From: Eric Dumazet <[email protected]> Date: Wed, 02 Nov 2016 17:14:41 -0700
> From: Eric Dumazet <[email protected]> > > Andrey Konovalov reported following error while fuzzing with syzkaller : ... > It turns out DCCP calls __sk_receive_skb(), and this broke when > lookups no longer took a reference on listeners. > > Fix this issue by adding a @refcounted parameter to __sk_receive_skb(), > so that sock_put() is used only when needed. > > Fixes: 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under > synflood") > Signed-off-by: Eric Dumazet <[email protected]> > Reported-by: Andrey Konovalov <[email protected]> > Tested-by: Andrey Konovalov <[email protected]> Applied and queued up for -stable.
