mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-30 08:02:30 +00:00
fb6df5a623
In sctp_hash_transport/sctp_epaddr_lookup_transport, it dereferences a transport's asoc under rcu_read_lock while asoc is freed not after a grace period, which leads to a use-after-free panic. This patch fixes it by calling kfree_rcu to make asoc be freed after a grace period. Note that only the asoc's memory is delayed to free in the patch, it won't cause sk to linger longer. Thanks Neil and Marcelo to make this clear. Fixes: |
||
---|---|---|
.. | ||
auth.h | ||
checksum.h | ||
command.h | ||
constants.h | ||
sctp.h | ||
sm.h | ||
stream_interleave.h | ||
stream_sched.h | ||
structs.h | ||
tsnmap.h | ||
ulpevent.h | ||
ulpqueue.h |