On Tue, Nov 10, 2015, at 15:26, Hannes Frederic Sowa wrote:
> net/unix/af_unix.c | 18 +-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> index aaa0b58..b2c4131 100644
> --- a/net/unix/af_unix.c
> +++ b/net/unix/af_unix.
During splicing an af-unix socket to a pipe we have to drop all
af-unix socket locks. While doing so we allow another reader to enter
unix_stream_read_generic which can read, copy and finally free another
skb. If exactly this skb is just in process of being spliced we get a
use-after-free report by
