From: Daniel Micay <danielmi...@gmail.com>
The WARN_ON() checking for a NULL release pointer should be a BUG()
since continuing with a NULL release pointer will lead to a NULL
pointer dereference anyway.
The kref_put() case is extracted from PaX, and Kees Cook noted it should
be extended to the other two cases.
Signed-off-by: Daniel Micay <danielmi...@gmail.com>
[kees: clarify commit log]
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
include/linux/kref.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/linux/kref.h b/include/linux/kref.h
index f4156f88f557..82a2c225eae3 100644
--- a/include/linux/kref.h
+++ b/include/linux/kref.h
@@ -66,7 +66,7 @@ static inline void kref_get(struct kref *kref)
*/
static inline int kref_put(struct kref *kref, void (*release)(struct kref
*kref))
{
- WARN_ON(release == NULL);
+ BUG_ON(release == NULL);
if (refcount_dec_and_test(&kref->refcount)) {
release(kref);
@@ -79,7 +79,7 @@ static inline int kref_put_mutex(struct kref *kref,
void (*release)(struct kref *kref),
struct mutex *lock)
{
- WARN_ON(release == NULL);
+ BUG_ON(release == NULL);
if (refcount_dec_and_mutex_lock(&kref->refcount, lock)) {
release(kref);
@@ -92,7 +92,7 @@ static inline int kref_put_lock(struct kref *kref,
void (*release)(struct kref *kref),
spinlock_t *lock)
{
- WARN_ON(release == NULL);
+ BUG_ON(release == NULL);
if (refcount_dec_and_lock(&kref->refcount, lock)) {
release(kref);
--
Kees Cook
Pixel Security
