From 32147b256ce39a64146807a50fdbedaea9db1156 Mon Sep 17 00:00:00 2001
From: Michal Sojka <sojkam1@fel.cvut.cz>
Date: Fri, 4 Apr 2014 20:21:37 +0200
Subject: [PATCH] canethgw: Premature release of job when garbage is received
 on UDP

---
 net/can/canethgw.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/net/can/canethgw.c b/net/can/canethgw.c
index 283d75846a80..532ce9540a9d 100644
--- a/net/can/canethgw.c
+++ b/net/can/canethgw.c
@@ -196,8 +196,7 @@ static int cegw_thread_start(void *data)
 	struct task_struct *task = NULL;
 	struct cegw_job *job = (struct cegw_job *)data;
 
-	kref_init(&job->refcount);
-
+	kref_get(&job->refcount);
 	task = kthread_run(cegw_udp2can, data, "canethgw_udp2can");
 	if (IS_ERR(task)) {
 		kref_put(&job->refcount, cegw_job_release);
@@ -225,7 +224,8 @@ static int cegw_thread_stop(struct cegw_job *job)
 	struct socket *udp_sock = job->udp_sock;
 	struct socket *can_sock = job->can_sock;
 
-	kernel_sock_shutdown(udp_sock, SHUT_RDWR);
+	if (udp_sock)
+		kernel_sock_shutdown(udp_sock, SHUT_RDWR);
 
 	/* PF_CAN sockets do not implement shutdown - do it manualy */
 	sk = can_sock->sk;
@@ -255,6 +255,7 @@ static int cegw_release(struct inode *inode, struct file *file)
 	if (job) {
 		cegw_thread_stop(job);
 	}
+	kref_put(&job->refcount, cegw_job_release);
 
 	module_put(THIS_MODULE);
 	return 0;
@@ -327,6 +328,8 @@ static long cegw_ioctl_start(struct file *file, unsigned long arg)
 		goto err_put_all;
 	}
 
+	kref_init(&job->refcount);
+
 	job->udp_dstcnt = dstcnt;
 	job->udp_addrlen = addrlen;
 
-- 
2.39.2