Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2288495imm;
        Mon, 16 Jul 2018 05:40:10 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpcpBznfN/CkSWkSosRQFpZPkzU9IuibuWQmC9gTkOIoSsg+RLmOpTqmutNFaOla58XQ0TZ5
X-Received: by 2002:a62:8d84:: with SMTP id p4-v6mr18154195pfk.251.1531744810548;
        Mon, 16 Jul 2018 05:40:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1531744810; cv=none;
        d=google.com; s=arc-20160816;
        b=yGfXJZGon/xhJipJdgZEn2Z82oQ9tzU8Wpi1hXddsNGyxgVrMiEiAbNqNESf1rui+9
         ta1rsIzJfXDSqONbKywOCExD4bDtHTqkvBdvP5eAEfwZF7LAqO0NWRV+Hv85e+gsSoEW
         KHIXSWBS689pitFpfKzhOKmVRVFi45LRyZa+YaLNgDr5lWI+fj7P9Iq146hTsnfOSzs5
         TAU1cqA6LTxxVn5BZkHFqhtF9c1ecEqJb95gaHxyJ/OX2pNVEgXcnQqlNKJ9tQTnkKdy
         xRRpYIl6uYEh0JdyOIf9ejnm++klSNHQtfghPiPBFsekYuwo6cjTgx2NujM+fnFAoZYW
         u5qw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=drwICU8ILmaqwQp1y3Ocmern0+tUGY9bsptXpgoEo7o=;
        b=TuLRK1+5zRRxfaOs6qY12iwejo3CIX3h23BBewBmfENlocTNsrBzip3NPFeTGVQhj/
         P2z8eUM9DLrExCDH7rkVRsrCcQscMF1Fnb2FuEvlX9K+odchxlCl6CrrjzuQkl5TdNF1
         zUyzjevt0J7LLyjRoxxsP+924cif+V7EfI04bvOlSNijZvbXCHLXtnw+s0YfrVAA0AVH
         Rktthz6OiGKGYUAoJCYuu1GytuhzuF6F5XpXAHfJKrxLsMoLMS34MQrRdTSlsF7gtYHi
         jft30cECyV89Yhjbg0iLYdsN3mYjo/6bpO4uDTETn5el4WjCi6W4lge/5IURTgPRzNCK
         4yxQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u11-v6si16359083pgg.683.2018.07.16.05.39.55;
        Mon, 16 Jul 2018 05:40:10 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729474AbeGPNGh (ORCPT <rfc822;noahbdev@gmail.com> + 99 others);
        Mon, 16 Jul 2018 09:06:37 -0400
Received: from Galois.linutronix.de ([146.0.238.70]:51746 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728437AbeGPNGh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 16 Jul 2018 09:06:37 -0400
Received: from bigeasy by Galois.linutronix.de with local (Exim 4.80)
        (envelope-from <bigeasy@linutronix.de>)
        id 1ff2mc-00055m-KB; Mon, 16 Jul 2018 14:39:18 +0200
Date:   Mon, 16 Jul 2018 14:39:18 +0200
From:   Sebastian Andrzej Siewior <bigeasy@linutronix.de>
To:     linux-kernel@vger.kernel.org, Ingo Molnar <mingo@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>
Cc:     tglx@linutronix.de, Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH 5/6] userns: Use refcount_t for reference counting
 instead atomic_t
Message-ID: <20180716123918.g7kkm5nivtk7ldlt@linutronix.de>
References: <20180703200141.28415-1-bigeasy@linutronix.de>
 <20180703200141.28415-6-bigeasy@linutronix.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20180703200141.28415-6-bigeasy@linutronix.de>
User-Agent: NeoMutt/20180622
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2018-07-03 22:01:40 [+0200], To linux-kernel@vger.kernel.org wrote:
> refcount_t type and corresponding API should be used instead of atomic_t when
> the variable is used as a reference counter. This allows to avoid accidental
> refcounter overflows that might lead to use-after-free situations.

Ingo, Andrew: who of you two feels most comfortable to apply this one
(and 6/6 of this series, both `userns')? If none, who would you suggest?

> Cc: Andrew Morton <akpm@linux-foundation.org>
> Suggested-by: Peter Zijlstra <peterz@infradead.org>
> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
> ---
>  include/linux/sched/user.h | 5 +++--
>  kernel/user.c              | 8 ++++----
>  2 files changed, 7 insertions(+), 6 deletions(-)
> 
> diff --git a/include/linux/sched/user.h b/include/linux/sched/user.h
> index 96fe289c4c6e..39ad98c09c58 100644
> --- a/include/linux/sched/user.h
> +++ b/include/linux/sched/user.h
> @@ -4,6 +4,7 @@
>  
>  #include <linux/uidgid.h>
>  #include <linux/atomic.h>
> +#include <linux/refcount.h>
>  #include <linux/ratelimit.h>
>  
>  struct key;
> @@ -12,7 +13,7 @@ struct key;
>   * Some day this will be a full-fledged user tracking system..
>   */
>  struct user_struct {
> -	atomic_t __count;	/* reference count */
> +	refcount_t __count;	/* reference count */
>  	atomic_t processes;	/* How many processes does this user have? */
>  	atomic_t sigpending;	/* How many pending signals does this user have? */
>  #ifdef CONFIG_FANOTIFY
> @@ -59,7 +60,7 @@ extern struct user_struct root_user;
>  extern struct user_struct * alloc_uid(kuid_t);
>  static inline struct user_struct *get_uid(struct user_struct *u)
>  {
> -	atomic_inc(&u->__count);
> +	refcount_inc(&u->__count);
>  	return u;
>  }
>  extern void free_uid(struct user_struct *);
> diff --git a/kernel/user.c b/kernel/user.c
> index 36288d840675..5f65ef195259 100644
> --- a/kernel/user.c
> +++ b/kernel/user.c
> @@ -96,7 +96,7 @@ static DEFINE_SPINLOCK(uidhash_lock);
>  
>  /* root_user.__count is 1, for init task cred */
>  struct user_struct root_user = {
> -	.__count	= ATOMIC_INIT(1),
> +	.__count	= REFCOUNT_INIT(1),
>  	.processes	= ATOMIC_INIT(1),
>  	.sigpending	= ATOMIC_INIT(0),
>  	.locked_shm     = 0,
> @@ -123,7 +123,7 @@ static struct user_struct *uid_hash_find(kuid_t uid, struct hlist_head *hashent)
>  
>  	hlist_for_each_entry(user, hashent, uidhash_node) {
>  		if (uid_eq(user->uid, uid)) {
> -			atomic_inc(&user->__count);
> +			refcount_inc(&user->__count);
>  			return user;
>  		}
>  	}
> @@ -170,7 +170,7 @@ void free_uid(struct user_struct *up)
>  		return;
>  
>  	local_irq_save(flags);
> -	if (atomic_dec_and_lock(&up->__count, &uidhash_lock))
> +	if (refcount_dec_and_lock(&up->__count, &uidhash_lock))
>  		free_user(up, flags);
>  	else
>  		local_irq_restore(flags);
> @@ -191,7 +191,7 @@ struct user_struct *alloc_uid(kuid_t uid)
>  			goto out_unlock;
>  
>  		new->uid = uid;
> -		atomic_set(&new->__count, 1);
> +		refcount_set(&new->__count, 1);
>  		ratelimit_state_init(&new->ratelimit, HZ, 100);
>  		ratelimit_set_flags(&new->ratelimit, RATELIMIT_MSG_ON_RELEASE);
>  
> -- 
> 2.18.0

Sebastian