From patchwork Thu May 21 16:25:32 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Salyzyn X-Patchwork-Id: 475093 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 5D9D214018C for ; Fri, 22 May 2015 02:26:30 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=android.com header.i=@android.com header.b=o8cikpq9; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755552AbbEUQ0P (ORCPT ); Thu, 21 May 2015 12:26:15 -0400 Received: from mail-ie0-f172.google.com ([209.85.223.172]:35461 "EHLO mail-ie0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754761AbbEUQ0M (ORCPT ); Thu, 21 May 2015 12:26:12 -0400 Received: by iesa3 with SMTP id a3so12233735ies.2 for ; Thu, 21 May 2015 09:26:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=android.com; s=20120917; h=from:to:cc:subject:date:message-id; bh=F7DknddK6NpK8FkrjXrqPzyV7/NaybHtoCsM1w52ryY=; b=o8cikpq9jNQcwZqxzbM7IiWbCUS32TVSwTqS7nTsDMvJdz/ZYoeAFiEQwS+N7qWsvG SxFdzGmR1HYs/lKttSo2WCepbw2SB2R3FLCaDPXDnAqHc0aVEwF3S06klWe/lPM/YAg0 9TaA4gxAo9CTGzIEZ1Wy9sUSEslP0NXcq+WlYbd4eq+0MA4lkN8BGf/o3pE7qL54AFte dx36wuwHPmlOOREwljueI76UkGH3HzpApbH7pvxNgycK3jIEJZnjrEjtE3xpEIAt69Vb sfj9QcKC8ru3hXQgdzd//38lHBAA/H/HAG1MOjxI1f3dwtbJwR0EYfvDYFoZvbygxSYn VdnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=F7DknddK6NpK8FkrjXrqPzyV7/NaybHtoCsM1w52ryY=; b=Sd8zotbNsmGriyGxZUyPOHfadtMB2v1/GncDXIEVBu5bxw9rbWl9hPooVE75KESIQg v8krVibb9DmU1UuhxJN5Sc/xBPPnJHIuDvJLZNfIQ4vILXcg8Zp7amLZhWO2FAab6DeV hKyv2f5h0piX/kHLCbqfoNq7f3DGT/4lhBdpiDFTn5CErhVBjFhhXpazcfZ/2zOrj+KT 4lcZP3Cw3AvXkLWJJ+L5EOala1+1CuF+rTdrvOkUswAa2kKFk4qMNhhC/0iy90RF/Sxw Gg2PgdtYE1/lWrV0DSCLUulA2gYfrwtnGBy9TWVYOxFbU9RjyZd7vHpwSfdfBLfByaXl 0T1w== X-Gm-Message-State: ALoCoQmG8cgdAR0ig3xZkF/C09O7vNm6i7fdsAoFmXcQv8F8qsUwd6/SNxa6EPYA26SDyYjUGAf3 X-Received: by 10.107.6.30 with SMTP id 30mr635802iog.35.1432225572303; Thu, 21 May 2015 09:26:12 -0700 (PDT) Received: from virago.mtv.corp.google.com ([172.22.122.154]) by mx.google.com with ESMTPSA id y124sm15224077iod.13.2015.05.21.09.26.11 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 21 May 2015 09:26:11 -0700 (PDT) From: Mark Salyzyn To: linux-kernel@vger.kernel.org Cc: Mark Salyzyn , "David S. Miller" , Al Viro , David Howells , Ying Xue , Christoph Hellwig , netdev@vger.kernel.org Subject: net/unix: sk_socket can disappear when state is unlocked Date: Thu, 21 May 2015 09:25:32 -0700 Message-Id: <1432225541-28498-1-git-send-email-salyzyn@android.com> X-Mailer: git-send-email 2.2.0.rc0.207.ga3a616c Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org got a rare NULL pointer dereference in clear_bit Signed-off-by: Mark Salyzyn --- net/unix/af_unix.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 5266ea7..37a8925 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -1880,6 +1880,11 @@ static long unix_stream_data_wait(struct sock *sk, long timeo, unix_state_unlock(sk); timeo = freezable_schedule_timeout(timeo); unix_state_lock(sk); + + /* sk_socket may have been killed while unlocked */ + if (!sk->sk_socket) + break; + clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); }