Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp4462443ybp; Mon, 7 Oct 2019 08:48:01 -0700 (PDT) X-Google-Smtp-Source: APXvYqyzXyt4pDh34zM6Ot3CEQJwnTXAc3GWYEhMDoEUt2gHhqM2Ol5tDVPE5KDBgjFnrTnJtO1U X-Received: by 2002:a17:906:278a:: with SMTP id j10mr23861759ejc.228.1570463281555; Mon, 07 Oct 2019 08:48:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570463281; cv=none; d=google.com; s=arc-20160816; b=y94szIyNbgfMDQkGGK+ydWEY5WGB+JEpGS/QLNbbNbKADQIFyo9Fa1BImpuJ2zUwVW bQ9+DDOTHA4skq+cnp/pwOP/4iCc9f7l+XDvYL57sVyuD/yqhgZ3lq1hvzLpMubQSfhh Mkxm1IbBTaT8Ufr1FUIpchrU4FYz9Gd5qlGAAcsOXSZJolN1T8Za1RDbbpIylYO76A8r kOj3Ezr1b5QmsRWe4RplgD1rZ1WPC0igknIYJTvs9qf1uOUWJ2c/c/oDkckhe9rg0NSX uelpU+H55GQPxyOYfEgHEqeDzWSyNKoBhIf28wf11dJv6J9b+EfAfgh0nDaTkFSEBl9J gCAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=oTNDvsWmJl+7wrpBenDR1h8eEWSv8y/l9NyMbR+bDDA=; b=Cy+cgWKkWUS7Zq0MgTkQKPI40jEzDd35gFHLmYdE3yO+BVLVlhr0UfQ3EIwpju24fC mTwRwYzyHds9IwXV4kAaHyxLpXgJAapOhJvQNbLakGAVznvpjWPhoH7t/pygQrO6HZbI ctLysx3jn1ezOH1oFaw1lpXdec97vexZaNyz2Nnh4dgWJh1LMYcgwxliNMs3HgSo4g/7 6QqtoXQkMtSjSbZn7ndC6CK6VTrUTZQMfiger5NKMoezDF5Bo4wzmebjCAaYjsG3O7YX xMrzDEQeYjVCz9gYuvaTuDB+lFc89NEwFsPjTBWAs7k1t3VIE+kbGX+d9eb7I3lVzgSB s0ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fkEhxgOA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ck24si7117523ejb.400.2019.10.07.08.47.38; Mon, 07 Oct 2019 08:48:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fkEhxgOA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728758AbfJGPrR (ORCPT + 99 others); Mon, 7 Oct 2019 11:47:17 -0400 Received: from mail.kernel.org ([198.145.29.99]:51660 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728691AbfJGPrQ (ORCPT ); Mon, 7 Oct 2019 11:47:16 -0400 Received: from localhost.localdomain (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E34912173B; Mon, 7 Oct 2019 15:47:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570463235; bh=MrH3F24vYjW41F7fKBrCf+P70nG/U3rnxCKTfYDPsi4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fkEhxgOA27gPeytwCRag/UrLhInXu/74ihm8wXUvY6cjbkBctqGtIT6HQFH9L1+/i aLBGW1OPbz8N065sz1Df+ZjpLhyrCPfro0yNt+DnOwofeYFs/9eIHPWVY8D8RaURd4 Pu+IdTwNEmr304zcmdGk41WrZ+pY9G8zUd1jQh1M= From: Will Deacon To: linux-kernel@vger.kernel.org Cc: Will Deacon , Kees Cook , Ingo Molnar , Elena Reshetova , Peter Zijlstra , Ard Biesheuvel , Hanjun Guo , Jan Glauber Subject: [PATCH v3 03/10] lib/refcount: Remove unused refcount_*_checked() variants Date: Mon, 7 Oct 2019 16:46:56 +0100 Message-Id: <20191007154703.5574-4-will@kernel.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20191007154703.5574-1-will@kernel.org> References: <20191007154703.5574-1-will@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The full-fat refcount implementation is exposed via a set of functions suffixed with "_checked()", the idea being that code can choose to use the more expensive, yet more secure implementation on a case-by-case basis. In reality, this hasn't happened, so with a grand total of zero users, let's remove the checked variants for now by simply dropping the suffix and predicating the out-of-line functions on CONFIG_REFCOUNT_FULL=y. Cc: Ingo Molnar Cc: Elena Reshetova Cc: Peter Zijlstra Cc: Ard Biesheuvel Reviewed-by: Kees Cook Signed-off-by: Will Deacon --- include/linux/refcount.h | 25 ++++++------------- lib/refcount.c | 54 +++++++++++++++++++++------------------- 2 files changed, 36 insertions(+), 43 deletions(-) diff --git a/include/linux/refcount.h b/include/linux/refcount.h index 89066a1471dd..edd505d1a23b 100644 --- a/include/linux/refcount.h +++ b/include/linux/refcount.h @@ -44,32 +44,21 @@ static inline unsigned int refcount_read(const refcount_t *r) return atomic_read(&r->refs); } -extern __must_check bool refcount_add_not_zero_checked(int i, refcount_t *r); -extern void refcount_add_checked(int i, refcount_t *r); - -extern __must_check bool refcount_inc_not_zero_checked(refcount_t *r); -extern void refcount_inc_checked(refcount_t *r); - -extern __must_check bool refcount_sub_and_test_checked(int i, refcount_t *r); - -extern __must_check bool refcount_dec_and_test_checked(refcount_t *r); -extern void refcount_dec_checked(refcount_t *r); - #ifdef CONFIG_REFCOUNT_FULL #define REFCOUNT_MAX (UINT_MAX - 1) #define REFCOUNT_SATURATED UINT_MAX -#define refcount_add_not_zero refcount_add_not_zero_checked -#define refcount_add refcount_add_checked +extern __must_check bool refcount_add_not_zero(int i, refcount_t *r); +extern void refcount_add(int i, refcount_t *r); -#define refcount_inc_not_zero refcount_inc_not_zero_checked -#define refcount_inc refcount_inc_checked +extern __must_check bool refcount_inc_not_zero(refcount_t *r); +extern void refcount_inc(refcount_t *r); -#define refcount_sub_and_test refcount_sub_and_test_checked +extern __must_check bool refcount_sub_and_test(int i, refcount_t *r); -#define refcount_dec_and_test refcount_dec_and_test_checked -#define refcount_dec refcount_dec_checked +extern __must_check bool refcount_dec_and_test(refcount_t *r); +extern void refcount_dec(refcount_t *r); #else diff --git a/lib/refcount.c b/lib/refcount.c index 719b0bc42ab1..a2f670998cee 100644 --- a/lib/refcount.c +++ b/lib/refcount.c @@ -43,8 +43,10 @@ #include #include +#ifdef CONFIG_REFCOUNT_FULL + /** - * refcount_add_not_zero_checked - add a value to a refcount unless it is 0 + * refcount_add_not_zero - add a value to a refcount unless it is 0 * @i: the value to add to the refcount * @r: the refcount * @@ -61,7 +63,7 @@ * * Return: false if the passed refcount is 0, true otherwise */ -bool refcount_add_not_zero_checked(int i, refcount_t *r) +bool refcount_add_not_zero(int i, refcount_t *r) { unsigned int new, val = atomic_read(&r->refs); @@ -83,10 +85,10 @@ bool refcount_add_not_zero_checked(int i, refcount_t *r) return true; } -EXPORT_SYMBOL(refcount_add_not_zero_checked); +EXPORT_SYMBOL(refcount_add_not_zero); /** - * refcount_add_checked - add a value to a refcount + * refcount_add - add a value to a refcount * @i: the value to add to the refcount * @r: the refcount * @@ -101,14 +103,14 @@ EXPORT_SYMBOL(refcount_add_not_zero_checked); * cases, refcount_inc(), or one of its variants, should instead be used to * increment a reference count. */ -void refcount_add_checked(int i, refcount_t *r) +void refcount_add(int i, refcount_t *r) { - WARN_ONCE(!refcount_add_not_zero_checked(i, r), "refcount_t: addition on 0; use-after-free.\n"); + WARN_ONCE(!refcount_add_not_zero(i, r), "refcount_t: addition on 0; use-after-free.\n"); } -EXPORT_SYMBOL(refcount_add_checked); +EXPORT_SYMBOL(refcount_add); /** - * refcount_inc_not_zero_checked - increment a refcount unless it is 0 + * refcount_inc_not_zero - increment a refcount unless it is 0 * @r: the refcount to increment * * Similar to atomic_inc_not_zero(), but will saturate at REFCOUNT_SATURATED @@ -120,7 +122,7 @@ EXPORT_SYMBOL(refcount_add_checked); * * Return: true if the increment was successful, false otherwise */ -bool refcount_inc_not_zero_checked(refcount_t *r) +bool refcount_inc_not_zero(refcount_t *r) { unsigned int new, val = atomic_read(&r->refs); @@ -140,10 +142,10 @@ bool refcount_inc_not_zero_checked(refcount_t *r) return true; } -EXPORT_SYMBOL(refcount_inc_not_zero_checked); +EXPORT_SYMBOL(refcount_inc_not_zero); /** - * refcount_inc_checked - increment a refcount + * refcount_inc - increment a refcount * @r: the refcount to increment * * Similar to atomic_inc(), but will saturate at REFCOUNT_SATURATED and WARN. @@ -154,14 +156,14 @@ EXPORT_SYMBOL(refcount_inc_not_zero_checked); * Will WARN if the refcount is 0, as this represents a possible use-after-free * condition. */ -void refcount_inc_checked(refcount_t *r) +void refcount_inc(refcount_t *r) { - WARN_ONCE(!refcount_inc_not_zero_checked(r), "refcount_t: increment on 0; use-after-free.\n"); + WARN_ONCE(!refcount_inc_not_zero(r), "refcount_t: increment on 0; use-after-free.\n"); } -EXPORT_SYMBOL(refcount_inc_checked); +EXPORT_SYMBOL(refcount_inc); /** - * refcount_sub_and_test_checked - subtract from a refcount and test if it is 0 + * refcount_sub_and_test - subtract from a refcount and test if it is 0 * @i: amount to subtract from the refcount * @r: the refcount * @@ -180,7 +182,7 @@ EXPORT_SYMBOL(refcount_inc_checked); * * Return: true if the resulting refcount is 0, false otherwise */ -bool refcount_sub_and_test_checked(int i, refcount_t *r) +bool refcount_sub_and_test(int i, refcount_t *r) { unsigned int new, val = atomic_read(&r->refs); @@ -203,10 +205,10 @@ bool refcount_sub_and_test_checked(int i, refcount_t *r) return false; } -EXPORT_SYMBOL(refcount_sub_and_test_checked); +EXPORT_SYMBOL(refcount_sub_and_test); /** - * refcount_dec_and_test_checked - decrement a refcount and test if it is 0 + * refcount_dec_and_test - decrement a refcount and test if it is 0 * @r: the refcount * * Similar to atomic_dec_and_test(), it will WARN on underflow and fail to @@ -218,14 +220,14 @@ EXPORT_SYMBOL(refcount_sub_and_test_checked); * * Return: true if the resulting refcount is 0, false otherwise */ -bool refcount_dec_and_test_checked(refcount_t *r) +bool refcount_dec_and_test(refcount_t *r) { - return refcount_sub_and_test_checked(1, r); + return refcount_sub_and_test(1, r); } -EXPORT_SYMBOL(refcount_dec_and_test_checked); +EXPORT_SYMBOL(refcount_dec_and_test); /** - * refcount_dec_checked - decrement a refcount + * refcount_dec - decrement a refcount * @r: the refcount * * Similar to atomic_dec(), it will WARN on underflow and fail to decrement @@ -234,11 +236,13 @@ EXPORT_SYMBOL(refcount_dec_and_test_checked); * Provides release memory ordering, such that prior loads and stores are done * before. */ -void refcount_dec_checked(refcount_t *r) +void refcount_dec(refcount_t *r) { - WARN_ONCE(refcount_dec_and_test_checked(r), "refcount_t: decrement hit 0; leaking memory.\n"); + WARN_ONCE(refcount_dec_and_test(r), "refcount_t: decrement hit 0; leaking memory.\n"); } -EXPORT_SYMBOL(refcount_dec_checked); +EXPORT_SYMBOL(refcount_dec); + +#endif /* CONFIG_REFCOUNT_FULL */ /** * refcount_dec_if_one - decrement a refcount if it is 1 -- 2.23.0.581.g78d2f28ef7-goog