Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity

[IPV6]: Fix OOPS when using IPV6_ADDRFORM

Browse source 
This causes sk->sk_prot to change, which makes the socket
release free the sock into the wrong SLAB cache.  Fix this
by introducing sk_prot_creator so that we always remember
where the sock came from.

Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Arnaldo Carvalho de Melo 2005-05-05 13:35:15 -07:00 committed by David S. Miller
parent 25ae3f59b1
commit 476e19cfa1
2 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/net/sock.h
View file

@ -141,6 +141,7 @@ struct sock_common {
* @sk_callback_lock: used with the callbacks in the end of this struct * @sk_callback_lock: used with the callbacks in the end of this struct
* @sk_error_queue: rarely used * @sk_error_queue: rarely used
* @sk_prot: protocol handlers inside a network family * @sk_prot: protocol handlers inside a network family
* @sk_prot_creator: sk_prot of original sock creator (see ipv6_setsockopt, IPV6_ADDRFORM for instance)
* @sk_err: last error * @sk_err: last error
* @sk_err_soft: errors that don't cause failure but are the cause of a persistent failure not just 'timed out' * @sk_err_soft: errors that don't cause failure but are the cause of a persistent failure not just 'timed out'
* @sk_ack_backlog: current listen backlog * @sk_ack_backlog: current listen backlog
@ -218,6 +219,7 @@ struct sock {
} sk_backlog; } sk_backlog;
struct sk_buff_head sk_error_queue; struct sk_buff_head sk_error_queue;
struct proto *sk_prot; struct proto *sk_prot;
struct proto *sk_prot_creator;
rwlock_t sk_callback_lock; rwlock_t sk_callback_lock;
int sk_err, int sk_err,
sk_err_soft; sk_err_soft;

12
net/core/sock.c
View file

@ -635,7 +635,11 @@ struct sock *sk_alloc(int family, int priority, struct proto *prot, int zero_it)
if (zero_it) { if (zero_it) {
memset(sk, 0, prot->obj_size); memset(sk, 0, prot->obj_size);
sk->sk_family = family; sk->sk_family = family;
sk->sk_prot = prot; /*
* See comment in struct sock definition to understand
* why we need sk_prot_creator -acme
*/
sk->sk_prot = sk->sk_prot_creator = prot;
sock_lock_init(sk); sock_lock_init(sk);
} }
@ -654,7 +658,7 @@ struct sock *sk_alloc(int family, int priority, struct proto *prot, int zero_it)
void sk_free(struct sock *sk) void sk_free(struct sock *sk)
{ {
struct sk_filter *filter; struct sk_filter *filter;
struct module *owner = sk->sk_prot->owner; struct module *owner = sk->sk_prot_creator->owner;
if (sk->sk_destruct) if (sk->sk_destruct)
sk->sk_destruct(sk); sk->sk_destruct(sk);
@ -672,8 +676,8 @@ void sk_free(struct sock *sk)
__FUNCTION__, atomic_read(&sk->sk_omem_alloc)); __FUNCTION__, atomic_read(&sk->sk_omem_alloc));
security_sk_free(sk); security_sk_free(sk);
if (sk->sk_prot->slab != NULL) if (sk->sk_prot_creator->slab != NULL)
kmem_cache_free(sk->sk_prot->slab, sk); kmem_cache_free(sk->sk_prot_creator->slab, sk);
else else
kfree(sk); kfree(sk);
module_put(owner); module_put(owner);