On 09/04/2018 10:12 AM, Cong Wang wrote:
> Before we unlock the sock in tipc_release(), we have to
> detach sk->sk_socket from sk, otherwise a parallel
> tipc_sk_fill_sock_diag() could stil read it after we
> free this socket.
>
> Fixes: c30b70deb5f4 ("tipc: implement socket diagnostics for AF_TIPC")
> Reported-and-tested-by: [email protected]
> Cc: Jon Maloy <[email protected]>
> Cc: Ying Xue <[email protected]>
> Signed-off-by: Cong Wang <[email protected]>
Acked-by: Ying Xue <[email protected]>
> ---
> net/tipc/socket.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/tipc/socket.c b/net/tipc/socket.c
> index a19b2b1c77ed..b5a6635e4dfa 100644
> --- a/net/tipc/socket.c
> +++ b/net/tipc/socket.c
> @@ -576,6 +576,7 @@ static int tipc_release(struct socket *sock)
> sk_stop_timer(sk, &sk->sk_timer);
> tipc_sk_remove(tsk);
>
> + sock_orphan(sk);
> /* Reject any messages that accumulated in backlog queue */
> release_sock(sk);
> tipc_dest_list_purge(&tsk->cong_links);
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tipc-discussion mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
