From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <netdev-owner@vger.kernel.org>
Received: from aserp2120.oracle.com ([141.146.126.78]:48696 "EHLO
        aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1423372AbeCBLSW (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 2 Mar 2018 06:18:22 -0500
Date: Fri, 2 Mar 2018 06:18:13 -0500
From: Sowmini Varadhan <sowmini.varadhan@oracle.com>
To: Ka-Cheong Poon <ka-cheong.poon@oracle.com>
Cc: netdev@vger.kernel.org, santosh.shilimkar@oracle.com,
        davem@davemloft.net, rds-devel@oss.oracle.com
Subject: Re: [PATCH v2 net] rds: Incorrect reference counting in TCP socket
 creation
Message-ID: <20180302111813.GA853@oracle.com>
References: <571d10d5825c713cbe9b77ba76ea281761bcc8d7.1519967005.git.ka-cheong.poon@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <571d10d5825c713cbe9b77ba76ea281761bcc8d7.1519967005.git.ka-cheong.poon@oracle.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On (03/01/18 21:07), Ka-Cheong Poon wrote:
> Commit 0933a578cd55 ("rds: tcp: use sock_create_lite() to create the
> accept socket") has a reference counting issue in TCP socket creation
> when accepting a new connection.  The code uses sock_create_lite() to
> create a kernel socket.  But it does not do __module_get() on the
> socket owner.  When the connection is shutdown and sock_release() is
> called to free the socket, the owner's reference count is decremented
> and becomes incorrect.  Note that this bug only shows up when the socket
> owner is configured as a kernel module.

Acked-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>