Commit 186debd6 authored by Elena Reshetova's avatar Elena Reshetova Committed by David Sterba
Browse files

btrfs: convert scrub_block.refs from atomic_t to refcount_t 



refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: default avatarElena Reshetova <elena.reshetova@intel.com>
Signed-off-by: default avatarHans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarDavid Windsor <dwindsor@gmail.com>
Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
parent 6f615018

fs/btrfs/scrub.c

+5 −5
Original line number Diff line number Diff line
@@ -112,7 +112,7 @@ struct scrub_block { 
	struct scrub_page	*pagev[SCRUB_MAX_PAGES_PER_BLOCK];

	int			page_count;

	atomic_t		outstanding_pages;

	atomic_t		refs; /* free mem on transition to zero */

	refcount_t		refs; /* free mem on transition to zero */

	struct scrub_ctx	*sctx;

	struct scrub_parity	*sparity;

	struct {
@@ -1998,12 +1998,12 @@ static int scrub_checksum_super(struct scrub_block *sblock) 


static void scrub_block_get(struct scrub_block *sblock)

{

	atomic_inc(&sblock->refs);

	refcount_inc(&sblock->refs);

}



static void scrub_block_put(struct scrub_block *sblock)

{

	if (atomic_dec_and_test(&sblock->refs)) {

	if (refcount_dec_and_test(&sblock->refs)) {

		int i;



		if (sblock->sparity)
@@ -2255,7 +2255,7 @@ static int scrub_pages(struct scrub_ctx *sctx, u64 logical, u64 len, 


	/* one ref inside this function, plus one for each page added to

	 * a bio later on */

	atomic_set(&sblock->refs, 1);

	refcount_set(&sblock->refs, 1);

	sblock->sctx = sctx;

	sblock->no_io_error_seen = 1;
@@ -2555,7 +2555,7 @@ static int scrub_pages_for_parity(struct scrub_parity *sparity, 


	/* one ref inside this function, plus one for each page added to

	 * a bio later on */

	atomic_set(&sblock->refs, 1);

	refcount_set(&sblock->refs, 1);

	sblock->sctx = sctx;

	sblock->no_io_error_seen = 1;

	sblock->sparity = sparity;

CRA Git | Maintained and supported by SUSTech CRA and CCSE