If an ICMP packet comes in on the UDP socket backing an AF_RXRPC socket as
the UDP socket is being shut down, rxrpc_error_report() may get called to
deal with it after sk_user_data on the UDP socket has been cleared, leading
to a NULL pointer access when this local endpoint record gets accessed.
F
From: David Howells
Date: Thu, 10 Oct 2019 15:52:34 +0100
> If an ICMP packet comes in on the UDP socket backing an AF_RXRPC socket as
> the UDP socket is being shut down, rxrpc_error_report() may get called to
> deal with it after sk_user_data on the UDP socket has been cleared, leading
> to a N
On 10/10/19 7:52 AM, David Howells wrote:
> If an ICMP packet comes in on the UDP socket backing an AF_RXRPC socket as
> the UDP socket is being shut down, rxrpc_error_report() may get called to
> deal with it after sk_user_data on the UDP socket has been cleared, leading
> to a NULL pointer acc
On 10/12/19 3:49 AM, Eric Dumazet wrote:
>
> Okay, but we also need this.
>
> diff --git a/net/rxrpc/peer_event.c b/net/rxrpc/peer_event.c
> index
> c97ebdc043e44525eaecdd54bc447c1895bdca74..38db10e61f7a5cb50f9ee036b5e16ec284e723ac
> 100644
> --- a/net/rxrpc/peer_event.c
> +++ b/net/rxrpc/p
Eric Dumazet wrote:
> void rxrpc_error_report(struct sock *sk)
> {
> + struct rxrpc_local *local = rcu_dereference_sk_user_data(sk);
Acked-by: David Howells
5 matches
Mail list logo
