[PATCH] bug fix in kernel/kmod.c

I think there is a bug in kmod.c: In __call_usermodehelper(), when
kernel_thread(wait_for_helper, ...) return success, since wait_for_helper()
might call complete() at any time, the sub_info should not be used any
more.

Normally wait_for_helper() take a long time to finish, you may not get
problem for most of the case.  But if you remove /sbin/modprobe, it may
become easier for you to get a oop in khelper.

Cc: Matt Helsley <matthltc@us.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

1 files changed, 3 insertions, 2 deletions

diff --git a/kernel/kmod.c b/kernel/kmod.c
index 1d32defa38ab..5c470c57fb57 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -197,11 +197,12 @@ static void __call_usermodehelper(void *data)
 {
         struct subprocess_info *sub_info = data;
         pid_t pid;
+        int wait = sub_info->wait;
 
         /* CLONE_VFORK: wait until the usermode helper has execve'd
          * successfully We need the data structures to stay around
          * until that is done.  */
-        if (sub_info->wait)
+        if (wait)
                 pid = kernel_thread(wait_for_helper, sub_info,
                                     CLONE_FS | CLONE_FILES | SIGCHLD);
         else
@@ -211,7 +212,7 @@ static void __call_usermodehelper(void *data)
         if (pid < 0) {
                 sub_info->retval = pid;
                 complete(sub_info->complete);
-        } else if (!sub_info->wait)
+        } else if (!wait)
                 complete(sub_info->complete);
 }