• Xin Long's avatar
    sctp: use the right sk after waking up from wait_buf sleep · cea0cc80
    Xin Long authored
    Commit dfcb9f4f ("sctp: deny peeloff operation on asocs with threads
    sleeping on it") fixed the race between peeloff and wait sndbuf by
    checking waitqueue_active(&asoc->wait) in sctp_do_peeloff().
    
    But it actually doesn't work, as even if waitqueue_active returns false
    the waiting sndbuf thread may still not yet hold sk lock. After asoc is
    peeled off, sk is not asoc->base.sk any more, then to hold the old sk
    lock couldn't make assoc safe to access.
    
    This patch is to fix this by changing to hold the new sk lock if sk is
    not asoc->base.sk, meanwhile, also set the sk in sctp_sendmsg with the
    new sk.
    
    With this fix, there is no more race between peeloff and waitbuf, the
    check 'waitqueue_active' in sctp_do_peeloff can be removed.
    
    Thanks Marcelo and Neil for making this clear.
    
    v1->v2:
      fix it by changing to lock the new sock instead of adding a flag in asoc.
    Suggested-by: default avatarNeil Horman <nhorman@tuxdriver.com>
    Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
    Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    cea0cc80
socket.c 232 KB