Greg Kroah-Hartman | b244131 | 2017-11-01 15:07:57 +0100 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0 |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 2 | /* |
| 3 | * Variant of atomic_t specialized for reference counts. |
| 4 | * |
| 5 | * The interface matches the atomic_t interface (to aid in porting) but only |
| 6 | * provides the few functions one should use for reference counting. |
| 7 | * |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 8 | * It differs in that the counter saturates at REFCOUNT_SATURATED and will not |
| 9 | * move once there. This avoids wrapping the counter and causing 'spurious' |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 10 | * use-after-free issues. |
| 11 | * |
| 12 | * Memory ordering rules are slightly relaxed wrt regular atomic_t functions |
| 13 | * and provide only what is strictly required for refcounts. |
| 14 | * |
| 15 | * The increments are fully relaxed; these will not provide ordering. The |
| 16 | * rationale is that whatever is used to obtain the object we're increasing the |
| 17 | * reference count on will provide the ordering. For locked data structures, |
| 18 | * its the lock acquire, for RCU/lockless data structures its the dependent |
| 19 | * load. |
| 20 | * |
| 21 | * Do note that inc_not_zero() provides a control dependency which will order |
| 22 | * future stores against the inc, this ensures we'll never modify the object |
| 23 | * if we did not in fact acquire a reference. |
| 24 | * |
| 25 | * The decrements will provide release order, such that all the prior loads and |
| 26 | * stores will be issued before, it also provides a control dependency, which |
| 27 | * will order us against the subsequent free(). |
| 28 | * |
| 29 | * The control dependency is against the load of the cmpxchg (ll/sc) that |
| 30 | * succeeded. This means the stores aren't fully ordered, but this is fine |
| 31 | * because the 1->0 transition indicates no concurrency. |
| 32 | * |
| 33 | * Note that the allocator is responsible for ordering things between free() |
| 34 | * and alloc(). |
| 35 | * |
Elena Reshetova | 47b8f3a | 2019-01-30 13:18:51 +0200 | [diff] [blame] | 36 | * The decrements dec_and_test() and sub_and_test() also provide acquire |
| 37 | * ordering on success. |
| 38 | * |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 39 | */ |
| 40 | |
Alexey Dobriyan | 75a040f | 2018-04-01 01:00:36 +0300 | [diff] [blame] | 41 | #include <linux/mutex.h> |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 42 | #include <linux/refcount.h> |
Alexey Dobriyan | 75a040f | 2018-04-01 01:00:36 +0300 | [diff] [blame] | 43 | #include <linux/spinlock.h> |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 44 | #include <linux/bug.h> |
| 45 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 46 | /** |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 47 | * refcount_add_not_zero_checked - add a value to a refcount unless it is 0 |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 48 | * @i: the value to add to the refcount |
| 49 | * @r: the refcount |
| 50 | * |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 51 | * Will saturate at REFCOUNT_SATURATED and WARN. |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 52 | * |
| 53 | * Provides no memory ordering, it is assumed the caller has guaranteed the |
| 54 | * object memory to be stable (RCU, etc.). It does provide a control dependency |
| 55 | * and thereby orders future stores. See the comment on top. |
| 56 | * |
| 57 | * Use of this function is not recommended for the normal reference counting |
| 58 | * use case in which references are taken and released one at a time. In these |
| 59 | * cases, refcount_inc(), or one of its variants, should instead be used to |
| 60 | * increment a reference count. |
| 61 | * |
| 62 | * Return: false if the passed refcount is 0, true otherwise |
| 63 | */ |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 64 | bool refcount_add_not_zero_checked(unsigned int i, refcount_t *r) |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 65 | { |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 66 | unsigned int new, val = atomic_read(&r->refs); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 67 | |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 68 | do { |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 69 | if (!val) |
| 70 | return false; |
| 71 | |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 72 | if (unlikely(val == REFCOUNT_SATURATED)) |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 73 | return true; |
| 74 | |
| 75 | new = val + i; |
| 76 | if (new < val) |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 77 | new = REFCOUNT_SATURATED; |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 78 | |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 79 | } while (!atomic_try_cmpxchg_relaxed(&r->refs, &val, new)); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 80 | |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 81 | WARN_ONCE(new == REFCOUNT_SATURATED, |
| 82 | "refcount_t: saturated; leaking memory.\n"); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 83 | |
| 84 | return true; |
| 85 | } |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 86 | EXPORT_SYMBOL(refcount_add_not_zero_checked); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 87 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 88 | /** |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 89 | * refcount_add_checked - add a value to a refcount |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 90 | * @i: the value to add to the refcount |
| 91 | * @r: the refcount |
| 92 | * |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 93 | * Similar to atomic_add(), but will saturate at REFCOUNT_SATURATED and WARN. |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 94 | * |
| 95 | * Provides no memory ordering, it is assumed the caller has guaranteed the |
| 96 | * object memory to be stable (RCU, etc.). It does provide a control dependency |
| 97 | * and thereby orders future stores. See the comment on top. |
| 98 | * |
| 99 | * Use of this function is not recommended for the normal reference counting |
| 100 | * use case in which references are taken and released one at a time. In these |
| 101 | * cases, refcount_inc(), or one of its variants, should instead be used to |
| 102 | * increment a reference count. |
| 103 | */ |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 104 | void refcount_add_checked(unsigned int i, refcount_t *r) |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 105 | { |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 106 | WARN_ONCE(!refcount_add_not_zero_checked(i, r), "refcount_t: addition on 0; use-after-free.\n"); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 107 | } |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 108 | EXPORT_SYMBOL(refcount_add_checked); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 109 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 110 | /** |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 111 | * refcount_inc_not_zero_checked - increment a refcount unless it is 0 |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 112 | * @r: the refcount to increment |
| 113 | * |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 114 | * Similar to atomic_inc_not_zero(), but will saturate at REFCOUNT_SATURATED |
| 115 | * and WARN. |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 116 | * |
| 117 | * Provides no memory ordering, it is assumed the caller has guaranteed the |
| 118 | * object memory to be stable (RCU, etc.). It does provide a control dependency |
| 119 | * and thereby orders future stores. See the comment on top. |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 120 | * |
| 121 | * Return: true if the increment was successful, false otherwise |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 122 | */ |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 123 | bool refcount_inc_not_zero_checked(refcount_t *r) |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 124 | { |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 125 | unsigned int new, val = atomic_read(&r->refs); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 126 | |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 127 | do { |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 128 | new = val + 1; |
| 129 | |
| 130 | if (!val) |
| 131 | return false; |
| 132 | |
| 133 | if (unlikely(!new)) |
| 134 | return true; |
| 135 | |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 136 | } while (!atomic_try_cmpxchg_relaxed(&r->refs, &val, new)); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 137 | |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 138 | WARN_ONCE(new == REFCOUNT_SATURATED, |
| 139 | "refcount_t: saturated; leaking memory.\n"); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 140 | |
| 141 | return true; |
| 142 | } |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 143 | EXPORT_SYMBOL(refcount_inc_not_zero_checked); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 144 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 145 | /** |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 146 | * refcount_inc_checked - increment a refcount |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 147 | * @r: the refcount to increment |
| 148 | * |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 149 | * Similar to atomic_inc(), but will saturate at REFCOUNT_SATURATED and WARN. |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 150 | * |
| 151 | * Provides no memory ordering, it is assumed the caller already has a |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 152 | * reference on the object. |
| 153 | * |
| 154 | * Will WARN if the refcount is 0, as this represents a possible use-after-free |
| 155 | * condition. |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 156 | */ |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 157 | void refcount_inc_checked(refcount_t *r) |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 158 | { |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 159 | WARN_ONCE(!refcount_inc_not_zero_checked(r), "refcount_t: increment on 0; use-after-free.\n"); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 160 | } |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 161 | EXPORT_SYMBOL(refcount_inc_checked); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 162 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 163 | /** |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 164 | * refcount_sub_and_test_checked - subtract from a refcount and test if it is 0 |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 165 | * @i: amount to subtract from the refcount |
| 166 | * @r: the refcount |
| 167 | * |
| 168 | * Similar to atomic_dec_and_test(), but it will WARN, return false and |
| 169 | * ultimately leak on underflow and will fail to decrement when saturated |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 170 | * at REFCOUNT_SATURATED. |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 171 | * |
| 172 | * Provides release memory ordering, such that prior loads and stores are done |
Elena Reshetova | 47b8f3a | 2019-01-30 13:18:51 +0200 | [diff] [blame] | 173 | * before, and provides an acquire ordering on success such that free() |
| 174 | * must come after. |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 175 | * |
| 176 | * Use of this function is not recommended for the normal reference counting |
| 177 | * use case in which references are taken and released one at a time. In these |
| 178 | * cases, refcount_dec(), or one of its variants, should instead be used to |
| 179 | * decrement a reference count. |
| 180 | * |
| 181 | * Return: true if the resulting refcount is 0, false otherwise |
| 182 | */ |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 183 | bool refcount_sub_and_test_checked(unsigned int i, refcount_t *r) |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 184 | { |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 185 | unsigned int new, val = atomic_read(&r->refs); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 186 | |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 187 | do { |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 188 | if (unlikely(val == REFCOUNT_SATURATED)) |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 189 | return false; |
| 190 | |
| 191 | new = val - i; |
| 192 | if (new > val) { |
Ingo Molnar | 9dcfe2c | 2017-03-01 09:25:55 +0100 | [diff] [blame] | 193 | WARN_ONCE(new > val, "refcount_t: underflow; use-after-free.\n"); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 194 | return false; |
| 195 | } |
| 196 | |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 197 | } while (!atomic_try_cmpxchg_release(&r->refs, &val, new)); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 198 | |
Elena Reshetova | 47b8f3a | 2019-01-30 13:18:51 +0200 | [diff] [blame] | 199 | if (!new) { |
| 200 | smp_acquire__after_ctrl_dep(); |
| 201 | return true; |
| 202 | } |
| 203 | return false; |
| 204 | |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 205 | } |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 206 | EXPORT_SYMBOL(refcount_sub_and_test_checked); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 207 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 208 | /** |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 209 | * refcount_dec_and_test_checked - decrement a refcount and test if it is 0 |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 210 | * @r: the refcount |
| 211 | * |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 212 | * Similar to atomic_dec_and_test(), it will WARN on underflow and fail to |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 213 | * decrement when saturated at REFCOUNT_SATURATED. |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 214 | * |
| 215 | * Provides release memory ordering, such that prior loads and stores are done |
Elena Reshetova | 47b8f3a | 2019-01-30 13:18:51 +0200 | [diff] [blame] | 216 | * before, and provides an acquire ordering on success such that free() |
| 217 | * must come after. |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 218 | * |
| 219 | * Return: true if the resulting refcount is 0, false otherwise |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 220 | */ |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 221 | bool refcount_dec_and_test_checked(refcount_t *r) |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 222 | { |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 223 | return refcount_sub_and_test_checked(1, r); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 224 | } |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 225 | EXPORT_SYMBOL(refcount_dec_and_test_checked); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 226 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 227 | /** |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 228 | * refcount_dec_checked - decrement a refcount |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 229 | * @r: the refcount |
| 230 | * |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 231 | * Similar to atomic_dec(), it will WARN on underflow and fail to decrement |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 232 | * when saturated at REFCOUNT_SATURATED. |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 233 | * |
| 234 | * Provides release memory ordering, such that prior loads and stores are done |
| 235 | * before. |
| 236 | */ |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 237 | void refcount_dec_checked(refcount_t *r) |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 238 | { |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 239 | WARN_ONCE(refcount_dec_and_test_checked(r), "refcount_t: decrement hit 0; leaking memory.\n"); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 240 | } |
Mark Rutland | afed7bc | 2018-07-11 10:36:07 +0100 | [diff] [blame] | 241 | EXPORT_SYMBOL(refcount_dec_checked); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 242 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 243 | /** |
| 244 | * refcount_dec_if_one - decrement a refcount if it is 1 |
| 245 | * @r: the refcount |
| 246 | * |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 247 | * No atomic_t counterpart, it attempts a 1 -> 0 transition and returns the |
| 248 | * success thereof. |
| 249 | * |
| 250 | * Like all decrement operations, it provides release memory order and provides |
| 251 | * a control dependency. |
| 252 | * |
| 253 | * It can be used like a try-delete operator; this explicit case is provided |
| 254 | * and not cmpxchg in generic, because that would allow implementing unsafe |
| 255 | * operations. |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 256 | * |
| 257 | * Return: true if the resulting refcount is 0, false otherwise |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 258 | */ |
| 259 | bool refcount_dec_if_one(refcount_t *r) |
| 260 | { |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 261 | int val = 1; |
| 262 | |
| 263 | return atomic_try_cmpxchg_release(&r->refs, &val, 0); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 264 | } |
Greg Kroah-Hartman | d557d1b | 2017-05-04 15:51:03 -0700 | [diff] [blame] | 265 | EXPORT_SYMBOL(refcount_dec_if_one); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 266 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 267 | /** |
| 268 | * refcount_dec_not_one - decrement a refcount if it is not 1 |
| 269 | * @r: the refcount |
| 270 | * |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 271 | * No atomic_t counterpart, it decrements unless the value is 1, in which case |
| 272 | * it will return false. |
| 273 | * |
| 274 | * Was often done like: atomic_add_unless(&var, -1, 1) |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 275 | * |
| 276 | * Return: true if the decrement operation was successful, false otherwise |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 277 | */ |
| 278 | bool refcount_dec_not_one(refcount_t *r) |
| 279 | { |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 280 | unsigned int new, val = atomic_read(&r->refs); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 281 | |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 282 | do { |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 283 | if (unlikely(val == REFCOUNT_SATURATED)) |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 284 | return true; |
| 285 | |
| 286 | if (val == 1) |
| 287 | return false; |
| 288 | |
| 289 | new = val - 1; |
| 290 | if (new > val) { |
Ingo Molnar | 9dcfe2c | 2017-03-01 09:25:55 +0100 | [diff] [blame] | 291 | WARN_ONCE(new > val, "refcount_t: underflow; use-after-free.\n"); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 292 | return true; |
| 293 | } |
| 294 | |
Peter Zijlstra | b78c0d4 | 2017-02-01 16:07:55 +0100 | [diff] [blame] | 295 | } while (!atomic_try_cmpxchg_release(&r->refs, &val, new)); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 296 | |
| 297 | return true; |
| 298 | } |
Greg Kroah-Hartman | d557d1b | 2017-05-04 15:51:03 -0700 | [diff] [blame] | 299 | EXPORT_SYMBOL(refcount_dec_not_one); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 300 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 301 | /** |
| 302 | * refcount_dec_and_mutex_lock - return holding mutex if able to decrement |
| 303 | * refcount to 0 |
| 304 | * @r: the refcount |
| 305 | * @lock: the mutex to be locked |
| 306 | * |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 307 | * Similar to atomic_dec_and_mutex_lock(), it will WARN on underflow and fail |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 308 | * to decrement when saturated at REFCOUNT_SATURATED. |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 309 | * |
| 310 | * Provides release memory ordering, such that prior loads and stores are done |
| 311 | * before, and provides a control dependency such that free() must come after. |
| 312 | * See the comment on top. |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 313 | * |
| 314 | * Return: true and hold mutex if able to decrement refcount to 0, false |
| 315 | * otherwise |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 316 | */ |
| 317 | bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock) |
| 318 | { |
| 319 | if (refcount_dec_not_one(r)) |
| 320 | return false; |
| 321 | |
| 322 | mutex_lock(lock); |
| 323 | if (!refcount_dec_and_test(r)) { |
| 324 | mutex_unlock(lock); |
| 325 | return false; |
| 326 | } |
| 327 | |
| 328 | return true; |
| 329 | } |
Greg Kroah-Hartman | d557d1b | 2017-05-04 15:51:03 -0700 | [diff] [blame] | 330 | EXPORT_SYMBOL(refcount_dec_and_mutex_lock); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 331 | |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 332 | /** |
| 333 | * refcount_dec_and_lock - return holding spinlock if able to decrement |
| 334 | * refcount to 0 |
| 335 | * @r: the refcount |
| 336 | * @lock: the spinlock to be locked |
| 337 | * |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 338 | * Similar to atomic_dec_and_lock(), it will WARN on underflow and fail to |
Will Deacon | 23e6b16 | 2019-11-21 11:58:53 +0000 | [diff] [blame^] | 339 | * decrement when saturated at REFCOUNT_SATURATED. |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 340 | * |
| 341 | * Provides release memory ordering, such that prior loads and stores are done |
| 342 | * before, and provides a control dependency such that free() must come after. |
| 343 | * See the comment on top. |
David Windsor | bd17416 | 2017-03-10 10:34:12 -0500 | [diff] [blame] | 344 | * |
| 345 | * Return: true and hold spinlock if able to decrement refcount to 0, false |
| 346 | * otherwise |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 347 | */ |
| 348 | bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock) |
| 349 | { |
| 350 | if (refcount_dec_not_one(r)) |
| 351 | return false; |
| 352 | |
| 353 | spin_lock(lock); |
| 354 | if (!refcount_dec_and_test(r)) { |
| 355 | spin_unlock(lock); |
| 356 | return false; |
| 357 | } |
| 358 | |
| 359 | return true; |
| 360 | } |
Greg Kroah-Hartman | d557d1b | 2017-05-04 15:51:03 -0700 | [diff] [blame] | 361 | EXPORT_SYMBOL(refcount_dec_and_lock); |
Peter Zijlstra | 29dee3c | 2017-02-10 16:27:52 +0100 | [diff] [blame] | 362 | |
Anna-Maria Gleixner | 7ea959c | 2018-06-12 18:16:21 +0200 | [diff] [blame] | 363 | /** |
| 364 | * refcount_dec_and_lock_irqsave - return holding spinlock with disabled |
| 365 | * interrupts if able to decrement refcount to 0 |
| 366 | * @r: the refcount |
| 367 | * @lock: the spinlock to be locked |
| 368 | * @flags: saved IRQ-flags if the is acquired |
| 369 | * |
| 370 | * Same as refcount_dec_and_lock() above except that the spinlock is acquired |
| 371 | * with disabled interupts. |
| 372 | * |
| 373 | * Return: true and hold spinlock if able to decrement refcount to 0, false |
| 374 | * otherwise |
| 375 | */ |
| 376 | bool refcount_dec_and_lock_irqsave(refcount_t *r, spinlock_t *lock, |
| 377 | unsigned long *flags) |
| 378 | { |
| 379 | if (refcount_dec_not_one(r)) |
| 380 | return false; |
| 381 | |
| 382 | spin_lock_irqsave(lock, *flags); |
| 383 | if (!refcount_dec_and_test(r)) { |
| 384 | spin_unlock_irqrestore(lock, *flags); |
| 385 | return false; |
| 386 | } |
| 387 | |
| 388 | return true; |
| 389 | } |
| 390 | EXPORT_SYMBOL(refcount_dec_and_lock_irqsave); |