net: convert netlbl_lsm_cache.refcount from atomic_t to refcount_t
authorReshetova, Elena <elena.reshetova@intel.com>
Fri, 30 Jun 2017 10:08:09 +0000 (13:08 +0300)
committerDavid S. Miller <davem@davemloft.net>
Sat, 1 Jul 2017 14:39:09 +0000 (07:39 -0700)
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/netlabel.h
net/ipv4/cipso_ipv4.c
net/ipv6/calipso.c

index efe98068880f5559b97477374cd25f11957b150e..72d6435fc16ca7b3bce37e5be23b5b2593f47d56 100644 (file)
@@ -37,7 +37,7 @@
 #include <linux/in6.h>
 #include <net/netlink.h>
 #include <net/request_sock.h>
-#include <linux/atomic.h>
+#include <linux/refcount.h>
 
 struct cipso_v4_doi;
 struct calipso_doi;
@@ -136,7 +136,7 @@ struct netlbl_audit {
  *
  */
 struct netlbl_lsm_cache {
-       atomic_t refcount;
+       refcount_t refcount;
        void (*free) (const void *data);
        void *data;
 };
@@ -295,7 +295,7 @@ static inline struct netlbl_lsm_cache *netlbl_secattr_cache_alloc(gfp_t flags)
 
        cache = kzalloc(sizeof(*cache), flags);
        if (cache)
-               atomic_set(&cache->refcount, 1);
+               refcount_set(&cache->refcount, 1);
        return cache;
 }
 
@@ -309,7 +309,7 @@ static inline struct netlbl_lsm_cache *netlbl_secattr_cache_alloc(gfp_t flags)
  */
 static inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache)
 {
-       if (!atomic_dec_and_test(&cache->refcount))
+       if (!refcount_dec_and_test(&cache->refcount))
                return;
 
        if (cache->free)
index ae206163c273381ba6e8bd8a24fa050619a4a6ae..c2044775ae7daae04dd272e4206d49d5b5861779 100644 (file)
@@ -265,7 +265,7 @@ static int cipso_v4_cache_check(const unsigned char *key,
                    entry->key_len == key_len &&
                    memcmp(entry->key, key, key_len) == 0) {
                        entry->activity += 1;
-                       atomic_inc(&entry->lsm_data->refcount);
+                       refcount_inc(&entry->lsm_data->refcount);
                        secattr->cache = entry->lsm_data;
                        secattr->flags |= NETLBL_SECATTR_CACHE;
                        secattr->type = NETLBL_NLTYPE_CIPSOV4;
@@ -332,7 +332,7 @@ int cipso_v4_cache_add(const unsigned char *cipso_ptr,
        }
        entry->key_len = cipso_ptr_len;
        entry->hash = cipso_v4_map_cache_hash(cipso_ptr, cipso_ptr_len);
-       atomic_inc(&secattr->cache->refcount);
+       refcount_inc(&secattr->cache->refcount);
        entry->lsm_data = secattr->cache;
 
        bkt = entry->hash & (CIPSO_V4_CACHE_BUCKETS - 1);
index 8d772fea1ddecd427a66c18f34d50f969186f02a..44067521e7cd56e84870fb1a8209b68349ac22f4 100644 (file)
@@ -227,7 +227,7 @@ static int calipso_cache_check(const unsigned char *key,
                    entry->key_len == key_len &&
                    memcmp(entry->key, key, key_len) == 0) {
                        entry->activity += 1;
-                       atomic_inc(&entry->lsm_data->refcount);
+                       refcount_inc(&entry->lsm_data->refcount);
                        secattr->cache = entry->lsm_data;
                        secattr->flags |= NETLBL_SECATTR_CACHE;
                        secattr->type = NETLBL_NLTYPE_CALIPSO;
@@ -296,7 +296,7 @@ static int calipso_cache_add(const unsigned char *calipso_ptr,
        }
        entry->key_len = calipso_ptr_len;
        entry->hash = calipso_map_cache_hash(calipso_ptr, calipso_ptr_len);
-       atomic_inc(&secattr->cache->refcount);
+       refcount_inc(&secattr->cache->refcount);
        entry->lsm_data = secattr->cache;
 
        bkt = entry->hash & (CALIPSO_CACHE_BUCKETS - 1);