From e34f5b11cd51fbe723e481c1db03a77260be6f4c Mon Sep 17 00:00:00 2001 From: Elena Reshetova Date: Tue, 21 Feb 2017 17:35:02 +0200 Subject: [PATCH] perf thread: convert thread.refcnt from atomic_t to refcount_t The refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova Signed-off-by: David Windsor Signed-off-by: Hans Liljestrand Signed-off-by: Kees Kook Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: Andrew Morton Cc: David Windsor Cc: Greg Kroah-Hartman Cc: Hans Liljestrand Cc: Jiri Olsa Cc: Kees Kook Cc: Mark Rutland Cc: Matija Glavinic Pecotic Cc: Peter Zijlstra Cc: alsa-devel@alsa-project.org Link: http://lkml.kernel.org/r/1487691303-31858-9-git-send-email-elena.reshetova@intel.com [ Did missing conversion in __machine__remove_thread() ] Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/machine.c | 2 +- tools/perf/util/thread.c | 6 +++--- tools/perf/util/thread.h | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/perf/util/machine.c b/tools/perf/util/machine.c index 71c9720d4973..b9974fe41bc1 100644 --- a/tools/perf/util/machine.c +++ b/tools/perf/util/machine.c @@ -1439,7 +1439,7 @@ static void __machine__remove_thread(struct machine *machine, struct thread *th, if (machine->last_match == th) machine->last_match = NULL; - BUG_ON(atomic_read(&th->refcnt) == 0); + BUG_ON(refcount_read(&th->refcnt) == 0); if (lock) pthread_rwlock_wrlock(&machine->threads_lock); rb_erase_init(&th->rb_node, &machine->threads); diff --git a/tools/perf/util/thread.c b/tools/perf/util/thread.c index f5af87f66663..74e79d26b421 100644 --- a/tools/perf/util/thread.c +++ b/tools/perf/util/thread.c @@ -53,7 +53,7 @@ struct thread *thread__new(pid_t pid, pid_t tid) goto err_thread; list_add(&comm->list, &thread->comm_list); - atomic_set(&thread->refcnt, 1); + refcount_set(&thread->refcnt, 1); RB_CLEAR_NODE(&thread->rb_node); } @@ -88,13 +88,13 @@ void thread__delete(struct thread *thread) struct thread *thread__get(struct thread *thread) { if (thread) - atomic_inc(&thread->refcnt); + refcount_inc(&thread->refcnt); return thread; } void thread__put(struct thread *thread) { - if (thread && atomic_dec_and_test(&thread->refcnt)) { + if (thread && refcount_dec_and_test(&thread->refcnt)) { /* * Remove it from the dead_threads list, as last reference * is gone. diff --git a/tools/perf/util/thread.h b/tools/perf/util/thread.h index 99263cb6e6b6..e57188546465 100644 --- a/tools/perf/util/thread.h +++ b/tools/perf/util/thread.h @@ -1,7 +1,7 @@ #ifndef __PERF_THREAD_H #define __PERF_THREAD_H -#include +#include #include #include #include @@ -23,7 +23,7 @@ struct thread { pid_t tid; pid_t ppid; int cpu; - atomic_t refcnt; + refcount_t refcnt; char shortname[3]; bool comm_set; int comm_len; -- 2.30.2