On Tue, Oct 06, 2020 at 02:44:33PM -0600, Shuah Khan wrote:
Add a new selftest for testing counter_atomic* Counters API. This test load test_counters test modules and unloads.
The test module runs tests and prints results in dmesg.
There are a number of atomic_t usages in the kernel where atomic_t api is used strictly for counting and not for managing object lifetime. In some cases, atomic_t might not even be needed.
The purpose of these counters is to clearly differentiate atomic_t counters from atomic_t usages that guard object lifetimes, hence prone to overflow and underflow errors. It allows tools that scan for underflow and overflow on atomic_t usages to detect overflow and underflows to scan just the cases that are prone to errors.
Simple atomic counters api provides interfaces for simple atomic counters that just count, and don't guard resource lifetimes. Counter will wrap around to 0 when it overflows and should not be used to guard resource lifetimes, device usage and open counts that control state changes, and pm states.
Using counter_atomic* to guard lifetimes could lead to use-after free when it overflows and undefined behavior when used to manage state changes and device usage/open states.
Signed-off-by: Shuah Khan skhan@linuxfoundation.org
Reviewed-by: Kees Cook keescook@chromium.org