davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0f0a00beb8
kernel-ark/net
History
Denis Lunev ac57b3a9ce [NETLINK]: Don't attach callback to a going-away netlink socket 
There is a race between netlink_dump_start() and netlink_release()
that can lead to the situation when a netlink socket with non-zero
callback is freed.

Here it is:

CPU1:                           CPU2
netlink_release():              netlink_dump_start():

                                sk = netlink_lookup(); /* OK */

netlink_remove();

spin_lock(&nlk->cb_lock);
if (nlk->cb) { /* false */
  ...
}
spin_unlock(&nlk->cb_lock);

                                spin_lock(&nlk->cb_lock);
                                if (nlk->cb) { /* false */
                                         ...
                                }
                                nlk->cb = cb;
                                spin_unlock(&nlk->cb_lock);
                                ...
sock_orphan(sk);
/*
 * proceed with releasing
 * the socket
 */

The proposal it to make sock_orphan before detaching the callback
in netlink_release() and to check for the sock to be SOCK_DEAD in
netlink_dump_start() before setting a new callback.

Signed-off-by: Denis Lunev <den@openvz.org>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Pavel Emelianov <xemul@openvz.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-18 17:05:58 -07:00
..
802
8021q [VLAN]: Allow VLAN interface on top of bridge interface 2007-04-13 16:12:47 -07:00
appletalk [APPLETALK]: Fix a remotely triggerable crash 2007-04-04 23:52:46 -07:00
atm [NET]: Fix neighbour destructor handling. 2007-03-25 18:48:01 -07:00
ax25 [NET] AX.25 Kconfig and docs updates and fixes 2007-03-25 18:48:02 -07:00
bluetooth [PATCH] bluetooth hid quirks: mightymouse quirk 2007-03-29 08:22:24 -07:00
bridge [BRIDGE]: Unaligned access when comparing ethernet addresses 2007-04-17 14:16:00 -07:00
core [NET]: Set a separate lockdep class for neighbour table's proxy_queue 2007-04-17 13:13:31 -07:00
dccp [DCCP] getsockopt: Fix DCCP_SOCKOPT_[SEND,RECV]_CSCOV 2007-03-28 11:54:32 -07:00
decnet [DECNet] fib: Fix out of bound access of dn_fib_props[] 2007-03-25 18:48:04 -07:00
econet
ethernet
ieee80211 [PATCH] fix typos in net/ieee80211/Kconfig 2007-03-24 16:51:53 -07:00
ipv4 [NETFILTER] arp_tables: Fix unaligned accesses. 2007-04-13 16:37:54 -07:00
ipv6 [IPV6] SNMP: Fix {In,Out}NoRoutes statistics. 2007-04-13 16:18:02 -07:00
ipx
irda [IrDA]: Correctly handling socket error 2007-04-18 15:07:22 -07:00
iucv
key [IPSEC] af_key: Fix thinko in pfkey_xfrm_policy2msg() 2007-04-18 14:16:07 -07:00
lapb
llc
netfilter [NETFILTER]: nf_conntrack_netlink: add missing dependency on NF_NAT 2007-03-22 12:29:57 -07:00
netlabel
netlink [NETLINK]: Don't attach callback to a going-away netlink socket 2007-04-18 17:05:58 -07:00
netrom
packet
rose [ROSE]: Socket locking is a great invention. 2007-03-12 15:53:33 -07:00
rxrpc
sched [NET_SCHED]: cls_tcindex: fix compatibility breakage 2007-04-09 13:31:13 -07:00
sctp [SCTP]: Do not interleave non-fragments when in partial delivery 2007-04-18 14:16:09 -07:00
sunrpc knfsd: use a spinlock to protect sk_info_authunix 2007-04-17 16:36:27 -07:00
tipc
unix [NET]: Revert incorrect accept queue backlog changes. 2007-03-06 11:21:05 -08:00
wanrouter [WANROUTER]: Delete superfluous source file "net/wanrouter/af_wanpipe.c". 2007-03-12 17:06:27 -07:00
x25 [X25] x25_forward_call(): fix NULL dereferences 2007-03-20 00:09:46 -07:00
xfrm [IPSEC] XFRM_USER: kernel panic when large security contexts in ACQUIRE 2007-04-13 16:14:35 -07:00
compat.c
Kconfig
Makefile
nonet.c
socket.c [NET]: Correct accept(2) recovery after sock_attach_fd() 2007-03-26 14:09:52 -07:00
sysctl_net.c
TUNABLE