From: Eric Dumazet <eric.dumazet@xxxxxxxxx> Date: Fri, 04 Dec 2009 14:47:42 +0100 > When we find a timewait connection in __inet_hash_connect() and reuse > it for a new connection request, we have a race window, releasing bind > list lock and reacquiring it in __inet_twsk_kill() to remove timewait > socket from list. > > Another thread might find the timewait socket we already chose, leading to > list corruption and crashes. > > Fix is to remove timewait socket from bind list before releasing the bind lock. > > Note: This problem happens if sysctl_tcp_tw_reuse is set. > > Reported-by: kapil dakhane <kdakhane@xxxxxxxxx> > Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx> Applied and queued up for -stable, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
