On 02.02.2016 21:44, Linus Torvalds wrote:
On Tue, Feb 2, 2016 at 12:32 PM, Hannes Frederic Sowa
<han...@stressinduktion.org> wrote:
Unfortunately we never transfer a scm_cookie via the skbs but merely use it
to initialize unix_skb_parms structure in skb->cb and destroy it afterwards.
Ok, I obviously didn't check very closely.
But "struct pid *" in unix_skb_parms should be enough to get us to
corresponding "struct cred *" so we can decrement the correct counter during
skb destruction.
Umm. I think the "struct cred" may change in between, can't it?
While reviewing the task_struct->cred/real_cred assignments, I noticed
that, too. I already went the same way and added a "struct cred *" to
unix_skb_parms.
So I don't think you can later look up the cred based on the pid.
Yep, it also looked to dangerous to me.
Could we add the cred pointer (or just the user pointer) to the unix_skb_parms?
Or maybe just add it to the "struct scm_fp_list"?
scm_fp_list seems to be an even better place. I have a look, thanks!
Hannes
