xt_qtaguid: Use sk_callback_lock read locks before reading sk->sk_socket
It prevents a kernel panic when accessing sk->sk_socket fields due to NULLing sk->sk_socket when sock_orphan is called through sk_common_release. Change-Id: I4aa46b4e2d8600e4d4ef8dcdd363aa4e6e5f8433 Signed-off-by: Mohamad Ayyash <mkayyash@google.com> (cherry picked from commit cdea0ebcb8bcfe57688f6cb692b49e550ebd9796) Git-commit: aac55d5ed474e8b6b08d85e742727e5dc0b7893c Git-repo: https://android.googlesource.com/kernel/common.git [imaund@codeaurora.org: Resolved context conflicts] Signed-off-by: Ian Maund <imaund@codeaurora.org>
This commit is contained in:
parent
269ca50ccd
commit
78a08e07a2
|
@ -1657,6 +1657,7 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
|
|||
* For now we only do tag stats when the uid-owner is not requested
|
||||
*/
|
||||
bool do_tag_stat = !(info->match & XT_QTAGUID_UID);
|
||||
bool set_sk_callback_lock = false;
|
||||
|
||||
if (unlikely(module_passive))
|
||||
return (info->match ^ info->invert) == 0;
|
||||
|
@ -1714,6 +1715,8 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
|
|||
MT_DEBUG("qtaguid[%d]: sk=%p got_sock=%d fam=%d proto=%d\n",
|
||||
par->hooknum, sk, got_sock, par->family, ipx_proto(skb, par));
|
||||
if (sk != NULL) {
|
||||
set_sk_callback_lock = true;
|
||||
read_lock_bh(&sk->sk_callback_lock);
|
||||
MT_DEBUG("qtaguid[%d]: sk=%p->sk_socket=%p->file=%p\n",
|
||||
par->hooknum, sk, sk->sk_socket,
|
||||
sk->sk_socket ? sk->sk_socket->file : (void *)-1LL);
|
||||
|
@ -1785,6 +1788,8 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
|
|||
put_sock_ret_res:
|
||||
if (got_sock)
|
||||
xt_socket_put_sk(sk);
|
||||
if (set_sk_callback_lock)
|
||||
read_unlock_bh(&sk->sk_callback_lock);
|
||||
ret_res:
|
||||
MT_DEBUG("qtaguid[%d]: left %d\n", par->hooknum, res);
|
||||
return res;
|
||||
|
|
Loading…
Reference in New Issue