diff options
| author | Kuniyuki Iwashima <[email protected]> | 2024-05-08 17:11:50 +0000 |
|---|---|---|
| committer | Jakub Kicinski <[email protected]> | 2024-05-11 01:52:45 +0000 |
| commit | 7172dc93d621d5dc302d007e95ddd1311ec64283 (patch) | |
| tree | 9dcbc685a20185bd292a3e7042c42da430bf310f /net/unix/af_unix.c | |
| parent | net: ethernet: adi: adin1110: Replace linux/gpio.h by proper one (diff) | |
| download | kernel-7172dc93d621d5dc302d007e95ddd1311ec64283.tar.gz kernel-7172dc93d621d5dc302d007e95ddd1311ec64283.zip | |
af_unix: Add dead flag to struct scm_fp_list.
Commit 1af2dface5d2 ("af_unix: Don't access successor in unix_del_edges()
during GC.") fixed use-after-free by avoid accessing edge->successor while
GC is in progress.
However, there could be a small race window where another process could
call unix_del_edges() while gc_in_progress is true and __skb_queue_purge()
is on the way.
So, we need another marker for struct scm_fp_list which indicates if the
skb is garbage-collected.
This patch adds dead flag in struct scm_fp_list and set it true before
calling __skb_queue_purge().
Fixes: 1af2dface5d2 ("af_unix: Don't access successor in unix_del_edges() during GC.")
Signed-off-by: Kuniyuki Iwashima <[email protected]>
Acked-by: Paolo Abeni <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Diffstat (limited to 'net/unix/af_unix.c')
0 files changed, 0 insertions, 0 deletions