Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 190381 Details for
Bug 280431
ip_tables reference count will underflow occasionally
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
cleaned up version of the patch
linux-kernel-test.patch (text/plain), 4.32 KB, created by
Neil Horman
on 2007-09-07 19:49:41 UTC
(
hide
)
Description:
cleaned up version of the patch
Filename:
MIME Type:
Creator:
Neil Horman
Created:
2007-09-07 19:49:41 UTC
Size:
4.32 KB
patch
obsolete
>--- linux-2.6.9/fs/proc/generic.c.orig 2007-09-07 10:44:39.000000000 -0400 >+++ linux-2.6.9/fs/proc/generic.c 2007-09-07 10:50:40.000000000 -0400 >@@ -74,6 +74,9 @@ proc_file_read(struct file *file, char _ > if (!(page = (char*) __get_free_page(GFP_KERNEL))) > return -ENOMEM; > >+ if (!try_module_get(dp->owner)) >+ return -EIO; >+ > while ((nbytes > 0) && !eof) { > count = min_t(size_t, PROC_BLOCK_SIZE, nbytes); > >@@ -193,6 +196,7 @@ proc_file_read(struct file *file, char _ > buf += n; > retval += n; > } >+ module_put(dp->owner); > free_page((unsigned long) page); > return retval; > } >@@ -203,14 +207,19 @@ proc_file_write(struct file *file, const > { > struct inode *inode = file->f_dentry->d_inode; > struct proc_dir_entry * dp; >- >+ ssize_t ret; > dp = PDE(inode); > > if (!dp->write_proc) > return -EIO; > >+ if (!try_module_get(dp->owner)) >+ return -EIO; >+ > /* FIXME: does this routine need ppos? probably... */ >- return dp->write_proc(file, buffer, count, dp->data); >+ ret = dp->write_proc(file, buffer, count, dp->data); >+ module_put(dp->owner); >+ return ret; > } > > >--- linux-2.6.9/fs/proc/inode.c.orig 2004-10-18 17:55:07.000000000 -0400 >+++ linux-2.6.9/fs/proc/inode.c 2007-09-07 10:50:40.000000000 -0400 >@@ -69,8 +69,6 @@ static void proc_delete_inode(struct ino > /* Let go of any associated proc directory entry */ > de = PROC_I(inode)->pde; > if (de) { >- if (de->owner) >- module_put(de->owner); > de_put(de); > } > clear_inode(inode); >@@ -215,8 +213,6 @@ struct inode *proc_get_inode(struct supe > inode->i_size = de->size; > if (de->nlink) > inode->i_nlink = de->nlink; >- if (!try_module_get(de->owner)) >- goto out_fail; > if (de->proc_iops) > inode->i_op = de->proc_iops; > if (de->proc_fops) >--- linux-2.6.9/include/linux/proc_fs.h.orig 2007-09-07 11:02:48.000000000 -0400 >+++ linux-2.6.9/include/linux/proc_fs.h 2007-09-07 11:17:43.000000000 -0400 >@@ -184,6 +184,30 @@ static inline struct proc_dir_entry *pro > return create_proc_info_entry(name,mode,proc_net,get_info); > } > >+static inline struct proc_dir_entry *proc_net_create_owner(const char *name, >+ mode_t mode, get_info_t *get_info, struct module *owner) >+{ >+ struct proc_dir_entry *newf; >+ mode_t temp_mode = ((mode & (~S_IRWXUGO)) | S_ISVTX); >+ >+ /* >+ * temp_mode removes any accesibility from the created proc >+ * file and acts as a lock, preventing file access until >+ * we finish setting up the proc_dir_entry structure >+ */ >+ newf = create_proc_info_entry(name, temp_mode, proc_net, get_info); >+ if (newf) { >+ newf->owner = owner; >+ /* >+ * Once we have the module owner set, we can enable file access >+ */ >+ if ((mode & S_IALLUGO) == 0) >+ mode |= S_IRUGO; >+ newf->mode |= mode; >+ } >+ return newf; >+} >+ > static inline struct proc_dir_entry *proc_net_fops_create(const char *name, > mode_t mode, struct file_operations *fops) > { >--- linux-2.6.9/include/linux/module.h.orig 2007-09-07 10:44:41.000000000 -0400 >+++ linux-2.6.9/include/linux/module.h 2007-09-07 10:50:40.000000000 -0400 >@@ -393,6 +393,7 @@ static inline int try_module_get(struct > static inline void module_put(struct module *module) > { > if (module) { >+ BUG_ON(module_refcount(module) == 0); > unsigned int cpu = get_cpu(); > local_dec(&module->ref[cpu].count); > /* Maybe they're waiting for us to drop reference? */ >--- linux-2.6.9/net/ipv4/netfilter/ip_tables.c.orig 2007-09-07 10:44:41.000000000 -0400 >+++ linux-2.6.9/net/ipv4/netfilter/ip_tables.c 2007-09-07 11:18:48.000000000 -0400 >@@ -1161,6 +1161,7 @@ do_replace(void __user *user, unsigned i > (newinfo->number <= oldinfo->initial_entries)) > module_put(t->me); > >+ > /* Get the old counters. */ > get_counters(oldinfo, counters); > /* Decrease module usage counts and free resource */ >@@ -1879,15 +1880,19 @@ static int __init init(void) > int i; > > for (i = 0; ipt_proc_entry[i].name; i++) { >- proc = proc_net_create(ipt_proc_entry[i].name, 0, >- ipt_proc_entry[i].get_info); >+ /* >+ * The use of the owner varaint of proc_net_create here >+ * lets us set file to module ownership without opening >+ * us to module decrement underflow >+ */ >+ proc = proc_net_create_owner(ipt_proc_entry[i].name, 0, >+ ipt_proc_entry[i].get_info, THIS_MODULE); > if (!proc) { > while (--i >= 0) > proc_net_remove(ipt_proc_entry[i].name); > nf_unregister_sockopt(&ipt_sockopts); > return -ENOMEM; > } >- proc->owner = THIS_MODULE; > } > } > #endif
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=190381">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 280431
:
189351
| 190381