github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-13 01:08:08 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
12ef7d4486
linux/include/net
History
Miklos Szeredi 6209344f5a net: unix: fix inflight counting bug in garbage collector 
Previously I assumed that the receive queues of candidates don't
change during the GC.  This is only half true, nothing can be received
from the queues (see comment in unix_gc()), but buffers could be added
through the other half of the socket pair, which may still have file
descriptors referring to it.

This can result in inc_inflight_move_tail() erronously increasing the
"inflight" counter for a unix socket for which dec_inflight() wasn't
previously called.  This in turn can trigger the "BUG_ON(total_refs <
inflight_refs)" in a later garbage collection run.

Fix this by only manipulating the "inflight" counter for sockets which
are candidates themselves.  Duplicating the file references in
unix_attach_fds() is also needed to prevent a socket becoming a
candidate for GC while the skb that contains it is not yet queued.

Reported-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-11-09 11:17:33 -08:00
..
9p 9p: fix sparse warnings 2008-10-22 18:54:47 -05:00
bluetooth include: replace __FUNCTION__ with __func__ 2008-10-16 11:21:30 -07:00
irda include: replace __FUNCTION__ with __func__ 2008-10-16 11:21:30 -07:00
iucv
netfilter
netns netfilter: netns: use NFPROTO_NUMPROTO instead of NUMPROTO for tables array 2008-10-20 03:31:54 -07:00
phonet Phonet: include generic link-layer header size in MAX_PHONET_HEADER 2008-10-26 23:06:31 -07:00
sctp sctp: Fix to handle SHUTDOWN in SHUTDOWN_RECEIVED state 2008-10-23 01:01:18 -07:00
tc_act
tipc
act_api.h
addrconf.h
af_rxrpc.h
af_unix.h net: unix: fix inflight counting bug in garbage collector 2008-11-09 11:17:33 -08:00
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
cfg80211.h
checksum.h
cipso_ipv4.h
compat.h
datalink.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsa.h
dsfield.h
dst.h
esp.h
fib_rules.h
flow.h
garp.h
gen_stats.h
genetlink.h
icmp.h
ieee80211_crypt.h
ieee80211_radiotap.h
ieee80211.h include: replace __FUNCTION__ with __func__ 2008-10-16 11:21:30 -07:00
if_inet6.h
inet_common.h
inet_connection_sock.h
inet_ecn.h
inet_frag.h
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inet6_connection_sock.h
inet6_hashtables.h
inetpeer.h
ip_fib.h
ip_vs.h include: replace __FUNCTION__ with __func__ 2008-10-16 11:21:30 -07:00
ip.h sysctl: simplify ->strategy 2008-10-16 11:21:47 -07:00
ip6_checksum.h
ip6_fib.h
ip6_route.h
ip6_tunnel.h
ipcomp.h
ipconfig.h
ipip.h
ipv6.h
ipx.h
iw_handler.h
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
mac80211.h mac80211.h: fix kernel-doc excesses 2008-10-27 17:46:11 -04:00
mip6.h
ndisc.h sysctl: simplify ->strategy 2008-10-16 11:21:47 -07:00
neighbour.h
net_namespace.h netns: add register_pernet_gen_subsys/unregister_pernet_gen_subsys 2008-10-30 23:55:16 -07:00
netdma.h
netevent.h
netlabel.h
netlink.h
netrom.h
nexthop.h
p8022.h
pkt_cls.h
pkt_sched.h
protocol.h
psnap.h
raw.h
rawv6.h
red.h
request_sock.h
rose.h
route.h
rtnetlink.h
sch_generic.h
scm.h net: Fix recursive descent in __scm_destroy(). 2008-11-06 13:51:50 -08:00
slhc_vj.h
snmp.h
sock.h net: delete excess kernel-doc notation 2008-10-30 23:54:35 -07:00
stp.h
syncppp.h
tcp_states.h
tcp.h
timewait_sock.h
transp_v6.h
udp.h
udplite.h
wext.h
wireless.h
x25.h
x25device.h
xfrm.h