summaryrefslogtreecommitdiffstats
path: root/include/math-emu
diff options
context:
space:
mode:
authorKuniyuki Iwashima <kuniyu@amazon.com>2024-05-08 10:11:50 -0700
committerJakub Kicinski <kuba@kernel.org>2024-05-10 18:52:45 -0700
commit7172dc93d621d5dc302d007e95ddd1311ec64283 (patch)
tree9dcbc685a20185bd292a3e7042c42da430bf310f /include/math-emu
parent84c8b7ad5e748c0b93415b060c7071f8c524f4f5 (diff)
downloadlinux-stable-7172dc93d621d5dc302d007e95ddd1311ec64283.tar.gz
linux-stable-7172dc93d621d5dc302d007e95ddd1311ec64283.tar.bz2
linux-stable-7172dc93d621d5dc302d007e95ddd1311ec64283.zip
af_unix: Add dead flag to struct scm_fp_list.
Commit 1af2dface5d2 ("af_unix: Don't access successor in unix_del_edges() during GC.") fixed use-after-free by avoid accessing edge->successor while GC is in progress. However, there could be a small race window where another process could call unix_del_edges() while gc_in_progress is true and __skb_queue_purge() is on the way. So, we need another marker for struct scm_fp_list which indicates if the skb is garbage-collected. This patch adds dead flag in struct scm_fp_list and set it true before calling __skb_queue_purge(). Fixes: 1af2dface5d2 ("af_unix: Don't access successor in unix_del_edges() during GC.") Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Acked-by: Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20240508171150.50601-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'include/math-emu')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-20 12:24:14 +0000