[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <cover.1605027593.git.skhan@linuxfoundation.org>
Date: Tue, 10 Nov 2020 12:53:26 -0700
From: Shuah Khan <skhan@...uxfoundation.org>
To: corbet@....net, keescook@...omium.org, gregkh@...uxfoundation.org,
peterz@...radead.org, rafael@...nel.org, lenb@...nel.org,
james.morse@....com, tony.luck@...el.com, bp@...en8.de,
minyard@....org, arnd@...db.de, mchehab@...nel.org,
rric@...nel.org, valentina.manea.m@...il.com, shuah@...nel.org,
zohar@...ux.ibm.com, dmitry.kasatkin@...il.com, jmorris@...ei.org,
serge@...lyn.com
Cc: Shuah Khan <skhan@...uxfoundation.org>, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-acpi@...r.kernel.org,
openipmi-developer@...ts.sourceforge.net,
linux-edac@...r.kernel.org, linux-usb@...r.kernel.org,
linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: [PATCH 00/13] Introduce seqnum_ops
There are a number of atomic_t usages in the kernel where atomic_t api
is used strictly for counting sequence numbers and other statistical
counters and not for managing object lifetime.
The purpose of these Sequence Number Ops is to clearly differentiate
atomic_t counter usages from atomic_t usages that guard object lifetimes,
hence prone to overflow and underflow errors.
The atomic_t api provides a wide range of atomic operations as a base
api to implement atomic counters, bitops, spinlock interfaces. The usages
also evolved into being used for resource lifetimes and state management.
The refcount_t api was introduced to address resource lifetime problems
related to atomic_t wrapping. There is a large overlap between the
atomic_t api used for resource lifetimes and just counters, stats, and
sequence numbers. It has become difficult to differentiate between the
atomic_t usages that should be converted to refcount_t and the ones that
can be left alone. Introducing seqnum_ops to wrap the usages that are
stats, counters, sequence numbers makes it easier for tools that scan
for underflow and overflow on atomic_t usages to detect overflow and
underflows to scan just the cases that are prone to errors.
Sequence Number api provides interfaces for simple atomic_t counter usages
that just count, and don't guard resource lifetimes. The seqnum_ops are
built on top of atomic_t api, providing a smaller subset of atomic_t
interfaces necessary to support atomic_t usages as simple counters.
This api has init/set/inc/dec/read and doesn't support any other atomic_t
ops with the intent to restrict the use of these interfaces as simple
counting usages.
Sequence Numbers wrap around to INT_MIN when it overflows and should not
be used to guard resource lifetimes, device usage and open counts that
control state changes, and pm states. Overflowing to INT_MIN is consistent
with the atomic_t api, which it is built on top of.
Using seqnum to guard lifetimes could lead to use-after free when it
overflows and undefined behavior when used to manage state changes and
device usage/open states.
In addition this patch series converts a few drivers to use the new api.
The following criteria is used for select variables for conversion:
1. Variable doesn't guard object lifetimes, manage state changes e.g:
device usage counts, device open counts, and pm states.
2. Variable is used for stats and counters.
3. The conversion doesn't change the overflow behavior.
4. Note: inc_return() usages are changed to _inc() followed by _read()
Patches: 03/13, 04/13, 09/13, 10/13, 11/13
5. drivers/acpi and drivers/acpi/apei patches have been reviewed
before the rename, however in addition to rename, inc_return()
usages are changed to _inc() followed by _read()
6. test_async_driver_probe, char/ipmi, and edac patches have been
reviewed and no changes other than the rename to seqnum_ops.
7. security/integrity/ima: Okay to depend on CONFIG_64BIT?
The work for this is a follow-on to the discussion and review of
Introduce Simple atomic counters patch series:
//lore.kernel.org/lkml/cover.1602209970.git.skhan@...uxfoundation.org/
Based on the feedback to restrict and limit the scope:
- dropped inc_return()
- renamed interfaces to match the intent and also shorten the
interface names.
Shuah Khan (13):
seqnum_ops: Introduce Sequence Number Ops
selftests: lib:test_seqnum_ops: add new test for seqnum_ops
drivers/acpi: convert seqno seqnum_ops
drivers/acpi/apei: convert seqno to seqnum_ops
drivers/base/test/test_async_driver_probe: convert to use seqnum_ops
drivers/char/ipmi: convert stats to use seqnum_ops
drivers/edac: convert pci counters to seqnum_ops
drivers/oprofile: convert stats to use seqnum_ops
drivers/staging/rtl8723bs: convert stats to use seqnum_ops
usb: usbip/vhci: convert seqno to seqnum_ops
drivers/staging/rtl8188eu: convert stats to use seqnum_ops
drivers/staging/unisys/visorhba: convert stats to use seqnum_ops
security/integrity/ima: converts stats to seqnum_ops
Documentation/core-api/atomic_ops.rst | 4 +
Documentation/core-api/index.rst | 1 +
Documentation/core-api/seqnum_ops.rst | 126 ++++++++++++++
MAINTAINERS | 8 +
drivers/acpi/acpi_extlog.c | 6 +-
drivers/acpi/apei/ghes.c | 6 +-
drivers/base/test/test_async_driver_probe.c | 26 +--
drivers/char/ipmi/ipmi_msghandler.c | 9 +-
drivers/char/ipmi/ipmi_si_intf.c | 9 +-
drivers/char/ipmi/ipmi_ssif.c | 9 +-
drivers/edac/edac_pci.h | 5 +-
drivers/edac/edac_pci_sysfs.c | 28 ++--
drivers/oprofile/buffer_sync.c | 9 +-
drivers/oprofile/event_buffer.c | 3 +-
drivers/oprofile/oprof.c | 3 +-
drivers/oprofile/oprofile_stats.c | 11 +-
drivers/oprofile/oprofile_stats.h | 11 +-
drivers/oprofile/oprofilefs.c | 3 +-
drivers/staging/rtl8188eu/core/rtw_mlme_ext.c | 23 ++-
.../staging/rtl8188eu/include/rtw_mlme_ext.h | 3 +-
drivers/staging/rtl8723bs/core/rtw_cmd.c | 3 +-
drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 33 ++--
drivers/staging/rtl8723bs/include/rtw_cmd.h | 3 +-
.../staging/rtl8723bs/include/rtw_mlme_ext.h | 3 +-
.../staging/unisys/visorhba/visorhba_main.c | 37 +++--
drivers/usb/usbip/vhci.h | 3 +-
drivers/usb/usbip/vhci_hcd.c | 9 +-
drivers/usb/usbip/vhci_rx.c | 3 +-
include/linux/oprofile.h | 3 +-
include/linux/seqnum_ops.h | 154 ++++++++++++++++++
lib/Kconfig | 9 +
lib/Makefile | 1 +
lib/test_seqnum_ops.c | 154 ++++++++++++++++++
security/integrity/ima/ima.h | 5 +-
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_fs.c | 4 +-
security/integrity/ima/ima_queue.c | 7 +-
tools/testing/selftests/lib/Makefile | 1 +
tools/testing/selftests/lib/config | 1 +
.../testing/selftests/lib/test_seqnum_ops.sh | 10 ++
40 files changed, 637 insertions(+), 111 deletions(-)
create mode 100644 Documentation/core-api/seqnum_ops.rst
create mode 100644 include/linux/seqnum_ops.h
create mode 100644 lib/test_seqnum_ops.c
create mode 100755 tools/testing/selftests/lib/test_seqnum_ops.sh
--
2.27.0
Powered by blists - more mailing lists