Phonet: listening socket lock protects the connected socket list The accept()'d socket need to be unhashed while the (listen()'ing) socket lock is held. This fixes a race condition that could lead to an OOPS. Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 7dfde179c38056b91d51e60f3d50902387f27c84 [log] [tgz]
author: Rémi Denis-Courmont <remi.denis-courmont@nokia.com> Wed May 26 00:44:44 2010 +0000
committer: David S. Miller <davem@davemloft.net> Sat May 29 00:18:50 2010 -0700
tree: ca53c26f8290127f2199e387987c176402483a55
parent: 97dc875f90a7b88a9fa476c256345c0d40fcdf6c [diff]
diff --git a/net/phonet/pep.c b/net/phonet/pep.c
index 7b048a3..94d72e8 100644
--- a/net/phonet/pep.c
+++ b/net/phonet/pep.c

@@ -1045,12 +1045,12 @@
 	lock_sock(sk);
 	if ((1 << sk->sk_state) & ~(TCPF_CLOSE|TCPF_LISTEN)) {
 		skparent = pn->listener;
-		sk_del_node_init(sk);
 		release_sock(sk);
 
-		sk = skparent;
 		pn = pep_sk(skparent);
-		lock_sock(sk);
+		lock_sock(skparent);
+		sk_del_node_init(sk);
+		sk = skparent;
 	}
 	/* Unhash a listening sock only when it is closed
 	 * and all of its active connected pipes are closed. */
commit	7dfde179c38056b91d51e60f3d50902387f27c84	[log] [tgz]
author	Rémi Denis-Courmont <remi.denis-courmont@nokia.com>	Wed May 26 00:44:44 2010 +0000
committer	David S. Miller <davem@davemloft.net>	Sat May 29 00:18:50 2010 -0700
tree	ca53c26f8290127f2199e387987c176402483a55
parent	97dc875f90a7b88a9fa476c256345c0d40fcdf6c [diff]