af_unix: Add dead flag to struct scm_fp_list.
Commit 1af2dfac ("af_unix: Don't access successor in unix_del_edges() during GC.") fixed use-after-free by avoid accessing edge->successor while GC is in progress. However, there could be a small race window where another process could call unix_del_edges() while gc_in_progress is true and __skb_queue_purge() is on the way. So, we need another marker for struct scm_fp_list which indicates if the skb is garbage-collected. This patch adds dead flag in struct scm_fp_list and set it true before calling __skb_queue_purge(). Fixes: 1af2dfac ("af_unix: Don't access successor in unix_del_edges() during GC.") Signed-off-by:Kuniyuki Iwashima <kuniyu@amazon.com> Acked-by:
Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20240508171150.50601-1-kuniyu@amazon.com Signed-off-by:
Jakub Kicinski <kuba@kernel.org>
Loading
-
mentioned in commit f2faa32a
-
mentioned in commit 6b97451b
-
mentioned in commit 912bb921
-
mentioned in commit 7dd122eb
-
mentioned in commit ebec6142
-
mentioned in commit e9d0fc07
-
mentioned in commit ffd46a72
-
mentioned in commit 32847b4d
-
mentioned in commit cc04e2c3
-
mentioned in commit 42b241f4
-
mentioned in commit 8f0aa725
-
mentioned in commit 90ce7aa8
-
mentioned in commit 28201f38
-
mentioned in commit 96aafbea
-
mentioned in commit 5f7f9738
-
mentioned in commit c40564f0
-
mentioned in commit 79105e34
-
mentioned in commit bb3c1006
-
mentioned in commit fa6aec5b
-
mentioned in commit 71228a5b
-
mentioned in commit d5d82517
-
mentioned in commit ff8b47cc
-
mentioned in commit 077ffc86
-
mentioned in commit 5d6df7b5
-
mentioned in commit 73f3d171
-
mentioned in commit ddd6979a
Please sign in to comment