Commit 87066fdd authored by Linus Torvalds's avatar Linus Torvalds

Revert "mm/secretmem: use refcount_t instead of atomic_t"

This reverts commit 11086054.

Converting the "secretmem_users" counter to a refcount is incorrect,
because a refcount is special in zero and can't just be incremented (but
a count of users is not, and "no users" is actually perfectly valid and
not a sign of a free'd resource).

Reported-by: syzbot+75639e6a0331cd61d3e2@syzkaller.appspotmail.com
Cc: Jordy Zomer <jordy@pwning.systems>
Cc: Kees Cook <keescook@chromium.org>,
Cc: Jordy Zomer <jordy@jordyzomer.github.io>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent b20078fd
...@@ -18,7 +18,6 @@ ...@@ -18,7 +18,6 @@
#include <linux/secretmem.h> #include <linux/secretmem.h>
#include <linux/set_memory.h> #include <linux/set_memory.h>
#include <linux/sched/signal.h> #include <linux/sched/signal.h>
#include <linux/refcount.h>
#include <uapi/linux/magic.h> #include <uapi/linux/magic.h>
...@@ -41,11 +40,11 @@ module_param_named(enable, secretmem_enable, bool, 0400); ...@@ -41,11 +40,11 @@ module_param_named(enable, secretmem_enable, bool, 0400);
MODULE_PARM_DESC(secretmem_enable, MODULE_PARM_DESC(secretmem_enable,
"Enable secretmem and memfd_secret(2) system call"); "Enable secretmem and memfd_secret(2) system call");
static refcount_t secretmem_users; static atomic_t secretmem_users;
bool secretmem_active(void) bool secretmem_active(void)
{ {
return !!refcount_read(&secretmem_users); return !!atomic_read(&secretmem_users);
} }
static vm_fault_t secretmem_fault(struct vm_fault *vmf) static vm_fault_t secretmem_fault(struct vm_fault *vmf)
...@@ -104,7 +103,7 @@ static const struct vm_operations_struct secretmem_vm_ops = { ...@@ -104,7 +103,7 @@ static const struct vm_operations_struct secretmem_vm_ops = {
static int secretmem_release(struct inode *inode, struct file *file) static int secretmem_release(struct inode *inode, struct file *file)
{ {
refcount_dec(&secretmem_users); atomic_dec(&secretmem_users);
return 0; return 0;
} }
...@@ -218,7 +217,7 @@ SYSCALL_DEFINE1(memfd_secret, unsigned int, flags) ...@@ -218,7 +217,7 @@ SYSCALL_DEFINE1(memfd_secret, unsigned int, flags)
file->f_flags |= O_LARGEFILE; file->f_flags |= O_LARGEFILE;
fd_install(fd, file); fd_install(fd, file);
refcount_inc(&secretmem_users); atomic_inc(&secretmem_users);
return fd; return fd;
err_put_fd: err_put_fd:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment