Re: [PATCH v2] unix: properly account for FDs passed over unix sockets

From: Willy Tarreau
Date: Tue Feb 02 2016 - 15:39:48 EST


On Tue, Feb 02, 2016 at 09:32:56PM +0100, Hannes Frederic Sowa wrote:
> But "struct pid *" in unix_skb_parms should be enough to get us to
> corresponding "struct cred *" so we can decrement the correct counter
> during skb destruction.
>
> So:
>
> We increment current task's unix_inflight and also check the current
> task's limit during attaching fds to skbs and decrement the inflight
> counter via "struct pid *". This looks like it should work.

I like it as well, the principle sounds sane.

> >That way it's always the person who actually does the send (rather
> >than the opener of the socket _or_ the opener of the file that gets
> >passed around) that gets credited, and thanks to the cred pointer we
> >can then de-credit them properly.
>
> Exactly, I try to implement that. Thanks a lot!

Thanks to you Hannes, I appreciate that you work on it, it would take
much more time to me to dig into this.

Willy