af_unix: Allocate unix_address in unix_bind_(bsd|abstract)().

To terminate address with '\0' in unix_bind_bsd(), we add unix_create_addr() and call it in unix_bind_bsd() and unix_bind_abstract(). Also, unix_bind_abstract() does not return -EEXIST. Only kern_path_create() and vfs_mknod() in unix_bind_bsd() can return it, so we move the last error check in unix_bind() to unix_bind_bsd(). Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.co.jp> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-11-24 11:14:26 +09:00 · 2021-11-24 11:14:26 +09:00 · 12f21c49ad
parent 5c32a3ed64
commit 12f21c49ad
1 changed files with 67 additions and 40 deletions
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@ -214,6 +214,22 @@ struct sock *unix_peer_get(struct sock *s)
 }
 EXPORT_SYMBOL_GPL(unix_peer_get);
 static struct unix_address *unix_create_addr(struct sockaddr_un *sunaddr,
 					     int addr_len)
 {
 	struct unix_address *addr;
 	addr = kmalloc(sizeof(*addr) + addr_len, GFP_KERNEL);
 	if (!addr)
 		return NULL;
 	refcount_set(&addr->refcnt, 1);
 	addr->len = addr_len;
 	memcpy(addr->name, sunaddr, addr_len);
 	return addr;
 }
 static inline void unix_release_addr(struct unix_address *addr)
 {
 	if (refcount_dec_and_test(&addr->refcnt))
@ -1083,34 +1099,46 @@ out:	mutex_unlock(&u->bindlock);
 	return err;
 }
-static int unix_bind_bsd(struct sock *sk, struct unix_address *addr)
+static int unix_bind_bsd(struct sock *sk, struct sockaddr_un *sunaddr,
 			 int addr_len)
 {
 	struct unix_sock *u = unix_sk(sk);
 	umode_t mode = S_IFSOCK |
 	       (SOCK_INODE(sk->sk_socket)->i_mode & ~current_umask());
 	struct unix_sock *u = unix_sk(sk);
 	struct user_namespace *ns; // barf...
-	struct path parent;
+	struct unix_address *addr;
 	struct dentry *dentry;
 	struct path parent;
 	unsigned int hash;
 	int err;
 	unix_mkname_bsd(sunaddr, addr_len);
 	addr_len = strlen(sunaddr->sun_path) +
 		offsetof(struct sockaddr_un, sun_path) + 1;
 	addr = unix_create_addr(sunaddr, addr_len);
 	if (!addr)
 		return -ENOMEM;
 	/*
 	 * Get the parent directory, calculate the hash for last
 	 * component.
 	 */
 	dentry = kern_path_create(AT_FDCWD, addr->name->sun_path, &parent, 0);
-	if (IS_ERR(dentry))
+	if (IS_ERR(dentry)) {
-		return PTR_ERR(dentry);
+		err = PTR_ERR(dentry);
-	ns = mnt_user_ns(parent.mnt);
+		goto out;
 	}
 	/*
 	 * All right, let's create it.
 	 */
 	ns = mnt_user_ns(parent.mnt);
 	err = security_path_mknod(&parent, dentry, mode, 0);
 	if (!err)
 		err = vfs_mknod(ns, d_inode(parent.dentry), dentry, mode, 0);
 	if (err)
-		goto out;
+		goto out_path;
 	err = mutex_lock_interruptible(&u->bindlock);
 	if (err)
 		goto out_unlink;
@ -1134,47 +1162,61 @@ out_unlock:
 out_unlink:
 	/* failed after successful mknod?  unlink what we'd created... */
 	vfs_unlink(ns, d_inode(parent.dentry), dentry, NULL);
-out:
+out_path:
 	done_path_create(&parent, dentry);
-	return err;
+out:
 	unix_release_addr(addr);
 	return err == -EEXIST ? -EADDRINUSE : err;
 }
-static int unix_bind_abstract(struct sock *sk, struct unix_address *addr)
+static int unix_bind_abstract(struct sock *sk, struct sockaddr_un *sunaddr,
 			      int addr_len)
 {
 	struct unix_sock *u = unix_sk(sk);
 	struct unix_address *addr;
 	int err;
 	addr = unix_create_addr(sunaddr, addr_len);
 	if (!addr)
 		return -ENOMEM;
 	err = mutex_lock_interruptible(&u->bindlock);
 	if (err)
-		return err;
+		goto out;
 	if (u->addr) {
-		mutex_unlock(&u->bindlock);
+		err = -EINVAL;
-		return -EINVAL;
+		goto out_mutex;
 	}
 	addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
 	addr->hash ^= sk->sk_type;
 	spin_lock(&unix_table_lock);
 	if (__unix_find_socket_byname(sock_net(sk), addr->name, addr->len,
-				      addr->hash)) {
+				      addr->hash))
-		spin_unlock(&unix_table_lock);
+		goto out_spin;
-		mutex_unlock(&u->bindlock);
+
 		return -EADDRINUSE;
 	}
 	__unix_set_addr(sk, addr, addr->hash);
 	spin_unlock(&unix_table_lock);
 	mutex_unlock(&u->bindlock);
 	return 0;
 out_spin:
 	spin_unlock(&unix_table_lock);
 	err = -EADDRINUSE;
 out_mutex:
 	mutex_unlock(&u->bindlock);
 out:
 	unix_release_addr(addr);
 	return err;
 }
 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 {
 	struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
 	char *sun_path = sunaddr->sun_path;
 	struct sock *sk = sock->sk;
 	struct unix_address *addr;
 	int err;
 	if (addr_len == offsetof(struct sockaddr_un, sun_path) &&
@ -1185,27 +1227,12 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 	if (err)
 		return err;
-	if (sun_path[0]) {
+	if (sunaddr->sun_path[0])
-		unix_mkname_bsd(sunaddr, addr_len);
+		err = unix_bind_bsd(sk, sunaddr, addr_len);
 		addr_len = strlen(sunaddr->sun_path) +
 			offsetof(struct sockaddr_un, sun_path) + 1;
 	}
 	addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
 	if (!addr)
 		return -ENOMEM;
 	memcpy(addr->name, sunaddr, addr_len);
 	addr->len = addr_len;
 	refcount_set(&addr->refcnt, 1);
 	if (sun_path[0])
 		err = unix_bind_bsd(sk, addr);
 	else
-		err = unix_bind_abstract(sk, addr);
+		err = unix_bind_abstract(sk, sunaddr, addr_len);
-	if (err)
+
-		unix_release_addr(addr);
+	return err;
 	return err == -EEXIST ? -EADDRINUSE : err;
 }
 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)