diff options
author | Samuel Ortiz <samuel@sortiz.org> | 2006-09-27 23:05:38 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-28 21:02:46 -0400 |
commit | da349f1c2e0a0bf8958cdaf14e8f33acdf3182a5 (patch) | |
tree | c959dd1fe9a4104f94febd0ac6928d9f286f12f8 | |
parent | 1a9e9ef684ec2bd27fcdb373a82957a0c050daf6 (diff) |
[IrDA]: af_irda.c cleanups
We lock the socket when both releasing and getting a disconnected
notification. In the latter case, we also ste the socket as orphan.
This fixes a potential kernel bug that can be triggered when we get the
disconnection notification before closing the socket.
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/irda/af_irda.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c index 17699eeb64d..7b7cd5bd2a0 100644 --- a/net/irda/af_irda.c +++ b/net/irda/af_irda.c | |||
@@ -132,13 +132,14 @@ static void irda_disconnect_indication(void *instance, void *sap, | |||
132 | 132 | ||
133 | /* Prevent race conditions with irda_release() and irda_shutdown() */ | 133 | /* Prevent race conditions with irda_release() and irda_shutdown() */ |
134 | if (!sock_flag(sk, SOCK_DEAD) && sk->sk_state != TCP_CLOSE) { | 134 | if (!sock_flag(sk, SOCK_DEAD) && sk->sk_state != TCP_CLOSE) { |
135 | lock_sock(sk); | ||
135 | sk->sk_state = TCP_CLOSE; | 136 | sk->sk_state = TCP_CLOSE; |
136 | sk->sk_err = ECONNRESET; | 137 | sk->sk_err = ECONNRESET; |
137 | sk->sk_shutdown |= SEND_SHUTDOWN; | 138 | sk->sk_shutdown |= SEND_SHUTDOWN; |
138 | 139 | ||
139 | sk->sk_state_change(sk); | 140 | sk->sk_state_change(sk); |
140 | /* Uh-oh... Should use sock_orphan ? */ | 141 | sock_orphan(sk); |
141 | sock_set_flag(sk, SOCK_DEAD); | 142 | release_sock(sk); |
142 | 143 | ||
143 | /* Close our TSAP. | 144 | /* Close our TSAP. |
144 | * If we leave it open, IrLMP put it back into the list of | 145 | * If we leave it open, IrLMP put it back into the list of |
@@ -1212,6 +1213,7 @@ static int irda_release(struct socket *sock) | |||
1212 | if (sk == NULL) | 1213 | if (sk == NULL) |
1213 | return 0; | 1214 | return 0; |
1214 | 1215 | ||
1216 | lock_sock(sk); | ||
1215 | sk->sk_state = TCP_CLOSE; | 1217 | sk->sk_state = TCP_CLOSE; |
1216 | sk->sk_shutdown |= SEND_SHUTDOWN; | 1218 | sk->sk_shutdown |= SEND_SHUTDOWN; |
1217 | sk->sk_state_change(sk); | 1219 | sk->sk_state_change(sk); |
@@ -1221,6 +1223,7 @@ static int irda_release(struct socket *sock) | |||
1221 | 1223 | ||
1222 | sock_orphan(sk); | 1224 | sock_orphan(sk); |
1223 | sock->sk = NULL; | 1225 | sock->sk = NULL; |
1226 | release_sock(sk); | ||
1224 | 1227 | ||
1225 | /* Purge queues (see sock_init_data()) */ | 1228 | /* Purge queues (see sock_init_data()) */ |
1226 | skb_queue_purge(&sk->sk_receive_queue); | 1229 | skb_queue_purge(&sk->sk_receive_queue); |
@@ -1353,6 +1356,7 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, | |||
1353 | IRDA_DEBUG(4, "%s()\n", __FUNCTION__); | 1356 | IRDA_DEBUG(4, "%s()\n", __FUNCTION__); |
1354 | 1357 | ||
1355 | IRDA_ASSERT(self != NULL, return -1;); | 1358 | IRDA_ASSERT(self != NULL, return -1;); |
1359 | IRDA_ASSERT(!sock_error(sk), return -1;); | ||
1356 | 1360 | ||
1357 | skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, | 1361 | skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, |
1358 | flags & MSG_DONTWAIT, &err); | 1362 | flags & MSG_DONTWAIT, &err); |
@@ -1405,6 +1409,7 @@ static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock, | |||
1405 | IRDA_DEBUG(3, "%s()\n", __FUNCTION__); | 1409 | IRDA_DEBUG(3, "%s()\n", __FUNCTION__); |
1406 | 1410 | ||
1407 | IRDA_ASSERT(self != NULL, return -1;); | 1411 | IRDA_ASSERT(self != NULL, return -1;); |
1412 | IRDA_ASSERT(!sock_error(sk), return -1;); | ||
1408 | 1413 | ||
1409 | if (sock->flags & __SO_ACCEPTCON) | 1414 | if (sock->flags & __SO_ACCEPTCON) |
1410 | return(-EINVAL); | 1415 | return(-EINVAL); |