From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C276C433DB for ; Fri, 19 Feb 2021 04:24:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E39C264E90 for ; Fri, 19 Feb 2021 04:24:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229896AbhBSEYH (ORCPT ); Thu, 18 Feb 2021 23:24:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55130 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229889AbhBSEYF (ORCPT ); Thu, 18 Feb 2021 23:24:05 -0500 Received: from zeniv-ca.linux.org.uk (zeniv-ca.linux.org.uk [IPv6:2607:5300:60:148a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11FACC061756; Thu, 18 Feb 2021 20:23:25 -0800 (PST) Received: from viro by zeniv-ca.linux.org.uk with local (Exim 4.94 #2 (Red Hat Linux)) id 1lCxK3-00FgYK-Al; Fri, 19 Feb 2021 04:23:19 +0000 Date: Fri, 19 Feb 2021 04:23:19 +0000 From: Al Viro To: Denis Kirjanov Cc: Christoph Hellwig , linux-kernel@vger.kernel.org, Jakub Kicinski , linux-fsdevel@vger.kernel.org Subject: [PATCH 7/8] unix_bind_bsd(): unlink if we fail after successful mknod Message-ID: References: <20210125154937.26479-1-kda@linux-powerpc.org> <20210127175742.GA1744861@infradead.org> <20210129082524.GA2282796@infradead.org> <20210129131855.GA2346744@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: Al Viro Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org We can do that more or less safely, since the parent is held locked all along. Yes, somebody might observe the object via dcache, only to have it disappear afterwards, but there's really no good way to prevent that. It won't race with other bind(2) or attempts to move the sucker elsewhere, or put something else in its place - locked parent prevents that. Signed-off-by: Al Viro --- net/unix/af_unix.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index d55035a9695f..bb4c6200953d 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -1001,30 +1001,19 @@ static int unix_bind_bsd(struct sock *sk, struct unix_address *addr) dentry = kern_path_create(AT_FDCWD, addr->name->sun_path, &parent, 0); if (IS_ERR(dentry)) return PTR_ERR(dentry); - /* * All right, let's create it. */ err = security_path_mknod(&parent, dentry, mode, 0); if (!err) err = vfs_mknod(d_inode(parent.dentry), dentry, mode, 0); - - if (err) { - if (err == -EEXIST) - err = -EADDRINUSE; - done_path_create(&parent, dentry); - return err; - } + if (err) + goto out; err = mutex_lock_interruptible(&u->bindlock); - if (err) { - done_path_create(&parent, dentry); - return err; - } - if (u->addr) { - mutex_unlock(&u->bindlock); - done_path_create(&parent, dentry); - return -EINVAL; - } + if (err) + goto out_unlink; + if (u->addr) + goto out_unlock; addr->hash = UNIX_HASH_SIZE; hash = d_backing_inode(dentry)->i_ino & (UNIX_HASH_SIZE - 1); @@ -1035,6 +1024,16 @@ static int unix_bind_bsd(struct sock *sk, struct unix_address *addr) mutex_unlock(&u->bindlock); done_path_create(&parent, dentry); return 0; + +out_unlock: + mutex_unlock(&u->bindlock); + err = -EINVAL; +out_unlink: + /* failed after successful mknod? unlink what we'd created... */ + vfs_unlink(d_inode(parent.dentry), dentry, NULL); +out: + done_path_create(&parent, dentry); + return err == -EEXIST ? -EADDRINUSE : err; } static int unix_bind_abstract(struct sock *sk, unsigned hash, -- 2.11.0