android_kernel_xiaomi_sm8350/net
Miklos Szeredi 6209344f5a net: unix: fix inflight counting bug in garbage collector
Previously I assumed that the receive queues of candidates don't
change during the GC.  This is only half true, nothing can be received
from the queues (see comment in unix_gc()), but buffers could be added
through the other half of the socket pair, which may still have file
descriptors referring to it.

This can result in inc_inflight_move_tail() erronously increasing the
"inflight" counter for a unix socket for which dec_inflight() wasn't
previously called.  This in turn can trigger the "BUG_ON(total_refs <
inflight_refs)" in a later garbage collection run.

Fix this by only manipulating the "inflight" counter for sockets which
are candidates themselves.  Duplicating the file references in
unix_attach_fds() is also needed to prevent a socket becoming a
candidate for GC while the skb that contains it is not yet queued.

Reported-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-11-09 11:17:33 -08:00
..
9p net/9p: fix printk format warnings 2008-11-05 13:19:07 -06:00
802 net/802/fc.c: Fix compilation warnings 2008-10-15 00:13:53 -07:00
8021q net: fix packet socket delivery in rx irq handler 2008-11-04 14:49:57 -08:00
appletalk net: Rationalise email address: Network Specific Parts 2008-10-13 19:01:08 -07:00
atm
ax25
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-10-17 08:58:52 -07:00
bridge net: Fix disjunct computation of netdev features 2008-10-23 01:11:29 -07:00
can net: Remove CONFIG_KMOD from net/ (towards removing CONFIG_KMOD entirely) 2008-10-16 15:24:51 -07:00
core net: Fix recursive descent in __scm_destroy(). 2008-11-06 15:45:32 -08:00
dccp dccp: Port redirection support for DCCP 2008-10-19 23:36:47 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-10-17 08:58:52 -07:00
dsa dsa: fix compile bug on s390 2008-10-13 18:58:48 -07:00
econet
ethernet
ieee80211
ipv4 tcp: Fix recvmsg MSG_PEEK influence of blocking behavior. 2008-11-05 03:36:01 -08:00
ipv6 ipv6: fix run pending DAD when interface becomes ready 2008-11-05 01:43:57 -08:00
ipx
irda
iucv
key key: fix setkey(8) policy set breakage 2008-10-31 16:41:26 -07:00
lapb
llc
mac80211 mac80211: correct warnings in minstrel rate control algorithm 2008-10-27 17:46:11 -04:00
netfilter netfilter: netns ct: walk netns list under RTNL 2008-11-05 03:03:18 -08:00
netlabel netlabel: Fix compilation warnings in net/netlabel/netlabel_addrlist.c 2008-10-30 10:44:48 -04:00
netlink net: Remove CONFIG_KMOD from net/ (towards removing CONFIG_KMOD entirely) 2008-10-16 15:24:51 -07:00
netrom
packet
phonet Phonet: do not reply to indication reset packets 2008-10-26 23:07:25 -07:00
rfkill Fix logic error in rfkill_check_duplicity 2008-11-06 16:37:09 -05:00
rose
rxrpc
sched Merge branch 'timers/range-hrtimers' into v28-range-hrtimers-for-linus-v2 2008-10-22 09:48:06 +02:00
sctp sctp: Fix to handle SHUTDOWN in SHUTDOWN_RECEIVED state 2008-10-23 01:01:18 -07:00
sunrpc SUNRPC: Fix potential race in put_rpccred() 2008-10-28 15:21:42 -04:00
tipc
unix net: unix: fix inflight counting bug in garbage collector 2008-11-09 11:17:33 -08:00
wanrouter
wireless wireless: fix regression caused by regulatory config option 2008-10-26 10:38:52 -07:00
x25
xfrm xfrm: Fix xfrm_policy_gc_lock handling. 2008-11-03 19:11:29 -08:00
compat.c
Kconfig
Makefile
nonet.c
socket.c saner FASYNC handling on file close 2008-11-01 09:49:46 -07:00
sysctl_net.c
TUNABLE