af_unix: fix struct pid memory leak

commit fa0dc04d upstream. Dmitry reported a struct pid leak detected by a syzkaller program. Bug happens in unix_stream_recvmsg() when we break the loop when a signal is pending, without properly releasing scm. Fixes: b3ca9b02 ("net: fix multithreaded signal handling in unix recv routines") Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Rainer Weikusat <rweikusat@mobileactivedefense.com> Signed-off-by: David S. Miller <davem@davemloft.net> [ luis: backported to 3.16: - use siocb->scm instead of &scm ] Signed-off-by: Luis Henriques <luis.henriques@canonical.com>

af_unix: fix struct pid memory leak
commit fa0dc04d upstream. Dmitry reported a struct pid leak detected by a syzkaller program. Bug happens in unix_stream_recvmsg() when we break the loop when a signal is pending, without properly releasing scm. Fixes: b3ca9b02 ("net: fix multithreaded signal handling in unix recv routines") Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Rainer Weikusat <rweikusat@mobileactivedefense.com> Signed-off-by: David S. Miller <davem@davemloft.net> [ luis: backported to 3.16: - use siocb->scm instead of &scm ] Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
1906035d · Eric Dumazet · Luis Henriques · d23a77e3 · 1906035d
Commit 1906035d authored Jan 24, 2016 by Eric Dumazet Committed by Luis Henriques Feb 25, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

net/unix/af_unix.c net/unix/af_unix.c +1 -0

No files found.
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2155,6 +2155,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,

 			if (signal_pending(current)) {
 				err = sock_intr_errno(timeo);
+				scm_destroy(siocb->scm);
 				goto out;
 			}