to propagate normally from there?
>
> Best Regards,
> Elena.
Hi Elena,
Dave Miller takes good care of the sparclinux tree, I'm sure this is on
his ToDo list already.
sln
From 1582031399837711917@xxx Mon Oct 23 07:11:53 +0000 2017
X-GM-THRID: 1581762667340881637
X-Gmail-Labels: Inbox,Category Forums