On Tue, Aug 21, 2012 at 12:04 PM, Stanislav Kinsbursky <skinsbur...@parallels.com> wrote: > 10.08.2012 03:16, David Miller пишет: > >> From: Stanislav Kinsbursky <skinsbur...@parallels.com> >> Date: Thu, 09 Aug 2012 16:50:40 +0400 >> >>> This is a fix for bug, introduced in 3.4 kernel by commit >>> 1ab5ecb90cb6a3df1476e052f76a6e8f6511cb3d, which, among other things, >>> replaced >>> simple sock_put() by sk_release_kernel(). Below is sequence, which leads >>> to >>> oops for non-persistent devices: >>> >>> tun_chr_close() >>> tun_detach() <== tun->socket.file = NULL >>> tun_free_netdev() >>> sk_release_sock() >>> sock_release(sock->file == NULL) >>> iput(SOCK_INODE(sock)) <== dereference on NULL pointer >>> >>> This patch just removes zeroing of socket's file from __tun_detach(). >>> sock_release() will do this. >>> >>> Cc: sta...@vger.kernel.org >>> Reported-by: Ruan Zhijie <ruanzhi...@hotmail.com> >>> Tested-by: Ruan Zhijie <ruanzhi...@hotmail.com> >>> Acked-by: Al Viro <v...@zeniv.linux.org.uk> >>> Acked-by: Eric Dumazet <eduma...@google.com> >>> Acked-by: Yuchung Cheng <ych...@google.com> >>> Signed-off-by: Stanislav Kinsbursky <skinsbur...@parallels.com> >> >> >> Applied, thanks. >> > > Hi, David. > I found out, that this commit: b09e786bd1dd66418b69348cb110f3a64764626a > was previous attempt to fix the problem. > I believe this commit have to be dropped.
Have you tried testing with that commit reverted? AFAICT from reading the code, if you revert b09e786bd1dd66418b69348cb110f3a64764626a then the sockets_in_use count becomes incorrect, because sock_release() will be calling this_cpu_sub() for each tun socket teardown when there was no corresponding this_cpu_add() for the tun socket (because the tun socket is not allocated with sock_alloc()). Can you sketch in more detail why that commit should be dropped? neal -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
