diff options
| author | Eric Dumazet <edumazet@google.com> | 2015-10-01 05:39:26 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-10-27 09:51:50 +0900 |
| commit | 8ae3dfacdd8257691332d98f258ac8858bcd6585 (patch) | |
| tree | b57a4b62aa4ef85db75eb03bb6fdd0159ece72da /net/unix/af_unix.c | |
| parent | bbc89a6195a2310a182cf583e9825dfc1ebe58ce (diff) | |
inet: fix race in reqsk_queue_unlink()
[ Upstream commit 2306c704ce280c97a60d1f45333b822b40281dea ]
reqsk_timer_handler() tests if icsk_accept_queue.listen_opt
is NULL at its beginning.
By the time it calls inet_csk_reqsk_queue_drop() and
reqsk_queue_unlink(), listener might have been closed and
inet_csk_listen_stop() had called reqsk_queue_yank_acceptq()
which sets icsk_accept_queue.listen_opt to NULL
We therefore need to correctly check listen_opt being NULL
after holding syn_wait_lock for proper synchronization.
Fixes: fa76ce7328b2 ("inet: get rid of central tcp/dccp listener timer")
Fixes: b357a364c57c ("inet: fix possible panic in reqsk_queue_unlink()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/unix/af_unix.c')
0 files changed, 0 insertions, 0 deletions