[ 63/85] netlink: add reference of module in netlink_dump_start

From: Greg Kroah-Hartman
Date: Thu Oct 25 2012 - 20:17:59 EST

Next message: Greg Kroah-Hartman: "[ 64/85] infiniband: pass rdma_cm module to netlink_dump_start"
Previous message: Greg Kroah-Hartman: "[ 51/85] Revert "cgroup: Remove task_lock() from cgroup_post_fork()""
In reply to: Greg Kroah-Hartman: "[ 51/85] Revert "cgroup: Remove task_lock() from cgroup_post_fork()""
Next in thread: Greg Kroah-Hartman: "[ 64/85] infiniband: pass rdma_cm module to netlink_dump_start"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.6-stable review patch. If anyone has any objections, please let me know.

------------------

From: Gao feng <gaofeng@xxxxxxxxxxxxxx>

[ Upstream commit 6dc878a8ca39e93f70c42f3dd7260bde10c1e0f1 ]

I get a panic when I use ss -a and rmmod inet_diag at the
same time.

It's because netlink_dump uses inet_diag_dump which belongs to module
inet_diag.

I search the codes and find many modules have the same problem. We
need to add a reference to the module which the cb->dump belongs to.

Thanks for all help from Stephen,Jan,Eric,Steffen and Pablo.

Change From v3:
change netlink_dump_start to inline,suggestion from Pablo and
Eric.

Change From v2:
delete netlink_dump_done,and call module_put in netlink_dump
and netlink_sock_destruct.

Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
include/linux/netlink.h | 21 +++++++++++++++++----
net/netlink/af_netlink.c | 29 +++++++++++++++++++++--------
2 files changed, 38 insertions(+), 12 deletions(-)

--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -153,6 +153,7 @@ struct nlattr {

#include <linux/capability.h>
#include <linux/skbuff.h>
+#include <linux/export.h>

struct net;

@@ -232,6 +233,8 @@ struct netlink_callback {
struct netlink_callback *cb);
int (*done)(struct netlink_callback *cb);
void *data;
+ /* the module that dump function belong to */
+ struct module *module;
u16 family;
u16 min_dump_alloc;
unsigned int prev_seq, seq;
@@ -249,14 +252,24 @@ __nlmsg_put(struct sk_buff *skb, u32 pid

struct netlink_dump_control {
int (*dump)(struct sk_buff *skb, struct netlink_callback *);
- int (*done)(struct netlink_callback*);
+ int (*done)(struct netlink_callback *);
void *data;
+ struct module *module;
u16 min_dump_alloc;
};

-extern int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
- const struct nlmsghdr *nlh,
- struct netlink_dump_control *control);
+extern int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
+ const struct nlmsghdr *nlh,
+ struct netlink_dump_control *control);
+static inline int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
+ const struct nlmsghdr *nlh,
+ struct netlink_dump_control *control)
+{
+ if (!control->module)
+ control->module = THIS_MODULE;
+
+ return __netlink_dump_start(ssk, skb, nlh, control);
+}

#define NL_NONROOT_RECV 0x1
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -169,6 +169,8 @@ static void netlink_sock_destruct(struct
if (nlk->cb) {
if (nlk->cb->done)
nlk->cb->done(nlk->cb);
+
+ module_put(nlk->cb->module);
netlink_destroy_callback(nlk->cb);
}

@@ -1760,6 +1762,7 @@ static int netlink_dump(struct sock *sk)
nlk->cb = NULL;
mutex_unlock(nlk->cb_mutex);

+ module_put(cb->module);
netlink_consume_callback(cb);
return 0;

@@ -1769,9 +1772,9 @@ errout_skb:
return err;
}

-int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
- const struct nlmsghdr *nlh,
- struct netlink_dump_control *control)
+int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
+ const struct nlmsghdr *nlh,
+ struct netlink_dump_control *control)
{
struct netlink_callback *cb;
struct sock *sk;
@@ -1786,6 +1789,7 @@ int netlink_dump_start(struct sock *ssk,
cb->done = control->done;
cb->nlh = nlh;
cb->data = control->data;
+ cb->module = control->module;
cb->min_dump_alloc = control->min_dump_alloc;
atomic_inc(&skb->users);
cb->skb = skb;
@@ -1796,19 +1800,28 @@ int netlink_dump_start(struct sock *ssk,
return -ECONNREFUSED;
}
nlk = nlk_sk(sk);
- /* A dump is in progress... */
+
mutex_lock(nlk->cb_mutex);
+ /* A dump is in progress... */
if (nlk->cb) {
mutex_unlock(nlk->cb_mutex);
netlink_destroy_callback(cb);
- sock_put(sk);
- return -EBUSY;
+ ret = -EBUSY;
+ goto out;
}
+ /* add reference of module which cb->dump belongs to */
+ if (!try_module_get(cb->module)) {
+ mutex_unlock(nlk->cb_mutex);
+ netlink_destroy_callback(cb);
+ ret = -EPROTONOSUPPORT;
+ goto out;
+ }
+
nlk->cb = cb;
mutex_unlock(nlk->cb_mutex);

ret = netlink_dump(sk);
-
+out:
sock_put(sk);

if (ret)
@@ -1819,7 +1832,7 @@ int netlink_dump_start(struct sock *ssk,
*/
return -EINTR;
}
-EXPORT_SYMBOL(netlink_dump_start);
+EXPORT_SYMBOL(__netlink_dump_start);

void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err)
{

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "[ 64/85] infiniband: pass rdma_cm module to netlink_dump_start"
Previous message: Greg Kroah-Hartman: "[ 51/85] Revert "cgroup: Remove task_lock() from cgroup_post_fork()""
In reply to: Greg Kroah-Hartman: "[ 51/85] Revert "cgroup: Remove task_lock() from cgroup_post_fork()""
Next in thread: Greg Kroah-Hartman: "[ 64/85] infiniband: pass rdma_cm module to netlink_dump_start"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]