Unverified Commit dcbf1af0 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!9908 sock_map: avoid race between sock_map_close and sk_psock_put 

Merge Pull Request from: @ci-robot 
 
PR sync from: Liu Jian <liujian56@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/PDI62TC62RJ2TMM6WPBIBIVRC55YYUG4/ 
 
https://gitee.com/src-openeuler/kernel/issues/IACQJF 
 
Link:https://gitee.com/openeuler/kernel/pulls/9908

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parents 430f31b2 ca47fa8d

net/core/sock_map.c

+10 −6
Original line number Diff line number Diff line
@@ -1666,19 +1666,23 @@ void sock_map_close(struct sock *sk, long timeout) 


	lock_sock(sk);

	rcu_read_lock();

	psock = sk_psock_get(sk);

	if (unlikely(!psock)) {

		rcu_read_unlock();

		release_sock(sk);

		saved_close = READ_ONCE(sk->sk_prot)->close;

	} else {

	psock = sk_psock(sk);

	if (likely(psock)) {

		saved_close = psock->saved_close;

		sock_map_remove_links(sk, psock);

		psock = sk_psock_get(sk);

		if (unlikely(!psock))

			goto no_psock;

		rcu_read_unlock();

		sk_psock_stop(psock);

		release_sock(sk);

		cancel_work_sync(&psock->work);

		sk_psock_put(sk, psock);

	} else {

		saved_close = READ_ONCE(sk->sk_prot)->close;

no_psock:

		rcu_read_unlock();

		release_sock(sk);

	}

	/* Make sure we do not recurse. This is a bug.

	 * Leak the socket instead of crashing on a stack overflow.