Re: Bug 4.1.16: self-detected stall in net/unix/?

[Ben Hutchings]

On Thu, 2016-02-11 at 15:55 +0000, Rainer Weikusat wrote:
> Philipp Hahn <pmhahn@xxxxxxxxx> writes:
> 
> [...]
> 
> > Probably the same bug was also reported to samba-technical by Karolin
> > Seeger; she filed the bug for 3.19-ckt with Ubuntu:
> > 
> > 
> > 
> > Running the Samba test suite reproduces the problem; see bug for
> > details.
> 
> 
> JFTR: The oops in this bug report is for 3.13.0-77 and the patch you
> reverted for 4.1 is not part of that (at least not of the upstream 3.13).
[...]

It is in 3.13-ckt and basically all the stable branches.

Does the patch below fix this bug?

Ben.

---
unix: Fix potential double-unlock in unix_dgram_sendmsg()

A datagram socket may be peered with itself, so that sk == other.ÂÂWe
use unix_state_double_lock() to lock sk and other in the right order,
which also guards against this and only locks the socket once, but we
then end up trying to unlock it twice.ÂÂAdd the check for sk != other.

Reported-by: Philipp Hahn <pmhahn@xxxxxxxxx>
Fixes: 7d267278a9ec ("unix: avoid use-after-free in ep_remove_wait_queue")
Cc: stable <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
Ânet/unix/af_unix.c | 4 ++--
Â1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index c5bf5ef2bf89..b4320d3e3a25 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1810,7 +1810,7 @@ restart_locked:
Â		}
Â	}
Â
-	if (unlikely(sk_locked))
+	if (unlikely(sk_locked) && sk != other)
Â		unix_state_unlock(sk);
Â
Â	if (sock_flag(other, SOCK_RCVTSTAMP))
@@ -1826,7 +1826,7 @@ restart_locked:
Â	return len;
Â
Âout_unlock:
-	if (sk_locked)
+	if (sk_locked && sk != other)
Â		unix_state_unlock(sk);
Â	unix_state_unlock(other);
Âout_free:

-- 
Ben Hutchings
Who are all these weirdos? - David Bowie, reading IRC for the first time

Attachment: signature.asc
Description: This is a digitally signed message part