Menu
▾
▴
Re: [tipc-discussion] [net-next 1/1] tipc: fix race between poll() and setsockopt()
|
From: David M. <da...@da...> - 2018-01-19 20:12:51
|
From: Jon Maloy <jon...@er...> Date: Wed, 17 Jan 2018 16:42:46 +0100 > Letting tipc_poll() dereference a socket's pointer to struct tipc_group > entails a race risk, as the group item may be deleted in a concurrent > tipc_sk_join() or tipc_sk_leave() thread. > > We now move the 'open' flag in struct tipc_group to struct tipc_sock, > and let the former retain only a pointer to the moved field. This will > eliminate the race risk. > > Reported-by: syz...@sy... > Signed-off-by: Jon Maloy <jon...@er...> Applied, thanks Jon. |
