Commit 4965291a authored Apr 01, 2008 by Jarek Poplawski Committed by David S. Miller Apr 01, 2008

[ROSE/AX25] af_rose: rose_release() fix



rose_release() doesn't release sockets properly, e.g. it skips
sock_orphan(), so OOPSes are triggered in sock_def_write_space(),
which was observed especially while ROSE skbs were kfreed from
ax25_frames_acked(). There is also sock_hold() and lock_sock() added -
similarly to ax25_release(). Thanks to Bernard Pidoux for substantial
help in debugging this problem.

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Reported-and-tested-by: Bernard Pidoux <bpidoux@free.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent d43c7b37

net/rose/af_rose.c

+9 −0

Original line number	Diff line number	Diff line
		@@ -598,17 +598,24 @@ static int rose_release(struct socket *sock)

		if (sk == NULL) return 0;

		sock_hold(sk);
		sock_orphan(sk);
		lock_sock(sk);
		rose = rose_sk(sk);

		switch (rose->state) {
		case ROSE_STATE_0:
		release_sock(sk);
		rose_disconnect(sk, 0, -1, -1);
		lock_sock(sk);
		rose_destroy_socket(sk);
		break;

		case ROSE_STATE_2:
		rose->neighbour->use--;
		release_sock(sk);
		rose_disconnect(sk, 0, -1, -1);
		lock_sock(sk);
		rose_destroy_socket(sk);
		break;

		@@ -633,6 +640,8 @@ static int rose_release(struct socket *sock)
		}

		sock->sk = NULL;
		release_sock(sk);
		sock_put(sk);

		return 0;
		}