mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 15:18:19 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
NeilBrown 93dc41bdc5 SUNRPC: close a rare race in xs_tcp_setup_socket. 
We have one report of a crash in xs_tcp_setup_socket.
The call path to the crash is:

  xs_tcp_setup_socket -> inet_stream_connect -> lock_sock_nested.

The 'sock' passed to that last function is NULL.

The only way I can see this happening is a concurrent call to
xs_close:

  xs_close -> xs_reset_transport -> sock_release -> inet_release

inet_release sets:
   sock->sk = NULL;
inet_stream_connect calls
   lock_sock(sock->sk);
which gets NULL.

All calls to xs_close are protected by XPRT_LOCKED as are most
activations of the workqueue which runs xs_tcp_setup_socket.
The exception is xs_tcp_schedule_linger_timeout.

So presumably the timeout queued by the later fires exactly when some
other code runs xs_close().

To protect against this we can move the cancel_delayed_work_sync()
call from xs_destory() to xs_close().

As xs_close is never called from the worker scheduled on
->connect_worker, this can never deadlock.

Signed-off-by: NeilBrown <neilb@suse.de>
[Trond: Make it safe to call cancel_delayed_work_sync() on AF_LOCAL sockets]
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-10-31 09:14:50 -04:00
..
9p for-linus-3.12-merge minor 9p fixes and tweaks for 3.12 merge window 2013-09-11 12:34:13 -07:00
802
8021q net: vlan: inherit addr_assign_type along with dev_addr 2013-09-03 20:57:49 -04:00
appletalk net: proc_fs: trivial: print UIDs as unsigned int 2013-08-15 14:37:46 -07:00
atm
ax25 net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
batman-adv batman-adv: set the TAG flag for the vid passed to BLA 2013-09-17 21:15:16 +02:00
bluetooth Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2013-09-06 09:30:36 -07:00
bridge bridge: fix NULL pointer deref of br_port_get_rcu 2013-09-15 22:03:33 -04:00
caif caif: Add missing braces to multiline if in cfctrl_linkup_request 2013-09-05 14:31:02 -04:00
can can: gw: add a per rule limitation of frame hops 2013-08-29 22:58:24 +02:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-09-19 12:50:37 -05:00
core netpoll: fix NULL pointer dereference in netpoll_cleanup 2013-09-19 14:15:53 -04:00
dcb
dccp net:dccp: do not report ICMP redirects to user space 2013-09-18 12:33:44 -04:00
decnet net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
dns_resolver net: strict_strtoul is obsolete, use kstrtoul instead 2013-07-12 16:09:14 -07:00
dsa net: dsa: inherit addr_assign_type along with dev_addr 2013-09-03 20:57:49 -04:00
ethernet net: Fix sysfs_format_mac() code duplication. 2013-07-16 17:09:22 -07:00
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-09-05 14:54:29 -07:00
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-09-19 13:57:28 -05:00
ipv6 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2013-09-17 20:22:53 -04:00
ipx net: proc_fs: trivial: print UIDs as unsigned int 2013-08-15 14:37:46 -07:00
irda net/irda: fixed style issues in irttp 2013-07-19 17:34:40 -07:00
iucv net: delete __cpuinit usage from all net files 2013-07-14 19:36:58 -04:00
key xfrm: Remove rebundant address family checking 2013-08-07 10:12:58 +02:00
l2tp l2tp: make datapath resilient to packet loss when sequence numbers enabled 2013-07-02 16:33:25 -07:00
lapb
llc llc: Use normal etherdevice.h tests 2013-09-03 22:34:47 -04:00
mac80211 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2013-08-28 13:51:40 -04:00
mac802154
mpls
netfilter ip: generate unique IP identificator if local fragmentation is allowed 2013-09-19 14:11:15 -04:00
netlabel netlabel: use domain based selectors when address based selectors are not available 2013-08-02 16:57:01 -07:00
netlink net: netlink: filter particular protocols from analyzers 2013-09-06 14:43:48 -04:00
netrom net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
nfc NFC: Update secure element state 2013-08-14 01:13:40 +02:00
openvswitch net: ovs: flow: fix potential illegal memory access in __parse_flow_nlattrs 2013-09-11 16:09:58 -04:00
packet net: packet: use reciprocal_divide in fanout_demux_hash 2013-08-29 16:43:29 -04:00
phonet net: proc_fs: trivial: print UIDs as unsigned int 2013-08-15 14:37:46 -07:00
rds net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-09-05 14:54:29 -07:00
rose net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
rxrpc
sched net_sched: htb: fix a typo in htb_change_class() 2013-09-11 17:16:22 -04:00
sctp net: sctp: rfc4443: do not report ICMP redirects to user space 2013-09-16 21:40:15 -04:00
sunrpc SUNRPC: close a rare race in xs_tcp_setup_socket. 2013-10-31 09:14:50 -04:00
tipc tipc: set sk_err correctly when connection fails 2013-08-30 16:06:57 -04:00
unix af_unix: fix bug on large send() 2013-08-11 22:02:36 -07:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-08-16 15:37:26 -07:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-09-05 14:54:29 -07:00
x25 x25: add a sanity check parsing X.25 facilities 2013-09-04 00:27:27 -04:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-09-05 14:58:52 -04:00
compat.c net: Unbreak compat_sys_{send,recv}msg 2013-06-06 11:52:14 -07:00
Kconfig Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
Makefile
nonet.c
socket.c Merge git://git.kvack.org/~bcrl/aio-next 2013-09-13 10:55:58 -07:00
sysctl_net.c