On Monday, January 10, 2011, David Miller wrote: > From: "Rafael J. Wysocki" <rjw@xxxxxxx> > Date: Wed, 29 Dec 2010 23:59:38 +0100 (CET) > > > Bug-Entry : http://bugzilla.kernel.org/show_bug.cgi?id=24592 > > Subject : 2.6.37-rc5: NULL pointer oops in selinux_socket_unix_stream_connect > > Submitter : Jeremy Fitzhardinge <jeremy@xxxxxxxx> > > Date : 2010-12-08 21:09 (22 days old) > > This bug is intended to be fixed by: > > commit 3610cda53f247e176bcbb7a7cca64bc53b12acdb > Author: David S. Miller <davem@xxxxxxxxxxxxx> > Date: Wed Jan 5 15:38:53 2011 -0800 > > af_unix: Avoid socket->sk NULL OOPS in stream connect security hooks. > > unix_release() can asynchornously set socket->sk to NULL, and > it does so without holding the unix_state_lock() on "other" > during stream connects. > > However, the reverse mapping, sk->sk_socket, is only transitioned > to NULL under the unix_state_lock(). > > Therefore make the security hooks follow the reverse mapping instead > of the forward mapping. > > Reported-by: Jeremy Fitzhardinge <jeremy@xxxxxxxx> > Reported-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html