diff options
author | Steven J. Magnani <steve@digidescorp.com> | 2010-03-30 13:56:01 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-03-30 13:56:01 -0700 |
commit | baff42ab1494528907bf4d5870359e31711746ae (patch) | |
tree | 82cfffb254ea1f5b95701d328375228f7ab343e6 /CREDITS | |
parent | c0cd884af045338476b8e69a61fceb3f34ff22f1 (diff) | |
download | linux-baff42ab1494528907bf4d5870359e31711746ae.tar.gz linux-baff42ab1494528907bf4d5870359e31711746ae.tar.bz2 linux-baff42ab1494528907bf4d5870359e31711746ae.zip |
net: Fix oops from tcp_collapse() when using splice()
tcp_read_sock() can have a eat skbs without immediately advancing copied_seq.
This can cause a panic in tcp_collapse() if it is called as a result
of the recv_actor dropping the socket lock.
A userspace program that splices data from a socket to either another
socket or to a file can trigger this bug.
Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'CREDITS')
0 files changed, 0 insertions, 0 deletions