xref: /openbmc/linux/lib/refcount.c (revision 762f99f4f3cb41a775b5157dd761217beba65873) 
1b2441318SGreg Kroah-Hartman // SPDX-License-Identifier: GPL-2.0
229dee3c0SPeter Zijlstra /*
3fb041bb7SWill Deacon  * Out-of-line refcount functions.
429dee3c0SPeter Zijlstra  */
529dee3c0SPeter Zijlstra 
675a040ffSAlexey Dobriyan #include <linux/mutex.h>
729dee3c0SPeter Zijlstra #include <linux/refcount.h>
875a040ffSAlexey Dobriyan #include <linux/spinlock.h>
929dee3c0SPeter Zijlstra #include <linux/bug.h>
1029dee3c0SPeter Zijlstra 
111eb085d9SWill Deacon #define REFCOUNT_WARN(str)	WARN_ONCE(1, "refcount_t: " str ".\n")
121eb085d9SWill Deacon 
refcount_warn_saturate(refcount_t * r,enum refcount_saturation_type t)131eb085d9SWill Deacon void refcount_warn_saturate(refcount_t *r, enum refcount_saturation_type t)
141eb085d9SWill Deacon {
151eb085d9SWill Deacon 	refcount_set(r, REFCOUNT_SATURATED);
161eb085d9SWill Deacon 
171eb085d9SWill Deacon 	switch (t) {
181eb085d9SWill Deacon 	case REFCOUNT_ADD_NOT_ZERO_OVF:
191eb085d9SWill Deacon 		REFCOUNT_WARN("saturated; leaking memory");
201eb085d9SWill Deacon 		break;
211eb085d9SWill Deacon 	case REFCOUNT_ADD_OVF:
221eb085d9SWill Deacon 		REFCOUNT_WARN("saturated; leaking memory");
231eb085d9SWill Deacon 		break;
241eb085d9SWill Deacon 	case REFCOUNT_ADD_UAF:
251eb085d9SWill Deacon 		REFCOUNT_WARN("addition on 0; use-after-free");
261eb085d9SWill Deacon 		break;
271eb085d9SWill Deacon 	case REFCOUNT_SUB_UAF:
281eb085d9SWill Deacon 		REFCOUNT_WARN("underflow; use-after-free");
291eb085d9SWill Deacon 		break;
301eb085d9SWill Deacon 	case REFCOUNT_DEC_LEAK:
311eb085d9SWill Deacon 		REFCOUNT_WARN("decrement hit 0; leaking memory");
321eb085d9SWill Deacon 		break;
331eb085d9SWill Deacon 	default:
341eb085d9SWill Deacon 		REFCOUNT_WARN("unknown saturation event!?");
351eb085d9SWill Deacon 	}
361eb085d9SWill Deacon }
371eb085d9SWill Deacon EXPORT_SYMBOL(refcount_warn_saturate);
381eb085d9SWill Deacon 
39bd174169SDavid Windsor /**
40bd174169SDavid Windsor  * refcount_dec_if_one - decrement a refcount if it is 1
41bd174169SDavid Windsor  * @r: the refcount
42bd174169SDavid Windsor  *
4329dee3c0SPeter Zijlstra  * No atomic_t counterpart, it attempts a 1 -> 0 transition and returns the
4429dee3c0SPeter Zijlstra  * success thereof.
4529dee3c0SPeter Zijlstra  *
4629dee3c0SPeter Zijlstra  * Like all decrement operations, it provides release memory order and provides
4729dee3c0SPeter Zijlstra  * a control dependency.
4829dee3c0SPeter Zijlstra  *
4929dee3c0SPeter Zijlstra  * It can be used like a try-delete operator; this explicit case is provided
5029dee3c0SPeter Zijlstra  * and not cmpxchg in generic, because that would allow implementing unsafe
5129dee3c0SPeter Zijlstra  * operations.
52bd174169SDavid Windsor  *
53bd174169SDavid Windsor  * Return: true if the resulting refcount is 0, false otherwise
5429dee3c0SPeter Zijlstra  */
refcount_dec_if_one(refcount_t * r)5529dee3c0SPeter Zijlstra bool refcount_dec_if_one(refcount_t *r)
5629dee3c0SPeter Zijlstra {
57b78c0d47SPeter Zijlstra 	int val = 1;
58b78c0d47SPeter Zijlstra 
59b78c0d47SPeter Zijlstra 	return atomic_try_cmpxchg_release(&r->refs, &val, 0);
6029dee3c0SPeter Zijlstra }
61d557d1b5SGreg Kroah-Hartman EXPORT_SYMBOL(refcount_dec_if_one);
6229dee3c0SPeter Zijlstra 
63bd174169SDavid Windsor /**
64bd174169SDavid Windsor  * refcount_dec_not_one - decrement a refcount if it is not 1
65bd174169SDavid Windsor  * @r: the refcount
66bd174169SDavid Windsor  *
6729dee3c0SPeter Zijlstra  * No atomic_t counterpart, it decrements unless the value is 1, in which case
6829dee3c0SPeter Zijlstra  * it will return false.
6929dee3c0SPeter Zijlstra  *
7029dee3c0SPeter Zijlstra  * Was often done like: atomic_add_unless(&var, -1, 1)
71bd174169SDavid Windsor  *
72bd174169SDavid Windsor  * Return: true if the decrement operation was successful, false otherwise
7329dee3c0SPeter Zijlstra  */
refcount_dec_not_one(refcount_t * r)7429dee3c0SPeter Zijlstra bool refcount_dec_not_one(refcount_t *r)
7529dee3c0SPeter Zijlstra {
76b78c0d47SPeter Zijlstra 	unsigned int new, val = atomic_read(&r->refs);
7729dee3c0SPeter Zijlstra 
78b78c0d47SPeter Zijlstra 	do {
7923e6b169SWill Deacon 		if (unlikely(val == REFCOUNT_SATURATED))
8029dee3c0SPeter Zijlstra 			return true;
8129dee3c0SPeter Zijlstra 
8229dee3c0SPeter Zijlstra 		if (val == 1)
8329dee3c0SPeter Zijlstra 			return false;
8429dee3c0SPeter Zijlstra 
8529dee3c0SPeter Zijlstra 		new = val - 1;
8629dee3c0SPeter Zijlstra 		if (new > val) {
879dcfe2c7SIngo Molnar 			WARN_ONCE(new > val, "refcount_t: underflow; use-after-free.\n");
8829dee3c0SPeter Zijlstra 			return true;
8929dee3c0SPeter Zijlstra 		}
9029dee3c0SPeter Zijlstra 
91b78c0d47SPeter Zijlstra 	} while (!atomic_try_cmpxchg_release(&r->refs, &val, new));
9229dee3c0SPeter Zijlstra 
9329dee3c0SPeter Zijlstra 	return true;
9429dee3c0SPeter Zijlstra }
95d557d1b5SGreg Kroah-Hartman EXPORT_SYMBOL(refcount_dec_not_one);
9629dee3c0SPeter Zijlstra 
97bd174169SDavid Windsor /**
98bd174169SDavid Windsor  * refcount_dec_and_mutex_lock - return holding mutex if able to decrement
99bd174169SDavid Windsor  *                               refcount to 0
100bd174169SDavid Windsor  * @r: the refcount
101bd174169SDavid Windsor  * @lock: the mutex to be locked
102bd174169SDavid Windsor  *
10329dee3c0SPeter Zijlstra  * Similar to atomic_dec_and_mutex_lock(), it will WARN on underflow and fail
10423e6b169SWill Deacon  * to decrement when saturated at REFCOUNT_SATURATED.
10529dee3c0SPeter Zijlstra  *
10629dee3c0SPeter Zijlstra  * Provides release memory ordering, such that prior loads and stores are done
10729dee3c0SPeter Zijlstra  * before, and provides a control dependency such that free() must come after.
10829dee3c0SPeter Zijlstra  * See the comment on top.
109bd174169SDavid Windsor  *
110bd174169SDavid Windsor  * Return: true and hold mutex if able to decrement refcount to 0, false
111bd174169SDavid Windsor  *         otherwise
11229dee3c0SPeter Zijlstra  */
refcount_dec_and_mutex_lock(refcount_t * r,struct mutex * lock)11329dee3c0SPeter Zijlstra bool refcount_dec_and_mutex_lock(refcount_t *r, struct mutex *lock)
11429dee3c0SPeter Zijlstra {
11529dee3c0SPeter Zijlstra 	if (refcount_dec_not_one(r))
11629dee3c0SPeter Zijlstra 		return false;
11729dee3c0SPeter Zijlstra 
11829dee3c0SPeter Zijlstra 	mutex_lock(lock);
11929dee3c0SPeter Zijlstra 	if (!refcount_dec_and_test(r)) {
12029dee3c0SPeter Zijlstra 		mutex_unlock(lock);
12129dee3c0SPeter Zijlstra 		return false;
12229dee3c0SPeter Zijlstra 	}
12329dee3c0SPeter Zijlstra 
12429dee3c0SPeter Zijlstra 	return true;
12529dee3c0SPeter Zijlstra }
126d557d1b5SGreg Kroah-Hartman EXPORT_SYMBOL(refcount_dec_and_mutex_lock);
12729dee3c0SPeter Zijlstra 
128bd174169SDavid Windsor /**
129bd174169SDavid Windsor  * refcount_dec_and_lock - return holding spinlock if able to decrement
130bd174169SDavid Windsor  *                         refcount to 0
131bd174169SDavid Windsor  * @r: the refcount
132bd174169SDavid Windsor  * @lock: the spinlock to be locked
133bd174169SDavid Windsor  *
13429dee3c0SPeter Zijlstra  * Similar to atomic_dec_and_lock(), it will WARN on underflow and fail to
13523e6b169SWill Deacon  * decrement when saturated at REFCOUNT_SATURATED.
13629dee3c0SPeter Zijlstra  *
13729dee3c0SPeter Zijlstra  * Provides release memory ordering, such that prior loads and stores are done
13829dee3c0SPeter Zijlstra  * before, and provides a control dependency such that free() must come after.
13929dee3c0SPeter Zijlstra  * See the comment on top.
140bd174169SDavid Windsor  *
141bd174169SDavid Windsor  * Return: true and hold spinlock if able to decrement refcount to 0, false
142bd174169SDavid Windsor  *         otherwise
14329dee3c0SPeter Zijlstra  */
refcount_dec_and_lock(refcount_t * r,spinlock_t * lock)14429dee3c0SPeter Zijlstra bool refcount_dec_and_lock(refcount_t *r, spinlock_t *lock)
14529dee3c0SPeter Zijlstra {
14629dee3c0SPeter Zijlstra 	if (refcount_dec_not_one(r))
14729dee3c0SPeter Zijlstra 		return false;
14829dee3c0SPeter Zijlstra 
14929dee3c0SPeter Zijlstra 	spin_lock(lock);
15029dee3c0SPeter Zijlstra 	if (!refcount_dec_and_test(r)) {
15129dee3c0SPeter Zijlstra 		spin_unlock(lock);
15229dee3c0SPeter Zijlstra 		return false;
15329dee3c0SPeter Zijlstra 	}
15429dee3c0SPeter Zijlstra 
15529dee3c0SPeter Zijlstra 	return true;
15629dee3c0SPeter Zijlstra }
157d557d1b5SGreg Kroah-Hartman EXPORT_SYMBOL(refcount_dec_and_lock);
15829dee3c0SPeter Zijlstra 
1597ea959c4SAnna-Maria Gleixner /**
1607ea959c4SAnna-Maria Gleixner  * refcount_dec_and_lock_irqsave - return holding spinlock with disabled
1617ea959c4SAnna-Maria Gleixner  *                                 interrupts if able to decrement refcount to 0
1627ea959c4SAnna-Maria Gleixner  * @r: the refcount
1637ea959c4SAnna-Maria Gleixner  * @lock: the spinlock to be locked
1647ea959c4SAnna-Maria Gleixner  * @flags: saved IRQ-flags if the is acquired
1657ea959c4SAnna-Maria Gleixner  *
1667ea959c4SAnna-Maria Gleixner  * Same as refcount_dec_and_lock() above except that the spinlock is acquired
167*9dbbc3b9SZhen Lei  * with disabled interrupts.
1687ea959c4SAnna-Maria Gleixner  *
1697ea959c4SAnna-Maria Gleixner  * Return: true and hold spinlock if able to decrement refcount to 0, false
1707ea959c4SAnna-Maria Gleixner  *         otherwise
1717ea959c4SAnna-Maria Gleixner  */
refcount_dec_and_lock_irqsave(refcount_t * r,spinlock_t * lock,unsigned long * flags)1727ea959c4SAnna-Maria Gleixner bool refcount_dec_and_lock_irqsave(refcount_t *r, spinlock_t *lock,
1737ea959c4SAnna-Maria Gleixner 				   unsigned long *flags)
1747ea959c4SAnna-Maria Gleixner {
1757ea959c4SAnna-Maria Gleixner 	if (refcount_dec_not_one(r))
1767ea959c4SAnna-Maria Gleixner 		return false;
1777ea959c4SAnna-Maria Gleixner 
1787ea959c4SAnna-Maria Gleixner 	spin_lock_irqsave(lock, *flags);
1797ea959c4SAnna-Maria Gleixner 	if (!refcount_dec_and_test(r)) {
1807ea959c4SAnna-Maria Gleixner 		spin_unlock_irqrestore(lock, *flags);
1817ea959c4SAnna-Maria Gleixner 		return false;
1827ea959c4SAnna-Maria Gleixner 	}
1837ea959c4SAnna-Maria Gleixner 
1847ea959c4SAnna-Maria Gleixner 	return true;
1857ea959c4SAnna-Maria Gleixner }
1867ea959c4SAnna-Maria Gleixner EXPORT_SYMBOL(refcount_dec_and_lock_irqsave);
187