On Tue, Oct 06, 2020 at 02:44:33PM -0600, Shuah Khan wrote: > Add a new selftest for testing counter_atomic* Counters API. This test > load test_counters test modules and unloads. > > The test module runs tests and prints results in dmesg. > > There are a number of atomic_t usages in the kernel where atomic_t api > is used strictly for counting and not for managing object lifetime. In > some cases, atomic_t might not even be needed. > > The purpose of these counters is to clearly differentiate atomic_t > counters from atomic_t usages that guard object lifetimes, hence prone > to overflow and underflow errors. It allows tools that scan for underflow > and overflow on atomic_t usages to detect overflow and underflows to scan > just the cases that are prone to errors. > > Simple atomic counters api provides interfaces for simple atomic counters > that just count, and don't guard resource lifetimes. Counter will wrap > around to 0 when it overflows and should not be used to guard resource > lifetimes, device usage and open counts that control state changes, and > pm states. > > Using counter_atomic* to guard lifetimes could lead to use-after free > when it overflows and undefined behavior when used to manage state > changes and device usage/open states. > > Signed-off-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
