android_kernel_zuk_msm8996.git

diff options

author	Harout Hedeshian <harouth@codeaurora.org>	2015-01-27 09:26:30 -0700
committer	David Keitel <dkeitel@codeaurora.org>	2016-03-22 11:09:39 -0700
commit	c8234ce878d15af361e30be075f1f504167128db (patch)
tree	494f24f11b556299f329277f7323535da0e8741e /include/linux
parent	274f3cfdd0a0a14a73b510405cc6fc91abee74e0 (diff)

net: socket: make sure refs are not released on fd before calling sockev

Ensure that BIND and LISTEN syscalls do fput_light AFTER sockev notifier callback has returned. Also, increase refcount on sock->sk (if available) before invoking the notifier callback. Prevent crash due to use-after-free. [<c0891d5c>] (sockev_client_cb+0xfc/0x1e4) from [<c0a273a4>] (notifier_cal [<c0a273a4>] (notifier_call_chain+0x44/0x84) from [<c01422cc>] (__blocking [<c01422cc>] (__blocking_notifier_call_chain+0x48/0x60) from [<c01422fc>] [<c01422fc>] (blocking_notifier_call_chain+0x18/0x20) from [<c0865968>] (S [<c0865968>] (SyS_bind+0xb0/0xe8) from [<c0105ba0>] (ret_fast_syscall+0x0/ CRs-Fixed: 787283 Change-Id: I2de65929b22c58637692cf582b6b46b11713494e Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>

Diffstat (limited to 'include/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: