forked from Minki/linux
net/smc: move sock lock in smc_ioctl()
When an SMC socket is connecting it is decided whether fallback to
TCP is needed. To avoid races between connect and ioctl move the
sock lock before the use_fallback check.
Reported-by: syzbot+5b2cece1a8ecb2ca77d8@syzkaller.appspotmail.com
Reported-by: syzbot+19557374321ca3710990@syzkaller.appspotmail.com
Fixes: 1992d99882
("net/smc: take sock lock in smc_ioctl()")
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
bd58c7e086
commit
7311d665ca
@ -1522,12 +1522,16 @@ static int smc_ioctl(struct socket *sock, unsigned int cmd,
|
||||
|
||||
smc = smc_sk(sock->sk);
|
||||
conn = &smc->conn;
|
||||
if (smc->use_fallback) {
|
||||
if (!smc->clcsock)
|
||||
return -EBADF;
|
||||
return smc->clcsock->ops->ioctl(smc->clcsock, cmd, arg);
|
||||
}
|
||||
lock_sock(&smc->sk);
|
||||
if (smc->use_fallback) {
|
||||
if (!smc->clcsock) {
|
||||
release_sock(&smc->sk);
|
||||
return -EBADF;
|
||||
}
|
||||
answ = smc->clcsock->ops->ioctl(smc->clcsock, cmd, arg);
|
||||
release_sock(&smc->sk);
|
||||
return answ;
|
||||
}
|
||||
switch (cmd) {
|
||||
case SIOCINQ: /* same as FIONREAD */
|
||||
if (smc->sk.sk_state == SMC_LISTEN) {
|
||||
|
Loading…
Reference in New Issue
Block a user