nbd: prevent sock_xmit from attempting to use a NULL socket
authorMike Snitzer <snitzer@gmail.com>
Wed, 2 Apr 2008 20:04:47 +0000 (13:04 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Wed, 2 Apr 2008 22:28:19 +0000 (15:28 -0700)
NBD does not protect the nbd_device's socket from becoming NULL during
receives.

This closes a race with the NBD_CLEAR_SOCK ioctl (nbd-client -d) setting
the nbd_device's socket to NULL right before NBD calls sock_xmit.

Signed-off-by: Mike Snitzer <snitzer@gmail.com>
Cc: Paul Clements <paul.clements@steeleye.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/block/nbd.c

index b53fdb0a282c4858590993bb790a003f3b436372..60cc54368b66eaa1c7888ab905f7c9b83c92bd41 100644 (file)
@@ -153,6 +153,12 @@ static int sock_xmit(struct nbd_device *lo, int send, void *buf, int size,
        struct kvec iov;
        sigset_t blocked, oldset;
 
+       if (unlikely(!sock)) {
+               printk(KERN_ERR "%s: Attempted %s on closed socket in sock_xmit\n",
+                      lo->disk->disk_name, (send ? "send" : "recv"));
+               return -EINVAL;
+       }
+
        /* Allow interception of SIGKILL only
         * Don't allow other signals to interrupt the transmission */
        siginitsetinv(&blocked, sigmask(SIGKILL));