[PATCH net v3 0/3] Fix SCTP diag locking issues

[Stefan Wiehler]

- Hold RCU read lock while iterating over address list in
  inet_diag_msg_sctpaddrs_fill()
- Prevent TOCTOU out-of-bounds write
- Hold sock lock while iterating over address list in sctp_sock_dump_one()

v3:
- Elaborate on TOCTOU call path
- Merge 3 patches into series
v2:
- Add changelog and credit, release sock lock in ENOMEM error path:
  https://patchwork.kernel.org/project/netdevbpf/patch/20251027102541.2320627-2-stefan.wiehler@xxxxxxxxx/
- Add changelog and credit:
  https://patchwork.kernel.org/project/netdevbpf/patch/20251027101328.2312025-2-stefan.wiehler@xxxxxxxxx/
v1:
- https://patchwork.kernel.org/project/netdevbpf/patch/20251023191807.74006-2-stefan.wiehler@xxxxxxxxx/
- https://patchwork.kernel.org/project/netdevbpf/patch/20251027084835.2257860-1-stefan.wiehler@xxxxxxxxx/
- https://patchwork.kernel.org/project/netdevbpf/patch/20251027085007.2259265-1-stefan.wiehler@xxxxxxxxx/

Stefan Wiehler (3):
  sctp: Hold RCU read lock while iterating over address list
  sctp: Prevent TOCTOU out-of-bounds write
  sctp: Hold sock lock while iterating over address list

 net/sctp/diag.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

-- 
2.51.0