| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1453404456.1223.378.camel@edumazet-glaptop2.roam.corp.google.com> Date: Thu, 21 Jan 2016 11:27:36 -0800 From: Eric Dumazet <eric.dumazet@...il.com> To: Xin Long <lucien.xin@...il.com> Cc: network dev <netdev@...r.kernel.org>, linux-sctp@...r.kernel.org, Marcelo Ricardo Leitner <marcelo.leitner@...il.com>, Vlad Yasevich <vyasevich@...il.com>, daniel@...earbox.net, davem@...emloft.net Subject: Re: [PATCH net 2/3] sctp: hold transport before we access t->asoc in sctp proc On Fri, 2016-01-22 at 01:49 +0800, Xin Long wrote: > Previously, before rhashtable, /proc assoc listing was done by > read-locking the entire hash entry and dumping all assocs at once, so we > were sure that the assoc wasn't freed because it wouldn't be possible to > remove it from the hash meanwhile. > > Now we use rhashtable to list transports, and dump entries one by one. > That is, now we have to check if the assoc is still a good one, as the > transport we got may be being freed. > > Signed-off-by: Xin Long <lucien.xin@...il.com> > --- > net/sctp/proc.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/net/sctp/proc.c b/net/sctp/proc.c > index 684c5b3..c74a810 100644 > --- a/net/sctp/proc.c > +++ b/net/sctp/proc.c > @@ -380,6 +380,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) > } > > transport = (struct sctp_transport *)v; What protects you from this structure already being freed ? > + if (!sctp_transport_hold(transport)) > + return 0; If this is rcu, then you do not need to increment the refcount, and decrement it later.
Powered by blists - more mailing lists