[SCTP]: Fix couple of races between sctp_peeloff() and sctp_rcv().

Validate and update the sk in sctp_rcv() to avoid the race where an assoc/ep could move to a different socket after we get the sk, but before the skb is added to the backlog. Also migrate the skb's in backlog queue to new sk when doing a peeloff. Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
author: Sridhar Samudrala <sri@us.ibm.com> 2006-01-17 11:56:26 -0800
committer: Sridhar Samudrala <sri@us.ibm.com> 2006-01-17 11:56:26 -0800
commit: c4d2444e992c4eda1d7fc3287e93ba58295bf6b9 (patch)
tree: 04f2096c141ede308356bd2d8277d4c291fae24d /net/sctp/socket.c
parent: 313e7b4d2588539e388d31c1febd50503a0083fc (diff)
download: linux-c4d2444e992c4eda1d7fc3287e93ba58295bf6b9.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 6a0b1af89932..fb1821d9f338 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5602,8 +5602,12 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
 	 */
 	newsp->type = type;
 
+	spin_lock_bh(&oldsk->sk_lock.slock);
+	/* Migrate the backlog from oldsk to newsk. */
+	sctp_backlog_migrate(assoc, oldsk, newsk);
 	/* Migrate the association to the new socket. */
 	sctp_assoc_migrate(assoc, newsk);
+	spin_unlock_bh(&oldsk->sk_lock.slock);
 
 	/* If the association on the newsk is already closed before accept()
 	 * is called, set RCV_SHUTDOWN flag.
author	Sridhar Samudrala <sri@us.ibm.com>	2006-01-17 11:56:26 -0800
committer	Sridhar Samudrala <sri@us.ibm.com>	2006-01-17 11:56:26 -0800
commit	c4d2444e992c4eda1d7fc3287e93ba58295bf6b9 (patch)
tree	04f2096c141ede308356bd2d8277d4c291fae24d /net/sctp/socket.c
parent	313e7b4d2588539e388d31c1febd50503a0083fc (diff)
download	linux-c4d2444e992c4eda1d7fc3287e93ba58295bf6b9.tar.gz