On Mon, 29 Aug 2005 16:18:20 -0700 Frank Filz <[EMAIL PROTECTED]> wrote:
> I have been experimenting with loadable protocol modules, and ran into > several issues with module reference counting. > > The first issue was that __module_get failed at the BUG_ON check at the > top of the routine (checking that my module reference count was not zero) > when I created the first socket. When sk_alloc() is called, my module > reference count was still 0. When I looked at why sctp didn't have this > problem, I discovered that sctp creates a control socket during module > init (when the module ref count is not 0), which keeps the reference > count non-zero. > > The next problem arose when my socket init routine returned an error. > This resulted in my module reference count being decremented below 0. > My socket ops->release routine was also being called. The issue here > is that sock_release() calls the ops->release routine and decrements > the ref count if sock->ops is not NULL. Since the socket probably > didn't get correctly initialized, this should not be done, so we will > set sock->ops to NULL because we will not call try_module_get(). > > While searching for another bug, I also noticed that sys_accept() has a > possibility of doing a module_put() when it did not do an __module_get > so I re-ordered the call to security_socket_accept(). > > Signed-off-by: Frank Filz <[EMAIL PROTECTED]> > > --- > > diff --git a/net/core/sock.c b/net/core/sock.c > --- a/net/core/sock.c > +++ b/net/core/sock.c > @@ -667,7 +667,7 @@ struct sock *sk_alloc(int family, unsign > kfree(sk); > sk = NULL; > } else > - __module_get(prot->owner); > + try_module_get(prot->owner); > You must check return value from try_module_get and error out if it fails. This is critical for module unload races. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
