From: Daniel Micay <danielmi...@gmail.com> The WARN_ON() checking for a NULL release pointer should be a BUG() since continuing with a NULL release pointer will lead to a NULL pointer dereference anyway.
The kref_put() case is extracted from PaX, and Kees Cook noted it should be extended to the other two cases. Signed-off-by: Daniel Micay <danielmi...@gmail.com> [kees: clarify commit log] Signed-off-by: Kees Cook <keesc...@chromium.org> --- include/linux/kref.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/linux/kref.h b/include/linux/kref.h index f4156f88f557..82a2c225eae3 100644 --- a/include/linux/kref.h +++ b/include/linux/kref.h @@ -66,7 +66,7 @@ static inline void kref_get(struct kref *kref) */ static inline int kref_put(struct kref *kref, void (*release)(struct kref *kref)) { - WARN_ON(release == NULL); + BUG_ON(release == NULL); if (refcount_dec_and_test(&kref->refcount)) { release(kref); @@ -79,7 +79,7 @@ static inline int kref_put_mutex(struct kref *kref, void (*release)(struct kref *kref), struct mutex *lock) { - WARN_ON(release == NULL); + BUG_ON(release == NULL); if (refcount_dec_and_mutex_lock(&kref->refcount, lock)) { release(kref); @@ -92,7 +92,7 @@ static inline int kref_put_lock(struct kref *kref, void (*release)(struct kref *kref), spinlock_t *lock) { - WARN_ON(release == NULL); + BUG_ON(release == NULL); if (refcount_dec_and_lock(&kref->refcount, lock)) { release(kref); -- Kees Cook Pixel Security