Thread (9 messages) 9 messages, 3 authors, 2016-11-01

Re: [PATCHv2 net 0/3] sctp: a bunch of fixes by holding transport

From: Neil Horman <nhorman@tuxdriver.com>
Date: 2016-10-31 13:26:16
Also in: linux-sctp 

On Mon, Oct 31, 2016 at 08:32:30PM +0800, Xin Long wrote:
There are several places where it holds assoc after getting transport by
searching from transport rhashtable, it may cause use-after-free issue.

This patchset is to fix them by holding transport instead.

v1->v2:
  Fix the changelog of patch 2/3

Xin Long (3):
  sctp: hold transport instead of assoc in sctp_diag
  sctp: return back transport in __sctp_rcv_init_lookup
  sctp: hold transport instead of assoc when lookup assoc in rx path

 include/net/sctp/sctp.h |  2 +-
 net/sctp/input.c        | 35 +++++++++++++++++------------------
 net/sctp/ipv6.c         |  2 +-
 net/sctp/socket.c       |  5 +----
 4 files changed, 20 insertions(+), 24 deletions(-)

-- 
2.1.0

Series
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help