Re: [PATCH v1] can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call... | linux-can

Re: [PATCH v1] can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call sk_destruct() after RCU is done

From: Marc Kleine-Budde <mkl@pengutronix.de>
Date: 2021-06-18 07:17:34
Also in: lkml, netdev

On 17.06.2021 15:06:23, Oleksij Rempel wrote:

Set SOCK_RCU_FREE to let RCU to call sk_destruct() on completion.
Without this patch, we will run in to j1939_can_recv() after priv was
freed by j1939_sk_release()->j1939_sk_sock_destruct()

Reported-by: Thadeu Lima de Souza Cascardo <redacted>
Reported-by: syzbot+bdf710cfc41c186fdff3@syzkaller.appspotmail.com
Fixes: 25fe97cb7620 ("can: j1939: move j1939_priv_put() into sk_destruct callback")
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>

Applied to linux-can/testing.

Thanks,
Marc
-- 
Pengutronix e.K.                 | Marc Kleine-Budde           |
Embedded Linux                   | https://www.pengutronix.de  |
Vertretung West/Dortmund         | Phone: +49-231-2826-924     |
Amtsgericht Hildesheim, HRA 2686 | Fax:   +49-5121-206917-5555 |

Attachments

signature.asc [application/pgp-signature] 488 bytes

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help