[PATCH openEuler-5.10 19/29] af_unix: Copy unix_mkname() into unix_find_(bsd|abstract)().

19 Jul 2022

From: Kuniyuki Iwashima kuniyu@amazon.co.jp
mainline inclusion
from mainline-v5.17-rc1
commit d2d8c9fddb1c11ccfa73bf0ad2b1e6b4ea7afdaf
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4OM1C
CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
We should not call unix_mkname() before unix_find_other() and instead do
the same thing where necessary based on the address type:
- terminating the address with '\0' in unix_find_bsd()
  - calculating the hash in unix_find_abstract().
Signed-off-by: Kuniyuki Iwashima kuniyu@amazon.co.jp
Signed-off-by: Jakub Kicinski kuba@kernel.org
Signed-off-by: Baisong Zhong zhongbaisong@huawei.com
Reviewed-by: Yue Haibing yuehaibing@huawei.com
Reviewed-by: Wei Yongjun weiyongjun1@huawei.com
Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com
---
 net/unix/af_unix.c | 63 ++++++++++++++++++----------------------------
 1 file changed, 25 insertions(+), 38 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index ef8b4fcd52fb..333b76fd830c 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -238,19 +238,25 @@ static int unix_validate_addr(struct sockaddr_un *sunaddr, int addr_len)
    return 0;
 }
+static void unix_mkname_bsd(struct sockaddr_un *sunaddr, int addr_len)
+{
+	/* This may look like an off by one error but it is a bit more
+	 * subtle.  108 is the longest valid AF_UNIX path for a binding.
+	 * sun_path[108] doesn't as such exist.  However in kernel space
+	 * we are guaranteed that it is a valid memory location in our
+	 * kernel address buffer because syscall functions always pass
+	 * a pointer of struct sockaddr_storage which has a bigger buffer
+	 * than 108.
+	 */
+	((char *)sunaddr)[addr_len] = 0;
+}
+
 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
 {
    *hashp = 0;
if (sunaddr->sun_path[0]) {
-		/*
-		 * This may look like an off by one error but it is a bit more
-		 * subtle. 108 is the longest valid AF_UNIX path for a binding.
-		 * sun_path[108] doesn't as such exist.  However in kernel space
-		 * we are guaranteed that it is a valid memory location in our
-		 * kernel address buffer.
-		 */
-		((char *)sunaddr)[len] = 0;
+		unix_mkname_bsd(sunaddr, len);
    	len = strlen(sunaddr->sun_path) +
    		offsetof(struct sockaddr_un, sun_path) + 1;
    	return len;
@@ -902,13 +908,14 @@ static int unix_release(struct socket *sock)
 }
static struct sock *unix_find_bsd(struct net *net, struct sockaddr_un *sunaddr,
-				  int type)
+				  int addr_len, int type)
 {
    struct inode *inode;
    struct path path;
    struct sock *sk;
    int err;
+	unix_mkname_bsd(sunaddr, addr_len);
    err = kern_path(sunaddr->sun_path, LOOKUP_FOLLOW, &path);
    if (err)
    	goto fail;
@@ -946,9 +953,9 @@ static struct sock *unix_find_bsd(struct net *net, struct sockaddr_un *sunaddr,
static struct sock *unix_find_abstract(struct net *net,
    			       struct sockaddr_un *sunaddr,
-				       int addr_len, int type,
-				       unsigned int hash)
+				       int addr_len, int type)
 {
+	unsigned int hash = unix_hash_fold(csum_partial(sunaddr, addr_len, 0));
    struct dentry *dentry;
    struct sock *sk;
@@ -965,15 +972,14 @@ static struct sock *unix_find_abstract(struct net *net,
static struct sock *unix_find_other(struct net *net,
    			    struct sockaddr_un *sunaddr,
-				    int addr_len, int type,
-				    unsigned int hash)
+				    int addr_len, int type)
 {
    struct sock *sk;
if (sunaddr->sun_path[0])
-		sk = unix_find_bsd(net, sunaddr, type);
+		sk = unix_find_bsd(net, sunaddr, addr_len, type);
    else
-		sk = unix_find_abstract(net, sunaddr, addr_len, type, hash);
+		sk = unix_find_abstract(net, sunaddr, addr_len, type);
return sk;
 }
@@ -1189,7 +1195,6 @@ static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
    struct net *net = sock_net(sk);
    struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
    struct sock *other;
-	unsigned int hash;
    int err;
err = -EINVAL;
@@ -1201,11 +1206,6 @@ static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
    	if (err)
    		goto out;
-		err = unix_mkname(sunaddr, alen, &hash);
-		if (err < 0)
-			goto out;
-		alen = err;
-
    	if (test_bit(SOCK_PASSCRED, &sock->flags) &&
    	    !unix_sk(sk)->addr) {
    		err = unix_autobind(sk);
@@ -1214,7 +1214,7 @@ static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
    	}
restart:
-		other = unix_find_other(net, sunaddr, alen, sock->type, hash);
+		other = unix_find_other(net, sunaddr, alen, sock->type);
    	if (IS_ERR(other)) {
    		err = PTR_ERR(other);
    		goto out;
@@ -1303,7 +1303,6 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
    struct sock *newsk = NULL;
    struct sock *other = NULL;
    struct sk_buff *skb = NULL;
-	unsigned int hash;
    int st;
    int err;
    long timeo;
@@ -1312,11 +1311,6 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
    if (err)
    	goto out;
-	err = unix_mkname(sunaddr, addr_len, &hash);
-	if (err < 0)
-		goto out;
-	addr_len = err;
-
    if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr) {
    	err = unix_autobind(sk);
    	if (err)
@@ -1344,7 +1338,7 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
restart:
    /*  Find listening sock. */
-	other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash);
+	other = unix_find_other(net, sunaddr, addr_len, sk->sk_type);
    if (IS_ERR(other)) {
    	err = PTR_ERR(other);
    	other = NULL;
@@ -1744,9 +1738,7 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
    struct unix_sock *u = unix_sk(sk);
    DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
    struct sock *other = NULL;
-	int namelen = 0; /* fake GCC */
    int err;
-	unsigned int hash;
    struct sk_buff *skb;
    long timeo;
    struct scm_cookie scm;
@@ -1766,11 +1758,6 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
    	err = unix_validate_addr(sunaddr, msg->msg_namelen);
    	if (err)
    		goto out;
-
-		err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
-		if (err < 0)
-			goto out;
-		namelen = err;
    } else {
    	sunaddr = NULL;
    	err = -ENOTCONN;
@@ -1823,8 +1810,8 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
    	if (sunaddr == NULL)
    		goto out_free;
-		other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
-					hash);
+		other = unix_find_other(net, sunaddr, msg->msg_namelen,
+					sk->sk_type);
    	if (IS_ERR(other)) {
    		err = PTR_ERR(other);
    		other = NULL;
-- 
2.20.1

    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-5.10 19/29] af_unix: Copy unix_mkname() into unix_find_(bsd|abstract)().