linux-hardened/net/sctp
Vlad Yasevich ae53b5bd77 sctp: Fix another socket race during accept/peeloff
There is a race between sctp_rcv() and sctp_accept() where we
have moved the association from the listening socket to the
accepted socket, but sctp_rcv() processing cached the old
socket and continues to use it.

The easy solution is to check for the socket mismatch once we've
grabed the socket lock.  If we hit a mis-match, that means
that were are currently holding the lock on the listening socket,
but the association is refrencing a newly accepted socket.  We need
to drop the lock on the old socket and grab the lock on the new one.

A more proper solution might be to create accepted sockets when
the new association is established, similar to TCP.  That would
eliminate the race for 1-to-1 style sockets, but it would still
existing for 1-to-many sockets where a user wished to peeloff an
association.  For now, we'll live with this easy solution as
it addresses the problem.

Reported-by: Michal Hocko <mhocko@suse.cz>
Reported-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-22 14:53:23 -08:00
..
associola.c sctp: Rework the tsn map to use generic bitmap. 2008-10-08 14:18:39 -07:00
auth.c fix similar typos to successfull 2009-01-08 08:31:15 -08:00
bind_addr.c sctp: try harder to figure out address family when checking wildcards 2008-10-01 11:33:06 -04:00
chunk.c SCTP: fix wrong debug counting of datamsg 2008-04-10 01:57:24 -07:00
command.c [SCTP]: Remove sctp_add_cmd_sf wrapper bloat 2008-03-27 17:54:29 -07:00
debug.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
endpointola.c sctp: fix potential panics in the SCTP-AUTH API. 2008-08-21 03:34:25 -07:00
input.c sctp: Fix another socket race during accept/peeloff 2009-01-22 14:53:23 -08:00
inqueue.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
ipv6.c net: replace %p6 with %pI6 2008-10-29 12:52:50 -07:00
Kconfig sctp: Don't abort initialization when CONFIG_PROC_FS=n 2008-07-18 23:03:44 -07:00
Makefile sctp: Don't abort initialization when CONFIG_PROC_FS=n 2008-07-18 23:03:44 -07:00
objcnt.c [NET]: Fix heavy stack usage in seq_file output routines. 2008-04-24 01:02:16 -07:00
output.c sctp: Properly timestamp outgoing data chunks for rtx purposes 2009-01-22 14:53:01 -08:00
outqueue.c sctp: Correctly start rtx timer on new packet transmissions. 2009-01-22 14:52:43 -08:00
primitive.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
proc.c sctp: remove sctp_assoc_proc_exit() 2008-07-22 14:21:30 -07:00
protocol.c sctp: fix missing label when PROC_FS=n 2008-11-27 15:30:53 -08:00
sm_make_chunk.c sctp: shrink sctp_tsnmap some more by removing gabs array 2008-10-08 14:19:01 -07:00
sm_sideeffect.c sctp: Rework the tsn map to use generic bitmap. 2008-10-08 14:18:39 -07:00
sm_statefuns.c trivial: fix then -> than typos in comments and documentation 2009-01-06 11:28:06 +01:00
sm_statetable.c sctp: Fix to handle SHUTDOWN in SHUTDOWN_RECEIVED state 2008-10-23 01:01:18 -07:00
socket.c trivial: fix then -> than typos in comments and documentation 2009-01-06 11:28:06 +01:00
ssnmap.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
sysctl.c net: '&' redux 2008-11-03 18:21:05 -08:00
transport.c sctp: Prevent uninitialized memory access 2008-07-18 23:04:39 -07:00
tsnmap.c trivial: fix then -> than typos in comments and documentation 2009-01-06 11:28:06 +01:00
ulpevent.c sctp: Rework the tsn map to use generic bitmap. 2008-10-08 14:18:39 -07:00
ulpqueue.c net: Remove __skb_insert() calls outside of skbuff internals. 2008-09-21 21:28:51 -07:00