diff options
| author | Dmitry Mishin | 2006-09-01 00:28:39 +0200 |
|---|---|---|
| committer | David S. Miller | 2006-09-23 00:18:47 +0200 |
| commit | fda9ef5d679b07c9d9097aaf6ef7f069d794a8f9 (patch) | |
| tree | 6a265dc2038bc5568c5a499e6c8d4733650ed3f7 /net/ipv6 | |
| parent | [IPV6] MIP6: Fix to update IP6CB when cloned skbuff is received at HAO. (diff) | |
| download | kernel-qcow2-linux-fda9ef5d679b07c9d9097aaf6ef7f069d794a8f9.tar.gz kernel-qcow2-linux-fda9ef5d679b07c9d9097aaf6ef7f069d794a8f9.tar.xz kernel-qcow2-linux-fda9ef5d679b07c9d9097aaf6ef7f069d794a8f9.zip | |
[NET]: Fix sk->sk_filter field access
Function sk_filter() is called from tcp_v{4,6}_rcv() functions with arg
needlock = 0, while socket is not locked at that moment. In order to avoid
this and similar issues in the future, use rcu for sk->sk_filter field read
protection.
Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 2b18918f3011..2546fc9f0a78 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1075,7 +1075,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (skb->protocol == htons(ETH_P_IP)) return tcp_v4_do_rcv(sk, skb); - if (sk_filter(sk, skb, 0)) + if (sk_filter(sk, skb)) goto discard; /* @@ -1232,7 +1232,7 @@ process: if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) goto discard_and_relse; - if (sk_filter(sk, skb, 0)) + if (sk_filter(sk, skb)) goto discard_and_relse; skb->dev = NULL; |