af_unix: Add dead flag to struct scm_fp_list. (7172dc93) · Commits · CodeLinaro / qsdk / kvalo / ath

Commit 7172dc93 authored 10 months ago by Kuniyuki Iwashima Committed by Jakub Kicinski 10 months ago

af_unix: Add dead flag to struct scm_fp_list.


Commit 1af2dfac ("af_unix: Don't access successor in unix_del_edges()
during GC.") fixed use-after-free by avoid accessing edge->successor while
GC is in progress.

However, there could be a small race window where another process could
call unix_del_edges() while gc_in_progress is true and __skb_queue_purge()
is on the way.

So, we need another marker for struct scm_fp_list which indicates if the
skb is garbage-collected.

This patch adds dead flag in struct scm_fp_list and set it true before
calling __skb_queue_purge().

Fixes: 1af2dfac ("af_unix: Don't access successor in unix_del_edges() during GC.")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/20240508171150.50601-1-kuniyu@amazon.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 84c8b7ad

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 12 additions and 4 deletions

Please register or to comment