This is a note to let you know that I've just added the patch titled
af_unix: Remove single nest in manage_oob().
to the 6.11-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
af_unix-remove-single-nest-in-manage_oob.patch
and it can be found in the queue-6.11 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 4e75fa6e3f64bd6c71189617d256dd3c83d840e7
Author: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
Date: Thu Sep 5 12:32:37 2024 -0700
af_unix: Remove single nest in manage_oob().
[ Upstream commit 579770dd89855915096db8364261543c37ed34ef ]
This is a prep for the later fix.
No functional change intended.
Signed-off-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
Link: https://patch.msgid.link/20240905193240.17565-2-kuniyu@xxxxxxxxxx
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Stable-dep-of: 5aa57d9f2d53 ("af_unix: Don't return OOB skb in manage_oob().")
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index a1894019ebd56..03820454bc723 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2654,11 +2654,10 @@ static int unix_stream_recv_urg(struct unix_stream_read_state *state)
static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk,
int flags, int copied)
{
+ struct sk_buff *unlinked_skb = NULL;
struct unix_sock *u = unix_sk(sk);
if (!unix_skb_len(skb)) {
- struct sk_buff *unlinked_skb = NULL;
-
spin_lock(&sk->sk_receive_queue.lock);
if (copied && (!u->oob_skb || skb == u->oob_skb)) {
@@ -2674,31 +2673,33 @@ static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk,
spin_unlock(&sk->sk_receive_queue.lock);
consume_skb(unlinked_skb);
- } else {
- struct sk_buff *unlinked_skb = NULL;
+ return skb;
+ }
- spin_lock(&sk->sk_receive_queue.lock);
+ spin_lock(&sk->sk_receive_queue.lock);
- if (skb == u->oob_skb) {
- if (copied) {
- skb = NULL;
- } else if (!(flags & MSG_PEEK)) {
- WRITE_ONCE(u->oob_skb, NULL);
-
- if (!sock_flag(sk, SOCK_URGINLINE)) {
- __skb_unlink(skb, &sk->sk_receive_queue);
- unlinked_skb = skb;
- skb = skb_peek(&sk->sk_receive_queue);
- }
- } else if (!sock_flag(sk, SOCK_URGINLINE)) {
- skb = skb_peek_next(skb, &sk->sk_receive_queue);
- }
- }
+ if (skb != u->oob_skb)
+ goto unlock;
- spin_unlock(&sk->sk_receive_queue.lock);
+ if (copied) {
+ skb = NULL;
+ } else if (!(flags & MSG_PEEK)) {
+ WRITE_ONCE(u->oob_skb, NULL);
- kfree_skb(unlinked_skb);
+ if (!sock_flag(sk, SOCK_URGINLINE)) {
+ __skb_unlink(skb, &sk->sk_receive_queue);
+ unlinked_skb = skb;
+ skb = skb_peek(&sk->sk_receive_queue);
+ }
+ } else if (!sock_flag(sk, SOCK_URGINLINE)) {
+ skb = skb_peek_next(skb, &sk->sk_receive_queue);
}
+
+unlock:
+ spin_unlock(&sk->sk_receive_queue.lock);
+
+ kfree_skb(unlinked_skb);
+
return skb;
}
#endif
