summaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2011-01-05 15:38:53 -0800
committerDavid S. Miller <davem@davemloft.net>2011-01-05 15:38:53 -0800
commit3610cda53f247e176bcbb7a7cca64bc53b12acdb (patch)
treed780bc1e405116e75a194b2f4693a6f9bbe9f58f /security/security.c
parent44b8288308ac9da27eab7d7bdbf1375a568805c3 (diff)
downloadlinux-stable-3610cda53f247e176bcbb7a7cca64bc53b12acdb.tar.gz
linux-stable-3610cda53f247e176bcbb7a7cca64bc53b12acdb.tar.bz2
linux-stable-3610cda53f247e176bcbb7a7cca64bc53b12acdb.zip
af_unix: Avoid socket->sk NULL OOPS in stream connect security hooks.
unix_release() can asynchornously set socket->sk to NULL, and it does so without holding the unix_state_lock() on "other" during stream connects. However, the reverse mapping, sk->sk_socket, is only transitioned to NULL under the unix_state_lock(). Therefore make the security hooks follow the reverse mapping instead of the forward mapping. Reported-by: Jeremy Fitzhardinge <jeremy@goop.org> Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c
index 1b798d3df710..e5fb07a3052d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -977,8 +977,7 @@ EXPORT_SYMBOL(security_inode_getsecctx);
#ifdef CONFIG_SECURITY_NETWORK
-int security_unix_stream_connect(struct socket *sock, struct socket *other,
- struct sock *newsk)
+int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
{
return security_ops->unix_stream_connect(sock, other, newsk);
}