Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp21729imm; Tue, 3 Jul 2018 13:07:00 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKqexLIEvIDFkJWQwGJmsdcGrzM0TwmBqNFjG6wNPe5+5fsPAFujOUBmBBy1Ze4062rxzG8 X-Received: by 2002:a17:902:bb8d:: with SMTP id m13-v6mr30954607pls.46.1530648420457; Tue, 03 Jul 2018 13:07:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530648420; cv=none; d=google.com; s=arc-20160816; b=IYOSNfUeuAPH2elBbJlZcEZmDNZCsghLDwClaht3dyptp2LcGRuUdbjc/n7HLwgCci SbOhHXi2X+anQ1NmeBgj7URlP3Uyxk6DwQZibJV5uAnSnz8E0/x1DfH7GfMoyH9NBfLf gm+f8Mk8JbWbApqYbuCJ8sG/DiNVLM9xgtXVUav6tS483cMYXr+wbWEqkhNtSOrOStz/ ArA1fH3BKUig7WyRJUSSumoWJc8YMXbOFjbyWwFr9r9Exa+3k/8/wpxI3g7eUo83ZDyy qqBQjS0l8k4BasJr7eXAeefTtiujbuNGHRGfAVU4rlbXnODoq3WwpRRDIjonlX1q94Um THTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=osUSyr3nUXyZhFK+HvTfqa0DBBU5+TCKiZtvYIr5gZI=; b=F/NKlthWvltd9aO85QH6pQrdnKHmeVqrC6QYvwaiiWb4fh/uH77NFQflR2BJ6qHnEb AA5/l9ad+jKqNjsSfStaM8v7Di2Hzb8COaSdbSEXt9+tgtKlbmvrpVsUl28jmOR+CttE c+Z21ztl0rWOFo5hA4zwphaRezTWUTpcrVrUo6MVxbME86Jnb5YXGI9zjxDl6Uj5pDBV OTMwQMvfILwG+/Dc65fsKd2YA2M87NKux+zlkBQMX4pyjX6y1sydTgxir1Sa5AHcJIFW XqvscZjPdC25ZvKm3JZBBRiTgfTnh/4wBDv+eDZdoXztWta+cu69zkG1URq7nPYHvZ6j hH8A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n4-v6si1645355pgs.362.2018.07.03.13.06.46; Tue, 03 Jul 2018 13:07:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753105AbeGCUEG (ORCPT + 99 others); Tue, 3 Jul 2018 16:04:06 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:45332 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752910AbeGCUCE (ORCPT ); Tue, 3 Jul 2018 16:02:04 -0400 Received: from localhost ([127.0.0.1] helo=bazinga.breakpoint.cc) by Galois.linutronix.de with esmtp (Exim 4.80) (envelope-from ) id 1faRUv-0001tM-Gj; Tue, 03 Jul 2018 22:02:01 +0200 From: Sebastian Andrzej Siewior To: linux-kernel@vger.kernel.org Cc: tglx@linutronix.de, Peter Zijlstra , Ingo Molnar , Sebastian Andrzej Siewior , Andrew Morton Subject: [PATCH 5/6] userns: Use refcount_t for reference counting instead atomic_t Date: Tue, 3 Jul 2018 22:01:40 +0200 Message-Id: <20180703200141.28415-6-bigeasy@linutronix.de> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180703200141.28415-1-bigeasy@linutronix.de> References: <20180703200141.28415-1-bigeasy@linutronix.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org refcount_t type and corresponding API should be used instead of atomic_t wh= en the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Cc: Andrew Morton Suggested-by: Peter Zijlstra Acked-by: Peter Zijlstra (Intel) Signed-off-by: Sebastian Andrzej Siewior --- include/linux/sched/user.h | 5 +++-- kernel/user.c | 8 ++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/include/linux/sched/user.h b/include/linux/sched/user.h index 96fe289c4c6e..39ad98c09c58 100644 --- a/include/linux/sched/user.h +++ b/include/linux/sched/user.h @@ -4,6 +4,7 @@ =20 #include #include +#include #include =20 struct key; @@ -12,7 +13,7 @@ struct key; * Some day this will be a full-fledged user tracking system.. */ struct user_struct { - atomic_t __count; /* reference count */ + refcount_t __count; /* reference count */ atomic_t processes; /* How many processes does this user have? */ atomic_t sigpending; /* How many pending signals does this user have? */ #ifdef CONFIG_FANOTIFY @@ -59,7 +60,7 @@ extern struct user_struct root_user; extern struct user_struct * alloc_uid(kuid_t); static inline struct user_struct *get_uid(struct user_struct *u) { - atomic_inc(&u->__count); + refcount_inc(&u->__count); return u; } extern void free_uid(struct user_struct *); diff --git a/kernel/user.c b/kernel/user.c index 36288d840675..5f65ef195259 100644 --- a/kernel/user.c +++ b/kernel/user.c @@ -96,7 +96,7 @@ static DEFINE_SPINLOCK(uidhash_lock); =20 /* root_user.__count is 1, for init task cred */ struct user_struct root_user =3D { - .__count =3D ATOMIC_INIT(1), + .__count =3D REFCOUNT_INIT(1), .processes =3D ATOMIC_INIT(1), .sigpending =3D ATOMIC_INIT(0), .locked_shm =3D 0, @@ -123,7 +123,7 @@ static struct user_struct *uid_hash_find(kuid_t uid, st= ruct hlist_head *hashent) =20 hlist_for_each_entry(user, hashent, uidhash_node) { if (uid_eq(user->uid, uid)) { - atomic_inc(&user->__count); + refcount_inc(&user->__count); return user; } } @@ -170,7 +170,7 @@ void free_uid(struct user_struct *up) return; =20 local_irq_save(flags); - if (atomic_dec_and_lock(&up->__count, &uidhash_lock)) + if (refcount_dec_and_lock(&up->__count, &uidhash_lock)) free_user(up, flags); else local_irq_restore(flags); @@ -191,7 +191,7 @@ struct user_struct *alloc_uid(kuid_t uid) goto out_unlock; =20 new->uid =3D uid; - atomic_set(&new->__count, 1); + refcount_set(&new->__count, 1); ratelimit_state_init(&new->ratelimit, HZ, 100); ratelimit_set_flags(&new->ratelimit, RATELIMIT_MSG_ON_RELEASE); =20 --=20 2.18.0