1
linux/net
Vlad Yasevich ae53b5bd77 sctp: Fix another socket race during accept/peeloff
There is a race between sctp_rcv() and sctp_accept() where we
have moved the association from the listening socket to the
accepted socket, but sctp_rcv() processing cached the old
socket and continues to use it.

The easy solution is to check for the socket mismatch once we've
grabed the socket lock.  If we hit a mis-match, that means
that were are currently holding the lock on the listening socket,
but the association is refrencing a newly accepted socket.  We need
to drop the lock on the old socket and grab the lock on the new one.

A more proper solution might be to create accepted sockets when
the new association is established, similar to TCP.  That would
eliminate the race for 1-to-1 style sockets, but it would still
existing for 1-to-many sockets where a user wished to peeloff an
association.  For now, we'll live with this easy solution as
it addresses the problem.

Reported-by: Michal Hocko <mhocko@suse.cz>
Reported-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-22 14:53:23 -08:00
..
9p net/9p: fid->fid is used uninitialized 2009-01-19 16:20:15 -08:00
802
8021q vlan: add neigh_setup 2009-01-08 10:50:20 -08:00
appletalk appletalk: convert aarp to net_device_ops 2009-01-07 17:21:44 -08:00
atm netdevice: Kill netdev->priv 2008-12-08 01:14:16 -08:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2008-12-28 12:49:40 -08:00
bluetooth bluetooth: driver API update 2009-01-07 17:23:17 -08:00
bridge netfilter 05/09: ebtables: fix inversion in match code 2009-01-12 21:18:35 -08:00
can can: fix slowpath issue in hrtimer callback function 2009-01-14 21:06:55 -08:00
core gro: Fix merging of paged packets 2009-01-20 14:44:03 -08:00
dcb DCB: fix kfree(skb) 2009-01-04 17:29:21 -08:00
dccp dccp ccid-3: Fix RFC reference 2009-01-11 00:17:22 -08:00
decnet net: Make static 2008-12-10 15:18:31 -08:00
dsa dsa: convert to net_device_ops (v2) 2009-01-06 16:45:26 -08:00
econet
ethernet
ipv4 gso: Ensure that the packet is long enough 2009-01-14 20:41:12 -08:00
ipv6 gro: Fix handling of complete checksums in IPv6 2009-01-20 14:44:01 -08:00
ipx
irda tty: Fix an ircomm warning and note another bug 2009-01-02 10:19:43 -08:00
iucv s390: remove s390_root_dev_*() 2009-01-06 10:44:34 -08:00
key
lapb
llc
mac80211 mac80211: fix slot time debug message 2009-01-22 13:55:01 -05:00
netfilter netfilter: ctnetlink: fix scheduling while atomic 2009-01-21 12:19:49 -08:00
netlabel netlabel: Update kernel configuration API 2008-12-31 12:54:11 -05:00
netlink genetlink: export genl_unregister_mc_group() 2009-01-07 10:00:17 -08:00
netrom Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2008-12-28 12:49:40 -08:00
packet
phonet phonet: update to net_device_ops 2009-01-07 17:24:34 -08:00
rfkill net/rfkill/rfkill.c: fix unused rfkill_led_trigger() warning 2009-01-04 17:11:24 -08:00
rose Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2008-12-28 12:49:40 -08:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2008-12-28 12:49:40 -08:00
sched pkt_sched: sch_htb: Break all htb_do_events() after 2 jiffies 2009-01-12 21:54:40 -08:00
sctp sctp: Fix another socket race during accept/peeloff 2009-01-22 14:53:23 -08:00
sunrpc SUNRPC: The sunrpc server code should not be used by out-of-tree modules 2009-01-07 17:18:42 -05:00
tipc net/tipc/bcast.h: use ARRAY_SIZE 2009-01-11 00:06:33 -08:00
unix introduce new LSM hooks where vfsmount is available. 2008-12-31 18:07:37 -05:00
wanrouter
wimax wimax: testing for rfkill support should also test for CONFIG_RFKILL_MODULE 2009-01-08 11:08:01 -08:00
wireless cfg80211: Fix parsed country IE info for 5 GHz 2009-01-16 17:08:24 -05:00
x25
xfrm Revert "xfrm: For 32/64 compatability wrt. xfrm_usersa_info" 2009-01-20 09:49:51 -08:00
compat.c
Kconfig wimax: Makefile, Kconfig and docbook linkage for the stack 2009-01-07 10:00:17 -08:00
Makefile wimax: Makefile, Kconfig and docbook linkage for the stack 2009-01-07 10:00:17 -08:00
nonet.c
socket.c [CVE-2009-0029] System call wrappers part 22 2009-01-14 14:15:27 +01:00
sysctl_net.c
TUNABLE