[NETLINK]: Fix multicast bind/autobind race

netlink_autobind has always set nlk_sk(sk)->groups to zero. This is unnecessary because sk_alloc already zeroes the entire structure. Since a socket can only be bound once netlink_autobind doesn't need to zero groups at all. This had been safe until I added mc_list. Now it is possible for netlink_bind to race against netlink_autobind running on the same socket on another CPU. The result would be a socket that's on mc_list with groups set to zero. This socket will be left on the list even after it is destroyed. The fix is to remove the zeroing in netlink_autobind. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>

[NETLINK]: Fix multicast bind/autobind race
netlink_autobind has always set nlk_sk(sk)->groups to zero. This is unnecessary because sk_alloc already zeroes the entire structure. Since a socket can only be bound once netlink_autobind doesn't need to zero groups at all. This had been safe until I added mc_list. Now it is possible for netlink_bind to race against netlink_autobind running on the same socket on another CPU. The result would be a socket that's on mc_list with groups set to zero. This socket will be left on the list even after it is destroyed. The fix is to remove the zeroing in netlink_autobind. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
400aee84 · Herbert Xu · Thomas Graf · 2c8e4372 · 400aee84
Commit 400aee84 authored Mar 14, 2005 by Herbert Xu Committed by Thomas Graf Mar 14, 2005
Show whitespace changes
Inline Side-by-side

Showing with 0 additions and 1 deletion

net/netlink/af_netlink.c net/netlink/af_netlink.c +0 -1

No files found.
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -430,7 +430,6 @@ static int netlink_autobind(struct socket *sock)
 	err = netlink_insert(sk, pid);
 	if (err == -EADDRINUSE)
 		goto retry;
-	nlk_sk(sk)->groups = 0;
 	return 0;
 }