Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9d2378f8 authored by Elena Reshetova's avatar Elena Reshetova Committed by Paul Moore
Browse files

audit: convert audit_tree.count from atomic_t to refcount_t 



refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: default avatarElena Reshetova <elena.reshetova@intel.com>
Signed-off-by: default avatarHans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarDavid Windsor <dwindsor@gmail.com>
[PM: fix subject line, add #include]
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 2173c519

kernel/audit_tree.c

+5 −4
Original line number Diff line number Diff line
@@ -3,13 +3,14 @@ 
#include <linux/namei.h>

#include <linux/mount.h>

#include <linux/kthread.h>

#include <linux/refcount.h>

#include <linux/slab.h>



struct audit_tree;

struct audit_chunk;



struct audit_tree {

	atomic_t count;

	refcount_t count;

	int goner;

	struct audit_chunk *root;

	struct list_head chunks;
@@ -77,7 +78,7 @@ static struct audit_tree *alloc_tree(const char *s) 


	tree = kmalloc(sizeof(struct audit_tree) + strlen(s) + 1, GFP_KERNEL);

	if (tree) {

		atomic_set(&tree->count, 1);

		refcount_set(&tree->count, 1);

		tree->goner = 0;

		INIT_LIST_HEAD(&tree->chunks);

		INIT_LIST_HEAD(&tree->rules);
@@ -91,12 +92,12 @@ static struct audit_tree *alloc_tree(const char *s) 


static inline void get_tree(struct audit_tree *tree)

{

	atomic_inc(&tree->count);

	refcount_inc(&tree->count);

}



static inline void put_tree(struct audit_tree *tree)

{

	if (atomic_dec_and_test(&tree->count))

	if (refcount_dec_and_test(&tree->count))

		kfree_rcu(tree, head);

}