1 files changed, 54 insertions, 39 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index dd419d28620..3a43a830476 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -207,7 +207,7 @@ static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
                /*
                 * This may look like an off by one error but it is a bit more
                 * subtle. 108 is the longest valid AF_UNIX path for a binding.
-                 * sun_path[108] doesnt as such exist.  However in kernel space
+                 * sun_path[108] doesn't as such exist.  However in kernel space
                 * we are guaranteed that it is a valid memory location in our
                 * kernel address buffer.
                 */
@@ -850,7 +850,7 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
                 * Get the parent directory, calculate the hash for last
                 * component.
                 */
-                err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd);
+                err = kern_path_parent(sunaddr->sun_path, &nd);
                if (err)
                        goto out_mknod_parent;
@@ -1124,7 +1124,7 @@ restart:
        /* Latch our state.
-           It is tricky place. We need to grab write lock and cannot
+           It is tricky place. We need to grab our state lock and cannot
           drop lock on peer. It is dangerous because deadlock is
           possible. Connect to self case and simultaneous
           attempt to connect are eliminated by checking socket
@@ -1171,7 +1171,7 @@ restart:
        newsk->sk_type          = sk->sk_type;
        init_peercred(newsk);
        newu = unix_sk(newsk);
-        newsk->sk_wq            = &newu->peer_wq;
+        RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
        otheru = unix_sk(other);
        /* copy address information from listening to new sock*/
@@ -1475,6 +1475,12 @@ restart:
                        goto out_free;
        }
+        if (sk_filter(other, skb) < 0) {
+                /* Toss the packet but do not return any error to the sender */
+                err = len;
+                goto out_free;
+        }
        unix_state_lock(other);
        err = -EPERM;
        if (!unix_may_send(sk, other))
@@ -1561,7 +1567,6 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
        struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
        struct sock *sk = sock->sk;
        struct sock *other = NULL;
-        struct sockaddr_un *sunaddr = msg->msg_name;
        int err, size;
        struct sk_buff *skb;
        int sent = 0;
@@ -1584,7 +1589,6 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
                err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
                goto out_err;
        } else {
-                sunaddr = NULL;
                err = -ENOTCONN;
                other = unix_peer(sk);
                if (!other)
@@ -1724,7 +1728,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
        msg->msg_namelen = 0;
-        mutex_lock(&u->readlock);
+        err = mutex_lock_interruptible(&u->readlock);
+        if (err) {
+                err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
+                goto out;
+        }
        skb = skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb) {
@@ -1864,7 +1872,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
                memset(&tmp_scm, 0, sizeof(tmp_scm));
        }
-        mutex_lock(&u->readlock);
+        err = mutex_lock_interruptible(&u->readlock);
+        if (err) {
+                err = sock_intr_errno(timeo);
+                goto out;
+        }
        do {
                int chunk;
@@ -1895,11 +1907,12 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
                        timeo = unix_stream_data_wait(sk, timeo);
-                        if (signal_pending(current)) {
+                        if (signal_pending(current)
+                            ||  mutex_lock_interruptible(&u->readlock)) {
                                err = sock_intr_errno(timeo);
                                goto out;
                        }
-                        mutex_lock(&u->readlock);
                        continue;
 unlock:
                        unix_state_unlock(sk);
@@ -1978,36 +1991,38 @@ static int unix_shutdown(struct socket *sock, int mode)
        mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
-        if (mode) {
+        if (!mode)
-                unix_state_lock(sk);
+                return 0;
-                sk->sk_shutdown |= mode;
-                other = unix_peer(sk);
+        unix_state_lock(sk);
-                if (other)
+        sk->sk_shutdown |= mode;
-                        sock_hold(other);
+        other = unix_peer(sk);
-                unix_state_unlock(sk);
+        if (other)
-                sk->sk_state_change(sk);
+                sock_hold(other);
+        unix_state_unlock(sk);
-                if (other &&
+        sk->sk_state_change(sk);
-                        (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
+        if (other &&
-                        int peer_mode = 0;
+                (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
-                        if (mode&RCV_SHUTDOWN)
+                int peer_mode = 0;
-                                peer_mode |= SEND_SHUTDOWN;
-                        if (mode&SEND_SHUTDOWN)
+                if (mode&RCV_SHUTDOWN)
-                                peer_mode |= RCV_SHUTDOWN;
+                        peer_mode |= SEND_SHUTDOWN;
-                        unix_state_lock(other);
+                if (mode&SEND_SHUTDOWN)
-                        other->sk_shutdown |= peer_mode;
+                        peer_mode |= RCV_SHUTDOWN;
-                        unix_state_unlock(other);
+                unix_state_lock(other);
-                        other->sk_state_change(other);
+                other->sk_shutdown |= peer_mode;
-                        if (peer_mode == SHUTDOWN_MASK)
+                unix_state_unlock(other);
-                                sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
+                other->sk_state_change(other);
-                        else if (peer_mode & RCV_SHUTDOWN)
+                if (peer_mode == SHUTDOWN_MASK)
-                                sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
+                        sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
-                }
+                else if (peer_mode & RCV_SHUTDOWN)
-                if (other)
+                        sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
-                        sock_put(other);
        }
+        if (other)
+                sock_put(other);
        return 0;
 }

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index dd419d28620..3a43a830476 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c
@@ -207,7 +207,7 @@ static int unix_mkname(struct sockaddr_un sunaddr, int len, unsigned hashp)
207	/*	207	/*
208	* This may look like an off by one error but it is a bit more	208	* This may look like an off by one error but it is a bit more
209	* subtle. 108 is the longest valid AF_UNIX path for a binding.	209	* subtle. 108 is the longest valid AF_UNIX path for a binding.
210	* sun_path[108] doesnt as such exist. However in kernel space	210	* sun_path[108] doesn't as such exist. However in kernel space
211	* we are guaranteed that it is a valid memory location in our	211	* we are guaranteed that it is a valid memory location in our
212	* kernel address buffer.	212	* kernel address buffer.
213	*/	213	*/
@@ -850,7 +850,7 @@ static int unix_bind(struct socket sock, struct sockaddr uaddr, int addr_len)
850	* Get the parent directory, calculate the hash for last	850	* Get the parent directory, calculate the hash for last
851	* component.	851	* component.
852	*/	852	*/
853	err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd);	853	err = kern_path_parent(sunaddr->sun_path, &nd);
854	if (err)	854	if (err)
855	goto out_mknod_parent;	855	goto out_mknod_parent;
856		856
@@ -1124,7 +1124,7 @@ restart:
1124		1124
1125	/* Latch our state.	1125	/* Latch our state.
1126		1126
1127	It is tricky place. We need to grab write lock and cannot	1127	It is tricky place. We need to grab our state lock and cannot
1128	drop lock on peer. It is dangerous because deadlock is	1128	drop lock on peer. It is dangerous because deadlock is
1129	possible. Connect to self case and simultaneous	1129	possible. Connect to self case and simultaneous
1130	attempt to connect are eliminated by checking socket	1130	attempt to connect are eliminated by checking socket
@@ -1171,7 +1171,7 @@ restart:
1171	newsk->sk_type = sk->sk_type;	1171	newsk->sk_type = sk->sk_type;
1172	init_peercred(newsk);	1172	init_peercred(newsk);
1173	newu = unix_sk(newsk);	1173	newu = unix_sk(newsk);
1174	newsk->sk_wq = &newu->peer_wq;	1174	RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1175	otheru = unix_sk(other);	1175	otheru = unix_sk(other);
1176		1176
1177	/* copy address information from listening to new sock*/	1177	/* copy address information from listening to new sock*/
@@ -1475,6 +1475,12 @@ restart:
1475	goto out_free;	1475	goto out_free;
1476	}	1476	}
1477		1477
		1478	if (sk_filter(other, skb) < 0) {
		1479	/* Toss the packet but do not return any error to the sender */
		1480	err = len;
		1481	goto out_free;
		1482	}
		1483
1478	unix_state_lock(other);	1484	unix_state_lock(other);
1479	err = -EPERM;	1485	err = -EPERM;
1480	if (!unix_may_send(sk, other))	1486	if (!unix_may_send(sk, other))
@@ -1561,7 +1567,6 @@ static int unix_stream_sendmsg(struct kiocb kiocb, struct socket sock,
1561	struct sock_iocb *siocb = kiocb_to_siocb(kiocb);	1567	struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1562	struct sock *sk = sock->sk;	1568	struct sock *sk = sock->sk;
1563	struct sock *other = NULL;	1569	struct sock *other = NULL;
1564	struct sockaddr_un *sunaddr = msg->msg_name;
1565	int err, size;	1570	int err, size;
1566	struct sk_buff *skb;	1571	struct sk_buff *skb;
1567	int sent = 0;	1572	int sent = 0;
@@ -1584,7 +1589,6 @@ static int unix_stream_sendmsg(struct kiocb kiocb, struct socket sock,
1584	err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;	1589	err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1585	goto out_err;	1590	goto out_err;
1586	} else {	1591	} else {
1587	sunaddr = NULL;
1588	err = -ENOTCONN;	1592	err = -ENOTCONN;
1589	other = unix_peer(sk);	1593	other = unix_peer(sk);
1590	if (!other)	1594	if (!other)
@@ -1724,7 +1728,11 @@ static int unix_dgram_recvmsg(struct kiocb iocb, struct socket sock,
1724		1728
1725	msg->msg_namelen = 0;	1729	msg->msg_namelen = 0;
1726		1730
1727	mutex_lock(&u->readlock);	1731	err = mutex_lock_interruptible(&u->readlock);
		1732	if (err) {
		1733	err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
		1734	goto out;
		1735	}
1728		1736
1729	skb = skb_recv_datagram(sk, flags, noblock, &err);	1737	skb = skb_recv_datagram(sk, flags, noblock, &err);
1730	if (!skb) {	1738	if (!skb) {
@@ -1864,7 +1872,11 @@ static int unix_stream_recvmsg(struct kiocb iocb, struct socket sock,
1864	memset(&tmp_scm, 0, sizeof(tmp_scm));	1872	memset(&tmp_scm, 0, sizeof(tmp_scm));
1865	}	1873	}
1866		1874
1867	mutex_lock(&u->readlock);	1875	err = mutex_lock_interruptible(&u->readlock);
		1876	if (err) {
		1877	err = sock_intr_errno(timeo);
		1878	goto out;
		1879	}
1868		1880
1869	do {	1881	do {
1870	int chunk;	1882	int chunk;
@@ -1895,11 +1907,12 @@ static int unix_stream_recvmsg(struct kiocb iocb, struct socket sock,
1895		1907
1896	timeo = unix_stream_data_wait(sk, timeo);	1908	timeo = unix_stream_data_wait(sk, timeo);
1897		1909
1898	if (signal_pending(current)) {	1910	if (signal_pending(current)
		1911	\|\| mutex_lock_interruptible(&u->readlock)) {
1899	err = sock_intr_errno(timeo);	1912	err = sock_intr_errno(timeo);
1900	goto out;	1913	goto out;
1901	}	1914	}
1902	mutex_lock(&u->readlock);	1915
1903	continue;	1916	continue;
1904	unlock:	1917	unlock:
1905	unix_state_unlock(sk);	1918	unix_state_unlock(sk);
@@ -1978,36 +1991,38 @@ static int unix_shutdown(struct socket *sock, int mode)
1978		1991
1979	mode = (mode+1)&(RCV_SHUTDOWN\|SEND_SHUTDOWN);	1992	mode = (mode+1)&(RCV_SHUTDOWN\|SEND_SHUTDOWN);
1980		1993
1981	if (mode) {	1994	if (!mode)
1982	unix_state_lock(sk);	1995	return 0;
1983	sk->sk_shutdown \|= mode;	1996
1984	other = unix_peer(sk);	1997	unix_state_lock(sk);
1985	if (other)	1998	sk->sk_shutdown \|= mode;
1986	sock_hold(other);	1999	other = unix_peer(sk);
1987	unix_state_unlock(sk);	2000	if (other)
1988	sk->sk_state_change(sk);	2001	sock_hold(other);
1989		2002	unix_state_unlock(sk);
1990	if (other &&	2003	sk->sk_state_change(sk);
1991	(sk->sk_type == SOCK_STREAM \|\| sk->sk_type == SOCK_SEQPACKET)) {	2004
1992		2005	if (other &&
1993	int peer_mode = 0;	2006	(sk->sk_type == SOCK_STREAM \|\| sk->sk_type == SOCK_SEQPACKET)) {
1994		2007
1995	if (mode&RCV_SHUTDOWN)	2008	int peer_mode = 0;
1996	peer_mode \|= SEND_SHUTDOWN;	2009
1997	if (mode&SEND_SHUTDOWN)	2010	if (mode&RCV_SHUTDOWN)
1998	peer_mode \|= RCV_SHUTDOWN;	2011	peer_mode \|= SEND_SHUTDOWN;
1999	unix_state_lock(other);	2012	if (mode&SEND_SHUTDOWN)
2000	other->sk_shutdown \|= peer_mode;	2013	peer_mode \|= RCV_SHUTDOWN;
2001	unix_state_unlock(other);	2014	unix_state_lock(other);
2002	other->sk_state_change(other);	2015	other->sk_shutdown \|= peer_mode;
2003	if (peer_mode == SHUTDOWN_MASK)	2016	unix_state_unlock(other);
2004	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);	2017	other->sk_state_change(other);
2005	else if (peer_mode & RCV_SHUTDOWN)	2018	if (peer_mode == SHUTDOWN_MASK)
2006	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);	2019	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2007	}	2020	else if (peer_mode & RCV_SHUTDOWN)
2008	if (other)	2021	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2009	sock_put(other);
2010	}	2022	}
		2023	if (other)
		2024	sock_put(other);
		2025
2011	return 0;	2026	return 0;
2012	}	2027	}
2013		2028