[PATCH 0/5] fs: Do not allow get_file() to resurrect 0 f_count
Kees Cook
keescook at chromium.org
Thu May 2 22:33:35 UTC 2024
Hi,
Failure with f_count reference counting are better contained by
an actual reference counting type, like refcount_t. The first step
is for get_file() to use inc_not_zero to avoid resurrection. I also
found a couple open-coded modifications of f_count that should be using
get_file(). Since long ago, f_count was switched to atomic_long_t, so to
get proper reference count checking, I've added a refcount_long_t API,
and then converted f_count to refcount_long_t.
Now if there are underflows (or somehow an overflow), we'll see them
reported.
-Kees
Kees Cook (5):
fs: Do not allow get_file() to resurrect 0 f_count
drm/vmwgfx: Do not directly manipulate file->f_count
drm/i915: Do not directly manipulate file->f_count
refcount: Introduce refcount_long_t and APIs
fs: Convert struct file::f_count to refcount_long_t
MAINTAINERS | 2 +-
Makefile | 11 +-
drivers/gpu/drm/i915/gt/shmem_utils.c | 5 +-
drivers/gpu/drm/vmwgfx/ttm_object.c | 2 +-
fs/file.c | 4 +-
fs/file_table.c | 6 +-
include/linux/fs.h | 7 +-
include/linux/refcount-impl.h | 344 ++++++++++++++++++++++++++
include/linux/refcount.h | 341 +------------------------
include/linux/refcount_types.h | 12 +
lib/refcount.c | 17 +-
11 files changed, 398 insertions(+), 353 deletions(-)
create mode 100644 include/linux/refcount-impl.h
--
2.34.1
More information about the dri-devel
mailing list