af_unix: Add dead flag to struct scm_fp_list.
commit 7172dc93 upstream. Commit 1af2dfac ("af_unix: Don't access successor in unix_del_edges() during GC.") fixed use-after-free by avoid accessing edge->successor while GC is in progress. However, there could be a small race window where another process could call unix_del_edges() while gc_in_progress is true and __skb_queue_purge() is on the way. So, we need another marker for struct scm_fp_list which indicates if the skb is garbage-collected. This patch adds dead flag in struct scm_fp_list and set it true before calling __skb_queue_purge(). Fixes: 1af2dfac ("af_unix: Don't access successor in unix_del_edges() during GC.") Signed-off-by:Kuniyuki Iwashima <kuniyu@amazon.com> Acked-by:
Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20240508171150.50601-1-kuniyu@amazon.com Signed-off-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
Lee Jones <lee@kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Loading
-
mentioned in commit 96aafbea
-
mentioned in commit 5f7f9738
-
mentioned in commit c40564f0
-
mentioned in commit 79105e34
-
mentioned in commit bb3c1006
-
mentioned in commit fa6aec5b
-
mentioned in commit 71228a5b
-
mentioned in commit d5d82517
-
mentioned in commit ff8b47cc
-
mentioned in commit 077ffc86
-
mentioned in commit 5d6df7b5
-
mentioned in commit 73f3d171
-
mentioned in commit ddd6979a
-
mentioned in commit 98aebd30
Please sign in to comment