Re: [PATCH v6.6 23/26] af_unix: Don't access successor in unix_del_edges() during GC.

[Sasha Levin <sashal@kernel.org>]

[ Sasha's backport helper bot ]

Hi,

Summary of potential issues:
ℹ️ This is part 23/26 of a series
⚠️ Found follow-up fixes in mainline

The upstream commit SHA1 provided is correct: 1af2dface5d286dd1f2f3405a0d6fa9f2c8fb998

WARNING: Author mismatch between patch and upstream commit:
Backport author: Lee Jones<lee@kernel.org>
Commit author: Kuniyuki Iwashima<kuniyu@amazon.com>

Status in newer kernel trees:
6.14.y | Present (exact SHA1)
6.12.y | Present (exact SHA1)

Found fixes commits:
7172dc93d621 af_unix: Add dead flag to struct scm_fp_list.

Note: The patch differs from the upstream commit:
---
1:  1af2dface5d28 ! 1:  9af3ce6ae17fc af_unix: Don't access successor in unix_del_edges() during GC.
    @@ Metadata
      ## Commit message ##
         af_unix: Don't access successor in unix_del_edges() during GC.
     
    +    [ Upstream commit 1af2dface5d286dd1f2f3405a0d6fa9f2c8fb998 ]
    +
         syzbot reported use-after-free in unix_del_edges().  [0]
     
         What the repro does is basically repeat the following quickly.
    @@ Commit message
         Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
         Link: https://lore.kernel.org/r/20240419235102.31707-1-kuniyu@amazon.com
         Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    +    (cherry picked from commit 1af2dface5d286dd1f2f3405a0d6fa9f2c8fb998)
    +    Signed-off-by: Lee Jones <lee@kernel.org>
     
      ## net/unix/garbage.c ##
     @@ net/unix/garbage.c: static void unix_add_edge(struct scm_fp_list *fpl, struct unix_edge *edge)
---

NOTE: These results are for this patch alone. Full series testing will be
performed when all parts are received.

Results of testing on various branches:

| Branch                    | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.12.y       |  Success    |  Success   |