Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp3551816ima; Mon, 4 Feb 2019 00:56:33 -0800 (PST) X-Google-Smtp-Source: ALg8bN6xuCwJjsdc7UhvwQKOb7Uz+anjvBe0E77czogx6XIs8bjWLhzwhFPI7AC2xVF3qxOjiFpj X-Received: by 2002:a17:902:9692:: with SMTP id n18mr51656360plp.333.1549270593265; Mon, 04 Feb 2019 00:56:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549270593; cv=none; d=google.com; s=arc-20160816; b=00hkaN0rWA/cAaEjCz8RQVscdGEewQIlnIef/pdTfIWEDP9I2Hy4TP9LgQte0TATF6 dYRrpEkPWB6S2In/Jf0ZYDtI+QAUkmvjP3zr9TuqT5A3vt9UPekEOeOuvDj69GR8pLEg WsDPL8dj/fORYDag00+m92CDuAJkEkUH60jKxh7EiuIwq0gV+iDeYTK3asMLoPvd04f8 AXqBzKIX6uQ8EiJIPGlnysRazakJ48xGbMSgj5+ZPYAPrMF+AnyDqItrTvk5BoMUrEgK DvzE2MMzG140CNnwjkHmrUDUWIDMfaHpmrBpZJec8itaKYFrGrz9bx1ghutE6TFi/WMc wTNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:mime-version:robot-unsubscribe:robot-id :git-commit-id:subject:to:references:in-reply-to:reply-to:cc :message-id:from:date; bh=deYvdQGKvcAHUYTMD2i3dF6qSuUCKD7ZRaHKiJSqm3Q=; b=ulGA3roVQl5KFRqD18T684Br01wSdb2+F4X9Q/RU+u37SvS360Tjqz71EeWXFN5p0V UKGwWJBlO4TILpjB3zXbGzN84bFpN/s2BHbxkYE2IeKU3iFnEpK7HLuetEnXwLw8pbsC jtNqmljTFudEqj5QKyGR644Za7bgz0qnUo65FujfTi55lkkusjv8tVpXYQiZzGXgJq0H oupPvNBoSuEVafuuifh+fUZxtNAbRwmhhskKGZ6/iU25mMLFm/JvYNt9nROwK5BjRH+t jgBneD+RRlVlprBITGVIbKDRFSpLrwLHlyqrB+7fg1w5LGAcnbtO6HGkz7+EV8RmihbD ZQcg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h5si15702550pfg.233.2019.02.04.00.56.17; Mon, 04 Feb 2019 00:56:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728448AbfBDIz6 (ORCPT + 99 others); Mon, 4 Feb 2019 03:55:58 -0500 Received: from terminus.zytor.com ([198.137.202.136]:41283 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726320AbfBDIz6 (ORCPT ); Mon, 4 Feb 2019 03:55:58 -0500 Received: from terminus.zytor.com (localhost [127.0.0.1]) by terminus.zytor.com (8.15.2/8.15.2) with ESMTPS id x148tgHF358027 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Mon, 4 Feb 2019 00:55:42 -0800 Received: (from tipbot@localhost) by terminus.zytor.com (8.15.2/8.15.2/Submit) id x148tg8N358024; Mon, 4 Feb 2019 00:55:42 -0800 Date: Mon, 4 Feb 2019 00:55:42 -0800 X-Authentication-Warning: terminus.zytor.com: tipbot set sender to tipbot@zytor.com using -f From: tip-bot for Elena Reshetova Message-ID: Cc: elena.reshetova@intel.com, linux-kernel@vger.kernel.org, dwindsor@gmail.com, ishkamiel@gmail.com, peterz@infradead.org, efault@gmx.de, keescook@chromium.org, torvalds@linux-foundation.org, mingo@kernel.org, hpa@zytor.com, tglx@linutronix.de, andrea.parri@amarulasolutions.com Reply-To: tglx@linutronix.de, andrea.parri@amarulasolutions.com, hpa@zytor.com, mingo@kernel.org, peterz@infradead.org, ishkamiel@gmail.com, torvalds@linux-foundation.org, dwindsor@gmail.com, efault@gmx.de, keescook@chromium.org, elena.reshetova@intel.com, linux-kernel@vger.kernel.org In-Reply-To: <1547814450-18902-5-git-send-email-elena.reshetova@intel.com> References: <1547814450-18902-5-git-send-email-elena.reshetova@intel.com> To: linux-tip-commits@vger.kernel.org Subject: [tip:sched/core] sched/core: Convert task_struct.usage to refcount_t Git-Commit-ID: ec1d281923cf81cc660343d0cb8ffc837ffb991d X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline X-Spam-Status: No, score=-0.8 required=5.0 tests=ALL_TRUSTED,BAYES_00, FREEMAIL_FORGED_REPLYTO,T_DATE_IN_FUTURE_96_Q autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on terminus.zytor.com Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: ec1d281923cf81cc660343d0cb8ffc837ffb991d Gitweb: https://git.kernel.org/tip/ec1d281923cf81cc660343d0cb8ffc837ffb991d Author: Elena Reshetova AuthorDate: Fri, 18 Jan 2019 14:27:29 +0200 Committer: Ingo Molnar CommitDate: Mon, 4 Feb 2019 08:53:55 +0100 sched/core: Convert task_struct.usage to refcount_t atomic_t variables are currently used to implement reference counters with the following properties: - counter is initialized to 1 using atomic_set() - a resource is freed upon counter reaching zero - once counter reaches zero, its further increments aren't allowed - counter schema uses basic atomic operations (set, inc, inc_not_zero, dec_and_test, etc.) Such atomic variables should be converted to a newly provided refcount_t type and API that prevents accidental counter overflows and underflows. This is important since overflows and underflows can lead to use-after-free situation and be exploitable. The variable task_struct.usage is used as pure reference counter. Convert it to refcount_t and fix up the operations. ** Important note for maintainers: Some functions from refcount_t API defined in lib/refcount.c have different memory ordering guarantees than their atomic counterparts. The full comparison can be seen in https://lkml.org/lkml/2017/11/15/57 and it is hopefully soon in state to be merged to the documentation tree. Normally the differences should not matter since refcount_t provides enough guarantees to satisfy the refcounting use cases, but in some rare cases it might matter. Please double check that you don't have some undocumented memory guarantees for this variable usage. For the task_struct.usage it might make a difference in following places: - put_task_struct(): decrement in refcount_dec_and_test() only provides RELEASE ordering and control dependency on success vs. fully ordered atomic counterpart Suggested-by: Kees Cook Signed-off-by: Elena Reshetova Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: David Windsor Reviewed-by: Hans Liljestrand Reviewed-by: Andrea Parri Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: akpm@linux-foundation.org Cc: viro@zeniv.linux.org.uk Link: https://lkml.kernel.org/r/1547814450-18902-5-git-send-email-elena.reshetova@intel.com Signed-off-by: Ingo Molnar --- include/linux/sched.h | 3 ++- include/linux/sched/task.h | 4 ++-- init/init_task.c | 2 +- kernel/fork.c | 4 ++-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/include/linux/sched.h b/include/linux/sched.h index e2bba022827d..9d14d6864ca6 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include @@ -607,7 +608,7 @@ struct task_struct { randomized_struct_fields_start void *stack; - atomic_t usage; + refcount_t usage; /* Per task flags (PF_*), defined further below: */ unsigned int flags; unsigned int ptrace; diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 44c6f15800ff..2e97a2227045 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h @@ -88,13 +88,13 @@ extern void sched_exec(void); #define sched_exec() {} #endif -#define get_task_struct(tsk) do { atomic_inc(&(tsk)->usage); } while(0) +#define get_task_struct(tsk) do { refcount_inc(&(tsk)->usage); } while(0) extern void __put_task_struct(struct task_struct *t); static inline void put_task_struct(struct task_struct *t) { - if (atomic_dec_and_test(&t->usage)) + if (refcount_dec_and_test(&t->usage)) __put_task_struct(t); } diff --git a/init/init_task.c b/init/init_task.c index 9aa3ebc74970..aca34c89529f 100644 --- a/init/init_task.c +++ b/init/init_task.c @@ -65,7 +65,7 @@ struct task_struct init_task #endif .state = 0, .stack = init_stack, - .usage = ATOMIC_INIT(2), + .usage = REFCOUNT_INIT(2), .flags = PF_KTHREAD, .prio = MAX_PRIO - 20, .static_prio = MAX_PRIO - 20, diff --git a/kernel/fork.c b/kernel/fork.c index 935a42d5f8ff..3f7e192e29f2 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -717,7 +717,7 @@ static inline void put_signal_struct(struct signal_struct *sig) void __put_task_struct(struct task_struct *tsk) { WARN_ON(!tsk->exit_state); - WARN_ON(atomic_read(&tsk->usage)); + WARN_ON(refcount_read(&tsk->usage)); WARN_ON(tsk == current); cgroup_free(tsk); @@ -896,7 +896,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node) * One for us, one for whoever does the "release_task()" (usually * parent) */ - atomic_set(&tsk->usage, 2); + refcount_set(&tsk->usage, 2); #ifdef CONFIG_BLK_DEV_IO_TRACE tsk->btrace_seq = 0; #endif