userfaultfd: convert userfaultfd_ctx::refcount to refcount_t - kernel/linux.git

diff options

author	Eric Biggers <ebiggers@google.com>	2018-12-28 11:34:43 +0300
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-12-28 23:11:47 +0300
commit	ca880420665dbc8beec3693bee9f5eccb89de4a6 (patch)
tree	7255c489175110780706a7eaf04fe8f0f34611b5 /mm/page_alloc.c
parent	66f71da9dd38af17dc17209cdde7987d4679a699 (diff)
download	linux-ca880420665dbc8beec3693bee9f5eccb89de4a6.tar.xz

userfaultfd: convert userfaultfd_ctx::refcount to refcount_t

Reference counters should use refcount_t rather than atomic_t, since the refcount_t implementation can prevent overflows, reducing the exploitability of reference leak bugs. userfaultfd_ctx::refcount is a reference counter with the usual semantics, so convert it to refcount_t. Note: I replaced the BUG() on incrementing a 0 refcount with just refcount_inc(), since part of the semantics of refcount_t is that that incrementing a 0 refcount is not allowed; with CONFIG_REFCOUNT_FULL, refcount_inc() already checks for it and warns. Link: http://lkml.kernel.org/r/20181115003916.63381-1-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Reviewed-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Diffstat (limited to 'mm/page_alloc.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: