> Subject: [PATCH for-next 1/6] RDMA/core: Use refcount_t instead of atomic_t for > reference counting > > The refcount_t API will WARN on underflow and overflow of a reference counter, > and avoid use-after-free risks. Increase refcount_t from 0 to 1 is regarded as there > is a risk about use-after-free. So it should be set to 1 directly during initialization. > > Signed-off-by: Weihang Li <liweihang@xxxxxxxxxx> > --- > drivers/infiniband/core/iwcm.c | 9 ++++----- > drivers/infiniband/core/iwcm.h | 2 +- > drivers/infiniband/core/iwpm_util.c | 12 ++++++++---- > drivers/infiniband/core/iwpm_util.h | 2 +- > drivers/infiniband/core/mad_priv.h | 2 +- > drivers/infiniband/core/multicast.c | 30 +++++++++++++++--------------- > drivers/infiniband/core/uverbs.h | 2 +- > drivers/infiniband/core/uverbs_main.c | 12 ++++++------ > 8 files changed, 37 insertions(+), 34 deletions(-) > [...] > @@ -589,9 +589,9 @@ static struct mcast_group *acquire_group(struct > mcast_port *port, > kfree(group); > group = cur_group; > } else > - atomic_inc(&port->refcount); > + refcount_inc(&port->refcount); > found: > - atomic_inc(&group->refcount); > + refcount_inc(&group->refcount); Seems like there is refcount_inc with refcount = 0 when the group is first created? > spin_unlock_irqrestore(&port->lock, flags); > return group; > }
