Pandora Sourcecodes - pandora-kernel.git/commit

author	Eric Dumazet <edumazet@google.com>
	Fri, 17 Apr 2015 01:10:35 +0000 (18:10 -0700)
committer	David S. Miller <davem@davemloft.net>
	Fri, 17 Apr 2015 17:28:31 +0000 (13:28 -0400)
commit	521f1cf1dbb9d5ad858dca5dc75d1b45f64b6589
tree	2c6276958f5d7348616d887f4a64f5b78ec6b9ef	tree \| snapshot
parent	fad9dfefea6405039491e7e4fc21fb6e59e7d26c	commit \| diff

inet_diag: fix access to tcp cc information

Two different problems are fixed here :

1) inet_sk_diag_fill() might be called without socket lock held.
   icsk->icsk_ca_ops can change under us and module be unloaded.
   -> Access to freed memory.
   Fix this using rcu_read_lock() to prevent module unload.

2) Some TCP Congestion Control modules provide information
   but again this is not safe against icsk->icsk_ca_ops
   change and nla_put() errors were ignored. Some sockets
   could not get the additional info if skb was almost full.

Fix this by returning a status from get_info() handlers and
using rcu protection as well.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/tcp.h		diff \| blob \| history
net/ipv4/inet_diag.c		diff \| blob \| history
net/ipv4/tcp_dctcp.c		diff \| blob \| history
net/ipv4/tcp_illinois.c		diff \| blob \| history
net/ipv4/tcp_vegas.c		diff \| blob \| history
net/ipv4/tcp_vegas.h		diff \| blob \| history
net/ipv4/tcp_westwood.c		diff \| blob \| history