git.baikalelectronics.ru Git - kernel.git/commit

author	Xin Long <lucien.xin@gmail.com>
	Wed, 15 Nov 2017 08:57:26 +0000 (16:57 +0800)
committer	David S. Miller <davem@davemloft.net>
	Thu, 16 Nov 2017 01:49:00 +0000 (10:49 +0900)
commit	a7369e918b6a1d6c3de52a1d387cbf21fd2512c3
tree	abc12ef3e8bb9ee3b16f26446dfcc2df58173a3d	tree \| snapshot
parent	279885b6c47ca0a67b49eeeb0010d567e3cad273	commit \| diff

sctp: use the right sk after waking up from wait_buf sleep

Commit 0b3f48f8071d ("sctp: deny peeloff operation on asocs with threads
sleeping on it") fixed the race between peeloff and wait sndbuf by
checking waitqueue_active(&asoc->wait) in sctp_do_peeloff().

But it actually doesn't work, as even if waitqueue_active returns false
the waiting sndbuf thread may still not yet hold sk lock. After asoc is
peeled off, sk is not asoc->base.sk any more, then to hold the old sk
lock couldn't make assoc safe to access.

This patch is to fix this by changing to hold the new sk lock if sk is
not asoc->base.sk, meanwhile, also set the sk in sctp_sendmsg with the
new sk.

With this fix, there is no more race between peeloff and waitbuf, the
check 'waitqueue_active' in sctp_do_peeloff can be removed.

Thanks Marcelo and Neil for making this clear.

v1->v2:
fix it by changing to lock the new sock instead of adding a flag in asoc.

Suggested-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>