Hi Eric,
On Sun, Jan 24, 2016 at 01:53:50PM -0800, Eric Dumazet wrote:
> From: Eric Dumazet <eduma...@google.com>
>
> Dmitry reported a struct pid leak detected by a syzkaller program.
>
> Bug happens in unix_stream_recvmsg() when we break the loop when a
> signal is pending, without properly releasing scm.
>
> Fixes: b3ca9b02b007 ("net: fix multithreaded signal handling in unix recv
> routines")
> Reported-by: Dmitry Vyukov <dvyu...@google.com>
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Cc: Rainer Weikusat <rweiku...@mobileactivedefense.com>
> ---
> net/unix/af_unix.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> index c5bf5ef2bf89..49d5093eb055 100644
> --- a/net/unix/af_unix.c
> +++ b/net/unix/af_unix.c
> @@ -2339,6 +2339,7 @@ again:
>
> if (signal_pending(current)) {
> err = sock_intr_errno(timeo);
> + scm_destroy(&scm);
> goto out;
> }
Good job on this one! FWIW, I managed to test it on 3.14 and I confirm it
completely fixes the leak there as well. I had to modify it a little bit
however since there's no scm local variable there :
- scm_destroy(&scm);
+ scm_destroy(siocb->scm);
Cheers,
Willy
