From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751674AbcLEHWv (ORCPT ); Mon, 5 Dec 2016 02:22:51 -0500 Received: from helcar.hengli.com.au ([209.40.204.226]:38619 "EHLO helcar.apana.org.au" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750951AbcLEHWu (ORCPT ); Mon, 5 Dec 2016 02:22:50 -0500 Date: Mon, 5 Dec 2016 15:21:40 +0800 From: Herbert Xu To: Eric Dumazet Cc: Andrey Konovalov , "David S. Miller" , Cong Wang , Johannes Berg , Florian Westphal , Eric Dumazet , Bob Copeland , Tom Herbert , David Decotigny , netdev , LKML , Kostya Serebryany , Dmitry Vyukov , syzkaller Subject: Re: net: use-after-free in worker_thread Message-ID: <20161205072140.GC9496@gondor.apana.org.au> References: <1480772947.18162.402.camel@edumazet-glaptop3.roam.corp.google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1480772947.18162.402.camel@edumazet-glaptop3.roam.corp.google.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Dec 03, 2016 at 05:49:07AM -0800, Eric Dumazet wrote: > > @@ -600,6 +600,7 @@ static int __netlink_create(struct net *net, struct socket *sock, > } > init_waitqueue_head(&nlk->wait); > > + sock_set_flag(sk, SOCK_RCU_FREE); > sk->sk_destruct = netlink_sock_destruct; > sk->sk_protocol = protocol; > return 0; It's not necessarily a big deal but I just wanted to point out that SOCK_RCU_FREE is not equivalent to the call_rcu thing that netlink does. The latter only does the RCU deferral for the socket release call which is the only place where it's needed while SOCK_RCU_FREE will force every path to do an RCU deferral. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt