Commit 9375cb8a authored by David S. Miller's avatar David S. Miller

ax25: Use sock_graft() and remove bogus sk_socket and sk_sleep init.

The way that listening sockets work in ax25 is that the packet input
code path creates new socks via ax25_make_new() and attaches them
to the incoming SKB.  This SKB gets queued up into the listening
socket's receive queue.

When accept()'d the sock gets hooked up to the real parent socket.
Alternatively, if the listening socket is closed and released, any
unborn socks stuff up in the receive queue get released.

So during this time period these sockets are unreachable in any
other way, so no wakeup events nor references to their ->sk_socket
and ->sk_sleep members can occur.  And even if they do, all such
paths have to make NULL checks.

So do not deceptively initialize them in ax25_make_new() to the
values in the listening socket.  Leave them at NULL.

Finally, use sock_graft() in ax25_accept().
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ee5850de
...@@ -893,13 +893,11 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev) ...@@ -893,13 +893,11 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
sk->sk_destruct = ax25_free_sock; sk->sk_destruct = ax25_free_sock;
sk->sk_type = osk->sk_type; sk->sk_type = osk->sk_type;
sk->sk_socket = osk->sk_socket;
sk->sk_priority = osk->sk_priority; sk->sk_priority = osk->sk_priority;
sk->sk_protocol = osk->sk_protocol; sk->sk_protocol = osk->sk_protocol;
sk->sk_rcvbuf = osk->sk_rcvbuf; sk->sk_rcvbuf = osk->sk_rcvbuf;
sk->sk_sndbuf = osk->sk_sndbuf; sk->sk_sndbuf = osk->sk_sndbuf;
sk->sk_state = TCP_ESTABLISHED; sk->sk_state = TCP_ESTABLISHED;
sk->sk_sleep = osk->sk_sleep;
sock_copy_flags(sk, osk); sock_copy_flags(sk, osk);
oax25 = ax25_sk(osk); oax25 = ax25_sk(osk);
...@@ -1361,13 +1359,11 @@ static int ax25_accept(struct socket *sock, struct socket *newsock, int flags) ...@@ -1361,13 +1359,11 @@ static int ax25_accept(struct socket *sock, struct socket *newsock, int flags)
goto out; goto out;
newsk = skb->sk; newsk = skb->sk;
newsk->sk_socket = newsock; sock_graft(newsk, newsock);
newsk->sk_sleep = &newsock->wait;
/* Now attach up the new socket */ /* Now attach up the new socket */
kfree_skb(skb); kfree_skb(skb);
sk->sk_ack_backlog--; sk->sk_ack_backlog--;
newsock->sk = newsk;
newsock->state = SS_CONNECTED; newsock->state = SS_CONNECTED;
out: out:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment