diff options
author | Eric Dumazet <edumazet@google.com> | 2017-10-10 19:12:33 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-11-18 11:22:21 +0100 |
commit | cb5880e677a1310be578b6cf4d1093d2bfa2be1a (patch) | |
tree | 8886b5fb99f75504c1fe1a3ab6685a590d6fbe1f /net/core | |
parent | 4cd69ad53001ae399b6474113864a4ca190498fd (diff) | |
download | linux-stable-cb5880e677a1310be578b6cf4d1093d2bfa2be1a.tar.gz linux-stable-cb5880e677a1310be578b6cf4d1093d2bfa2be1a.tar.bz2 linux-stable-cb5880e677a1310be578b6cf4d1093d2bfa2be1a.zip |
net: call cgroup_sk_alloc() earlier in sk_clone_lock()
[ Upstream commit c0576e3975084d4699b7bfef578613fb8e1144f6 ]
If for some reason, the newly allocated child need to be freed,
we will call cgroup_put() (via sk_free_unlock_clone()) while the
corresponding cgroup_get() was not yet done, and we will free memory
too soon.
Fixes: d979a39d7242 ("cgroup: duplicate cgroup reference when cloning sockets")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/core')
-rw-r--r-- | net/core/sock.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/net/core/sock.c b/net/core/sock.c index 231c38d91855..e3b60460dc9c 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -1526,6 +1526,7 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority) newsk->sk_userlocks = sk->sk_userlocks & ~SOCK_BINDPORT_LOCK; sock_reset_flag(newsk, SOCK_DONE); + cgroup_sk_alloc(&newsk->sk_cgrp_data); skb_queue_head_init(&newsk->sk_error_queue); filter = rcu_dereference_protected(newsk->sk_filter, 1); @@ -1560,8 +1561,6 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority) atomic64_set(&newsk->sk_cookie, 0); mem_cgroup_sk_alloc(newsk); - cgroup_sk_alloc(&newsk->sk_cgrp_data); - /* * Before updating sk_refcnt, we must commit prior changes to memory * (Documentation/RCU/rculist_nulls.txt for details) |