From: Hannes Frederic Sowa <[email protected]>
Date: Wed, 3 Feb 2016 02:11:03 +0100
> The commit referenced in the Fixes tag incorrectly accounted the number
> of in-flight fds over a unix domain socket to the original opener
> of the file-descriptor. This allows another process to arbitrary
> deplete the original file-openers resource limit for the maximum of
> open files. Instead the sending processes and its struct cred should
> be credited.
>
> To do so, we add a reference counted struct user_struct pointer to the
> scm_fp_list and use it to account for the number of inflight unix fds.
>
> Fixes: 712f4aad406bb1 ("unix: properly account for FDs passed over unix
> sockets")
> Reported-by: David Herrmann <[email protected]>
> Cc: David Herrmann <[email protected]>
> Cc: Willy Tarreau <[email protected]>
> Cc: Linus Torvalds <[email protected]>
> Suggested-by: Linus Torvalds <[email protected]>
> Signed-off-by: Hannes Frederic Sowa <[email protected]>
Applied, thanks Hannes.
