From 1b08534e562dae7b084326f8aa8cc12a4c1b6593 Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Thu, 18 Dec 2008 19:35:10 -0800 Subject: [PATCH] net: Fix module refcount leak in kernel_accept() The kernel_accept() does not hold the module refcount of newsock->ops->owner, so we need __module_get(newsock->ops->owner) code after call kernel_accept() by hand. In sunrpc, the module refcount is missing to hold. So this cause kernel panic. Used following script to reproduct: while [ 1 ]; do mount -t nfs4 192.168.0.19:/ /mnt touch /mnt/file umount /mnt lsmod | grep ipv6 done This patch fixed the problem by add __module_get(newsock->ops->owner) to kernel_accept(). So we do not need to used __module_get(newsock->ops->owner) in every place when used kernel_accept(). Signed-off-by: Wei Yongjun Signed-off-by: David S. Miller --- net/bluetooth/rfcomm/core.c | 2 -- net/socket.c | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index ba537fae0a4..ce68e046d96 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c @@ -1786,8 +1786,6 @@ static inline void rfcomm_accept_connection(struct rfcomm_session *s) if (err < 0) return; - __module_get(nsock->ops->owner); - /* Set our callbacks */ nsock->sk->sk_data_ready = rfcomm_l2data_ready; nsock->sk->sk_state_change = rfcomm_l2state_change; diff --git a/net/socket.c b/net/socket.c index 92764d83689..76ba80aeac1 100644 --- a/net/socket.c +++ b/net/socket.c @@ -2307,6 +2307,7 @@ int kernel_accept(struct socket *sock, struct socket **newsock, int flags) } (*newsock)->ops = sock->ops; + __module_get((*newsock)->ops->owner); done: return err;