Changes in v6: * memory ordering differences are outlined in each patch together with potential problematic areas. Note: I didn't include any statements in individual patches on why I think the memory ordering changes do not matter in that particular case since ultimately these are only known by maintainers (unless explicitly documented) and very hard to figure out reliably from the code. Therefore maintainers are expected to double check the specific pointed functions and make the end decision. * rebase on top of today's linux-next/master Changes in v5: * Kees catched that the following changes in perf_event_context.refcount and futex_pi_state.refcount are not correct now when ARCH_HAS_REFCOUNT is enabled: - WARN_ON(!atomic_inc_not_zero(refcount)); + refcount_inc(refcount); So they are now changed back to using refcount_inc_not_zero. Changes in v4: * just rebase and corrections on linux-next/master Changes in v3: * SoB chain corrected * minor corrections based on v2 feedback * rebase on linux-next/master as of today Changes in v2: * dropped already merged patches * rebase on top of linux-next/master * Now by default refcount_t = atomic_t (*) and uses all atomic standard operations unless CONFIG_REFCOUNT_FULL is enabled. This is a compromise for the systems that are critical on performance (such as net) and cannot accept even slight delay on the refcounter operations. This series, for core kernel components, replaces atomic_t reference counters with the new refcount_t type and API (see include/linux/refcount.h). By doing this we prevent intentional or accidental underflows or overflows that can led to use-after-free vulnerabilities. The patches are fully independent and can be cherry-picked separately. If there are no objections to the patches, please merge them via respective trees. Elena Reshetova (16): futex: convert futex_pi_state.refcount to refcount_t sched: convert sighand_struct.count to refcount_t sched: convert signal_struct.sigcnt to refcount_t sched: convert user_struct.__count to refcount_t sched: convert numa_group.refcount to refcount_t sched/task_struct: convert task_struct.usage to refcount_t sched/task_struct: convert task_struct.stack_refcount to refcount_t perf: convert perf_event_context.refcount to refcount_t perf/ring_buffer: convert ring_buffer.refcount to refcount_t perf/ring_buffer: convert ring_buffer.aux_refcount to refcount_t uprobes: convert uprobe.ref to refcount_t nsproxy: convert nsproxy.count to refcount_t groups: convert group_info.usage to refcount_t creds: convert cred.usage to refcount_t kcov: convert kcov.refcount to refcount_t bdi: convert bdi_writeback_congested.refcnt from atomic_t to refcount_t fs/exec.c | 4 ++-- fs/proc/task_nommu.c | 2 +- include/linux/backing-dev-defs.h | 3 ++- include/linux/backing-dev.h | 4 ++-- include/linux/cred.h | 13 ++++++------ include/linux/init_task.h | 7 +++--- include/linux/nsproxy.h | 6 +++--- include/linux/perf_event.h | 3 ++- include/linux/sched.h | 5 +++-- include/linux/sched/signal.h | 5 +++-- include/linux/sched/task.h | 4 ++-- include/linux/sched/task_stack.h | 2 +- include/linux/sched/user.h | 5 +++-- kernel/cred.c | 46 ++++++++++++++++++++-------------------- kernel/events/core.c | 18 ++++++++-------- kernel/events/internal.h | 5 +++-- kernel/events/ring_buffer.c | 8 +++---- kernel/events/uprobes.c | 8 +++---- kernel/fork.c | 24 ++++++++++----------- kernel/futex.c | 15 +++++++------ kernel/groups.c | 2 +- kernel/kcov.c | 9 ++++---- kernel/nsproxy.c | 6 +++--- kernel/sched/fair.c | 12 +++++------ kernel/user.c | 8 +++---- mm/backing-dev.c | 14 ++++++------ 26 files changed, 125 insertions(+), 113 deletions(-) -- 2.7.4