evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/sctp
History
Xin Long 50194c3f48 sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf 
[ Upstream commit a0ff660058b88d12625a783ce9e5c1371c87951f ]

After commit cea0cc80a677 ("sctp: use the right sk after waking up from
wait_buf sleep"), it may change to lock another sk if the asoc has been
peeled off in sctp_wait_for_sndbuf.

However, the asoc's new sk could be already closed elsewhere, as it's in
the sendmsg context of the old sk that can't avoid the new sk's closing.
If the sk's last one refcnt is held by this asoc, later on after putting
this asoc, the new sk will be freed, while under it's own lock.

This patch is to revert that commit, but fix the old issue by returning
error under the old sk's lock.

Fixes: cea0cc80a677 ("sctp: use the right sk after waking up from wait_buf sleep")
Reported-by: syzbot+ac6ea7baa4432811eb50@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-01-31 12:06:13 +01:00
..
associola.c mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
auth.c sctp: translate host order to network order when setting a hmacid 2015-11-15 18:27:27 -05:00
bind_addr.c
chunk.c switch sctp_user_addto_chunk() and sctp_datamsg_from_user() to passing iov_iter 2014-11-24 05:16:40 -05:00
debug.c net: sctp: fix array overrun read on sctp_timer_tbl 2017-12-09 18:42:42 +01:00
endpointola.c net: sctp: migrate most recently used transport to ktime 2014-06-11 12:23:17 -07:00
input.c sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect 2017-11-18 11:11:05 +01:00
inqueue.c net: sctp: fix remote memory pressure from excessive queueing 2014-10-14 12:46:22 -04:00
ipv6.c net/sctp: Always set scope_id in sctp_inet6_skb_msgname 2017-11-24 08:32:24 +01:00
Kconfig
Makefile net: sctp: Inline the functions from command.c 2014-07-08 14:38:48 -07:00
objcnt.c
output.c sctp: Fix race between OOTB responce and route removal 2015-06-29 09:28:42 -07:00
outqueue.c sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING 2015-12-06 22:31:51 -05:00
primitive.c
probe.c
proc.c sctp: replace seq_printf with seq_puts 2014-10-30 19:40:16 -04:00
protocol.c sctp: Fix port hash table size computation 2016-03-03 15:07:07 -08:00
sm_make_chunk.c sctp: use the same clock as if sock source timestamps were on 2015-12-05 22:23:22 -05:00
sm_sideeffect.c sctp: Prevent soft lockup when sctp_accept() is called during a timeout event 2015-09-28 21:03:40 -07:00
sm_statefuns.c sctp: validate chunk len before actually using it 2016-11-15 07:46:39 +01:00
sm_statetable.c
socket.c sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf 2018-01-31 12:06:13 +01:00
ssnmap.c
sysctl.c net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory 2016-01-31 11:28:59 -08:00
transport.c remove abs64() 2015-11-09 15:11:24 -08:00
tsnmap.c
ulpevent.c sctp: Fixup v4mapped behaviour to comply with Sock API 2014-07-31 21:49:06 -07:00
ulpqueue.c net: introduce SO_INCOMING_CPU 2014-11-11 13:00:06 -05:00