Re: use-after-free in sock_wake_async

From: Eric Dumazet
Date: Wed Nov 25 2015 - 15:23:47 EST

Next message: Rob Herring: "Re: [PATCH v2 1/1] platform: goldfish: pipe: add devicetree bindings"
Previous message: Mike Snitzer: "Re: kernel BUG at drivers/scsi/scsi_lib.c:1096!"
In reply to: Eric Dumazet: "Re: use-after-free in sock_wake_async"
Next in thread: Rainer Weikusat: "Re: use-after-free in sock_wake_async"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2015-11-25 at 11:50 -0800, Eric Dumazet wrote:

> > other->sk_data_ready(other);
> > + unix_state_unlock(other);

Also, problem with such construct is that we wakeup a thread that will
block on the lock we hold.

Beauty of sk_data_ready() is to call it once we hold no lock any more,
to enable another cpu to immediately proceed.

In this case, 'other' can not disappear, so it should be safe.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rob Herring: "Re: [PATCH v2 1/1] platform: goldfish: pipe: add devicetree bindings"
Previous message: Mike Snitzer: "Re: kernel BUG at drivers/scsi/scsi_lib.c:1096!"
In reply to: Eric Dumazet: "Re: use-after-free in sock_wake_async"
Next in thread: Rainer Weikusat: "Re: use-after-free in sock_wake_async"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]