Commit 12f21c49 authored by Kuniyuki Iwashima's avatar Kuniyuki Iwashima Committed by Jakub Kicinski
Browse files

af_unix: Allocate unix_address in unix_bind_(bsd|abstract)(). 



To terminate address with '\0' in unix_bind_bsd(), we add
unix_create_addr() and call it in unix_bind_bsd() and unix_bind_abstract().

Also, unix_bind_abstract() does not return -EEXIST.  Only
kern_path_create() and vfs_mknod() in unix_bind_bsd() can return it,
so we move the last error check in unix_bind() to unix_bind_bsd().

Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.co.jp>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 5c32a3ed

net/unix/af_unix.c

+67 −40
Original line number Diff line number Diff line
@@ -214,6 +214,22 @@ struct sock *unix_peer_get(struct sock *s) 
}

EXPORT_SYMBOL_GPL(unix_peer_get);



static struct unix_address *unix_create_addr(struct sockaddr_un *sunaddr,

					     int addr_len)

{

	struct unix_address *addr;



	addr = kmalloc(sizeof(*addr) + addr_len, GFP_KERNEL);

	if (!addr)

		return NULL;



	refcount_set(&addr->refcnt, 1);

	addr->len = addr_len;

	memcpy(addr->name, sunaddr, addr_len);



	return addr;

}



static inline void unix_release_addr(struct unix_address *addr)

{

	if (refcount_dec_and_test(&addr->refcnt))
@@ -1083,34 +1099,46 @@ out: mutex_unlock(&u->bindlock); 
	return err;

}



static int unix_bind_bsd(struct sock *sk, struct unix_address *addr)

static int unix_bind_bsd(struct sock *sk, struct sockaddr_un *sunaddr,

			 int addr_len)

{

	struct unix_sock *u = unix_sk(sk);

	umode_t mode = S_IFSOCK |

	       (SOCK_INODE(sk->sk_socket)->i_mode & ~current_umask());

	struct unix_sock *u = unix_sk(sk);

	struct user_namespace *ns; // barf...

	struct path parent;

	struct unix_address *addr;

	struct dentry *dentry;

	struct path parent;

	unsigned int hash;

	int err;



	unix_mkname_bsd(sunaddr, addr_len);

	addr_len = strlen(sunaddr->sun_path) +

		offsetof(struct sockaddr_un, sun_path) + 1;



	addr = unix_create_addr(sunaddr, addr_len);

	if (!addr)

		return -ENOMEM;



	/*

	 * Get the parent directory, calculate the hash for last

	 * component.

	 */

	dentry = kern_path_create(AT_FDCWD, addr->name->sun_path, &parent, 0);

	if (IS_ERR(dentry))

		return PTR_ERR(dentry);

	ns = mnt_user_ns(parent.mnt);

	if (IS_ERR(dentry)) {

		err = PTR_ERR(dentry);

		goto out;

	}



	/*

	 * All right, let's create it.

	 */

	ns = mnt_user_ns(parent.mnt);

	err = security_path_mknod(&parent, dentry, mode, 0);

	if (!err)

		err = vfs_mknod(ns, d_inode(parent.dentry), dentry, mode, 0);

	if (err)

		goto out;

		goto out_path;

	err = mutex_lock_interruptible(&u->bindlock);

	if (err)

		goto out_unlink;
@@ -1134,47 +1162,61 @@ static int unix_bind_bsd(struct sock *sk, struct unix_address *addr) 
out_unlink:

	/* failed after successful mknod?  unlink what we'd created... */

	vfs_unlink(ns, d_inode(parent.dentry), dentry, NULL);

out:

out_path:

	done_path_create(&parent, dentry);

	return err;

out:

	unix_release_addr(addr);

	return err == -EEXIST ? -EADDRINUSE : err;

}



static int unix_bind_abstract(struct sock *sk, struct unix_address *addr)

static int unix_bind_abstract(struct sock *sk, struct sockaddr_un *sunaddr,

			      int addr_len)

{

	struct unix_sock *u = unix_sk(sk);

	struct unix_address *addr;

	int err;



	addr = unix_create_addr(sunaddr, addr_len);

	if (!addr)

		return -ENOMEM;



	err = mutex_lock_interruptible(&u->bindlock);

	if (err)

		return err;

		goto out;



	if (u->addr) {

		mutex_unlock(&u->bindlock);

		return -EINVAL;

		err = -EINVAL;

		goto out_mutex;

	}



	addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));

	addr->hash ^= sk->sk_type;



	spin_lock(&unix_table_lock);



	if (__unix_find_socket_byname(sock_net(sk), addr->name, addr->len,

				      addr->hash)) {

		spin_unlock(&unix_table_lock);

		mutex_unlock(&u->bindlock);

		return -EADDRINUSE;

	}

				      addr->hash))

		goto out_spin;



	__unix_set_addr(sk, addr, addr->hash);

	spin_unlock(&unix_table_lock);

	mutex_unlock(&u->bindlock);

	return 0;



out_spin:

	spin_unlock(&unix_table_lock);

	err = -EADDRINUSE;

out_mutex:

	mutex_unlock(&u->bindlock);

out:

	unix_release_addr(addr);

	return err;

}



static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)

{

	struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;

	char *sun_path = sunaddr->sun_path;

	struct sock *sk = sock->sk;

	struct unix_address *addr;

	int err;



	if (addr_len == offsetof(struct sockaddr_un, sun_path) &&
@@ -1185,27 +1227,12 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 
	if (err)

		return err;



	if (sun_path[0]) {

		unix_mkname_bsd(sunaddr, addr_len);

		addr_len = strlen(sunaddr->sun_path) +

			offsetof(struct sockaddr_un, sun_path) + 1;

	}



	addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);

	if (!addr)

		return -ENOMEM;



	memcpy(addr->name, sunaddr, addr_len);

	addr->len = addr_len;

	refcount_set(&addr->refcnt, 1);



	if (sun_path[0])

		err = unix_bind_bsd(sk, addr);

	if (sunaddr->sun_path[0])

		err = unix_bind_bsd(sk, sunaddr, addr_len);

	else

		err = unix_bind_abstract(sk, addr);

	if (err)

		unix_release_addr(addr);

	return err == -EEXIST ? -EADDRINUSE : err;

		err = unix_bind_abstract(sk, sunaddr, addr_len);



	return err;

}



static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)