aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWei Yongjun <yjwei@cn.fujitsu.com>2008-12-18 22:35:10 -0500
committerDavid S. Miller <davem@davemloft.net>2008-12-18 22:35:10 -0500
commit1b08534e562dae7b084326f8aa8cc12a4c1b6593 (patch)
tree9fcc3093d7002015d334a28b0b0e21527ed5dcf7
parent3298a7388c00227e736d1037328788073c80c7b4 (diff)
net: Fix module refcount leak in kernel_accept()
The kernel_accept() does not hold the module refcount of newsock->ops->owner, so we need __module_get(newsock->ops->owner) code after call kernel_accept() by hand. In sunrpc, the module refcount is missing to hold. So this cause kernel panic. Used following script to reproduct: while [ 1 ]; do mount -t nfs4 192.168.0.19:/ /mnt touch /mnt/file umount /mnt lsmod | grep ipv6 done This patch fixed the problem by add __module_get(newsock->ops->owner) to kernel_accept(). So we do not need to used __module_get(newsock->ops->owner) in every place when used kernel_accept(). Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/bluetooth/rfcomm/core.c2
-rw-r--r--net/socket.c1
2 files changed, 1 insertions, 2 deletions
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index ba537fae0a4c..ce68e046d963 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1786,8 +1786,6 @@ static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1786 if (err < 0) 1786 if (err < 0)
1787 return; 1787 return;
1788 1788
1789 __module_get(nsock->ops->owner);
1790
1791 /* Set our callbacks */ 1789 /* Set our callbacks */
1792 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1790 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1793 nsock->sk->sk_state_change = rfcomm_l2state_change; 1791 nsock->sk->sk_state_change = rfcomm_l2state_change;
diff --git a/net/socket.c b/net/socket.c
index 92764d836891..76ba80aeac1a 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2307,6 +2307,7 @@ int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
2307 } 2307 }
2308 2308
2309 (*newsock)->ops = sock->ops; 2309 (*newsock)->ops = sock->ops;
2310 __module_get((*newsock)->ops->owner);
2310 2311
2311done: 2312done:
2312 return err; 2313 return err;