Commit 106d979b authored by Kuniyuki Iwashima's avatar Kuniyuki Iwashima Committed by Paolo Abeni
Browse files

af_unix: Clean up SOCK_DEAD error paths in unix_dgram_sendmsg(). 



When other has SOCK_DEAD in unix_dgram_sendmsg(), we hold
unix_state_lock() for the sender socket first.

However, we do not need it for sk->sk_type.

Let's move the lock down a bit.

Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent 689c3988

net/unix/af_unix.c

+15 −15
Original line number Diff line number Diff line
@@ -2070,23 +2070,23 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg, 
	}



	if (unlikely(sock_flag(other, SOCK_DEAD))) {

		/*

		 *	Check with 1003.1g - what should

		 *	datagram error

		 */

		unix_state_unlock(other);

		/* Check with 1003.1g - what should datagram error */



		if (!sk_locked)

			unix_state_lock(sk);

		unix_state_unlock(other);



		if (sk->sk_type == SOCK_SEQPACKET) {

			/* We are here only when racing with unix_release_sock()

			 * is clearing @other. Never change state to TCP_CLOSE

			 * unlike SOCK_DGRAM wants.

			 */

			unix_state_unlock(sk);

			err = -EPIPE;

		} else if (unix_peer(sk) == other) {

			goto out_free;

		}



		if (!sk_locked)

			unix_state_lock(sk);



		if (unix_peer(sk) == other) {

			unix_peer(sk) = NULL;

			unix_dgram_peer_wake_disconnect_wakeup(sk, other);
@@ -2096,15 +2096,15 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg, 
			unix_dgram_disconnected(sk, other);

			sock_put(other);

			err = -ECONNREFUSED;

		} else {

			goto out_free;

		}



		unix_state_unlock(sk);



			if (!msg->msg_namelen)

		if (!msg->msg_namelen) {

			err = -ECONNRESET;

		}



		if (err)

			goto out_free;

		}



		goto lookup;

	}