Commit 6871584a authored by Reshetova, Elena's avatar Reshetova, Elena Committed by David S. Miller

net, sctp: convert sctp_auth_bytes.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: default avatarElena Reshetova <elena.reshetova@intel.com>
Signed-off-by: default avatarHans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarDavid Windsor <dwindsor@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 55eabed6
...@@ -31,6 +31,7 @@ ...@@ -31,6 +31,7 @@
#define __sctp_auth_h__ #define __sctp_auth_h__
#include <linux/list.h> #include <linux/list.h>
#include <linux/refcount.h>
struct sctp_endpoint; struct sctp_endpoint;
struct sctp_association; struct sctp_association;
...@@ -53,7 +54,7 @@ struct sctp_hmac { ...@@ -53,7 +54,7 @@ struct sctp_hmac {
* over SCTP-AUTH * over SCTP-AUTH
*/ */
struct sctp_auth_bytes { struct sctp_auth_bytes {
atomic_t refcnt; refcount_t refcnt;
__u32 len; __u32 len;
__u8 data[]; __u8 data[];
}; };
...@@ -76,7 +77,7 @@ static inline void sctp_auth_key_hold(struct sctp_auth_bytes *key) ...@@ -76,7 +77,7 @@ static inline void sctp_auth_key_hold(struct sctp_auth_bytes *key)
if (!key) if (!key)
return; return;
atomic_inc(&key->refcnt); refcount_inc(&key->refcnt);
} }
void sctp_auth_key_put(struct sctp_auth_bytes *key); void sctp_auth_key_put(struct sctp_auth_bytes *key);
......
...@@ -63,7 +63,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key) ...@@ -63,7 +63,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key)
if (!key) if (!key)
return; return;
if (atomic_dec_and_test(&key->refcnt)) { if (refcount_dec_and_test(&key->refcnt)) {
kzfree(key); kzfree(key);
SCTP_DBG_OBJCNT_DEC(keys); SCTP_DBG_OBJCNT_DEC(keys);
} }
...@@ -84,7 +84,7 @@ static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp) ...@@ -84,7 +84,7 @@ static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp)
return NULL; return NULL;
key->len = key_len; key->len = key_len;
atomic_set(&key->refcnt, 1); refcount_set(&key->refcnt, 1);
SCTP_DBG_OBJCNT_INC(keys); SCTP_DBG_OBJCNT_INC(keys);
return key; return key;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment