diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 02cf848f71d23205b79384361af3fde819517fd3..ddbdde82a700dcf46a81a05439c966182b851d8c 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -1368,25 +1368,14 @@ static int rtnetlink_net_init(struct net *net) rtnetlink_rcv, &rtnl_mutex, THIS_MODULE); if (!sk) return -ENOMEM; - - /* Don't hold an extra reference on the namespace */ - put_net(sk->sk_net); net->rtnl = sk; return 0; } static void rtnetlink_net_exit(struct net *net) { - struct sock *sk = net->rtnl; - if (sk) { - /* At the last minute lie and say this is a socket for the - * initial network namespace. So the socket will be safe to - * free. - */ - sk->sk_net = get_net(&init_net); - netlink_kernel_release(net->rtnl); - net->rtnl = NULL; - } + netlink_kernel_release(net->rtnl); + net->rtnl = NULL; } static struct pernet_operations rtnetlink_net_ops = { diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index e787d215115217492ab31bda0ee7df2010bfe82e..62bd791c204e43ccdddd84057ea6bd5fcd7af5d5 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -869,19 +869,14 @@ static int nl_fib_lookup_init(struct net *net) nl_fib_input, NULL, THIS_MODULE); if (sk == NULL) return -EAFNOSUPPORT; - /* Don't hold an extra reference on the namespace */ - put_net(sk->sk_net); net->ipv4.fibnl = sk; return 0; } static void nl_fib_lookup_exit(struct net *net) { - /* At the last minute lie and say this is a socket for the - * initial network namespace. So the socket will be safe to free. - */ - net->ipv4.fibnl->sk_net = get_net(&init_net); netlink_kernel_release(net->ipv4.fibnl); + net->ipv4.fibnl = NULL; } static void fib_disable_ip(struct net_device *dev, int force) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 626a58206298e1f31c81aed14f8fdbe4ffa76089..6b178e1247b5c3672e3857486d2d1346903181c2 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1396,6 +1396,9 @@ netlink_kernel_create(struct net *net, int unit, unsigned int groups, } netlink_table_ungrab(); + /* Do not hold an extra referrence to a namespace as this socket is + * internal to a namespace and does not prevent it to stop. */ + put_net(net); return sk; out_sock_release: @@ -1411,7 +1414,19 @@ netlink_kernel_release(struct sock *sk) { if (sk == NULL || sk->sk_socket == NULL) return; + + /* + * Last sock_put should drop referrence to sk->sk_net. It has already + * been dropped in netlink_kernel_create. Taking referrence to stopping + * namespace is not an option. + * Take referrence to a socket to remove it from netlink lookup table + * _alive_ and after that destroy it in the context of init_net. + */ + sock_hold(sk); sock_release(sk->sk_socket); + + sk->sk_net = get_net(&init_net); + sock_put(sk); } EXPORT_SYMBOL(netlink_kernel_release);