@@ -239,19 +239,25 @@ static int unix_validate_addr(struct sockaddr_un *sunaddr, int addr_len)
return 0;
}
+static void unix_mkname_bsd(struct sockaddr_un *sunaddr, int addr_len)
+{
+ /* This may look like an off by one error but it is a bit more
+ * subtle. 108 is the longest valid AF_UNIX path for a binding.
+ * sun_path[108] doesn't as such exist. However in kernel space
+ * we are guaranteed that it is a valid memory location in our
+ * kernel address buffer because syscall functions always pass
+ * a pointer of struct sockaddr_storage which has a bigger buffer
+ * than 108.
+ */
+ ((char *)sunaddr)[addr_len] = 0;
+}
+
static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
{
*hashp = 0;
if (sunaddr->sun_path[0]) {
- /*
- * This may look like an off by one error but it is a bit more
- * subtle. 108 is the longest valid AF_UNIX path for a binding.
- * sun_path[108] doesn't as such exist. However in kernel space
- * we are guaranteed that it is a valid memory location in our
- * kernel address buffer.
- */
- ((char *)sunaddr)[len] = 0;
+ unix_mkname_bsd(sunaddr, len);
len = strlen(sunaddr->sun_path) + offsetof(struct sockaddr_un, sun_path) + 1;
return len;
}
@@ -957,13 +963,14 @@ static int unix_release(struct socket *sock)
}
static struct sock *unix_find_bsd(struct net *net, struct sockaddr_un *sunaddr,
- int type)
+ int addr_len, int type)
{
struct inode *inode;
struct path path;
struct sock *sk;
int err;
+ unix_mkname_bsd(sunaddr, addr_len);
err = kern_path(sunaddr->sun_path, LOOKUP_FOLLOW, &path);
if (err)
goto fail;
@@ -1000,8 +1007,9 @@ static struct sock *unix_find_bsd(struct net *net, struct sockaddr_un *sunaddr,
}
static struct sock *unix_find_abstract(struct net *net, struct sockaddr_un *sunaddr,
- int addr_len, int type, unsigned int hash)
+ int addr_len, int type)
{
+ unsigned int hash = unix_hash_fold(csum_partial(sunaddr, addr_len, 0));
struct dentry *dentry;
struct sock *sk;
@@ -1017,14 +1025,14 @@ static struct sock *unix_find_abstract(struct net *net, struct sockaddr_un *suna
}
static struct sock *unix_find_other(struct net *net, struct sockaddr_un *sunaddr,
- int addr_len, int type, unsigned int hash)
+ int addr_len, int type)
{
struct sock *sk;
if (sunaddr->sun_path[0])
- sk = unix_find_bsd(net, sunaddr, type);
+ sk = unix_find_bsd(net, sunaddr, addr_len, type);
else
- sk = unix_find_abstract(net, sunaddr, addr_len, type, hash);
+ sk = unix_find_abstract(net, sunaddr, addr_len, type);
return sk;
}
@@ -1239,7 +1247,6 @@ static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
struct net *net = sock_net(sk);
struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
struct sock *other;
- unsigned int hash;
int err;
err = -EINVAL;
@@ -1251,11 +1258,6 @@ static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
if (err)
goto out;
- err = unix_mkname(sunaddr, alen, &hash);
- if (err < 0)
- goto out;
- alen = err;
-
if (test_bit(SOCK_PASSCRED, &sock->flags) && !unix_sk(sk)->addr) {
err = unix_autobind(sk);
if (err)
@@ -1263,7 +1265,7 @@ static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
}
restart:
- other = unix_find_other(net, sunaddr, alen, sock->type, hash);
+ other = unix_find_other(net, sunaddr, alen, sock->type);
if (IS_ERR(other)) {
err = PTR_ERR(other);
goto out;
@@ -1357,7 +1359,6 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
struct sock *newsk = NULL;
struct sock *other = NULL;
struct sk_buff *skb = NULL;
- unsigned int hash;
int st;
int err;
long timeo;
@@ -1366,11 +1367,6 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
if (err)
goto out;
- err = unix_mkname(sunaddr, addr_len, &hash);
- if (err < 0)
- goto out;
- addr_len = err;
-
if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr) {
err = unix_autobind(sk);
if (err)
@@ -1401,7 +1397,7 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
restart:
/* Find listening sock. */
- other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash);
+ other = unix_find_other(net, sunaddr, addr_len, sk->sk_type);
if (IS_ERR(other)) {
err = PTR_ERR(other);
other = NULL;
@@ -1799,9 +1795,7 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
struct unix_sock *u = unix_sk(sk);
DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
struct sock *other = NULL;
- int namelen = 0; /* fake GCC */
int err;
- unsigned int hash;
struct sk_buff *skb;
long timeo;
struct scm_cookie scm;
@@ -1821,11 +1815,6 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
err = unix_validate_addr(sunaddr, msg->msg_namelen);
if (err)
goto out;
-
- err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
- if (err < 0)
- goto out;
- namelen = err;
} else {
sunaddr = NULL;
err = -ENOTCONN;
@@ -1878,7 +1867,7 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
if (sunaddr == NULL)
goto out_free;
- other = unix_find_other(net, sunaddr, namelen, sk->sk_type, hash);
+ other = unix_find_other(net, sunaddr, msg->msg_namelen, sk->sk_type);
if (IS_ERR(other)) {
err = PTR_ERR(other);
other = NULL;
We should not call unix_mkname() before unix_find_other() and instead do the same thing where necessary based on the address type: - terminating the address with '\0' in unix_find_bsd() - calculating the hash in unix_find_abstract(). Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.co.jp> --- net/unix/af_unix.c | 59 +++++++++++++++++++--------------------------- 1 file changed, 24 insertions(+), 35 deletions(-)