Re: [PATCH] net: Fix oops from tcp_collapse() when using splice()

From: David Miller
Date: Tue Mar 30 2010 - 16:47:47 EST

Next message: Bruno PrÃmont: "[PATCH v6 5/8] hid: add GPO (leds) support to PicoLCD device"
Previous message: Bruno PrÃmont: "[PATCH v6 8/8] hid: add PM support to PicoLCD device"
In reply to: Steven J. Magnani: "[PATCH] net: Fix oops from tcp_collapse() when using splice()"
Next in thread: David Miller: "Re: [PATCH] net: Fix oops from tcp_collapse() when using splice()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Steven J. Magnani" <steve@xxxxxxxxxxxxxxx>
Date: Tue, 30 Mar 2010 15:45:13 -0500

> tcp_read_sock() can have a eat skbs without immediately advancing copied_seq.
> This can cause a panic in tcp_collapse() if it is called as a result
> of the recv_actor dropping the socket lock.
>
> A userspace program that splices data from a socket to either another
> socket or to a file can trigger this bug.
>
> Signed-off-by: Steven J. Magnani <steve@xxxxxxxxxxxxxxx>

Thanks for fixing this I'll look at your patch more closely
right now.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bruno PrÃmont: "[PATCH v6 5/8] hid: add GPO (leds) support to PicoLCD device"
Previous message: Bruno PrÃmont: "[PATCH v6 8/8] hid: add PM support to PicoLCD device"
In reply to: Steven J. Magnani: "[PATCH] net: Fix oops from tcp_collapse() when using splice()"
Next in thread: David Miller: "Re: [PATCH] net: Fix oops from tcp_collapse() when using splice()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]