diff options
author | Reshetova, Elena | 2017-07-04 15:53:24 +0300 |
---|---|---|
committer | David S. Miller | 2017-07-04 22:35:18 +0100 |
commit | 6871584a5e493a9fa3ad330a73966908b082deac (patch) | |
tree | b748fdcf8572c718fb270788b1fcba2041b83c8c | |
parent | 55eabed60a68e918abc44f6beb64f38cc008b29d (diff) |
net, sctp: convert sctp_auth_bytes.refcnt from atomic_t to refcount_t
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/sctp/auth.h | 5 | ||||
-rw-r--r-- | net/sctp/auth.c | 4 |
2 files changed, 5 insertions, 4 deletions
diff --git a/include/net/sctp/auth.h b/include/net/sctp/auth.h index 171244bd856f..e5c57d0a082d 100644 --- a/include/net/sctp/auth.h +++ b/include/net/sctp/auth.h @@ -31,6 +31,7 @@ #define __sctp_auth_h__ #include <linux/list.h> +#include <linux/refcount.h> struct sctp_endpoint; struct sctp_association; @@ -53,7 +54,7 @@ struct sctp_hmac { * over SCTP-AUTH */ struct sctp_auth_bytes { - atomic_t refcnt; + refcount_t refcnt; __u32 len; __u8 data[]; }; @@ -76,7 +77,7 @@ static inline void sctp_auth_key_hold(struct sctp_auth_bytes *key) if (!key) return; - atomic_inc(&key->refcnt); + refcount_inc(&key->refcnt); } void sctp_auth_key_put(struct sctp_auth_bytes *key); diff --git a/net/sctp/auth.c b/net/sctp/auth.c index 8ffa5985cd6e..e001b01b0e68 100644 --- a/net/sctp/auth.c +++ b/net/sctp/auth.c @@ -63,7 +63,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key) if (!key) return; - if (atomic_dec_and_test(&key->refcnt)) { + if (refcount_dec_and_test(&key->refcnt)) { kzfree(key); SCTP_DBG_OBJCNT_DEC(keys); } @@ -84,7 +84,7 @@ static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp) return NULL; key->len = key_len; - atomic_set(&key->refcnt, 1); + refcount_set(&key->refcnt, 1); SCTP_DBG_OBJCNT_INC(keys); return key; |