af_unix: Avoid socket->sk NULL OOPS in stream connect security hooks.

unix_release() can asynchornously set socket->sk to NULL, and it does so without holding the unix_state_lock() on "other" during stream connects. However, the reverse mapping, sk->sk_socket, is only transitioned to NULL under the unix_state_lock(). Therefore make the security hooks follow the reverse mapping instead of the forward mapping. Reported-by: Jeremy Fitzhardinge <jeremy@goop.org> Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2011-01-05 15:38:53 -0800
committer: David S. Miller <davem@davemloft.net> 2011-01-05 15:38:53 -0800
commit: 3610cda53f247e176bcbb7a7cca64bc53b12acdb (patch)
tree: d780bc1e405116e75a194b2f4693a6f9bbe9f58f /security/capability.c
parent: 44b8288308ac9da27eab7d7bdbf1375a568805c3 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/capability.c b/security/capability.c
index c773635ca3a..2a5df2b7da8 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -548,7 +548,7 @@ static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops,
 }
 
 #ifdef CONFIG_SECURITY_NETWORK
-static int cap_unix_stream_connect(struct socket *sock, struct socket *other,
+static int cap_unix_stream_connect(struct sock *sock, struct sock *other,
 				   struct sock *newsk)
 {
 	return 0;
author	David S. Miller <davem@davemloft.net>	2011-01-05 15:38:53 -0800
committer	David S. Miller <davem@davemloft.net>	2011-01-05 15:38:53 -0800
commit	3610cda53f247e176bcbb7a7cca64bc53b12acdb (patch)
tree	d780bc1e405116e75a194b2f4693a6f9bbe9f58f /security/capability.c
parent	44b8288308ac9da27eab7d7bdbf1375a568805c3 (diff)