linux/net/unix
Kuniyuki Iwashima 7172dc93d6 af_unix: Add dead flag to struct scm_fp_list.
Commit 1af2dface5 ("af_unix: Don't access successor in unix_del_edges()
during GC.") fixed use-after-free by avoid accessing edge->successor while
GC is in progress.

However, there could be a small race window where another process could
call unix_del_edges() while gc_in_progress is true and __skb_queue_purge()
is on the way.

So, we need another marker for struct scm_fp_list which indicates if the
skb is garbage-collected.

This patch adds dead flag in struct scm_fp_list and set it true before
calling __skb_queue_purge().

Fixes: 1af2dface5 ("af_unix: Don't access successor in unix_del_edges() during GC.")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/20240508171150.50601-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-05-10 18:52:45 -07:00
..
af_unix.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-04-18 13:12:24 -07:00
diag.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-01 15:12:37 -08:00
garbage.c af_unix: Add dead flag to struct scm_fp_list. 2024-05-10 18:52:45 -07:00
Kconfig af_unix: Remove CONFIG_UNIX_SCM. 2024-01-31 16:41:16 -08:00
Makefile af_unix: Remove CONFIG_UNIX_SCM. 2024-01-31 16:41:16 -08:00
sysctl_net_unix.c net: Remove the now superfluous sentinel elements from ctl_table array 2024-05-03 13:29:41 +01:00
unix_bpf.c bpf: sockmap, fix proto update hook to avoid dup calls 2024-01-03 16:50:06 -08:00