Martin KaFai Lau wrote:
> On 11/6/23 4:35 AM, Jakub Sitnicki wrote:
> >> diff --git a/net/unix/unix_bpf.c b/net/unix/unix_bpf.c
> >> index 2f9d8271c6ec..705eeed10be3 100644
> >> --- a/net/unix/unix_bpf.c
> >> +++ b/net/unix/unix_bpf.c
> >> @@ -143,6 +143,8 @@ static void unix_stream_bpf_check_needs_rebuild(struct proto *ops)
> >>
> >> int unix_dgram_bpf_update_proto(struct sock *sk, struct sk_psock *psock, bool restore)
> >> {
> >> + struct sock *skpair;
> >> +
> >> if (sk->sk_type != SOCK_DGRAM)
> >> return -EOPNOTSUPP;
> >>
> >> @@ -152,6 +154,9 @@ int unix_dgram_bpf_update_proto(struct sock *sk, struct sk_psock *psock, bool re
> >> return 0;
> >> }
> >>
> >> + skpair = unix_peer(sk);
> >> + sock_hold(skpair);
> >> + psock->skpair = skpair;
> >> unix_dgram_bpf_check_needs_rebuild(psock->sk_proto);
> >> sock_replace_proto(sk, &unix_dgram_bpf_prot);
> >> return 0;
> > unix_dgram should not need this, since it grabs a ref on each sendmsg.
>
> John, could you address this comment and respin v2?
Respinning now just letting some tests run for a bit and I'll kick it out.
Thanks.
>
> The unix_inet_redir_to_connected() seems needing a fix in patch 2 also as
> pointed out by JakubS.
>
> Thanks.
>
> >
> > I'm not able to reproduce this bug for unix_dgram.
> >
> > Have you seen any KASAN reports for unix_dgram from syzcaller?
