[PATCH 6.11 097/695] af_unix: Rename unlinked_skb in manage_oob().

6.11-stable review patch. If anyone has any objections, please let me know.

------------------

From: Kuniyuki Iwashima kuniyu@amazon.com

[ Upstream commit beb2c5f19b6ab033b187e770a659c730c3bd05ca ]

When OOB skb has been already consumed, manage_oob() returns the next skb if exists. In such a case, we need to fall back to the else branch below.

Then, we need to keep two skbs and free them later with consume_skb() and kfree_skb().

Let's rename unlinked_skb accordingly.

Signed-off-by: Kuniyuki Iwashima kuniyu@amazon.com Link: https://patch.msgid.link/20240905193240.17565-3-kuniyu@amazon.com Signed-off-by: Jakub Kicinski kuba@kernel.org Stable-dep-of: 5aa57d9f2d53 ("af_unix: Don't return OOB skb in manage_oob().") Signed-off-by: Sasha Levin sashal@kernel.org --- net/unix/af_unix.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 03820454bc723..91d7877a10794 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -2654,7 +2654,7 @@ static int unix_stream_recv_urg(struct unix_stream_read_state *state) static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk, int flags, int copied) { - struct sk_buff *unlinked_skb = NULL; + struct sk_buff *read_skb = NULL, *unread_skb = NULL; struct unix_sock *u = unix_sk(sk);

if (!unix_skb_len(skb)) { @@ -2665,14 +2665,14 @@ static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk, } else if (flags & MSG_PEEK) { skb = skb_peek_next(skb, &sk->sk_receive_queue); } else { - unlinked_skb = skb; + read_skb = skb; skb = skb_peek_next(skb, &sk->sk_receive_queue); - __skb_unlink(unlinked_skb, &sk->sk_receive_queue); + __skb_unlink(read_skb, &sk->sk_receive_queue); }

spin_unlock(&sk->sk_receive_queue.lock);

- consume_skb(unlinked_skb); + consume_skb(read_skb); return skb; }

@@ -2688,7 +2688,7 @@ static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk,

if (!sock_flag(sk, SOCK_URGINLINE)) { __skb_unlink(skb, &sk->sk_receive_queue); - unlinked_skb = skb; + unread_skb = skb; skb = skb_peek(&sk->sk_receive_queue); } } else if (!sock_flag(sk, SOCK_URGINLINE)) { @@ -2698,7 +2698,7 @@ static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk, unlock: spin_unlock(&sk->sk_receive_queue.lock);

- kfree_skb(unlinked_skb); + kfree_skb(unread_skb);

return skb; }