On Thu, 27 Nov 2008, Christian Borntraeger wrote:
> > > + if (fops->owner && !try_module_get(fops->owner))
> > > + return -ENOENT;
> > > +
> > > error = get_unused_fd_flags(flags);
> > > if (error < 0)
> > > return error;
> >
> > What if get_unused_fd_flags() (or the following error-returing ops) fails
> > after a successful try_module_get()?
>
> Right, well spotted. I have added a fixup label.
>
> From: Christian Borntraeger <borntraeger@xxxxxxxxxx>
>
> There is an imbalance for anonymous inodes. If the fops->owner field is set,
> the module reference count of owner is decreases on release.
> ("filp_close" --> "__fput" ---> "fops_put")
>
> On the other hand, anon_inode_getfd does not increase the module reference
> count of owner. This causes two problems:
>
> - if owner is set, the module refcount goes negative
> - if owner is not set, the module can be unloaded while code is running
>
> This patch changes anon_inode_getfd to be symmetric regarding fops->owner
> handling.
>
> I have checked all existing users of anon_inode_getfd. Noone sets fops->owner,
> thats why nobody has seen the module refcount negative.
>
> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
>
>
> From: Christian Borntraeger <borntraeger@xxxxxxxxxx>
>
> There is an imbalance for anonymous inodes. If the fops->owner field is set,
> the module reference count of owner is decreases on release.
> ("filp_close" --> "__fput" ---> "fops_put")
>
> On the other hand, anon_inode_getfd does not increase the module reference
> count of owner. This causes two problems:
>
> - if owner is set, the module refcount goes negative
> - if owner is not set, the module can be unloaded while code is running
>
> This patch changes anon_inode_getfd to be symmetric regarding fops->owner
> handling.
>
> I have checked all existing users of anon_inode_getfd. Noone sets fops->owner,
> thats why nobody has seen the module refcount negative.
>
> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
> ---
> fs/anon_inodes.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> Index: kvm/fs/anon_inodes.c
> ===================================================================
> --- kvm.orig/fs/anon_inodes.c
> +++ kvm/fs/anon_inodes.c
> @@ -79,9 +79,12 @@ int anon_inode_getfd(const char *name, c
> if (IS_ERR(anon_inode_inode))
> return -ENODEV;
>
> + if (fops->owner && !try_module_get(fops->owner))
> + return -ENOENT;
> +
> error = get_unused_fd_flags(flags);
> if (error < 0)
> - return error;
> + goto err_module;
> fd = error;
>
> /*
> @@ -128,6 +131,8 @@ err_dput:
> dput(dentry);
> err_put_unused_fd:
> put_unused_fd(fd);
> +err_module:
> + module_put(fops->owner);
> return error;
> }
> EXPORT_SYMBOL_GPL(anon_inode_getfd);
Looks OK to me.
- Davide
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
