| commit | 822b3dc1720ae478264c6dbed294d1bd9599da86 | |
| author | Eric Dumazet <eric.dumazet@gmail.com> | |
| Wed, 8 Jul 2009 19:36:05 +0000 (8 19:36 +0000) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Sun, 16 Aug 2009 21:18:12 +0000 (16 14:18 -0700) | ||
| tree | cde5a18ccf7a8a708e095d928c2e57f64fc8feea | treesnapshot (tar.gz zip) |
| parent | 8906d07ddc39f9a2334b5d49cf8a06171c204f62 | commitdiff |
net: sk_prot_alloc() should not blindly overwrite memory
[ Upstream commit e912b1142be8f1e2c71c71001dc992c6e5eb2ec1 ]
Some sockets use SLAB_DESTROY_BY_RCU, and our RCU code correctness
depends on sk->sk_nulls_node.next being always valid. A NULL
value is not allowed as it might fault a lockless reader.
Current sk_prot_alloc() implementation doesnt respect this hypothesis,
calling kmem_cache_alloc() with __GFP_ZERO. Just call memset() around
the forbidden field.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[ Upstream commit e912b1142be8f1e2c71c71001dc992c6e5eb2ec1 ]
Some sockets use SLAB_DESTROY_BY_RCU, and our RCU code correctness
depends on sk->sk_nulls_node.next being always valid. A NULL
value is not allowed as it might fault a lockless reader.
Current sk_prot_alloc() implementation doesnt respect this hypothesis,
calling kmem_cache_alloc() with __GFP_ZERO. Just call memset() around
the forbidden field.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| net/core/sock.c | diffblobblamehistory |