Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net
History
Marcelo Ricardo Leitner 295c49b4ad sctp: deny peeloff operation on asocs with threads sleeping on it 
commit 2dcab5984841 ("sctp: avoid BUG_ON on sctp_wait_for_sndbuf")
attempted to avoid a BUG_ON call when the association being used for a
sendmsg() is blocked waiting for more sndbuf and another thread did a
peeloff operation on such asoc, moving it to another socket.

As Ben Hutchings noticed, then in such case it would return without
locking back the socket and would cause two unlocks in a row.

Further analysis also revealed that it could allow a double free if the
application managed to peeloff the asoc that is created during the
sendmsg call, because then sctp_sendmsg() would try to free the asoc
that was created only for that call.

This patch takes another approach. It will deny the peeloff operation
if there is a thread sleeping on the asoc, so this situation doesn't
exist anymore. This avoids the issues described above and also honors
the syscalls that are already being handled (it can be multiple sendmsg
calls).

Joint work with Xin Long.

Fixes: 2dcab5984841 ("sctp: avoid BUG_ON on sctp_wait_for_sndbuf")
Cc: Alexander Popov <alex.popov@linux.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit dfcb9f4f99f1e9a49e43398a7bfbf56927544af1)

Change-Id: I6a2e7a0dd378ff13adae64ebf7856d9962de7e8a
2017-03-07 05:46:39 +00:00
..
9p
802
8021q
appletalk
atm
ax25 net: add validation for the socket syscall protocol argument 2016-10-29 23:12:11 +08:00
batman-adv
bluetooth bluetooth: Validate socket address length in sco_sock_bind(). 2016-10-29 23:12:11 +08:00
bridge
caif
can
ceph
core net: avoid signed overflows for SO_{SND|RCV}BUFFORCE 2017-03-01 19:48:48 -07:00
dcb
dccp ipv6: add complete rcu protection around np->opt 2016-06-17 02:54:32 +00:00
decnet net: add validation for the socket syscall protocol argument 2016-10-29 23:12:11 +08:00
dns_resolver
dsa
econet
ethernet
ieee802154
ipv4 net: ping: Fix stack buffer overflow in ping_common_sendmsg() 2016-12-22 22:05:09 +11:00
ipv6 UPSTREAM: netfilter: x_tables: validate e->target_offset early 2016-10-31 23:01:48 +11:00
ipx
irda net: add validation for the socket syscall protocol argument 2016-10-29 23:12:11 +08:00
iucv
key
l2tp l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() 2017-03-07 05:41:51 +00:00
lapb
llc net: llc: use correct size for sysctl timeout entries 2016-10-29 23:12:10 +08:00
mac80211 mac80211: fix fragmentation code, particularly for encryption 2017-03-07 05:42:27 +00:00
netfilter netfilter: Change %p to %pK in debug messages 2016-12-22 22:05:10 +11:00
netlabel
netlink netlink: validate addr_len on bind 2013-07-03 10:34:22 -07:00
netrom
nfc
openvswitch
packet packet: fix race condition in packet_set_ring 2016-12-12 15:29:13 +11:00
phonet
rds
rfkill
rose
rxrpc net: add length argument to skb_copy_and_csum_datagram_iovec 2016-10-31 22:26:43 +11:00
sched
sctp sctp: deny peeloff operation on asocs with threads sleeping on it 2017-03-07 05:46:39 +00:00
sunrpc sunrpc: Fix possibly uninitialized variable warnings 2016-10-29 23:12:09 +08:00
tipc
unix af_unix: use freezable blocking calls in read 2013-07-12 14:22:59 -07:00
wanrouter
wimax
wireless cfg80211: fix possible circular lock on reg_regdb_search() 2016-10-29 23:12:27 +08:00
x25
xfrm
activity_stats.c
compat.c net/compat.c,linux/filter.h: share compat_sock_fprog 2014-10-31 19:46:10 -07:00
Kconfig
Makefile
nonet.c
socket.c net: Fix use after free in the recvmmsg exit path 2016-10-31 23:25:23 +11:00
sysctl_net.c