[SCTP]: Fix couple of races between sctp_peeloff() and sctp_rcv(). Validate and update the sk in sctp_rcv() to avoid the race where an assoc/ep could move to a different socket after we get the sk, but before the skb is added to the backlog. Also migrate the skb's in backlog queue to new sk when doing a peeloff. Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>

commit: c4d2444e992c4eda1d7fc3287e93ba58295bf6b9 [log] [tgz]
author: Sridhar Samudrala <sri@us.ibm.com> Tue Jan 17 11:56:26 2006 -0800
committer: Sridhar Samudrala <sri@us.ibm.com> Tue Jan 17 11:56:26 2006 -0800
tree: 04f2096c141ede308356bd2d8277d4c291fae24d
parent: 313e7b4d2588539e388d31c1febd50503a0083fc [diff] [blame]
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 6a0b1af..fb1821d 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c

@@ -5602,8 +5602,12 @@
 	 */
 	newsp->type = type;
 
+	spin_lock_bh(&oldsk->sk_lock.slock);
+	/* Migrate the backlog from oldsk to newsk. */
+	sctp_backlog_migrate(assoc, oldsk, newsk);
 	/* Migrate the association to the new socket. */
 	sctp_assoc_migrate(assoc, newsk);
+	spin_unlock_bh(&oldsk->sk_lock.slock);
 
 	/* If the association on the newsk is already closed before accept()
 	 * is called, set RCV_SHUTDOWN flag.
commit	c4d2444e992c4eda1d7fc3287e93ba58295bf6b9	[log] [tgz]
author	Sridhar Samudrala <sri@us.ibm.com>	Tue Jan 17 11:56:26 2006 -0800
committer	Sridhar Samudrala <sri@us.ibm.com>	Tue Jan 17 11:56:26 2006 -0800
tree	04f2096c141ede308356bd2d8277d4c291fae24d
parent	313e7b4d2588539e388d31c1febd50503a0083fc [diff] [blame]