af_unix: Avoid socket->sk NULL OOPS in stream connect security hooks.
unix_release() can asynchornously set socket->sk to NULL, and it does so without holding the unix_state_lock() on "other" during stream connects. However, the reverse mapping, sk->sk_socket, is only transitioned to NULL under the unix_state_lock(). Therefore make the security hooks follow the reverse mapping instead of the forward mapping. Reported-by:Jeremy Fitzhardinge <jeremy@goop.org> Reported-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
David S. Miller <davem@davemloft.net>
Showing
- include/linux/security.h 7 additions, 8 deletionsinclude/linux/security.h
- net/unix/af_unix.c 1 addition, 1 deletionnet/unix/af_unix.c
- security/capability.c 1 addition, 1 deletionsecurity/capability.c
- security/security.c 1 addition, 2 deletionssecurity/security.c
- security/selinux/hooks.c 5 additions, 5 deletionssecurity/selinux/hooks.c
- security/smack/smack_lsm.c 7 additions, 7 deletionssecurity/smack/smack_lsm.c
Loading
Please register or sign in to comment