linux/net/sctp
Daniel Borkmann 771085d6bf net: sctp: sctp_transport_destroy{, _rcu}: fix potential pointer corruption
Probably this one is quite unlikely to be triggered, but it's more safe
to do the call_rcu() at the end after we have dropped the reference on
the asoc and freed sctp packet chunks. The reason why is because in
sctp_transport_destroy_rcu() the transport is being kfree()'d, and if
we're unlucky enough we could run into corrupted pointers. Probably
that's more of theoretical nature, but it's safer to have this simple fix.

Introduced by commit 8c98653f ("sctp: sctp_close: fix release of bindings
for deferred call_rcu's"). I also did the 8c98653f regression test and
it's fine that way.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-12 22:13:47 -07:00
..
associola.c net: sctp: sctp_assoc_control_transport: fix MTU size in SCTP_PF state 2013-08-12 22:12:20 -07:00
auth.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-08 18:02:14 -05:00
bind_addr.c net: sctp: get rid of t_new macro for kzalloc 2013-06-17 17:08:04 -07:00
chunk.c net: sctp: rework debugging framework to use pr_debug and friends 2013-07-01 23:22:13 -07:00
command.c
debug.c net: sctp: rework debugging framework to use pr_debug and friends 2013-07-01 23:22:13 -07:00
endpointola.c net: sctp: rework debugging framework to use pr_debug and friends 2013-07-01 23:22:13 -07:00
input.c net: sctp: rework debugging framework to use pr_debug and friends 2013-07-01 23:22:13 -07:00
inqueue.c net: sctp: rework debugging framework to use pr_debug and friends 2013-07-01 23:22:13 -07:00
ipv6.c net: sctp: rework debugging framework to use pr_debug and friends 2013-07-01 23:22:13 -07:00
Kconfig net: sctp: get rid of SCTP_DBG_TSNS entirely 2013-07-02 00:08:03 -07:00
Makefile
objcnt.c sctp: Make the proc files per network namespace. 2012-08-14 23:29:53 -07:00
output.c net: sctp: rework debugging framework to use pr_debug and friends 2013-07-01 23:22:13 -07:00
outqueue.c net: sctp: confirm route during forward progress 2013-07-09 12:49:56 -07:00
primitive.c sctp: Push struct net down to sctp_chunk_event_lookup 2012-08-14 23:30:37 -07:00
probe.c net: sctp: attribute printl with __printf for gcc fmt checks 2013-05-01 15:04:10 -04:00
proc.c net: sctp: minor: sctp_seq_dump_local_addrs add missing newline 2013-06-25 16:33:04 -07:00
protocol.c net: sctp: rework debugging framework to use pr_debug and friends 2013-07-01 23:22:13 -07:00
sm_make_chunk.c net: sctp: rework debugging framework to use pr_debug and friends 2013-07-01 23:22:13 -07:00
sm_sideeffect.c net: sctp: confirm route during forward progress 2013-07-09 12:49:56 -07:00
sm_statefuns.c net: sctp: rework debugging framework to use pr_debug and friends 2013-07-01 23:22:13 -07:00
sm_statetable.c sctp: Make sysctl tunables per net 2012-08-14 23:32:16 -07:00
socket.c sctp: use get_unused_fd_flags(0) instead of get_unused_fd() 2013-07-02 16:14:11 -07:00
ssnmap.c net: sctp: sctp_ssnmap: remove 'malloced' element from struct 2013-04-17 14:13:02 -04:00
sysctl.c net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
transport.c net: sctp: sctp_transport_destroy{, _rcu}: fix potential pointer corruption 2013-08-12 22:13:47 -07:00
tsnmap.c net: sctp: remove SCTP_STATIC macro 2013-06-17 17:08:05 -07:00
ulpevent.c net: sctp: remove SCTP_STATIC macro 2013-06-17 17:08:05 -07:00
ulpqueue.c net: sctp: sctp_ulpq: remove 'malloced' struct member 2013-04-17 14:13:02 -04:00