Patch "net: qrtr: ns: Fix module refcnt" has been added to the 6.1-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    net: qrtr: ns: Fix module refcnt

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-qrtr-ns-fix-module-refcnt.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 7e8c4f52ac36a3665fa1f77097023f3e851075d1
Author: Chris Lew <quic_clew@xxxxxxxxxxx>
Date:   Mon May 13 10:31:46 2024 -0700

    net: qrtr: ns: Fix module refcnt
    
    [ Upstream commit fd76e5ccc48f9f54eb44909dd7c0b924005f1582 ]
    
    The qrtr protocol core logic and the qrtr nameservice are combined into
    a single module. Neither the core logic or nameservice provide much
    functionality by themselves; combining the two into a single module also
    prevents any possible issues that may stem from client modules loading
    inbetween qrtr and the ns.
    
    Creating a socket takes two references to the module that owns the
    socket protocol. Since the ns needs to create the control socket, this
    creates a scenario where there are always two references to the qrtr
    module. This prevents the execution of 'rmmod' for qrtr.
    
    To resolve this, forcefully put the module refcount for the socket
    opened by the nameservice.
    
    Fixes: a365023a76f2 ("net: qrtr: combine nameservice into main module")
    Reported-by: Jeffrey Hugo <quic_jhugo@xxxxxxxxxxx>
    Tested-by: Jeffrey Hugo <quic_jhugo@xxxxxxxxxxx>
    Signed-off-by: Chris Lew <quic_clew@xxxxxxxxxxx>
    Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@xxxxxxxxxx>
    Reviewed-by: Jeffrey Hugo <quic_jhugo@xxxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/qrtr/ns.c b/net/qrtr/ns.c
index 4a13b9f7abb44..3c513e7ca2d5c 100644
--- a/net/qrtr/ns.c
+++ b/net/qrtr/ns.c
@@ -807,6 +807,24 @@ int qrtr_ns_init(void)
 	if (ret < 0)
 		goto err_wq;
 
+	/* As the qrtr ns socket owner and creator is the same module, we have
+	 * to decrease the qrtr module reference count to guarantee that it
+	 * remains zero after the ns socket is created, otherwise, executing
+	 * "rmmod" command is unable to make the qrtr module deleted after the
+	 *  qrtr module is inserted successfully.
+	 *
+	 * However, the reference count is increased twice in
+	 * sock_create_kern(): one is to increase the reference count of owner
+	 * of qrtr socket's proto_ops struct; another is to increment the
+	 * reference count of owner of qrtr proto struct. Therefore, we must
+	 * decrement the module reference count twice to ensure that it keeps
+	 * zero after server's listening socket is created. Of course, we
+	 * must bump the module reference count twice as well before the socket
+	 * is closed.
+	 */
+	module_put(qrtr_ns.sock->ops->owner);
+	module_put(qrtr_ns.sock->sk->sk_prot_creator->owner);
+
 	return 0;
 
 err_wq:
@@ -821,6 +839,15 @@ void qrtr_ns_remove(void)
 {
 	cancel_work_sync(&qrtr_ns.work);
 	destroy_workqueue(qrtr_ns.workqueue);
+
+	/* sock_release() expects the two references that were put during
+	 * qrtr_ns_init(). This function is only called during module remove,
+	 * so try_stop_module() has already set the refcnt to 0. Use
+	 * __module_get() instead of try_module_get() to successfully take two
+	 * references.
+	 */
+	__module_get(qrtr_ns.sock->ops->owner);
+	__module_get(qrtr_ns.sock->sk->sk_prot_creator->owner);
 	sock_release(qrtr_ns.sock);
 }
 EXPORT_SYMBOL_GPL(qrtr_ns_remove);




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux