diff options
author | David S. Miller <davem@davemloft.net> | 2011-01-05 15:38:53 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-01-05 15:38:53 -0800 |
commit | 3610cda53f247e176bcbb7a7cca64bc53b12acdb (patch) | |
tree | d780bc1e405116e75a194b2f4693a6f9bbe9f58f /security/capability.c | |
parent | 44b8288308ac9da27eab7d7bdbf1375a568805c3 (diff) | |
download | lwn-3610cda53f247e176bcbb7a7cca64bc53b12acdb.tar.gz lwn-3610cda53f247e176bcbb7a7cca64bc53b12acdb.zip |
af_unix: Avoid socket->sk NULL OOPS in stream connect security hooks.
unix_release() can asynchornously set socket->sk to NULL, and
it does so without holding the unix_state_lock() on "other"
during stream connects.
However, the reverse mapping, sk->sk_socket, is only transitioned
to NULL under the unix_state_lock().
Therefore make the security hooks follow the reverse mapping instead
of the forward mapping.
Reported-by: Jeremy Fitzhardinge <jeremy@goop.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/capability.c')
-rw-r--r-- | security/capability.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/capability.c b/security/capability.c index c773635ca3a0..2a5df2b7da83 100644 --- a/security/capability.c +++ b/security/capability.c @@ -548,7 +548,7 @@ static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops, } #ifdef CONFIG_SECURITY_NETWORK -static int cap_unix_stream_connect(struct socket *sock, struct socket *other, +static int cap_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) { return 0; |