OSDN Git Service

(root) / uclinux-h8 / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a710eed)
unix_bpf: Fix a potential deadlock in unix_dgram_bpf_recvmsg()
authorCong Wang <cong.wang@bytedance.com>
Fri, 23 Jul 2021 18:36:30 +0000 (11:36 -0700)
committerAndrii Nakryiko <andrii@kernel.org>
Fri, 30 Jul 2021 19:40:55 +0000 (12:40 -0700)
As Eric noticed, __unix_dgram_recvmsg() may acquire u->iolock
too, so we have to release it before calling this function.

Fixes: 9825d866ce0d ("af_unix: Implement unix_dgram_bpf_recvmsg()")
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Cong Wang <cong.wang@bytedance.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Jakub Sitnicki <jakub@cloudflare.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
net/unix/unix_bpf.c patch | blob | history

diff --git a/net/unix/unix_bpf.c b/net/unix/unix_bpf.c
index db0cda2..177e883 100644 (file)
--- a/net/unix/unix_bpf.c
+++ b/net/unix/unix_bpf.c
@@ -44,7 +44,7 @@ static int unix_dgram_bpf_recvmsg(struct sock *sk, struct msghdr *msg,
 {
        struct unix_sock *u = unix_sk(sk);
        struct sk_psock *psock;
-       int copied, ret;
+       int copied;
 
        psock = sk_psock_get(sk);
        if (unlikely(!psock))
@@ -53,8 +53,9 @@ static int unix_dgram_bpf_recvmsg(struct sock *sk, struct msghdr *msg,
        mutex_lock(&u->iolock);
        if (!skb_queue_empty(&sk->sk_receive_queue) &&
            sk_psock_queue_empty(psock)) {
-               ret = __unix_dgram_recvmsg(sk, msg, len, flags);
-               goto out;
+               mutex_unlock(&u->iolock);
+               sk_psock_put(sk, psock);
+               return __unix_dgram_recvmsg(sk, msg, len, flags);
        }
 
 msg_bytes_ready:
@@ -68,16 +69,15 @@ msg_bytes_ready:
                if (data) {
                        if (!sk_psock_queue_empty(psock))
                                goto msg_bytes_ready;
-                       ret = __unix_dgram_recvmsg(sk, msg, len, flags);
-                       goto out;
+                       mutex_unlock(&u->iolock);
+                       sk_psock_put(sk, psock);
+                       return __unix_dgram_recvmsg(sk, msg, len, flags);
                }
                copied = -EAGAIN;
        }
-       ret = copied;
-out:
        mutex_unlock(&u->iolock);
        sk_psock_put(sk, psock);
-       return ret;
+       return copied;
 }
 
 static struct proto *unix_prot_saved __read_mostly;
About OSDN
Find Software
Develop Software
Help