lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Jan 2012 17:02:36 -0800 From: MuraliRaja Muniraju <muralira@...gle.com> To: netdev@...r.kernel.org Subject: Query regarding a code snippet in __inet_lookup_established. Hi All, In function __inet_lookup_established, I do see a potential issue in a corner case while reading through the code where socket can be freed while being in the list and also while in rcu_read critical section. rcu_read_lock(); begin: sk_nulls_for_each_rcu(sk, node, &head->chain) { if (INET_MATCH(sk, net, hash, acookie, saddr, daddr, ports, dif)) { if (unlikely(!atomic_inc_not_zero(&sk->sk_refcnt))) goto begintw; if (unlikely(!INET_MATCH(sk, net, hash, acookie, saddr, daddr, ports, dif))) { Murali> sock_put(sk); Murali> goto begin; } goto out; } } I am not certain under what scenario this might occur. Can someone let me know if this is a possibility. -- Thanks, Murali -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists