Thread (12 messages) 12 messages, 4 authors, 2010-11-29

Re: Fwd: Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :(

From: Eric Dumazet <hidden>
Date: 2010-11-26 08:22:33

Possibly related (same subject, not in this thread)

Le vendredi 26 novembre 2010 à 15:41 +0800, Shan Wei a écrit :
Eric Dumazet wrote, at 11/25/2010 10:11 PM:
quoted
@@ -1845,6 +1871,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
 		unix_state_lock(sk);
 		skb = skb_dequeue(&sk->sk_receive_queue);
 		if (skb == NULL) {
+			unix_sk(sk)->recursion_level = 0;
For SOCK_SEQPACKET type, no need to clear recursion_level counter?
 
There is no need actually to clear it at all.

If an application has a complex setup with a dependence tree of unix
sockets, it will break if messages are not read fast enough.

So, maybe I should remove this line so that underlying problem comes
into surface immediately, rather than while in stress load.


Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help