From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rainer Weikusat Subject: Re: [PATCH v2 1/3] unix: fix use-after-free in unix_dgram_poll() Date: Sat, 03 Oct 2015 18:02:16 +0100 Message-ID: <87twq7ans7.fsf@doppelsaurus.mobileactivedefense.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Jason Baron , "David S. Miller" , netdev@vger.kernel.org, "linux-kernel\@vger.kernel.org" , Eric Wong , Eric Dumazet , Rainer Weikusat , Al Viro , Davide Libenzi , Davidlohr Bueso , Olivier Mauras , PaX Team , Linus Torvalds , Peter Zijlstra To: Mathias Krause Return-path: In-Reply-To: (Mathias Krause's message of "Sat, 3 Oct 2015 07:46:06 +0200") Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org Mathias Krause writes: > On 2 October 2015 at 22:43, Jason Baron wrote: >> The unix_dgram_poll() routine calls sock_poll_wait() not only for the wait >> queue associated with the socket s that we are poll'ing against, but also calls [useless full-quote removed] > My reproducer runs on this patch for more than 3 days now without > triggering anything anymore. Since the behaviour of your program is random, using it to "test" anything doesn't really provide any insight: It could have been executing the same codepath which doesn't happen to trigger any problems for all of these three days. Nobody can tell.