Commit 38490054 authored by Kuniyuki Iwashima's avatar Kuniyuki Iwashima Committed by Jakub Kicinski
Browse files

af_unix: Don't call wait_for_unix_gc() on every sendmsg(). 



We have been calling wait_for_unix_gc() on every sendmsg() in case
there are too many inflight AF_UNIX sockets.

This is also because the old GC implementation had poor knowledge
of the inflight sockets and had to suspect every sendmsg().

This was improved by commit d9f21b36 ("af_unix: Try to run GC
async."), but we do not even need to call wait_for_unix_gc() if the
process is not sending AF_UNIX sockets.

The wait_for_unix_gc() call only helps when a malicious process
continues to create cyclic references, and we can detect that
in a better place and slow it down.

Let's move wait_for_unix_gc() to unix_prepare_fpl() that is called
only when AF_UNIX socket fd is passed via SCM_RIGHTS.

Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20251115020935.2643121-5-kuniyu@google.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent da8fc7a3

net/unix/af_unix.c

+0 −4
Original line number Diff line number Diff line
@@ -2098,8 +2098,6 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg, 
	if (err < 0)

		return err;



	wait_for_unix_gc(scm.fp);



	if (msg->msg_flags & MSG_OOB) {

		err = -EOPNOTSUPP;

		goto out;
@@ -2393,8 +2391,6 @@ static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg, 
	if (err < 0)

		return err;



	wait_for_unix_gc(scm.fp);



	if (msg->msg_flags & MSG_OOB) {

		err = -EOPNOTSUPP;

#if IS_ENABLED(CONFIG_AF_UNIX_OOB)

net/unix/af_unix.h

+0 −1
Original line number Diff line number Diff line
@@ -30,7 +30,6 @@ void unix_update_edges(struct unix_sock *receiver); 
int unix_prepare_fpl(struct scm_fp_list *fpl);

void unix_destroy_fpl(struct scm_fp_list *fpl);

void unix_schedule_gc(void);

void wait_for_unix_gc(struct scm_fp_list *fpl);



/* SOCK_DIAG */

long unix_inq_len(struct sock *sk);

net/unix/garbage.c

+6 −3
Original line number Diff line number Diff line
@@ -282,6 +282,8 @@ void unix_update_edges(struct unix_sock *receiver) 
	}

}



static void wait_for_unix_gc(struct scm_fp_list *fpl);



int unix_prepare_fpl(struct scm_fp_list *fpl)

{

	struct unix_vertex *vertex;
@@ -303,6 +305,8 @@ int unix_prepare_fpl(struct scm_fp_list *fpl) 
	if (!fpl->edges)

		goto err;



	wait_for_unix_gc(fpl);



	return 0;



err:
@@ -628,7 +632,7 @@ void unix_schedule_gc(void) 
#define UNIX_INFLIGHT_TRIGGER_GC 16000

#define UNIX_INFLIGHT_SANE_USER (SCM_MAX_FD * 8)



void wait_for_unix_gc(struct scm_fp_list *fpl)

static void wait_for_unix_gc(struct scm_fp_list *fpl)

{

	/* If number of inflight sockets is insane,

	 * force a garbage collect right now.
@@ -642,8 +646,7 @@ void wait_for_unix_gc(struct scm_fp_list *fpl) 
	/* Penalise users who want to send AF_UNIX sockets

	 * but whose sockets have not been received yet.

	 */

	if (!fpl || !fpl->count_unix ||

	    READ_ONCE(fpl->user->unix_inflight) < UNIX_INFLIGHT_SANE_USER)

	if (READ_ONCE(fpl->user->unix_inflight) < UNIX_INFLIGHT_SANE_USER)

		return;



	if (READ_ONCE(gc_in_progress))