diff options
author | Elena Reshetova <elena.reshetova@intel.com> | 2017-05-02 16:16:04 +0200 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2017-05-02 16:16:04 +0200 |
commit | 9d2378f8c8f1a3fcfab681fd90c139d90dca7b69 (patch) | |
tree | 0c11cc5d48fbd6d44c6dd593b8ebdfa07f8adad2 /kernel/audit_tree.c | |
parent | audit: normalize NETFILTER_PKT (diff) | |
download | linux-9d2378f8c8f1a3fcfab681fd90c139d90dca7b69.tar.xz linux-9d2378f8c8f1a3fcfab681fd90c139d90dca7b69.zip |
audit: convert audit_tree.count from atomic_t to refcount_t
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
[PM: fix subject line, add #include]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to '')
-rw-r--r-- | kernel/audit_tree.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 7b44195da81b..5cfd1ea18de0 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c @@ -3,13 +3,14 @@ #include <linux/namei.h> #include <linux/mount.h> #include <linux/kthread.h> +#include <linux/refcount.h> #include <linux/slab.h> struct audit_tree; struct audit_chunk; struct audit_tree { - atomic_t count; + refcount_t count; int goner; struct audit_chunk *root; struct list_head chunks; @@ -77,7 +78,7 @@ static struct audit_tree *alloc_tree(const char *s) tree = kmalloc(sizeof(struct audit_tree) + strlen(s) + 1, GFP_KERNEL); if (tree) { - atomic_set(&tree->count, 1); + refcount_set(&tree->count, 1); tree->goner = 0; INIT_LIST_HEAD(&tree->chunks); INIT_LIST_HEAD(&tree->rules); @@ -91,12 +92,12 @@ static struct audit_tree *alloc_tree(const char *s) static inline void get_tree(struct audit_tree *tree) { - atomic_inc(&tree->count); + refcount_inc(&tree->count); } static inline void put_tree(struct audit_tree *tree) { - if (atomic_dec_and_test(&tree->count)) + if (refcount_dec_and_test(&tree->count)) kfree_rcu(tree, head); } |