[PATCH 03/17] pppoatm: fix module_put() race

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Woodhouse <dwmw2@infradead.org>
To: netdev@vger.kernel.org
Cc: chas@cmf.nrl.navy.mil, krzysiek@podlesie.net,
	David Woodhouse <David.Woodhouse@intel.com>
Subject: [PATCH 03/17] pppoatm: fix module_put() race
Date: Fri, 30 Nov 2012 00:35:22 +0000	[thread overview]
Message-ID: <1354235736-26833-4-git-send-email-dwmw2@infradead.org> (raw)
In-Reply-To: <1354235736-26833-1-git-send-email-dwmw2@infradead.org>

From: Krzysztof Mazur <krzysiek@podlesie.net>

The pppoatm used module_put() during unassignment from vcc with
hope that we have BKL. This assumption is no longer true.

Now owner field in atmvcc is used to move this module_put()
to vcc_destroy_socket().

Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 net/atm/pppoatm.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/net/atm/pppoatm.c b/net/atm/pppoatm.c
index f27a07a..b23c672 100644
--- a/net/atm/pppoatm.c
+++ b/net/atm/pppoatm.c
@@ -60,6 +60,7 @@ struct pppoatm_vcc {
 	struct atm_vcc	*atmvcc;	/* VCC descriptor */
 	void (*old_push)(struct atm_vcc *, struct sk_buff *);
 	void (*old_pop)(struct atm_vcc *, struct sk_buff *);
+	struct module *old_owner;
 					/* keep old push/pop for detaching */
 	enum pppoatm_encaps encaps;
 	atomic_t inflight;
@@ -155,8 +156,6 @@ static void pppoatm_unassign_vcc(struct atm_vcc *atmvcc)
 	ppp_unregister_channel(&pvcc->chan);
 	atmvcc->user_back = NULL;
 	kfree(pvcc);
-	/* Gee, I hope we have the big kernel lock here... */
-	module_put(THIS_MODULE);
 }
 
 /* Called when an AAL5 PDU comes in */
@@ -165,9 +164,13 @@ static void pppoatm_push(struct atm_vcc *atmvcc, struct sk_buff *skb)
 	struct pppoatm_vcc *pvcc = atmvcc_to_pvcc(atmvcc);
 	pr_debug("\n");
 	if (skb == NULL) {			/* VCC was closed */
+		struct module *module;
+
 		pr_debug("removing ATMPPP VCC %p\n", pvcc);
+		module = pvcc->old_owner;
 		pppoatm_unassign_vcc(atmvcc);
 		atmvcc->push(atmvcc, NULL);	/* Pass along bad news */
+		module_put(module);
 		return;
 	}
 	atm_return(atmvcc, skb->truesize);
@@ -362,6 +365,7 @@ static int pppoatm_assign_vcc(struct atm_vcc *atmvcc, void __user *arg)
 	atomic_set(&pvcc->inflight, NONE_INFLIGHT);
 	pvcc->old_push = atmvcc->push;
 	pvcc->old_pop = atmvcc->pop;
+	pvcc->old_owner = atmvcc->owner;
 	pvcc->encaps = (enum pppoatm_encaps) be.encaps;
 	pvcc->chan.private = pvcc;
 	pvcc->chan.ops = &pppoatm_ops;
@@ -378,6 +382,7 @@ static int pppoatm_assign_vcc(struct atm_vcc *atmvcc, void __user *arg)
 	atmvcc->push = pppoatm_push;
 	atmvcc->pop = pppoatm_pop;
 	__module_get(THIS_MODULE);
+	atmvcc->owner = THIS_MODULE;
 
 	/* re-process everything received between connection setup and
 	   backend setup */
-- 
1.8.0

next prev parent reply	other threads:[~2012-11-30  0:36 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-30  0:35 [PATCH 00/17] ATM fixes for pppoatm/br2684 David Woodhouse
2012-11-30  0:35 ` [PATCH 01/17] atm: add owner of push() callback to atmvcc David Woodhouse
2012-11-30  0:35 ` [PATCH 02/17] pppoatm: allow assign only on a connected socket David Woodhouse
2012-11-30  0:35 ` David Woodhouse [this message]
2012-11-30  0:35 ` [PATCH 04/17] pppoatm: take ATM socket lock in pppoatm_send() David Woodhouse
2012-11-30  0:35 ` [PATCH 05/17] pppoatm: drop frames to not-ready vcc David Woodhouse
2012-11-30 10:27   ` Krzysztof Mazur
2012-11-30  0:35 ` [PATCH 06/17] pppoatm: do not inline pppoatm_may_send() David Woodhouse
2012-11-30  0:35 ` [PATCH 07/17] solos-pci: Wait for pending TX to complete when releasing vcc David Woodhouse
2012-12-02  0:17   ` [PATCH v2 " David Woodhouse
2012-11-30  0:35 ` [PATCH 08/17] br2684: don't send frames on not-ready vcc David Woodhouse
2012-11-30  0:35 ` [PATCH 09/17] atm: Add release_cb() callback to vcc David Woodhouse
2012-11-30  0:35 ` [PATCH 10/17] pppoatm: fix missing wakeup in pppoatm_send() David Woodhouse
2012-11-30  0:35 ` [PATCH 11/17] br2684: fix module_put() race David Woodhouse
2012-11-30  0:35 ` [PATCH 12/17] solos-pci: Fix leak of skb received for unknown vcc David Woodhouse
2012-11-30  0:35 ` [PATCH 13/17] br2684: allow assign only on a connected socket David Woodhouse
2012-11-30  0:35 ` [PATCH 14/17] pppoatm: optimise PPP channel wakeups after sock_owned_by_user() David Woodhouse
2012-11-30  0:35 ` [PATCH 15/17] solos-pci: clean up pclose() function David Woodhouse
2012-11-30  0:35 ` [PATCH 16/17] solos-pci: use GFP_KERNEL where possible, not GFP_ATOMIC David Woodhouse
2012-11-30  0:35 ` [PATCH 17/17] solos-pci: remove list_vccs() debugging function David Woodhouse
2012-11-30 10:44 ` [PATCH 00/17] ATM fixes for pppoatm/br2684 Krzysztof Mazur
2012-11-30 20:22   ` David Woodhouse
2012-12-01 16:43     ` David Miller
2012-12-01 16:44       ` David Miller
2012-12-01 16:48         ` David Woodhouse
2012-12-01 17:02           ` Chas Williams (CONTRACTOR)
2012-12-01 17:21             ` David Woodhouse
2012-12-02  1:57               ` Chas Williams (CONTRACTOR)
2012-12-02  2:17                 ` David Miller
2012-12-01 17:33         ` David Woodhouse
2012-12-02  0:40           ` David Woodhouse
2012-12-02  1:49             ` David Miller
2012-12-02  8:14               ` David Woodhouse
2012-12-02 21:29                 ` Checking struct size against sizeof(skb->cb) (was Re: [PATCH 00/17] ATM fixes for pppoatm/br2684) David Woodhouse
2012-12-20 14:03               ` skb->cb size checks " David Woodhouse
2012-12-02  0:35         ` [PATCH 00/17] ATM fixes for pppoatm/br2684 David Woodhouse
2012-12-02  1:47           ` David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f27a07a dfblob:b23c672 )
 OR (
bs:"[PATCH 03/17] pppoatm: fix module_put() race" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1354235736-26833-4-git-send-email-dwmw2@infradead.org \
    --to=dwmw2@infradead.org \
    --cc=David.Woodhouse@intel.com \
    --cc=chas@cmf.nrl.navy.mil \
    --cc=krzysiek@podlesie.net \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).