Rainer Weikusat <[email protected]> writes: [...]
> This means it only gets locked if unix_peer(other) != sk and this cannot > happen if other == sk and unix_peer(sk) == other, however, the 2nd > condition isn't guaranteed: other might indeed be == sk and not the peer > of it because someone could be using _sendmsg to send a message via a > socket to an address bound to the same socket. In this case, other was > found via A second way to hits this (probably somewhat difficult to trigger in practice): sk happened to be connected to itself by the time the unix_peer_get(sk) was executed but was disconnected before the unix_state_lock(other) below.
