af_unix: fix garbage collect vs MSG_PEEK
unix_gc() assumes that candidate sockets can never gain an external reference (i.e. be installed into an fd) while the unix_gc_lock is held. Except for MSG_PEEK this is guaranteed by modifying inflight count under the unix_gc_lock. MSG_PEEK does not touch any variable protected by unix_gc_lock (file count is not), yet it needs to be serialized with garbage collection. Do this by locking/unlocking unix_gc_lock: 1) increment file count 2) lock/unlock barrier to make sure incremented file count is visible to garbage collection 3) install file into fd This is a lock barrier (unlike smp_mb()) that ensures that garbage collection is run completely before or completely after the barrier. Cc: <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
parent
7d549995
-
mentioned in commit af3e2b87
-
mentioned in commit 72247f34
-
mentioned in commit a805a7bd
-
mentioned in commit 054aa8d4
-
mentioned in commit 98548c3a
-
mentioned in commit 8bf31f9d
-
mentioned in commit 8afa4ef9
-
mentioned in commit a043f5a6
-
mentioned in commit 4baba6ba
-
mentioned in commit 03d4462b
Please register or sign in to comment