> On Mon, Feb 20, 2017 at 1:29 PM, Elena Reshetova > <[email protected]> wrote: > > Now when new refcount_t type and API are finally merged > > (see include/linux/refcount.h), the following > > patches convert various refcounters in the ipc susystem from atomic_t > > to refcount_t. By doing this we prevent intentional or accidental > > underflows or overflows that can led to use-after-free vulnerabilities. > > > > The below patches are fully independent and can be cherry-picked separately. > > Since we convert all kernel subsystems in the same fashion, resulting > > in about 300 patches, we have to group them for sending at least in some > > fashion to be manageable. Please excuse the long cc list. > > Is that done using coccinelle?
Yes and no. The *finding* of cases that should be converted was done using coccinelle, but actual conversion was done manually for each case and not via semantic patch. There were many false-positives and all kind of other issues, so we had to analyse each variable separately to the extend we understand the code. > > Can I see the semantic patch (sorry if I missed it earlier)? Attached is the one we used to initially find variables. Best Regards, Elena.
atomic_as_refount.cocci
Description: atomic_as_refount.cocci
