Commit e3a2a0d4e5ace731e60e2eff4fb7056ecb34adc1
Committed by
Avi Kivity
1 parent
e93353c93a
Exists in
master
and in
4 other branches
anon_inodes: use fops->owner for module refcount
There is an imbalance for anonymous inodes. If the fops->owner field is set, the module reference count of owner is decreases on release. ("filp_close" --> "__fput" ---> "fops_put") On the other hand, anon_inode_getfd does not increase the module reference count of owner. This causes two problems: - if owner is set, the module refcount goes negative - if owner is not set, the module can be unloaded while code is running This patch changes anon_inode_getfd to be symmetric regarding fops->owner handling. I have checked all existing users of anon_inode_getfd. Noone sets fops->owner, thats why nobody has seen the module refcount negative. The refcounting was tested with a patched and unpatched KVM module.(see patch 2/2) I also did an epoll_open/close test. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Davide Libenzi <davidel@xmailserver.org> Signed-off-by: Avi Kivity <avi@redhat.com>
Showing 1 changed file with 6 additions and 1 deletions Side-by-side Diff
fs/anon_inodes.c
... | ... | @@ -79,9 +79,12 @@ |
79 | 79 | if (IS_ERR(anon_inode_inode)) |
80 | 80 | return -ENODEV; |
81 | 81 | |
82 | + if (fops->owner && !try_module_get(fops->owner)) | |
83 | + return -ENOENT; | |
84 | + | |
82 | 85 | error = get_unused_fd_flags(flags); |
83 | 86 | if (error < 0) |
84 | - return error; | |
87 | + goto err_module; | |
85 | 88 | fd = error; |
86 | 89 | |
87 | 90 | /* |
... | ... | @@ -128,6 +131,8 @@ |
128 | 131 | dput(dentry); |
129 | 132 | err_put_unused_fd: |
130 | 133 | put_unused_fd(fd); |
134 | +err_module: | |
135 | + module_put(fops->owner); | |
131 | 136 | return error; |
132 | 137 | } |
133 | 138 | EXPORT_SYMBOL_GPL(anon_inode_getfd); |