Commit e3a2a0d4e5ace731e60e2eff4fb7056ecb34adc1
Committed by
Avi Kivity
Avi Kivity
1 parent
e93353c93a
Exists in
master
and in
4 other branches
anon_inodes: use fops->owner for module refcount
There is an imbalance for anonymous inodes. If the fops->owner field is set,
the module reference count of owner is decreases on release.
("filp_close" --> "__fput" ---> "fops_put")
On the other hand, anon_inode_getfd does not increase the module reference
count of owner. This causes two problems:
- if owner is set, the module refcount goes negative
- if owner is not set, the module can be unloaded while code is running
This patch changes anon_inode_getfd to be symmetric regarding fops->owner
handling.
I have checked all existing users of anon_inode_getfd. Noone sets fops->owner,
thats why nobody has seen the module refcount negative. The refcounting was
tested with a patched and unpatched KVM module.(see patch 2/2) I also did an
epoll_open/close test.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
Showing 1 changed file with 6 additions and 1 deletions Side-by-side Diff
fs/anon_inodes.c
| ... | ... | @@ -79,9 +79,12 @@ |
| 79 | 79 | if (IS_ERR(anon_inode_inode)) |
| 80 | 80 | return -ENODEV; |
| 81 | 81 | |
| 82 | + if (fops->owner && !try_module_get(fops->owner)) | |
| 83 | + return -ENOENT; | |
| 84 | + | |
| 82 | 85 | error = get_unused_fd_flags(flags); |
| 83 | 86 | if (error < 0) |
| 84 | - return error; | |
| 87 | + goto err_module; | |
| 85 | 88 | fd = error; |
| 86 | 89 | |
| 87 | 90 | /* |
| ... | ... | @@ -128,6 +131,8 @@ |
| 128 | 131 | dput(dentry); |
| 129 | 132 | err_put_unused_fd: |
| 130 | 133 | put_unused_fd(fd); |
| 134 | +err_module: | |
| 135 | + module_put(fops->owner); | |
| 131 | 136 | return error; |
| 132 | 137 | } |
| 133 | 138 | EXPORT_SYMBOL_GPL(anon_inode_getfd); |