af_unix: Add dead flag to struct scm_fp_list.
commit 7172dc93 upstream. Commit 1af2dfac ("af_unix: Don't access successor in unix_del_edges() during GC.") fixed use-after-free by avoid accessing edge->successor while GC is in progress. However, there could be a small race window where another process could call unix_del_edges() while gc_in_progress is true and __skb_queue_purge() is on the way. So, we need another marker for struct scm_fp_list which indicates if the skb is garbage-collected. This patch adds dead flag in struct scm_fp_list and set it true before calling __skb_queue_purge(). Fixes: 1af2dfac ("af_unix: Don't access successor in unix_del_edges() during GC.") Signed-off-by:Kuniyuki Iwashima <kuniyu@amazon.com> Acked-by:
Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20240508171150.50601-1-kuniyu@amazon.com Signed-off-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
Lee Jones <lee@kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Loading
-
mentioned in commit f2faa32a
-
mentioned in commit 6b97451b
-
mentioned in commit 912bb921
-
mentioned in commit 7dd122eb
-
mentioned in commit ebec6142
-
mentioned in commit e9d0fc07
-
mentioned in commit ffd46a72
-
mentioned in commit 32847b4d
-
mentioned in commit cc04e2c3
-
mentioned in commit 42b241f4
-
mentioned in commit 8f0aa725
-
mentioned in commit 90ce7aa8
-
mentioned in commit 45271a2c
Please sign in to comment