On Sun, 2006-10-29 at 03:55 +0900, Akinobu Mita wrote:
> Reloading rpcsec_gss_krb5 or rpcsec_gss_spkm3 hit duplicate
> registration in svcauth_gss_register_pseudoflavor().
> (If DEBUG_PAGEALLOC is enabled, oops will happen at
> auth_domain_put() --> hlist_del() with uninitialized hlist_node)
>
> svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
> {
> ...
>
> test = auth_domain_lookup(name, &new->h);
> if (test != &new->h) { /* XXX Duplicate registration? */
> auth_domain_put(&new->h);
> /* dangling ref-count... */
> ...
> }
>
> This patch unregisters gss_domain and free it when unloading
> modules (rpcsec_gss_krb5 or rpcsec_gss_spkm3 module call
> gss_mech_unregister())
>
> Cc: Andy Adamson <[email protected]>
> Cc: "J. Bruce Fields" <[email protected]>
> Cc: Trond Myklebust <[email protected]>
> Signed-off-by: Akinobu Mita <[email protected]>
>
> net/sunrpc/auth_gss/gss_mech_switch.c | 4 ++++
> net/sunrpc/auth_gss/svcauth_gss.c | 6 +++---
> 2 files changed, 7 insertions(+), 3 deletions(-)
>
> Index: work-fault-inject/net/sunrpc/auth_gss/gss_mech_switch.c
> ===================================================================
> --- work-fault-inject.orig/net/sunrpc/auth_gss/gss_mech_switch.c
> +++ work-fault-inject/net/sunrpc/auth_gss/gss_mech_switch.c
> @@ -59,7 +59,11 @@ gss_mech_free(struct gss_api_mech *gm)
> int i;
>
> for (i = 0; i < gm->gm_pf_num; i++) {
> + struct auth_domain *dom;
> +
> pf = &gm->gm_pfs[i];
> + dom = auth_domain_find(pf->auth_domain_name);
> + auth_domain_put(dom);
Since auth_domain_find() takes a reference on "dom", and
auth_domain_put() releases it, won't this just be a no-op?
> kfree(pf->auth_domain_name);
> pf->auth_domain_name = NULL;
> }
> Index: work-fault-inject/net/sunrpc/auth_gss/svcauth_gss.c
> ===================================================================
> --- work-fault-inject.orig/net/sunrpc/auth_gss/svcauth_gss.c
> +++ work-fault-inject/net/sunrpc/auth_gss/svcauth_gss.c
> @@ -765,9 +765,9 @@ svcauth_gss_register_pseudoflavor(u32 ps
>
> test = auth_domain_lookup(name, &new->h);
> if (test != &new->h) { /* XXX Duplicate registration? */
> - auth_domain_put(&new->h);
> - /* dangling ref-count... */
> - goto out;
> + WARN_ON(1);
> + kfree(new->h.name);
> + goto out_free_dom;
> }
> return 0;
>
Cheers,
Trond
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]