--- /dev/null
+From b87b6194be631c94785fe93398651e804ed43e28 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Wed, 21 Feb 2018 04:41:59 +0100
+Subject: netlink: put module reference if dump start fails
+
+From: Jason A. Donenfeld <Jason@zx2c4.com>
+
+commit b87b6194be631c94785fe93398651e804ed43e28 upstream.
+
+Before, if cb->start() failed, the module reference would never be put,
+because cb->cb_running is intentionally false at this point. Users are
+generally annoyed by this because they can no longer unload modules that
+leak references. Also, it may be possible to tediously wrap a reference
+counter back to zero, especially since module.c still uses atomic_inc
+instead of refcount_inc.
+
+This patch expands the error path to simply call module_put if
+cb->start() fails.
+
+Fixes: 41c87425a1ac ("netlink: do not set cb_running if dump's start() errs")
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netlink/af_netlink.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/netlink/af_netlink.c
++++ b/net/netlink/af_netlink.c
+@@ -2258,7 +2258,7 @@ int __netlink_dump_start(struct sock *ss
+ if (cb->start) {
+ ret = cb->start(cb);
+ if (ret)
+- goto error_unlock;
++ goto error_put;
+ }
+
+ nlk->cb_running = true;
+@@ -2278,6 +2278,8 @@ int __netlink_dump_start(struct sock *ss
+ */
+ return -EINTR;
+
++error_put:
++ module_put(control->module);
+ error_unlock:
+ sock_put(sk);
+ mutex_unlock(nlk->cb_mutex);
projects / thirdparty / kernel / stable-queue.git / commitdiff
