1 files changed, 34 insertions, 9 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index d901465ce013..b43a27828df5 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -83,7 +83,6 @@
 */
 #include <linux/module.h>
-#include <linux/config.h>
 #include <linux/kernel.h>
 #include <linux/signal.h>
 #include <linux/sched.h>
@@ -118,7 +117,7 @@
 #include <net/checksum.h>
 #include <linux/security.h>
-int sysctl_unix_max_dgram_qlen = 10;
+int sysctl_unix_max_dgram_qlen __read_mostly = 10;
 struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
 DEFINE_SPINLOCK(unix_table_lock);
@@ -128,6 +127,24 @@ static atomic_t unix_nr_socks = ATOMIC_INIT(0);
 #define UNIX_ABSTRACT(sk)       (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
+#ifdef CONFIG_SECURITY_NETWORK
+static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
+{
+        memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
+}
+static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
+{
+        scm->secid = *UNIXSID(skb);
+}
+#else
+static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
+{ }
+static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
+{ }
+#endif /* CONFIG_SECURITY_NETWORK */
 /*
 *  SMP locking strategy:
 *    hash table is protected with spinlock unix_table_lock
@@ -542,6 +559,14 @@ static struct proto unix_proto = {
        .obj_size = sizeof(struct unix_sock),
 };
+/*
+ * AF_UNIX sockets do not interact with hardware, hence they
+ * dont trigger interrupts - so it's safe for them to have
+ * bh-unsafe locking for their sk_receive_queue.lock. Split off
+ * this special lock-class by reinitializing the spinlock key:
+ */
+static struct lock_class_key af_unix_sk_receive_queue_lock_key;
 static struct sock * unix_create1(struct socket *sock)
 {
        struct sock *sk = NULL;
@@ -557,6 +582,8 @@ static struct sock * unix_create1(struct socket *sock)
        atomic_inc(&unix_nr_socks);
        sock_init_data(sock,sk);
+        lockdep_set_class(&sk->sk_receive_queue.lock,
+                                &af_unix_sk_receive_queue_lock_key);
        sk->sk_write_space      = unix_write_space;
        sk->sk_max_ack_backlog  = sysctl_unix_max_dgram_qlen;
@@ -630,11 +657,10 @@ static int unix_autobind(struct socket *sock)
                goto out;
        err = -ENOMEM;
-        addr = kmalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
+        addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
        if (!addr)
                goto out;
-        memset(addr, 0, sizeof(*addr) + sizeof(short) + 16);
        addr->name->sun_family = AF_UNIX;
        atomic_set(&addr->refcnt, 1);
@@ -1022,7 +1048,7 @@ restart:
                goto out_unlock;
        }
-        unix_state_wlock(sk);
+        unix_state_wlock_nested(sk);
        if (sk->sk_state != st) {
                unix_state_wunlock(sk);
@@ -1290,6 +1316,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
        memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
        if (siocb->scm->fp)
                unix_attach_fds(siocb->scm, skb);
+        unix_get_secdata(siocb->scm, skb);
        skb->h.raw = skb->data;
        err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len);
@@ -1570,6 +1597,7 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
                memset(&tmp_scm, 0, sizeof(tmp_scm));
        }
        siocb->scm->creds = *UNIXCREDS(skb);
+        unix_set_secdata(siocb->scm, skb);
        if (!(flags & MSG_PEEK))
        {
@@ -2032,10 +2060,7 @@ static int __init af_unix_init(void)
        int rc = -1;
        struct sk_buff *dummy_skb;
-        if (sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb)) {
+        BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
-                printk(KERN_CRIT "%s: panic\n", __FUNCTION__);
-                goto out;
-        }
        rc = proto_register(&unix_proto, 1);
        if (rc != 0) {