Hi Elena, On Mon, Mar 06, 2017 at 04:20:59PM +0200, Elena Reshetova wrote: > refcount_t type and corresponding API should be > used instead of atomic_t when the variable is used as > a reference counter. This allows to avoid accidental > refcounter overflows that might lead to use-after-free > situations. > > Signed-off-by: Elena Reshetova <elena.reshet...@intel.com> > Signed-off-by: Hans Liljestrand <ishkam...@gmail.com> > Signed-off-by: Kees Cook <keesc...@chromium.org> > Signed-off-by: David Windsor <dwind...@gmail.com> > --- ... > @@ -1688,7 +1689,7 @@ static int s2255_probe_v4l(struct s2255_dev *dev) > "failed to register video device!\n"); > break; > } > - atomic_inc(&dev->num_channels); > + refcount_set(&dev->num_channels, 1);
That's not right. The loop runs four iterations and the value after the loop should be indeed the number of channels. atomic_t isn't really used for reference counting here, but storing out how many "channels" there are per hardware device, with maximum number of four (4). I'd leave this driver using atomic_t. > v4l2_info(&dev->v4l2_dev, "V4L2 device registered as %s\n", > video_device_node_name(&vc->vdev)); > -- Kind regards, Sakari Ailus e-mail: sakari.ai...@iki.fi XMPP: sai...@retiisi.org.uk _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
