From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753710AbbJIEQY (ORCPT ); Fri, 9 Oct 2015 00:16:24 -0400 Received: from prod-mail-xrelay06.akamai.com ([96.6.114.98]:54086 "EHLO prod-mail-xrelay06.akamai.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752987AbbJIEQX (ORCPT ); Fri, 9 Oct 2015 00:16:23 -0400 From: Jason Baron To: davem@davemloft.net Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, minipli@googlemail.com, normalperson@yhbt.net, eric.dumazet@gmail.com, rweikusat@mobileactivedefense.com, viro@zeniv.linux.org.uk, davidel@xmailserver.org, dave@stgolabs.net, olivier@mauras.ch, pageexec@freemail.hu, torvalds@linux-foundation.org, peterz@infradead.org, joe@perches.com Subject: [PATCH v4 0/3] net: unix: fix use-after-free Date: Fri, 9 Oct 2015 00:15:59 -0400 Message-Id: X-Mailer: git-send-email 1.9.1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, These patches are against mainline, I can re-base to net-next, please let me know. They have been tested against: https://lkml.org/lkml/2015/9/13/195, which causes the use-after-free quite quickly and here: https://lkml.org/lkml/2015/10/2/693. Thanks, -Jason v4: -set UNIX_NOSPACE only if the peer socket has receive space v3: -beef up memory barrier comments in 3/3 (Peter Zijlstra) -clean up unix_dgram_writable() function in 3/3 (Joe Perches) Jason Baron (3): net: unix: fix use-after-free in unix_dgram_poll() net: unix: Convert gc_flags to flags net: unix: optimize wakeups in unix_dgram_recvmsg() include/net/af_unix.h | 4 +- net/unix/af_unix.c | 124 ++++++++++++++++++++++++++++++++++++++++---------- net/unix/garbage.c | 12 ++--- 3 files changed, 108 insertions(+), 32 deletions(-) -- 2.6.1