af_unix: Avoid socket->sk NULL OOPS in stream connect security hooks.

[ Upstream commit 3610cda53f247e176bcbb7a7cca64bc53b12acdb ] unix_release() can asynchornously set socket->sk to NULL, and it does so without holding the unix_state_lock() on "other" during stream connects. However, the reverse mapping, sk->sk_socket, is only transitioned to NULL under the unix_state_lock(). Therefore make the security hooks follow the reverse mapping instead of the forward mapping. Reported-by: Jeremy Fitzhardinge <jeremy@goop.org> Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: David S. Miller <davem@davemloft.net> 2011-01-05 15:38:53 -0800
committer: Greg Kroah-Hartman <gregkh@suse.de> 2011-02-17 15:14:22 -0800
commit: bdbeaf1567cfb79e5fc5b471d4616afd1daa16c9 (patch)
tree: 828deec8bd03d365749ee3170f28ff1020179151 /security/security.c
parent: 37b4b584a0b97498b661b4a3dcc637834d1e86a2 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c
index 1b798d3df71..e5fb07a3052 100644
--- a/security/security.c
+++ b/security/security.c
@@ -977,8 +977,7 @@ EXPORT_SYMBOL(security_inode_getsecctx);
 
 #ifdef CONFIG_SECURITY_NETWORK
 
-int security_unix_stream_connect(struct socket *sock, struct socket *other,
-				 struct sock *newsk)
+int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
 {
 	return security_ops->unix_stream_connect(sock, other, newsk);
 }
author	David S. Miller <davem@davemloft.net>	2011-01-05 15:38:53 -0800
committer	Greg Kroah-Hartman <gregkh@suse.de>	2011-02-17 15:14:22 -0800
commit	bdbeaf1567cfb79e5fc5b471d4616afd1daa16c9 (patch)
tree	828deec8bd03d365749ee3170f28ff1020179151 /security/security.c
parent	37b4b584a0b97498b661b4a3dcc637834d1e86a2 (diff)