Urs Thuermann wrote:
> +static int can_create(struct net *net, struct socket *sock, int protocol)
> +{
> + ...
> +
> + spin_lock(&proto_tab_lock);
> + cp = proto_tab[protocol];
> + if (cp && !try_module_get(cp->prot->owner))
> + cp = NULL;
> + spin_unlock(&proto_tab_lock);
> +
> + /* check for success and correct type */
> + if (!cp || cp->type != sock->type) {
> + ret = -EPROTONOSUPPORT;
> + goto errout;
> + }
> +
> + if (cp->capability >= 0 && !capable(cp->capability)) {
> + ret = -EPERM;
> + goto errout;
> + }
> +
> + sock->ops = cp->ops;
You drop the module reference again when leaving this function.
So sock->ops might contain a stale pointer if the module is
unloaded after this. You need to either keep the module reference
while the socket is alive or remove stale references when
unregistering the protocol.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
