Elena Reshetova <elena.reshetova@xxxxxxxxx> writes: > atomic_t variables are currently used to implement reference > counters with the following properties: > - counter is initialized to 1 using atomic_set() > - a resource is freed upon counter reaching zero > - once counter reaches zero, its further > increments aren't allowed > - counter schema uses basic atomic operations > (set, inc, inc_not_zero, dec_and_test, etc.) > > Such atomic variables should be converted to a newly provided > refcount_t type and API that prevents accidental counter overflows > and underflows. This is important since overflows and underflows > can lead to use-after-free situation and be exploitable. > > The variable tcon_link.tl_count is used as pure reference counter. > Convert it to refcount_t and fix up the operations. <snip> > - cifs_get_tlink(tlink); > + refcount_set(&tlink->tl_count, 1); Since cifs_get_tlink() basically only increments the reference count and given that this is a new tlink I also think this replacement is ok. Looks good to me and passes 'make C=1'. Reviewed-by: Aurelien Aptel <aaptel@xxxxxxxx> -- Aurélien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
