[PATCH net] sctp: Hold sock lock while iterating over address list

Next message: Krzysztof Kozlowski: "Re: [PATCH v6 11/12] ASoC: dt-bindings: sound: cirrus: cs530x: Add SPI bus support"
Previous message: Thomas Zimmermann: "Re: [PATCH v3] drm/vblank: downgrade vblank wait timeout from WARN to error"
Next in thread: Eric Dumazet: "Re: [PATCH net] sctp: Hold sock lock while iterating over address list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stefan Wiehler

Date: Mon Oct 27 2025 - 05:03:57 EST

Fixes: 8f840e47f190 ("sctp: add the sctp_diag.c file")
Signed-off-by: Stefan Wiehler <stefan.wiehler@xxxxxxxxx>
---
net/sctp/diag.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/sctp/diag.c b/net/sctp/diag.c
index 996c2018f0e6..7f7e2773e047 100644
--- a/net/sctp/diag.c
+++ b/net/sctp/diag.c
@@ -223,14 +223,15 @@ struct sctp_comm_param {
bool net_admin;
};

-static size_t inet_assoc_attr_size(struct sctp_association *asoc)
+static size_t inet_assoc_attr_size(struct sock *sk,
+ struct sctp_association *asoc)
{
int addrlen = sizeof(struct sockaddr_storage);
int addrcnt = 0;
struct sctp_sockaddr_entry *laddr;

list_for_each_entry_rcu(laddr, &asoc->base.bind_addr.address_list,
- list)
+ list, lockdep_sock_is_held(sk))
addrcnt++;

return nla_total_size(sizeof(struct sctp_info))
@@ -256,11 +257,12 @@ static int sctp_sock_dump_one(struct sctp_endpoint *ep, struct sctp_transport *t
if (err)
return err;

- rep = nlmsg_new(inet_assoc_attr_size(assoc), GFP_KERNEL);
+ lock_sock(sk);
+
+ rep = nlmsg_new(inet_assoc_attr_size(sk, assoc), GFP_KERNEL);
if (!rep)
return -ENOMEM;

- lock_sock(sk);
if (ep != assoc->ep) {
err = -EAGAIN;
goto out;
--
2.51.0