From: Hannes Frederic Sowa <han...@stressinduktion.org>
Date: Wed, 3 Feb 2016 02:11:03 +0100
> The commit referenced in the Fixes tag incorrectly accounted the number
> of in-flight fds over a unix domain socket to the original opener
> of the file-descriptor. This allows another process to arbitrary
> deplete the original file-openers resource limit for the maximum of
> open files. Instead the sending processes and its struct cred should
> be credited.
>
> To do so, we add a reference counted struct user_struct pointer to the
> scm_fp_list and use it to account for the number of inflight unix fds.
>
> Fixes: 712f4aad406bb1 ("unix: properly account for FDs passed over unix
> sockets")
> Reported-by: David Herrmann <dh.herrm...@gmail.com>
> Cc: David Herrmann <dh.herrm...@gmail.com>
> Cc: Willy Tarreau <w...@1wt.eu>
> Cc: Linus Torvalds <torva...@linux-foundation.org>
> Suggested-by: Linus Torvalds <torva...@linux-foundation.org>
> Signed-off-by: Hannes Frederic Sowa <han...@stressinduktion.org>
Applied, thanks Hannes.
