Kuniyuki Iwashima c49a157c33 af_unix: Set drop reason in __unix_gc(). ... Inflight file descriptors by SCM_RIGHTS hold references to the struct file. AF_UNIX sockets could hold references to each other, forming reference cycles. Once such sockets are close()d without the fd recv()ed, they will be unaccessible from userspace but remain in kernel. __unix_gc() garbage-collects skb with the dead file descriptors and frees them by __skb_queue_purge(). Let's set SKB_DROP_REASON_SOCKET_CLOSE there. # echo 1 > /sys/kernel/tracing/events/skb/kfree_skb/enable # python3 >>> from socket import * >>> from array import array >>> >>> # Create a reference cycle >>> s1 = socket(AF_UNIX, SOCK_DGRAM) >>> s1.bind('') >>> s1.sendmsg([b"nop"], [(SOL_SOCKET, SCM_RIGHTS, array("i", [s1.fileno()]))], 0, s1.getsockname()) >>> s1.close() >>> >>> # Trigger GC >>> s2 = socket(AF_UNIX) >>> s2.close() # cat /sys/kernel/tracing/trace_pipe ... kworker/u16:2-42 ... kfree_skb: ... location=__unix_gc+0x4ad/0x580 reason: SOCKET_CLOSE Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Link: https://patch.msgid.link/20250116053441.5758-5-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2025-01-20 11:27:41 -08:00
..
af_unix.c	af_unix: Set drop reason in unix_sock_destructor().	2025-01-20 11:27:40 -08:00
diag.c	af_unix: Remove U_LOCK_DIAG.	2024-06-25 11:10:18 +02:00
garbage.c	af_unix: Set drop reason in __unix_gc().	2025-01-20 11:27:41 -08:00
Kconfig	af_unix: Add a prompt to CONFIG_AF_UNIX_OOB	2024-12-19 19:16:15 -08:00
Makefile	af_unix: Remove CONFIG_UNIX_SCM.	2024-01-31 16:41:16 -08:00
sysctl_net_unix.c	net: Remove the now superfluous sentinel elements from ctl_table array	2024-05-03 13:29:41 +01:00
unix_bpf.c	af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash	2024-07-17 22:49:00 +02:00