| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5670c1c4-985d-4e87-9732-ad1cc59bc8db@rbox.co>
Date: Sun, 12 May 2024 16:47:11 +0200
From: Michal Luczaj <mhal@...x.co>
To: Kuniyuki Iwashima <kuniyu@...zon.com>,
"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>
Cc: Kuniyuki Iwashima <kuni1840@...il.com>, netdev@...r.kernel.org,
Billy Jheng Bing-Jhong <billy@...rlabs.sg>
Subject: Re: [PATCH v2 net] af_unix: Update unix_sk(sk)->oob_skb under
sk_receive_queue lock.
On 5/10/24 11:39, Kuniyuki Iwashima wrote:
> @@ -2655,6 +2661,8 @@ static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk,
> consume_skb(skb);
> skb = NULL;
> } else {
> + spin_lock(&sk->sk_receive_queue.lock);
> +
> if (skb == u->oob_skb) {
> if (copied) {
> skb = NULL;
> @@ -2666,13 +2674,15 @@ static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk,
> } else if (flags & MSG_PEEK) {
> skb = NULL;
> } else {
> - skb_unlink(skb, &sk->sk_receive_queue);
> + __skb_unlink(skb, &sk->sk_receive_queue);
> WRITE_ONCE(u->oob_skb, NULL);
> if (!WARN_ON_ONCE(skb_unref(skb)))
> kfree_skb(skb);
> skb = skb_peek(&sk->sk_receive_queue);
> }
> }
> +
> + spin_unlock(&sk->sk_receive_queue.lock);
> }
> return skb;
> }
Now it is
spin_lock(&sk->sk_receive_queue.lock)
kfree_skb
unix_destruct_scm
unix_notinflight
spin_lock(&unix_gc_lock)
I.e. sk_receive_queue.lock -> unix_gc_lock, inversion of what unix_gc() does.
But that's benign, right?
thanks,
Michal
Powered by blists - more mailing lists