linux/fs/nfsd
Elena Reshetova a15dfcd529 fs, nfsd: convert nfs4_stid.sc_count from atomic_t to refcount_t
atomic_t variables are currently used to implement reference
counters with the following properties:
 - counter is initialized to 1 using atomic_set()
 - a resource is freed upon counter reaching zero
 - once counter reaches zero, its further
   increments aren't allowed
 - counter schema uses basic atomic operations
   (set, inc, inc_not_zero, dec_and_test, etc.)

Such atomic variables should be converted to a newly provided
refcount_t type and API that prevents accidental counter overflows
and underflows. This is important since overflows and underflows
can lead to use-after-free situation and be exploitable.

The variable nfs4_stid.sc_count is used as pure reference counter.
Convert it to refcount_t and fix up the operations.

Suggested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: David Windsor <dwindsor@gmail.com>
Reviewed-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2017-11-07 16:43:58 -05:00
..
acl.h
auth.c cred: simpler, 1D supplementary groups 2016-10-07 18:46:30 -07:00
auth.h
blocklayout.c block: Make most scsi_req_init() calls implicit 2017-06-20 19:27:14 -06:00
blocklayoutxdr.c Highlights: 2016-08-04 19:59:06 -04:00
blocklayoutxdr.h nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
cache.h nfsd: Remove the cache_hash list 2014-08-17 12:00:12 -04:00
current_stateid.h nfsd4: properly type op_get_currentstateid callbacks 2017-05-15 17:42:27 +02:00
export.c nfsd: namespace-prefix uuid_parse 2017-06-05 16:56:38 +02:00
export.h nfsd: allow nfsd to advertise multiple layout types 2016-07-15 15:31:32 -04:00
fault_inject.c nfsd: use ARRAY_SIZE 2017-10-05 13:56:39 -04:00
flexfilelayout.c nfsd: don't set a FL_LAYOUT lease for flexfiles layouts 2016-09-16 16:15:52 -04:00
flexfilelayoutxdr.c nfsd: Add a super simple flex file server 2016-07-13 15:40:48 -04:00
flexfilelayoutxdr.h nfsd: Add a super simple flex file server 2016-07-13 15:40:48 -04:00
idmap.h nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
Kconfig block: make scsi_request and scsi ioctl support optional 2017-01-31 10:53:05 -07:00
lockd.c lockd: constify nlmsvc_binding structure 2016-01-07 10:10:50 -05:00
Makefile nfsd: Add a super simple flex file server 2016-07-13 15:40:48 -04:00
netns.h netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
nfs2acl.c sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfs3acl.c sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfs3proc.c sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfs3xdr.c nfsd4: factor ctime into change attribute 2017-07-12 15:55:00 -04:00
nfs4acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs4callback.c nfsd: Fix a memory scribble in the callback channel 2017-07-17 13:15:06 -04:00
nfs4idmap.c nfsd/idmap: return nfserr_inval for 0-length names 2017-02-17 16:25:59 -05:00
nfs4layouts.c fs, nfsd: convert nfs4_stid.sc_count from atomic_t to refcount_t 2017-11-07 16:43:58 -05:00
nfs4proc.c nfsd: remove unnecessary nofilehandle checks 2017-10-04 16:25:00 -04:00
nfs4recover.c Various bugfixes, a RDMA update from Chuck Lever, and support for a new 2016-03-24 10:41:00 -07:00
nfs4state.c fs, nfsd: convert nfs4_stid.sc_count from atomic_t to refcount_t 2017-11-07 16:43:58 -05:00
nfs4xdr.c nfsd: Incoming xdr_bufs may have content in tail buffer 2017-09-05 15:15:29 -04:00
nfscache.c lib/vsprintf.c: remove %Z support 2017-02-27 18:43:47 -08:00
nfsctl.c fs: constify tree_descr arrays passed to simple_fill_super() 2017-04-26 23:54:06 -04:00
nfsd.h sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfsfh.c nfsd: check d_can_lookup in fh_verify of directories 2016-08-04 17:11:48 -04:00
nfsfh.h nfsd4: factor ctime into change attribute 2017-07-12 15:55:00 -04:00
nfsproc.c sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfssvc.c nfsd: increase DRC cache limit 2017-10-04 16:25:01 -04:00
nfsxdr.c Linux 4.12-rc5 2017-06-28 13:34:15 -04:00
pnfs.h nfsd: don't set a FL_LAYOUT lease for flexfiles layouts 2016-09-16 16:15:52 -04:00
state.h fs, nfsd: convert nfs4_stid.sc_count from atomic_t to refcount_t 2017-11-07 16:43:58 -05:00
stats.c drop redundant ->owner initializations 2016-05-29 19:08:00 -04:00
stats.h
trace.c nfsd: move include of state.h from trace.c to trace.h 2015-10-23 15:57:29 -04:00
trace.h nfsd: add new io class tracepoint 2016-01-14 17:32:51 -05:00
vfs.c annotate RWF_... flags 2017-08-31 17:32:38 -04:00
vfs.h statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00
xdr3.h sunrpc: properly type pc_encode callbacks 2017-05-15 17:42:25 +02:00
xdr4.h nfsd4: fix cached replies to solo SEQUENCE compounds 2017-11-07 16:43:57 -05:00
xdr4cb.h nfsd: plumb in a CB_NOTIFY_LOCK operation 2016-09-26 15:20:35 -04:00
xdr.h sunrpc: properly type pc_encode callbacks 2017-05-15 17:42:25 +02:00