usbip takes a reference on a struct file which is passed in via sysfs. Previously, this reference was never cleaned up, although the socket it referred to was.
This patch drops the corresponding reference (found with the socket's ->file backpointer) instead of just closing the socket. Signed-off-by: Bernard Blackham <[email protected]> --- drivers/staging/usbip/stub_dev.c | 3 ++- drivers/staging/usbip/usbip_common.c | 4 +++- drivers/staging/usbip/vhci_hcd.c | 10 +++++++--- drivers/staging/usbip/vhci_sysfs.c | 6 +++++- 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/drivers/staging/usbip/stub_dev.c b/drivers/staging/usbip/stub_dev.c index 92ced35..bed4900 100644 --- a/drivers/staging/usbip/stub_dev.c +++ b/drivers/staging/usbip/stub_dev.c @@ -18,6 +18,7 @@ */ #include <linux/device.h> +#include <linux/file.h> #include <linux/kthread.h> #include <linux/module.h> @@ -199,7 +200,7 @@ static void stub_shutdown_connection(struct usbip_device *ud) * not touch NULL socket. */ if (ud->tcp_socket) { - sock_release(ud->tcp_socket); + fput(ud->tcp_socket->file); ud->tcp_socket = NULL; } diff --git a/drivers/staging/usbip/usbip_common.c b/drivers/staging/usbip/usbip_common.c index 70f23026..469a4ef 100644 --- a/drivers/staging/usbip/usbip_common.c +++ b/drivers/staging/usbip/usbip_common.c @@ -410,8 +410,10 @@ struct socket *sockfd_to_socket(unsigned int sockfd) inode = file->f_dentry->d_inode; - if (!inode || !S_ISSOCK(inode->i_mode)) + if (!inode || !S_ISSOCK(inode->i_mode)) { + fput(file); return NULL; + } socket = SOCKET_I(inode); diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c index dfeb492..2e33ded 100644 --- a/drivers/staging/usbip/vhci_hcd.c +++ b/drivers/staging/usbip/vhci_hcd.c @@ -18,6 +18,7 @@ */ #include <linux/init.h> +#include <linux/file.h> #include <linux/kernel.h> #include <linux/kthread.h> #include <linux/module.h> @@ -822,8 +823,8 @@ static void vhci_shutdown_connection(struct usbip_device *ud) pr_info("stop threads\n"); /* active connection is closed */ - if (vdev->ud.tcp_socket != NULL) { - sock_release(vdev->ud.tcp_socket); + if (vdev->ud.tcp_socket) { + fput(vdev->ud.tcp_socket->file); vdev->ud.tcp_socket = NULL; } pr_info("release socket\n"); @@ -869,7 +870,10 @@ static void vhci_device_reset(struct usbip_device *ud) usb_put_dev(vdev->udev); vdev->udev = NULL; - ud->tcp_socket = NULL; + if (ud->tcp_socket) { + fput(ud->tcp_socket->file); + ud->tcp_socket = NULL; + } ud->status = VDEV_ST_NULL; spin_unlock(&ud->lock); diff --git a/drivers/staging/usbip/vhci_sysfs.c b/drivers/staging/usbip/vhci_sysfs.c index 7ce9c2f..c66e9c0 100644 --- a/drivers/staging/usbip/vhci_sysfs.c +++ b/drivers/staging/usbip/vhci_sysfs.c @@ -18,6 +18,7 @@ */ #include <linux/kthread.h> +#include <linux/file.h> #include <linux/net.h> #include "usbip_common.h" @@ -189,7 +190,8 @@ static ssize_t store_attach(struct device *dev, struct device_attribute *attr, if (valid_args(rhport, speed) < 0) return -EINVAL; - /* check sockfd */ + /* Extract socket from fd. */ + /* The correct way to clean this up is to fput(socket->file). */ socket = sockfd_to_socket(sockfd); if (!socket) return -EINVAL; @@ -206,6 +208,8 @@ static ssize_t store_attach(struct device *dev, struct device_attribute *attr, spin_unlock(&vdev->ud.lock); spin_unlock(&the_controller->lock); + fput(socket->file); + dev_err(dev, "port %d already used\n", rhport); return -EINVAL; } -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
