[+cc Hyper-V folks, -cc others]

On Mon, Mar 06, 2017 at 04:21:04PM +0200, Elena Reshetova wrote:
> refcount_t type and corresponding API should be
> used instead of atomic_t when the variable is used as
> a reference counter. This allows to avoid accidental
> refcounter overflows that might lead to use-after-free
> situations.
> 
> Signed-off-by: Elena Reshetova <elena.reshet...@intel.com>
> Signed-off-by: Hans Liljestrand <ishkam...@gmail.com>
> Signed-off-by: Kees Cook <keesc...@chromium.org>
> Signed-off-by: David Windsor <dwind...@gmail.com>
> ---
>  drivers/pci/host/pci-hyperv.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c
> index cd114c6..870deed 100644
> --- a/drivers/pci/host/pci-hyperv.c
> +++ b/drivers/pci/host/pci-hyperv.c
> @@ -56,6 +56,7 @@
>  #include <asm/apic.h>
>  #include <linux/msi.h>
>  #include <linux/hyperv.h>
> +#include <linux/refcount.h>
>  #include <asm/mshyperv.h>
>  
>  /*
> @@ -421,7 +422,7 @@ enum hv_pcidev_ref_reason {
>  struct hv_pci_dev {
>       /* List protected by pci_rescan_remove_lock */
>       struct list_head list_entry;
> -     atomic_t refs;
> +     refcount_t refs;
>       enum hv_pcichild_state state;
>       struct pci_function_description desc;
>       bool reported_missing;
> @@ -1254,13 +1255,13 @@ static void q_resource_requirements(void *context, 
> struct pci_response *resp,
>  static void get_pcichild(struct hv_pci_dev *hpdev,
>                           enum hv_pcidev_ref_reason reason)
>  {
> -     atomic_inc(&hpdev->refs);
> +     refcount_inc(&hpdev->refs);
>  }
>  
>  static void put_pcichild(struct hv_pci_dev *hpdev,
>                           enum hv_pcidev_ref_reason reason)
>  {
> -     if (atomic_dec_and_test(&hpdev->refs))
> +     if (refcount_dec_and_test(&hpdev->refs))
>               kfree(hpdev);
>  }
>  
> @@ -1314,7 +1315,7 @@ static struct hv_pci_dev *new_pcichild_device(struct 
> hv_pcibus_device *hbus,
>       wait_for_completion(&comp_pkt.host_event);
>  
>       hpdev->desc = *desc;
> -     get_pcichild(hpdev, hv_pcidev_ref_initial);
> +     refcount_set(&hpdev->refs, 1);
>       get_pcichild(hpdev, hv_pcidev_ref_childlist);
>       spin_lock_irqsave(&hbus->device_list_lock, flags);
>       list_add_tail(&hpdev->list_entry, &hbus->children);
> -- 
> 2.7.4
> 

Reply via email to