Re: net/dccp: use-after-free in dccp_feat_activate_values

From: Eric Dumazet
Date: Fri Mar 03 2017 - 10:20:42 EST

Next message: Julia Lawall: "Re: [Outreachy kernel] [PATCH 1/3] staging: wlan-ng: Replace "the the " with "the""
Previous message: James Smart: "Re: [PATCH] scsi: lpfc: replace init_timer by setup_timer"
In reply to: Dmitry Vyukov: "Re: net/dccp: use-after-free in dccp_feat_activate_values"
Next in thread: Dmitry Vyukov: "Re: net/dccp: use-after-free in dccp_feat_activate_values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2017-03-03 at 16:06 +0100, Dmitry Vyukov wrote:

> Something that compiles is definitely better :)
> Reapplied.

Just to be clear : This is not the proper patch. This only reduces the
race.

bh_lock_sock() does not prevent a user process from owning the socket.

We need another protection, probably RCU based, or another spinlock
protecting the fields needed at SYNACK generation.

Next message: Julia Lawall: "Re: [Outreachy kernel] [PATCH 1/3] staging: wlan-ng: Replace "the the " with "the""
Previous message: James Smart: "Re: [PATCH] scsi: lpfc: replace init_timer by setup_timer"
In reply to: Dmitry Vyukov: "Re: net/dccp: use-after-free in dccp_feat_activate_values"
Next in thread: Dmitry Vyukov: "Re: net/dccp: use-after-free in dccp_feat_activate_values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]