Re: [PATCH net] socket, bpf: fix sk_filter use after free in sk_clone_lock

From: Daniel Borkmann Date: Wed, 22 Mar 2017 13:08:08 +0100 > In sk_clone_lock(), we create a new socket and inherit most of the > parent's members via sock_copy() which memcpy()'s various sections. > Now, in case the parent socket had a BPF socket filter attached, > then

[PATCH net] socket, bpf: fix sk_filter use after free in sk_clone_lock

In sk_clone_lock(), we create a new socket and inherit most of the parent's members via sock_copy() which memcpy()'s various sections. Now, in case the parent socket had a BPF socket filter attached, then newsk->sk_filter points to the same instance as the original sk->sk_filter.