tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

perf thread: convert thread.refcnt from atomic_t to refcount_t

The refcount_t type and corresponding API should be used instead of atomic_t
when the variable is used as a reference counter.

This allows to avoid accidental refcounter overflows that might lead to
use-after-free situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Kook <keescook@chromium.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: David Windsor <dwindsor@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Hans Liljestrand <ishkamiel@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kees Kook <keescook@chromium.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nokia.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: alsa-devel@alsa-project.org
Link: http://lkml.kernel.org/r/1487691303-31858-9-git-send-email-elena.reshetova@intel.com
[ Did missing conversion in __machine__remove_thread() ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

authored by

Elena Reshetova and committed by
Arnaldo Carvalho de Melo e34f5b11 25a3720c

+6 -6
+1 -1
tools/perf/util/machine.c
··· 1439 1439 if (machine->last_match == th) 1440 1440 machine->last_match = NULL; 1441 1441 1442 - BUG_ON(atomic_read(&th->refcnt) == 0); 1442 + BUG_ON(refcount_read(&th->refcnt) == 0); 1443 1443 if (lock) 1444 1444 pthread_rwlock_wrlock(&machine->threads_lock); 1445 1445 rb_erase_init(&th->rb_node, &machine->threads);
+3 -3
tools/perf/util/thread.c
··· 53 53 goto err_thread; 54 54 55 55 list_add(&comm->list, &thread->comm_list); 56 - atomic_set(&thread->refcnt, 1); 56 + refcount_set(&thread->refcnt, 1); 57 57 RB_CLEAR_NODE(&thread->rb_node); 58 58 } 59 59 ··· 88 88 struct thread *thread__get(struct thread *thread) 89 89 { 90 90 if (thread) 91 - atomic_inc(&thread->refcnt); 91 + refcount_inc(&thread->refcnt); 92 92 return thread; 93 93 } 94 94 95 95 void thread__put(struct thread *thread) 96 96 { 97 - if (thread && atomic_dec_and_test(&thread->refcnt)) { 97 + if (thread && refcount_dec_and_test(&thread->refcnt)) { 98 98 /* 99 99 * Remove it from the dead_threads list, as last reference 100 100 * is gone.
+2 -2
tools/perf/util/thread.h
··· 1 1 #ifndef __PERF_THREAD_H 2 2 #define __PERF_THREAD_H 3 3 4 - #include <linux/atomic.h> 4 + #include <linux/refcount.h> 5 5 #include <linux/rbtree.h> 6 6 #include <linux/list.h> 7 7 #include <unistd.h> ··· 23 23 pid_t tid; 24 24 pid_t ppid; 25 25 int cpu; 26 - atomic_t refcnt; 26 + refcount_t refcnt; 27 27 char shortname[3]; 28 28 bool comm_set; 29 29 int comm_len;