1) Module leak. If try_module_get(npf->owner) works but sock_alloc()
fails, we never put the module. It just branches to the "out"
label in that case, which unlocks the net_family table and returns
err.
2) Bigger issue, why not attach the owner to struct sock
instead of socket? The sock can exist, and thus reference
the protocol family code, long after the socket (ie. the
user end) is killed off and closed.
For example, this could happen for just about any protocol family
due to stray device sk_buff references to the sock and thus the
protocol family.
Please address this stuff.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/