• E
    inet_diag: fix access to tcp cc information · 521f1cf1
    Eric Dumazet 提交于
    Two different problems are fixed here :
    
    1) inet_sk_diag_fill() might be called without socket lock held.
       icsk->icsk_ca_ops can change under us and module be unloaded.
       -> Access to freed memory.
       Fix this using rcu_read_lock() to prevent module unload.
    
    2) Some TCP Congestion Control modules provide information
       but again this is not safe against icsk->icsk_ca_ops
       change and nla_put() errors were ignored. Some sockets
       could not get the additional info if skb was almost full.
    
    Fix this by returning a status from get_info() handlers and
    using rcu protection as well.
    Signed-off-by: NEric Dumazet <edumazet@google.com>
    Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    521f1cf1
inet_diag.c 27.1 KB