git.baikalelectronics.ru Git - kernel.git/commit

author	Xin Long <lucien.xin@gmail.com>
	Mon, 15 Jan 2018 09:01:36 +0000 (17:01 +0800)
committer	David S. Miller <davem@davemloft.net>
	Tue, 16 Jan 2018 19:22:51 +0000 (14:22 -0500)
commit	b80799899ddec4fb3c7f2664ffbbe6a4925e6009
tree	2a4b0dc2da7c65711221ad99347f969bcf0edcdd	tree \| snapshot
parent	d46b74f4b25d5b7ed44b1b8a12c71ffceed0396f	commit \| diff

sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf

After commit 6d764aa80ed8 ("sctp: use the right sk after waking up from
wait_buf sleep"), it may change to lock another sk if the asoc has been
peeled off in sctp_wait_for_sndbuf.

However, the asoc's new sk could be already closed elsewhere, as it's in
the sendmsg context of the old sk that can't avoid the new sk's closing.
If the sk's last one refcnt is held by this asoc, later on after putting
this asoc, the new sk will be freed, while under it's own lock.

This patch is to revert that commit, but fix the old issue by returning
error under the old sk's lock.

Fixes: 6d764aa80ed8 ("sctp: use the right sk after waking up from wait_buf sleep")
Reported-by: syzbot+ac6ea7baa4432811eb50@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>