git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Jiexun Wang <wangjiexun2025@gmail.com>
	Tue, 7 Apr 2026 08:00:14 +0000 (16:00 +0800)
committer	Jakub Kicinski <kuba@kernel.org>
	Thu, 9 Apr 2026 02:33:52 +0000 (19:33 -0700)
commit	39897df386376912d561d4946499379effa1e7ef
tree	2a473c5d11438c9071e90d7fc0804cd900ff6626	tree \| snapshot
parent	8e2760eaab778494fc1fa257031e0e1799647f46	commit \| diff

af_unix: read UNIX_DIAG_VFS data under unix_state_lock

Exact UNIX diag lookups hold a reference to the socket, but not to
u->path. Meanwhile, unix_release_sock() clears u->path under
unix_state_lock() and drops the path reference after unlocking.

Read the inode and device numbers for UNIX_DIAG_VFS while holding
unix_state_lock(), then emit the netlink attribute after dropping the
lock.

This keeps the VFS data stable while the reply is being built.

Fixes: 5f7b0569460b ("unix_diag: Unix inode info NLA")
Reported-by: Yifan Wu <yifanwucs@gmail.com>
Reported-by: Juefei Pu <tomapufckgml@gmail.com>
Co-developed-by: Yuan Tan <yuantan098@gmail.com>
Signed-off-by: Yuan Tan <yuantan098@gmail.com>
Suggested-by: Xin Liu <bird@lzu.edu.cn>
Tested-by: Ren Wei <enjou1224z@gmail.com>
Signed-off-by: Jiexun Wang <wangjiexun2025@gmail.com>
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20260407080015.1744197-1-n05ec@lzu.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>