[ROSE/AX25] af_rose: rose_release() fix

rose_release() doesn't release sockets properly, e.g. it skips sock_orphan(), so OOPSes are triggered in sock_def_write_space(), which was observed especially while ROSE skbs were kfreed from ax25_frames_acked(). There is also sock_hold() and lock_sock() added - similarly to ax25_release(). Thanks to Bernard Pidoux for substantial help in debugging this problem. Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Reported-and-tested-by: Bernard Pidoux <bpidoux@free.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-01 23:56:17 -07:00 · 2008-04-01 23:56:17 -07:00 · 4965291acf
commit 4965291acf
parent d43c7b37ad
1 changed files with 9 additions and 0 deletions
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@ -598,17 +598,24 @@ static int rose_release(struct socket *sock)

 	if (sk == NULL) return 0;

+	sock_hold(sk);
+	sock_orphan(sk);
+	lock_sock(sk);
 	rose = rose_sk(sk);

 	switch (rose->state) {
 	case ROSE_STATE_0:
+		release_sock(sk);
 		rose_disconnect(sk, 0, -1, -1);
+		lock_sock(sk);
 		rose_destroy_socket(sk);
 		break;

 	case ROSE_STATE_2:
 		rose->neighbour->use--;
+		release_sock(sk);
 		rose_disconnect(sk, 0, -1, -1);
+		lock_sock(sk);
 		rose_destroy_socket(sk);
 		break;

@ -633,6 +640,8 @@ static int rose_release(struct socket *sock)
 	}

 	sock->sk = NULL;
+	release_sock(sk);
+	sock_put(sk);

 	return 0;
 }