mirror of git://git.yoctoproject.org/linux-yocto.git synced 2026-01-27 12:47:24 +01:00

Go to file

Kuniyuki Iwashima 7bf3a476ce af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Miao Wang reported a bug of SO_PEEK_OFF on AF_UNIX SOCK_STREAM socket. The unexpected behaviour is triggered when the peek offset is larger than the recv queue and the thread is unblocked by new data. Let's assume a socket which has "aaaa" in the recv queue and the peek offset is 4. First, unix_stream_read_generic() reads the offset 4 and skips the skb(s) of "aaaa" with the code below: skip = max(sk_peek_offset(sk, flags), 0); /* @skip is 4. / do { ... while (skip >= unix_skb_len(skb)) { skip -= unix_skb_len(skb); ... skb = skb_peek_next(skb, &sk->sk_receive_queue); if (!skb) goto again; / @skip is 0. / } The thread jumps to the 'again' label and goes to sleep since new data has not arrived yet. Later, new data "bbbb" unblocks the thread, and the thread jumps to the 'redo:' label to restart the entire process from the first skb in the recv queue. do { ... redo: ... last = skb = skb_peek(&sk->sk_receive_queue); ... again: if (skb == NULL) { ... timeo = unix_stream_data_wait(sk, timeo, last, last_len, freezable); ... goto redo; / @skip is 0 !! */ However, the peek offset is not reset in the path. If the buffer size is 8, recv() will return "aaaabbbb" without skipping any data, and the final offset will be 12 (the original offset 4 + peeked skbs' length 8). After sleeping in unix_stream_read_generic(), we have to fetch the peek offset again. Let's move the redo label before mutex_lock(&u->iolock). Fixes: `9f389e3567` ("af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag") Reported-by: Miao Wang <shankerwangmiao@gmail.com> Closes: https://lore.kernel.org/netdev/3B969F90-F51F-4B9D-AB1A-994D9A54D460@gmail.com/ Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Link: https://patch.msgid.link/20251117174740.3684604-2-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2025-11-18 19:19:09 -08:00
arch	LoongArch fixes for v6.18-rc6	2025-11-12 18:21:30 -08:00
block	block-6.18-20251031	2025-10-31 12:57:19 -07:00
certs	sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3	2024-09-20 19:52:48 +03:00
crypto	This push contains the following changes:	2025-10-10 08:56:16 -07:00
Documentation	Including fixes from Bluetooth and Wireless. No known outstanding	2025-11-13 11:20:25 -08:00
drivers	net/mlx5: Clean up only new IRQ glue on request_irq() failure	2025-11-18 18:47:09 -08:00
fs	Changes since last update:	2025-11-13 05:02:59 -08:00
include	ipsec-2025-11-18	2025-11-18 17:58:44 -08:00
init	printk changes for 6.18	2025-10-04 11:13:11 -07:00
io_uring	io_uring: fix regbuf vector size truncation	2025-11-07 17:17:13 -07:00
ipc	namespace-6.18-rc1	2025-09-29 11:20:29 -07:00
kernel	kho: warn and exit when unpreserved page wasn't preserved	2025-11-09 21:19:47 -08:00
lib	maple_tree: fix tracepoint string pointers	2025-11-09 21:19:45 -08:00
LICENSES	LICENSES: Replace the obsolete address of the FSF in the GFDL-1.2	2025-07-24 11:15:39 +02:00
mm	mm/secretmem: fix use-after-free race in fault handler	2025-11-09 21:19:46 -08:00
net	af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic().	2025-11-18 19:19:09 -08:00
rust	rust: Add -fno-isolate-erroneous-paths-dereference to bindgen_skip_c_flags	2025-11-10 08:37:06 +08:00
samples	Char/Misc/IIO/Binder changes for 6.18-rc1	2025-10-04 16:26:32 -07:00
scripts	scripts/decode_stacktrace.sh: fix build ID and PC source parsing	2025-11-09 21:19:45 -08:00
security	integrity-v6.18	2025-10-05 10:48:33 -07:00
sound	ASoC: Fixes for v6.18	2025-10-30 13:08:08 +01:00
tools	selftests: net: lib: Do not overwrite error messages	2025-11-17 19:32:12 -08:00
usr	gen_init_cpio: Ignore fsync() returning EINVAL on pipes	2025-10-07 09:53:05 -07:00
virt	KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying	2025-11-04 09:16:53 -08:00
.clang-format	memblock: drop for_each_free_mem_pfn_range_in_zone_from()	2025-09-14 08:49:03 +03:00
.clippy.toml	rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration	2025-05-07 00:11:47 +02:00
.cocciconfig
.editorconfig	.editorconfig: remove trim_trailing_whitespace option	2024-06-13 16:47:52 +02:00
.get_maintainer.ignore	MAINTAINERS: remove Alyssa Rosenzweig	2025-09-18 21:17:31 +02:00
.gitattributes	.gitattributes: set diff driver for Rust source code files	2023-05-31 17:48:25 +02:00
.gitignore	.gitignore: ignore compile_commands.json globally	2025-08-12 15:53:55 -07:00
.mailmap	KVM/arm654 fixes for 6.18, take #2	2025-11-09 08:07:55 +01:00
.pylintrc	tools: docs: parse-headers.py: move it from sphinx dir	2025-08-29 15:54:42 -06:00
.rustfmt.toml	rust: add `.rustfmt.toml`	2022-09-28 09:02:20 +02:00
COPYING
CREDITS	MAINTAINERS: mark ISDN subsystem as orphan	2025-10-27 17:49:45 -07:00
Kbuild	sched: Make migrate_{en,dis}able() inline	2025-09-25 09:57:16 +02:00
Kconfig	io_uring: Rename KConfig to Kconfig	2025-02-19 14:53:27 -07:00
MAINTAINERS	MAINTAINERS: Remove eth bridge website	2025-11-13 16:24:14 -08:00
Makefile	Linux 6.18-rc5	2025-11-09 15:10:19 -08:00
README	README: Fix spelling	2024-03-18 03:36:32 -06:00

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.