diff options
author | Christian Borntraeger <borntraeger@de.ibm.com> | 2008-12-02 05:16:03 -0500 |
---|---|---|
committer | Avi Kivity <avi@redhat.com> | 2008-12-31 09:55:44 -0500 |
commit | e3a2a0d4e5ace731e60e2eff4fb7056ecb34adc1 (patch) | |
tree | 87626c198c57dda52979c01f5c781e32ba370e5c /fs | |
parent | e93353c93a3ba4215633ce930784f40a4e94e3f9 (diff) |
anon_inodes: use fops->owner for module refcount
There is an imbalance for anonymous inodes. If the fops->owner field is set,
the module reference count of owner is decreases on release.
("filp_close" --> "__fput" ---> "fops_put")
On the other hand, anon_inode_getfd does not increase the module reference
count of owner. This causes two problems:
- if owner is set, the module refcount goes negative
- if owner is not set, the module can be unloaded while code is running
This patch changes anon_inode_getfd to be symmetric regarding fops->owner
handling.
I have checked all existing users of anon_inode_getfd. Noone sets fops->owner,
thats why nobody has seen the module refcount negative. The refcounting was
tested with a patched and unpatched KVM module.(see patch 2/2) I also did an
epoll_open/close test.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/anon_inodes.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index c16d9be1b017..3bbdb9d02376 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c | |||
@@ -79,9 +79,12 @@ int anon_inode_getfd(const char *name, const struct file_operations *fops, | |||
79 | if (IS_ERR(anon_inode_inode)) | 79 | if (IS_ERR(anon_inode_inode)) |
80 | return -ENODEV; | 80 | return -ENODEV; |
81 | 81 | ||
82 | if (fops->owner && !try_module_get(fops->owner)) | ||
83 | return -ENOENT; | ||
84 | |||
82 | error = get_unused_fd_flags(flags); | 85 | error = get_unused_fd_flags(flags); |
83 | if (error < 0) | 86 | if (error < 0) |
84 | return error; | 87 | goto err_module; |
85 | fd = error; | 88 | fd = error; |
86 | 89 | ||
87 | /* | 90 | /* |
@@ -128,6 +131,8 @@ err_dput: | |||
128 | dput(dentry); | 131 | dput(dentry); |
129 | err_put_unused_fd: | 132 | err_put_unused_fd: |
130 | put_unused_fd(fd); | 133 | put_unused_fd(fd); |
134 | err_module: | ||
135 | module_put(fops->owner); | ||
131 | return error; | 136 | return error; |
132 | } | 137 | } |
133 | EXPORT_SYMBOL_GPL(anon_inode_getfd); | 138 | EXPORT_SYMBOL_GPL(anon_inode_getfd); |