diff options
| author | Paolo Abeni <pabeni@redhat.com> | 2024-05-21 13:42:16 +0200 |
|---|---|---|
| committer | Paolo Abeni <pabeni@redhat.com> | 2024-05-21 13:42:17 +0200 |
| commit | 580acf6cd807921bc0e9657c5aa02d2360bb5b63 (patch) | |
| tree | f7b5b83578580ada5b06ed49f0645d2e6f4a29db /net/unix/garbage.c | |
| parent | 3ebc46ca8675de6378e3f8f40768e180bb8afa66 (diff) | |
| parent | e060e433e51246d970c5a8aa1c5ccd9ecc7ba4bf (diff) | |
Merge branch 'af_unix-fix-gc-and-improve-selftest'
Michal Luczaj says:
====================
af_unix: Fix GC and improve selftest
Series deals with AF_UNIX garbage collector mishandling some in-flight
graph cycles. Embryos carrying OOB packets with SCM_RIGHTS cause issues.
Patch 1/2 fixes the memory leak.
Patch 2/2 tweaks the selftest for a better OOB coverage.
v3:
- Patch 1/2: correct the commit message (Kuniyuki)
v2: https://lore.kernel.org/netdev/20240516145457.1206847-1-mhal@rbox.co/
- Patch 1/2: remove WARN_ON_ONCE() (Kuniyuki)
- Combine both patches into a series (Kuniyuki)
v1: https://lore.kernel.org/netdev/20240516103049.1132040-1-mhal@rbox.co/
====================
Link: https://lore.kernel.org/r/20240517093138.1436323-1-mhal@rbox.co
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Diffstat (limited to 'net/unix/garbage.c')
| -rw-r--r-- | net/unix/garbage.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/net/unix/garbage.c b/net/unix/garbage.c index 1f8b8cdfcdc8..dfe94a90ece4 100644 --- a/net/unix/garbage.c +++ b/net/unix/garbage.c @@ -342,6 +342,18 @@ enum unix_recv_queue_lock_class { U_RECVQ_LOCK_EMBRYO, }; +static void unix_collect_queue(struct unix_sock *u, struct sk_buff_head *hitlist) +{ + skb_queue_splice_init(&u->sk.sk_receive_queue, hitlist); + +#if IS_ENABLED(CONFIG_AF_UNIX_OOB) + if (u->oob_skb) { + WARN_ON_ONCE(skb_unref(u->oob_skb)); + u->oob_skb = NULL; + } +#endif +} + static void unix_collect_skb(struct list_head *scc, struct sk_buff_head *hitlist) { struct unix_vertex *vertex; @@ -365,18 +377,11 @@ static void unix_collect_skb(struct list_head *scc, struct sk_buff_head *hitlist /* listener -> embryo order, the inversion never happens. */ spin_lock_nested(&embryo_queue->lock, U_RECVQ_LOCK_EMBRYO); - skb_queue_splice_init(embryo_queue, hitlist); + unix_collect_queue(unix_sk(skb->sk), hitlist); spin_unlock(&embryo_queue->lock); } } else { - skb_queue_splice_init(queue, hitlist); - -#if IS_ENABLED(CONFIG_AF_UNIX_OOB) - if (u->oob_skb) { - kfree_skb(u->oob_skb); - u->oob_skb = NULL; - } -#endif + unix_collect_queue(u, hitlist); } spin_unlock(&queue->lock); |