diff options
author | Wei Yongjun <yjwei@cn.fujitsu.com> | 2008-12-18 19:35:10 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-12-18 19:35:10 -0800 |
commit | 1b08534e562dae7b084326f8aa8cc12a4c1b6593 (patch) | |
tree | 9fcc3093d7002015d334a28b0b0e21527ed5dcf7 /net/bluetooth | |
parent | 3298a7388c00227e736d1037328788073c80c7b4 (diff) | |
download | kernel-crypto-1b08534e562dae7b084326f8aa8cc12a4c1b6593.tar.gz kernel-crypto-1b08534e562dae7b084326f8aa8cc12a4c1b6593.tar.xz kernel-crypto-1b08534e562dae7b084326f8aa8cc12a4c1b6593.zip |
net: Fix module refcount leak in kernel_accept()
The kernel_accept() does not hold the module refcount of newsock->ops->owner,
so we need __module_get(newsock->ops->owner) code after call kernel_accept()
by hand.
In sunrpc, the module refcount is missing to hold. So this cause kernel panic.
Used following script to reproduct:
while [ 1 ];
do
mount -t nfs4 192.168.0.19:/ /mnt
touch /mnt/file
umount /mnt
lsmod | grep ipv6
done
This patch fixed the problem by add __module_get(newsock->ops->owner) to
kernel_accept(). So we do not need to used __module_get(newsock->ops->owner)
in every place when used kernel_accept().
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bluetooth')
-rw-r--r-- | net/bluetooth/rfcomm/core.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index ba537fae0a4..ce68e046d96 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c @@ -1786,8 +1786,6 @@ static inline void rfcomm_accept_connection(struct rfcomm_session *s) if (err < 0) return; - __module_get(nsock->ops->owner); - /* Set our callbacks */ nsock->sk->sk_data_ready = rfcomm_l2data_ready; nsock->sk->sk_state_change = rfcomm_l2state_change; |