1 files changed, 69 insertions, 40 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index dd419d286204..b1d75beb7e20 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -207,7 +207,7 @@ static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
                /*
                 * This may look like an off by one error but it is a bit more
                 * subtle. 108 is the longest valid AF_UNIX path for a binding.
-                 * sun_path[108] doesnt as such exist.  However in kernel space
+                 * sun_path[108] doesn't as such exist.  However in kernel space
                 * we are guaranteed that it is a valid memory location in our
                 * kernel address buffer.
                 */
@@ -524,6 +524,8 @@ static int unix_dgram_connect(struct socket *, struct sockaddr *,
                              int, int);
 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
                                  struct msghdr *, size_t);
+static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
+                                  struct msghdr *, size_t, int);
 static const struct proto_ops unix_stream_ops = {
        .family =       PF_UNIX,
@@ -583,7 +585,7 @@ static const struct proto_ops unix_seqpacket_ops = {
        .setsockopt =   sock_no_setsockopt,
        .getsockopt =   sock_no_getsockopt,
        .sendmsg =      unix_seqpacket_sendmsg,
-        .recvmsg =      unix_dgram_recvmsg,
+        .recvmsg =      unix_seqpacket_recvmsg,
        .mmap =         sock_no_mmap,
        .sendpage =     sock_no_sendpage,
 };
@@ -850,7 +852,7 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
                 * Get the parent directory, calculate the hash for last
                 * component.
                 */
-                err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd);
+                err = kern_path_parent(sunaddr->sun_path, &nd);
                if (err)
                        goto out_mknod_parent;
@@ -1124,7 +1126,7 @@ restart:
        /* Latch our state.
-           It is tricky place. We need to grab write lock and cannot
+           It is tricky place. We need to grab our state lock and cannot
           drop lock on peer. It is dangerous because deadlock is
           possible. Connect to self case and simultaneous
           attempt to connect are eliminated by checking socket
@@ -1171,7 +1173,7 @@ restart:
        newsk->sk_type          = sk->sk_type;
        init_peercred(newsk);
        newu = unix_sk(newsk);
-        newsk->sk_wq            = &newu->peer_wq;
+        RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
        otheru = unix_sk(other);
        /* copy address information from listening to new sock*/
@@ -1475,6 +1477,12 @@ restart:
                        goto out_free;
        }
+        if (sk_filter(other, skb) < 0) {
+                /* Toss the packet but do not return any error to the sender */
+                err = len;
+                goto out_free;
+        }
        unix_state_lock(other);
        err = -EPERM;
        if (!unix_may_send(sk, other))
@@ -1561,7 +1569,6 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
        struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
        struct sock *sk = sock->sk;
        struct sock *other = NULL;
-        struct sockaddr_un *sunaddr = msg->msg_name;
        int err, size;
        struct sk_buff *skb;
        int sent = 0;
@@ -1584,7 +1591,6 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
                err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
                goto out_err;
        } else {
-                sunaddr = NULL;
                err = -ENOTCONN;
                other = unix_peer(sk);
                if (!other)
@@ -1695,6 +1701,18 @@ static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
        return unix_dgram_sendmsg(kiocb, sock, msg, len);
 }
+static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
+                              struct msghdr *msg, size_t size,
+                              int flags)
+{
+        struct sock *sk = sock->sk;
+        if (sk->sk_state != TCP_ESTABLISHED)
+                return -ENOTCONN;
+        return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
+}
 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
 {
        struct unix_sock *u = unix_sk(sk);
@@ -1724,7 +1742,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
        msg->msg_namelen = 0;
-        mutex_lock(&u->readlock);
+        err = mutex_lock_interruptible(&u->readlock);
+        if (err) {
+                err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
+                goto out;
+        }
        skb = skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb) {
@@ -1864,7 +1886,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
                memset(&tmp_scm, 0, sizeof(tmp_scm));
        }
-        mutex_lock(&u->readlock);
+        err = mutex_lock_interruptible(&u->readlock);
+        if (err) {
+                err = sock_intr_errno(timeo);
+                goto out;
+        }
        do {
                int chunk;
@@ -1895,11 +1921,12 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
                        timeo = unix_stream_data_wait(sk, timeo);
-                        if (signal_pending(current)) {
+                        if (signal_pending(current)
+                            ||  mutex_lock_interruptible(&u->readlock)) {
                                err = sock_intr_errno(timeo);
                                goto out;
                        }
-                        mutex_lock(&u->readlock);
                        continue;
 unlock:
                        unix_state_unlock(sk);
@@ -1978,36 +2005,38 @@ static int unix_shutdown(struct socket *sock, int mode)
        mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
-        if (mode) {
+        if (!mode)
-                unix_state_lock(sk);
+                return 0;
-                sk->sk_shutdown |= mode;
-                other = unix_peer(sk);
+        unix_state_lock(sk);
-                if (other)
+        sk->sk_shutdown |= mode;
-                        sock_hold(other);
+        other = unix_peer(sk);
-                unix_state_unlock(sk);
+        if (other)
-                sk->sk_state_change(sk);
+                sock_hold(other);
+        unix_state_unlock(sk);
-                if (other &&
+        sk->sk_state_change(sk);
-                        (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
+        if (other &&
-                        int peer_mode = 0;
+                (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
-                        if (mode&RCV_SHUTDOWN)
+                int peer_mode = 0;
-                                peer_mode |= SEND_SHUTDOWN;
-                        if (mode&SEND_SHUTDOWN)
+                if (mode&RCV_SHUTDOWN)
-                                peer_mode |= RCV_SHUTDOWN;
+                        peer_mode |= SEND_SHUTDOWN;
-                        unix_state_lock(other);
+                if (mode&SEND_SHUTDOWN)
-                        other->sk_shutdown |= peer_mode;
+                        peer_mode |= RCV_SHUTDOWN;
-                        unix_state_unlock(other);
+                unix_state_lock(other);
-                        other->sk_state_change(other);
+                other->sk_shutdown |= peer_mode;
-                        if (peer_mode == SHUTDOWN_MASK)
+                unix_state_unlock(other);
-                                sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
+                other->sk_state_change(other);
-                        else if (peer_mode & RCV_SHUTDOWN)
+                if (peer_mode == SHUTDOWN_MASK)
-                                sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
+                        sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
-                }
+                else if (peer_mode & RCV_SHUTDOWN)
-                if (other)
+                        sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
-                        sock_put(other);
        }
+        if (other)
+                sock_put(other);
        return 0;
 }

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index dd419d286204..b1d75beb7e20 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c
@@ -207,7 +207,7 @@ static int unix_mkname(struct sockaddr_un sunaddr, int len, unsigned hashp)
207	/*	207	/*
208	* This may look like an off by one error but it is a bit more	208	* This may look like an off by one error but it is a bit more
209	* subtle. 108 is the longest valid AF_UNIX path for a binding.	209	* subtle. 108 is the longest valid AF_UNIX path for a binding.
210	* sun_path[108] doesnt as such exist. However in kernel space	210	* sun_path[108] doesn't as such exist. However in kernel space
211	* we are guaranteed that it is a valid memory location in our	211	* we are guaranteed that it is a valid memory location in our
212	* kernel address buffer.	212	* kernel address buffer.
213	*/	213	*/
@@ -524,6 +524,8 @@ static int unix_dgram_connect(struct socket , struct sockaddr ,
524	int, int);	524	int, int);
525	static int unix_seqpacket_sendmsg(struct kiocb , struct socket ,	525	static int unix_seqpacket_sendmsg(struct kiocb , struct socket ,
526	struct msghdr *, size_t);	526	struct msghdr *, size_t);
		527	static int unix_seqpacket_recvmsg(struct kiocb , struct socket ,
		528	struct msghdr *, size_t, int);
527		529
528	static const struct proto_ops unix_stream_ops = {	530	static const struct proto_ops unix_stream_ops = {
529	.family = PF_UNIX,	531	.family = PF_UNIX,
@@ -583,7 +585,7 @@ static const struct proto_ops unix_seqpacket_ops = {
583	.setsockopt = sock_no_setsockopt,	585	.setsockopt = sock_no_setsockopt,
584	.getsockopt = sock_no_getsockopt,	586	.getsockopt = sock_no_getsockopt,
585	.sendmsg = unix_seqpacket_sendmsg,	587	.sendmsg = unix_seqpacket_sendmsg,
586	.recvmsg = unix_dgram_recvmsg,	588	.recvmsg = unix_seqpacket_recvmsg,
587	.mmap = sock_no_mmap,	589	.mmap = sock_no_mmap,
588	.sendpage = sock_no_sendpage,	590	.sendpage = sock_no_sendpage,
589	};	591	};
@@ -850,7 +852,7 @@ static int unix_bind(struct socket sock, struct sockaddr uaddr, int addr_len)
850	* Get the parent directory, calculate the hash for last	852	* Get the parent directory, calculate the hash for last
851	* component.	853	* component.
852	*/	854	*/
853	err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd);	855	err = kern_path_parent(sunaddr->sun_path, &nd);
854	if (err)	856	if (err)
855	goto out_mknod_parent;	857	goto out_mknod_parent;
856		858
@@ -1124,7 +1126,7 @@ restart:
1124		1126
1125	/* Latch our state.	1127	/* Latch our state.
1126		1128
1127	It is tricky place. We need to grab write lock and cannot	1129	It is tricky place. We need to grab our state lock and cannot
1128	drop lock on peer. It is dangerous because deadlock is	1130	drop lock on peer. It is dangerous because deadlock is
1129	possible. Connect to self case and simultaneous	1131	possible. Connect to self case and simultaneous
1130	attempt to connect are eliminated by checking socket	1132	attempt to connect are eliminated by checking socket
@@ -1171,7 +1173,7 @@ restart:
1171	newsk->sk_type = sk->sk_type;	1173	newsk->sk_type = sk->sk_type;
1172	init_peercred(newsk);	1174	init_peercred(newsk);
1173	newu = unix_sk(newsk);	1175	newu = unix_sk(newsk);
1174	newsk->sk_wq = &newu->peer_wq;	1176	RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1175	otheru = unix_sk(other);	1177	otheru = unix_sk(other);
1176		1178
1177	/* copy address information from listening to new sock*/	1179	/* copy address information from listening to new sock*/
@@ -1475,6 +1477,12 @@ restart:
1475	goto out_free;	1477	goto out_free;
1476	}	1478	}
1477		1479
		1480	if (sk_filter(other, skb) < 0) {
		1481	/* Toss the packet but do not return any error to the sender */
		1482	err = len;
		1483	goto out_free;
		1484	}
		1485
1478	unix_state_lock(other);	1486	unix_state_lock(other);
1479	err = -EPERM;	1487	err = -EPERM;
1480	if (!unix_may_send(sk, other))	1488	if (!unix_may_send(sk, other))
@@ -1561,7 +1569,6 @@ static int unix_stream_sendmsg(struct kiocb kiocb, struct socket sock,
1561	struct sock_iocb *siocb = kiocb_to_siocb(kiocb);	1569	struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1562	struct sock *sk = sock->sk;	1570	struct sock *sk = sock->sk;
1563	struct sock *other = NULL;	1571	struct sock *other = NULL;
1564	struct sockaddr_un *sunaddr = msg->msg_name;
1565	int err, size;	1572	int err, size;
1566	struct sk_buff *skb;	1573	struct sk_buff *skb;
1567	int sent = 0;	1574	int sent = 0;
@@ -1584,7 +1591,6 @@ static int unix_stream_sendmsg(struct kiocb kiocb, struct socket sock,
1584	err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;	1591	err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1585	goto out_err;	1592	goto out_err;
1586	} else {	1593	} else {
1587	sunaddr = NULL;
1588	err = -ENOTCONN;	1594	err = -ENOTCONN;
1589	other = unix_peer(sk);	1595	other = unix_peer(sk);
1590	if (!other)	1596	if (!other)
@@ -1695,6 +1701,18 @@ static int unix_seqpacket_sendmsg(struct kiocb kiocb, struct socket sock,
1695	return unix_dgram_sendmsg(kiocb, sock, msg, len);	1701	return unix_dgram_sendmsg(kiocb, sock, msg, len);
1696	}	1702	}
1697		1703
		1704	static int unix_seqpacket_recvmsg(struct kiocb iocb, struct socket sock,
		1705	struct msghdr *msg, size_t size,
		1706	int flags)
		1707	{
		1708	struct sock *sk = sock->sk;
		1709
		1710	if (sk->sk_state != TCP_ESTABLISHED)
		1711	return -ENOTCONN;
		1712
		1713	return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
		1714	}
		1715
1698	static void unix_copy_addr(struct msghdr msg, struct sock sk)	1716	static void unix_copy_addr(struct msghdr msg, struct sock sk)
1699	{	1717	{
1700	struct unix_sock *u = unix_sk(sk);	1718	struct unix_sock *u = unix_sk(sk);
@@ -1724,7 +1742,11 @@ static int unix_dgram_recvmsg(struct kiocb iocb, struct socket sock,
1724		1742
1725	msg->msg_namelen = 0;	1743	msg->msg_namelen = 0;
1726		1744
1727	mutex_lock(&u->readlock);	1745	err = mutex_lock_interruptible(&u->readlock);
		1746	if (err) {
		1747	err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
		1748	goto out;
		1749	}
1728		1750
1729	skb = skb_recv_datagram(sk, flags, noblock, &err);	1751	skb = skb_recv_datagram(sk, flags, noblock, &err);
1730	if (!skb) {	1752	if (!skb) {
@@ -1864,7 +1886,11 @@ static int unix_stream_recvmsg(struct kiocb iocb, struct socket sock,
1864	memset(&tmp_scm, 0, sizeof(tmp_scm));	1886	memset(&tmp_scm, 0, sizeof(tmp_scm));
1865	}	1887	}
1866		1888
1867	mutex_lock(&u->readlock);	1889	err = mutex_lock_interruptible(&u->readlock);
		1890	if (err) {
		1891	err = sock_intr_errno(timeo);
		1892	goto out;
		1893	}
1868		1894
1869	do {	1895	do {
1870	int chunk;	1896	int chunk;
@@ -1895,11 +1921,12 @@ static int unix_stream_recvmsg(struct kiocb iocb, struct socket sock,
1895		1921
1896	timeo = unix_stream_data_wait(sk, timeo);	1922	timeo = unix_stream_data_wait(sk, timeo);
1897		1923
1898	if (signal_pending(current)) {	1924	if (signal_pending(current)
		1925	\|\| mutex_lock_interruptible(&u->readlock)) {
1899	err = sock_intr_errno(timeo);	1926	err = sock_intr_errno(timeo);
1900	goto out;	1927	goto out;
1901	}	1928	}
1902	mutex_lock(&u->readlock);	1929
1903	continue;	1930	continue;
1904	unlock:	1931	unlock:
1905	unix_state_unlock(sk);	1932	unix_state_unlock(sk);
@@ -1978,36 +2005,38 @@ static int unix_shutdown(struct socket *sock, int mode)
1978		2005
1979	mode = (mode+1)&(RCV_SHUTDOWN\|SEND_SHUTDOWN);	2006	mode = (mode+1)&(RCV_SHUTDOWN\|SEND_SHUTDOWN);
1980		2007
1981	if (mode) {	2008	if (!mode)
1982	unix_state_lock(sk);	2009	return 0;
1983	sk->sk_shutdown \|= mode;	2010
1984	other = unix_peer(sk);	2011	unix_state_lock(sk);
1985	if (other)	2012	sk->sk_shutdown \|= mode;
1986	sock_hold(other);	2013	other = unix_peer(sk);
1987	unix_state_unlock(sk);	2014	if (other)
1988	sk->sk_state_change(sk);	2015	sock_hold(other);
1989		2016	unix_state_unlock(sk);
1990	if (other &&	2017	sk->sk_state_change(sk);
1991	(sk->sk_type == SOCK_STREAM \|\| sk->sk_type == SOCK_SEQPACKET)) {	2018
1992		2019	if (other &&
1993	int peer_mode = 0;	2020	(sk->sk_type == SOCK_STREAM \|\| sk->sk_type == SOCK_SEQPACKET)) {
1994		2021
1995	if (mode&RCV_SHUTDOWN)	2022	int peer_mode = 0;
1996	peer_mode \|= SEND_SHUTDOWN;	2023
1997	if (mode&SEND_SHUTDOWN)	2024	if (mode&RCV_SHUTDOWN)
1998	peer_mode \|= RCV_SHUTDOWN;	2025	peer_mode \|= SEND_SHUTDOWN;
1999	unix_state_lock(other);	2026	if (mode&SEND_SHUTDOWN)
2000	other->sk_shutdown \|= peer_mode;	2027	peer_mode \|= RCV_SHUTDOWN;
2001	unix_state_unlock(other);	2028	unix_state_lock(other);
2002	other->sk_state_change(other);	2029	other->sk_shutdown \|= peer_mode;
2003	if (peer_mode == SHUTDOWN_MASK)	2030	unix_state_unlock(other);
2004	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);	2031	other->sk_state_change(other);
2005	else if (peer_mode & RCV_SHUTDOWN)	2032	if (peer_mode == SHUTDOWN_MASK)
2006	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);	2033	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2007	}	2034	else if (peer_mode & RCV_SHUTDOWN)
2008	if (other)	2035	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2009	sock_put(other);
2010	}	2036	}
		2037	if (other)
		2038	sock_put(other);
		2039
2011	return 0;	2040	return 0;
2012	}	2041	}
2013		2042