| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240503223150.6035-5-kuniyu@amazon.com>
Date: Fri, 3 May 2024 15:31:48 -0700
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
<pabeni@...hat.com>
CC: Kuniyuki Iwashima <kuniyu@...zon.com>, Kuniyuki Iwashima
<kuni1840@...il.com>, <netdev@...r.kernel.org>
Subject: [PATCH v1 net-next 4/6] af_unix: Move wait_for_unix_gc() to unix_prepare_fpl().
unix_(dgram|stream)_sendmsg() call wait_for_unix_gc() to trigger GC
when the number of inflight AF_UNIX sockets is insane.
This does not happen in the sane use case. If this happened, the
insane process would continue sending FDs.
We need not impose the duty in the normal sendmsg(), and instead,
we can trigger GC in unix_prepare_fpl(), which is called when a fd
of AF_UNIX socket is passed.
Also, this renames wait_for_unix_gc() to __unix_schedule_gc() for the
following changes.
Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
---
include/net/af_unix.h | 1 -
net/unix/af_unix.c | 4 ----
net/unix/garbage.c | 9 ++++++---
3 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index b6eedf7650da..ebd1b3ca8906 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -24,7 +24,6 @@ void unix_update_edges(struct unix_sock *receiver);
int unix_prepare_fpl(struct scm_fp_list *fpl);
void unix_destroy_fpl(struct scm_fp_list *fpl);
void unix_gc(void);
-void wait_for_unix_gc(struct scm_fp_list *fpl);
struct unix_vertex {
struct list_head edges;
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index dc1651541723..863058be35f3 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1925,8 +1925,6 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
if (err < 0)
return err;
- wait_for_unix_gc(scm.fp);
-
err = -EOPNOTSUPP;
if (msg->msg_flags&MSG_OOB)
goto out;
@@ -2202,8 +2200,6 @@ static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
if (err < 0)
return err;
- wait_for_unix_gc(scm.fp);
-
err = -EOPNOTSUPP;
if (msg->msg_flags & MSG_OOB) {
#if IS_ENABLED(CONFIG_AF_UNIX_OOB)
diff --git a/net/unix/garbage.c b/net/unix/garbage.c
index 478b2eb479a2..85c0500764d4 100644
--- a/net/unix/garbage.c
+++ b/net/unix/garbage.c
@@ -271,6 +271,8 @@ void unix_update_edges(struct unix_sock *receiver)
}
}
+static void __unix_schedule_gc(struct scm_fp_list *fpl);
+
int unix_prepare_fpl(struct scm_fp_list *fpl)
{
struct unix_vertex *vertex;
@@ -292,6 +294,8 @@ int unix_prepare_fpl(struct scm_fp_list *fpl)
if (!fpl->edges)
goto err;
+ __unix_schedule_gc(fpl);
+
return 0;
err:
@@ -607,7 +611,7 @@ void unix_gc(void)
#define UNIX_INFLIGHT_TRIGGER_GC 16000
#define UNIX_INFLIGHT_SANE_USER (SCM_MAX_FD * 8)
-void wait_for_unix_gc(struct scm_fp_list *fpl)
+static void __unix_schedule_gc(struct scm_fp_list *fpl)
{
/* If number of inflight sockets is insane,
* force a garbage collect right now.
@@ -622,8 +626,7 @@ void wait_for_unix_gc(struct scm_fp_list *fpl)
/* Penalise users who want to send AF_UNIX sockets
* but whose sockets have not been received yet.
*/
- if (!fpl || !fpl->count_unix ||
- READ_ONCE(fpl->user->unix_inflight) < UNIX_INFLIGHT_SANE_USER)
+ if (READ_ONCE(fpl->user->unix_inflight) < UNIX_INFLIGHT_SANE_USER)
return;
if (READ_ONCE(gc_in_progress))
--
2.30.2
Powered by blists - more mailing lists