refcount_t type and corresponding API can protect refcounters from accidental underflow and overflow and further use-after-free situations Signed-off-by: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx> Signed-off-by: Xin Tan <tanxin.ctf@xxxxxxxxx> --- drivers/gpu/drm/i915/gvt/gtt.c | 11 ++++++----- drivers/gpu/drm/i915/gvt/gtt.h | 3 ++- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c index cc2c05e18206..62f3daff5a36 100644 --- a/drivers/gpu/drm/i915/gvt/gtt.c +++ b/drivers/gpu/drm/i915/gvt/gtt.c @@ -841,7 +841,7 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_alloc_spt( } spt->vgpu = vgpu; - atomic_set(&spt->refcount, 1); + refcount_set(&spt->refcount, 1); INIT_LIST_HEAD(&spt->post_shadow_list); /* @@ -927,18 +927,19 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_alloc_spt_gfn( static inline void ppgtt_get_spt(struct intel_vgpu_ppgtt_spt *spt) { - int v = atomic_read(&spt->refcount); + int v = refcount_read(&spt->refcount); trace_spt_refcount(spt->vgpu->id, "inc", spt, v, (v + 1)); - atomic_inc(&spt->refcount); + refcount_inc(&spt->refcount); } static inline int ppgtt_put_spt(struct intel_vgpu_ppgtt_spt *spt) { - int v = atomic_read(&spt->refcount); + int v = refcount_read(&spt->refcount); trace_spt_refcount(spt->vgpu->id, "dec", spt, v, (v - 1)); - return atomic_dec_return(&spt->refcount); + refcount_dec(&spt->refcount); + return refcount_read(&spt->refcount); } static int ppgtt_invalidate_spt(struct intel_vgpu_ppgtt_spt *spt); diff --git a/drivers/gpu/drm/i915/gvt/gtt.h b/drivers/gpu/drm/i915/gvt/gtt.h index 3bf45672ef98..944c2d0739df 100644 --- a/drivers/gpu/drm/i915/gvt/gtt.h +++ b/drivers/gpu/drm/i915/gvt/gtt.h @@ -38,6 +38,7 @@ #include <linux/kref.h> #include <linux/mutex.h> #include <linux/radix-tree.h> +#include <linux/refcount.h> #include "gt/intel_gtt.h" @@ -243,7 +244,7 @@ struct intel_vgpu_oos_page { /* Represent a vgpu shadow page table. */ struct intel_vgpu_ppgtt_spt { - atomic_t refcount; + refcount_t refcount; struct intel_vgpu *vgpu; struct { -- 2.7.4