Count module references correctly: after instance_destroy() there
might be timer pending and holding a reference for this netlink instance.
Signed-off-by: Michał Mirosław <[email protected]>
--- linux-2.6.20/net/netfilter/nfnetlink_log.c.5 2007-02-11 22:24:56.000000000 +0100
+++ linux-2.6.20/net/netfilter/nfnetlink_log.c 2007-02-11 22:31:19.000000000 +0100
@@ -133,6 +133,7 @@ instance_put(struct nfulnl_instance *ins
if (inst && atomic_dec_and_test(&inst->use)) {
UDEBUG("kfree(inst=%p)\n", inst);
kfree(inst);
+ module_put(THIS_MODULE);
}
}
@@ -146,9 +147,13 @@ instance_create(u_int16_t group_num, int
UDEBUG("entering (group_num=%u, pid=%d)\n", group_num,
pid);
+ if (!try_module_get(THIS_MODULE)) {
+ UDEBUG("aborting, could not reference own module (module unloading?)\n");
+ goto out_modunload;
+ }
+
write_lock_bh(&instances_lock);
if (__instance_lookup(group_num)) {
- inst = NULL;
UDEBUG("aborting, instance already exists\n");
goto out_unlock;
}
@@ -176,9 +181,6 @@ instance_create(u_int16_t group_num, int
inst->copy_mode = NFULNL_COPY_PACKET;
inst->copy_range = 0xffff;
- if (!try_module_get(THIS_MODULE))
- goto out_free;
-
hlist_add_head(&inst->hlist,
&instance_table[instance_hashfn(group_num)]);
@@ -189,10 +191,10 @@ instance_create(u_int16_t group_num, int
return inst;
-out_free:
- instance_put(inst);
out_unlock:
write_unlock_bh(&instances_lock);
+ module_put(THIS_MODULE);
+out_modunload:
return NULL;
}
@@ -228,8 +230,6 @@ _instance_destroy2(struct nfulnl_instanc
/* and finally put the refcount */
instance_put(inst);
-
- module_put(THIS_MODULE);
}
static inline void
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
