| Message ID | 20210813181934.647992-1-Rao.Shoaib@oracle.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 19eed721079336d515dd2d8fe1f0f4c292b78c70 |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | af_unix: check socket state when queuing OOB | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Guessed tree name to be net-next |
| netdev/subject_prefix | warning | Target tree name not specified in the subject |
| netdev/cc_maintainers | warning | 5 maintainers not CCed: davem@davemloft.net ast@kernel.org christian.brauner@ubuntu.com mszeredi@redhat.com cong.wang@bytedance.com |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 4 this patch: 4 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 27 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 4 this patch: 4 |
| netdev/header_inline | success | Link |
Hello: This patch was applied to netdev/net-next.git (refs/heads/master): On Fri, 13 Aug 2021 11:19:34 -0700 you wrote: > edumazet@google.com pointed out that queue_oob > does not check socket state after acquiring > the lock. He also pointed to an incorrect usage > of kfree_skb and an unnecessary setting of skb > length. This patch addresses those issue. > > Signed-off-by: Rao Shoaib <Rao.Shoaib@oracle.com> > > [...] Here is the summary with links: - af_unix: check socket state when queuing OOB https://git.kernel.org/netdev/net-next/c/19eed7210793 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index a626e52c629a..0f59fed993d8 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -1891,7 +1891,6 @@ static int queue_oob(struct socket *sock, struct msghdr *msg, struct sock *other return err; skb_put(skb, 1); - skb->len = 1; err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, 1); if (err) { @@ -1900,11 +1899,19 @@ static int queue_oob(struct socket *sock, struct msghdr *msg, struct sock *other } unix_state_lock(other); + + if (sock_flag(other, SOCK_DEAD) || + (other->sk_shutdown & RCV_SHUTDOWN)) { + unix_state_unlock(other); + kfree_skb(skb); + return -EPIPE; + } + maybe_add_creds(skb, sock, other); skb_get(skb); if (ousk->oob_skb) - kfree_skb(ousk->oob_skb); + consume_skb(ousk->oob_skb); ousk->oob_skb = skb;
edumazet@google.com pointed out that queue_oob does not check socket state after acquiring the lock. He also pointed to an incorrect usage of kfree_skb and an unnecessary setting of skb length. This patch addresses those issue. Signed-off-by: Rao Shoaib <Rao.Shoaib@oracle.com> --- net/unix/af_unix.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)