• Cong Wang's avatar
    llc: set SOCK_RCU_FREE in llc_sap_add_socket() · 5a8e7aea
    Cong Wang authored
    WHen an llc sock is added into the sk_laddr_hash of an llc_sap,
    it is not marked with SOCK_RCU_FREE.
    This causes that the sock could be freed while it is still being
    read by __llc_lookup_established() with RCU read lock. sock is
    refcounted, but with RCU read lock, nothing prevents the readers
    getting a zero refcnt.
    Fix it by setting SOCK_RCU_FREE in llc_sap_add_socket().
    Reported-by: syzbot+11e05f04c15e03be5254@syzkaller.appspotmail.com
    Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
llc_conn.c 28.2 KB