android_kernel_xiaomi_sm8350/net/sctp
Vlad Yasevich ae53b5bd77 sctp: Fix another socket race during accept/peeloff
There is a race between sctp_rcv() and sctp_accept() where we
have moved the association from the listening socket to the
accepted socket, but sctp_rcv() processing cached the old
socket and continues to use it.

The easy solution is to check for the socket mismatch once we've
grabed the socket lock.  If we hit a mis-match, that means
that were are currently holding the lock on the listening socket,
but the association is refrencing a newly accepted socket.  We need
to drop the lock on the old socket and grab the lock on the new one.

A more proper solution might be to create accepted sockets when
the new association is established, similar to TCP.  That would
eliminate the race for 1-to-1 style sockets, but it would still
existing for 1-to-many sockets where a user wished to peeloff an
association.  For now, we'll live with this easy solution as
it addresses the problem.

Reported-by: Michal Hocko <mhocko@suse.cz>
Reported-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-22 14:53:23 -08:00
..
associola.c
auth.c fix similar typos to successfull 2009-01-08 08:31:15 -08:00
bind_addr.c
chunk.c
command.c
debug.c
endpointola.c
input.c sctp: Fix another socket race during accept/peeloff 2009-01-22 14:53:23 -08:00
inqueue.c
ipv6.c
Kconfig
Makefile
objcnt.c
output.c sctp: Properly timestamp outgoing data chunks for rtx purposes 2009-01-22 14:53:01 -08:00
outqueue.c sctp: Correctly start rtx timer on new packet transmissions. 2009-01-22 14:52:43 -08:00
primitive.c
proc.c
protocol.c
sm_make_chunk.c
sm_sideeffect.c
sm_statefuns.c trivial: fix then -> than typos in comments and documentation 2009-01-06 11:28:06 +01:00
sm_statetable.c
socket.c trivial: fix then -> than typos in comments and documentation 2009-01-06 11:28:06 +01:00
ssnmap.c
sysctl.c
transport.c
tsnmap.c trivial: fix then -> than typos in comments and documentation 2009-01-06 11:28:06 +01:00
ulpevent.c
ulpqueue.c