aboutsummaryrefslogtreecommitdiff
path: root/.rustfmt.toml
diff options
context:
space:
mode:
authorKuniyuki Iwashima2024-04-01 10:31:24 -0700
committerJakub Kicinski2024-04-03 19:27:13 -0700
commit7c349ed090318b1c88a3e5dff3b24f732296edce (patch)
tree32cca5feea4ec4236fb9c552319e58eb3a8e851c /.rustfmt.toml
parentd20bac353be7f169b8b032ff6346d2fe608d8312 (diff)
af_unix: Remove scm_fp_dup() in unix_attach_fds().
When we passed fds, we used to bump each file's refcount twice in scm_fp_copy() and scm_fp_dup() before linking the socket to gc_inflight_list. This is because we incremented the inflight count of the socket and linked it to the list in advance before passing skb to the destination socket. Otherwise, the inflight socket could have been garbage-collected in a small race window between linking the socket to the list and queuing skb: CPU 1 : sendmsg(X) w/ A's fd CPU 2 : close(A) ----- ----- /* Here A's refcount is 1, and inflight count is 0 */ bump A's refcount to 2 in scm_fp_copy() bump A's inflight count to 1 link A to gc_inflight_list decrement A's refcount to 1 /* A's refcount == inflight count, thus A could be GC candidate */ start GC mark A as candidate purge A's receive queue queue skb w/ A's fd to X /* A is queued, but all data has been lost */ After commit 4090fa373f0e ("af_unix: Replace garbage collection algorithm."), we increment the inflight count and link the socket to the global list only when queuing the skb. The race no longer exists, so let's not clone the fd nor bump the count in unix_attach_fds(). Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Link: https://lore.kernel.org/r/20240401173125.92184-2-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to '.rustfmt.toml')
0 files changed, 0 insertions, 0 deletions