This patch series is a result of discussion at the refcount_t BOF the Linux Plumbers Conference. In this discussion, we identifed a need for looking closely and investigating atomic_t usages in the kernel when it is used strictly as a counter wothout it controlling object lifetimes and state changes.
There are a number of atomic_t usages in the kernel where atomic_t api is used strictly for counting and not for managing object lifetime. In some cases, atomic_t might not even be needed.
The purpose of these counters is twofold: 1. clearly differentiate atomic_t counters from atomic_t usages that guard object lifetimes, hence prone to overflow and underflow errors. It allows tools that scan for underflow and overflow on atomic_t usages to detect overflow and underflows to scan just the cases that are prone to errors. 2. provides non-atomic counters for cases where atomic isn't necessary.
Simple atomic and non-atomic counters api provides interfaces for simple atomic and non-atomic counters that just count, and don't guard resource lifetimes. Counters will wrap around to 0 when it overflows and should not be used to guard resource lifetimes, device usage and open counts that control state changes, and pm states.
Using counter_atomic to guard lifetimes could lead to use-after free when it overflows and undefined behavior when used to manage state changes and device usage/open states.
This patch series introduces Simple atomic and non-atomic counters. Counter atomic ops leverage atomic_t and provide a sub-set of atomic_t ops.
In addition this patch series converts a few drivers to use the new api. The following criteria is used for select variables for conversion:
1. Variable doesn't guard object lifetimes, manage state changes e.g: device usage counts, device open counts, and pm states. 2. Variable is used for stats and counters. 3. The conversion doesn't change the overflow behavior.
Please review and let me know if non-stat conversions e.g: probe_count, deferred_trigger_count make sense.
Shuah Khan (11): counters: Introduce counter and counter_atomic counters selftests:lib:test_counters: add new test for counters drivers/base: convert deferred_trigger_count and probe_count to counter_atomic drivers/base/devcoredump: convert devcd_count to counter_atomic drivers/acpi: convert seqno counter_atomic drivers/acpi/apei: convert seqno counter_atomic drivers/android/binder: convert stats, transaction_log to counter_atomic drivers/base/test/test_async_driver_probe: convert to use counter_atomic drivers/char/ipmi: convert stats to use counter_atomic drivers/misc/vmw_vmci: convert num guest devices counter to counter_atomic drivers/edac: convert pci counters to counter_atomic
Documentation/core-api/counters.rst | 158 +++++++++ MAINTAINERS | 8 + drivers/acpi/acpi_extlog.c | 5 +- drivers/acpi/apei/ghes.c | 5 +- drivers/android/binder.c | 41 +-- drivers/android/binder_internal.h | 3 +- drivers/base/dd.c | 19 +- drivers/base/devcoredump.c | 5 +- drivers/base/test/test_async_driver_probe.c | 23 +- drivers/char/ipmi/ipmi_msghandler.c | 9 +- drivers/char/ipmi/ipmi_si_intf.c | 9 +- drivers/edac/edac_pci.h | 5 +- drivers/edac/edac_pci_sysfs.c | 28 +- drivers/misc/vmw_vmci/vmci_guest.c | 9 +- include/linux/counters.h | 343 +++++++++++++++++++ lib/Kconfig | 10 + lib/Makefile | 1 + lib/test_counters.c | 283 +++++++++++++++ tools/testing/selftests/lib/Makefile | 1 + tools/testing/selftests/lib/config | 1 + tools/testing/selftests/lib/test_counters.sh | 5 + 21 files changed, 897 insertions(+), 74 deletions(-) create mode 100644 Documentation/core-api/counters.rst create mode 100644 include/linux/counters.h create mode 100644 lib/test_counters.c create mode 100755 tools/testing/selftests/lib/test_counters.sh
Add a new selftest for testing counter and counter_atomic counters api. This test load test_counters test modules and unloads.
The test module runs tests and prints results in dmesg.
There are a number of atomic_t usages in the kernel where atomic_t api is used strictly for counting and not for managing object lifetime. In some cases, atomic_t might not even be needed.
The purpose of these counters is twofold: 1. clearly differentiate atomic_t counters from atomic_t usages that guard object lifetimes, hence prone to overflow and underflow errors. It allows tools that scan for underflow and overflow on atomic_t usages to detect overflow and underflows to scan just the cases that are prone to errors. 2. provides non-atomic counters for cases where atomic isn't necessary.
Simple atomic and non-atomic counters api provides interfaces for simple atomic and non-atomic counters that just count, and don't guard resource lifetimes. Counters will wrap around to 0 when it overflows and should not be used to guard resource lifetimes, device usage and open counts that control state changes, and pm states.
Using counter_atomic to guard lifetimes could lead to use-after free when it overflows and undefined behavior when used to manage state changes and device usage/open states.
Signed-off-by: Shuah Khan skhan@linuxfoundation.org --- MAINTAINERS | 1 + tools/testing/selftests/lib/Makefile | 1 + tools/testing/selftests/lib/config | 1 + tools/testing/selftests/lib/test_counters.sh | 5 +++++ 4 files changed, 8 insertions(+) create mode 100755 tools/testing/selftests/lib/test_counters.sh
diff --git a/MAINTAINERS b/MAINTAINERS index 1d3abcfa76ab..fc802ef0ee95 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -15847,6 +15847,7 @@ L: linux-kernel@vger.kernel.org S: Maintained F: include/linux/counters.h F: lib/test_counters.c +F: tools/testing/selftests/lib/test_counters.sh
SIMPLE FIRMWARE INTERFACE (SFI) S: Obsolete diff --git a/tools/testing/selftests/lib/Makefile b/tools/testing/selftests/lib/Makefile index a105f094676e..e8960d7934e2 100644 --- a/tools/testing/selftests/lib/Makefile +++ b/tools/testing/selftests/lib/Makefile @@ -5,5 +5,6 @@ all:
TEST_PROGS := printf.sh bitmap.sh prime_numbers.sh strscpy.sh +TEST_PROGS += test_counters.sh
include ../lib.mk diff --git a/tools/testing/selftests/lib/config b/tools/testing/selftests/lib/config index b80ee3f6e265..6ed25024d371 100644 --- a/tools/testing/selftests/lib/config +++ b/tools/testing/selftests/lib/config @@ -3,3 +3,4 @@ CONFIG_TEST_BITMAP=m CONFIG_PRIME_NUMBERS=m CONFIG_TEST_STRSCPY=m CONFIG_TEST_BITOPS=m +CONFIG_TEST_COUNTERS=m diff --git a/tools/testing/selftests/lib/test_counters.sh b/tools/testing/selftests/lib/test_counters.sh new file mode 100755 index 000000000000..d1a130190e3f --- /dev/null +++ b/tools/testing/selftests/lib/test_counters.sh @@ -0,0 +1,5 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# Tests the Simple Atomic and Non-atomic Counters interfaces using +# test_counters kernel module +$(dirname $0)/../kselftest/module.sh "test_counters" test_counters
linux-kselftest-mirror@lists.linaro.org