提交 6871584a 编写于 作者: R Reshetova, Elena 提交者: David S. Miller

net, sctp: convert sctp_auth_bytes.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: NElena Reshetova <elena.reshetova@intel.com>
Signed-off-by: NHans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: NKees Cook <keescook@chromium.org>
Signed-off-by: NDavid Windsor <dwindsor@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 55eabed6
......@@ -31,6 +31,7 @@
#define __sctp_auth_h__
#include <linux/list.h>
#include <linux/refcount.h>
struct sctp_endpoint;
struct sctp_association;
......@@ -53,7 +54,7 @@ struct sctp_hmac {
* over SCTP-AUTH
*/
struct sctp_auth_bytes {
atomic_t refcnt;
refcount_t refcnt;
__u32 len;
__u8 data[];
};
......@@ -76,7 +77,7 @@ static inline void sctp_auth_key_hold(struct sctp_auth_bytes *key)
if (!key)
return;
atomic_inc(&key->refcnt);
refcount_inc(&key->refcnt);
}
void sctp_auth_key_put(struct sctp_auth_bytes *key);
......
......@@ -63,7 +63,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key)
if (!key)
return;
if (atomic_dec_and_test(&key->refcnt)) {
if (refcount_dec_and_test(&key->refcnt)) {
kzfree(key);
SCTP_DBG_OBJCNT_DEC(keys);
}
......@@ -84,7 +84,7 @@ static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp)
return NULL;
key->len = key_len;
atomic_set(&key->refcnt, 1);
refcount_set(&key->refcnt, 1);
SCTP_DBG_OBJCNT_INC(keys);
return key;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册