From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752573AbcBLNZr (ORCPT ); Fri, 12 Feb 2016 08:25:47 -0500 Received: from tiger.mobileactivedefense.com ([217.174.251.109]:45092 "EHLO tiger.mobileactivedefense.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752309AbcBLNZp (ORCPT ); Fri, 12 Feb 2016 08:25:45 -0500 From: Rainer Weikusat To: Philipp Hahn Cc: Ben Hutchings , Hannes Frederic Sowa , Sasha Levin , "David S. Miller" , linux-kernel@vger.kernel.org, Karolin Seeger , Jason Baron , Greg Kroah-Hartman , Arvid Requate , Stefan Gohmann , netdev@vger.kernel.org Subject: Re: [PATCH net] af_unix: Guard against other == sk in unix_dgram_sendmsg In-Reply-To: <56BDA3A8.6070807@pmhahn.de> (Philipp Hahn's message of "Fri, 12 Feb 2016 10:19:36 +0100") References: <56B4BF9D.9070609@pmhahn.de> <56BC90E7.7040007@pmhahn.de> <87fuwzkzr5.fsf@doppelsaurus.mobileactivedefense.com> <1455210224.2801.21.camel@decadent.org.uk> <87r3gjjgbu.fsf@doppelsaurus.mobileactivedefense.com> <87egcjcd5j.fsf@doppelsaurus.mobileactivedefense.com> <87r3gj11jc.fsf_-_@doppelsaurus.mobileactivedefense.com> <56BDA3A8.6070807@pmhahn.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) Date: Fri, 12 Feb 2016 13:25:15 +0000 Message-ID: <8760xuvz5w.fsf@doppelsaurus.mobileactivedefense.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (tiger.mobileactivedefense.com [217.174.251.109]); Fri, 12 Feb 2016 13:25:24 +0000 (GMT) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Philipp Hahn writes: > Hello Rainer, > > Am 11.02.2016 um 20:37 schrieb Rainer Weikusat: >> The unix_dgram_sendmsg routine use the following test >> >> if (unlikely(unix_peer(other) != sk && unix_recvq_full(other))) { [...] >> This isn't correct as the> specified address could have been bound to >> the sending socket itself [...] > After applying that patch at least my machine running the samba test no > longer crashes. There's a possible gotcha in there: Send-to-self used to be limited by the queue limit. But the rationale for that (IIRC) was that someone could keep using newly created sockets to queue ever more data to a single, unrelated receiver. I don't think this should apply when receiving and sending sockets are identical. But that's just my opinion. The other option would be to avoid the unix_state_double_lock for sk == other. I'd be willing to change this accordingly if someone thinks the queue limit should apply to send-to-self.