Merge branch 'af_unix-followup-fixes-for-so_passpidfd'

Kuniyuki Iwashima says: ==================== af_unix: Followup fixes for SO_PASSPIDFD. This series fixes 2 issues introduced by commit 5e2ff6704a ("scm: add SO_PASSPIDFD and SCM_PIDFD"). The 1st patch fixes a warning in scm_pidfd_recv() reported by syzkaller. The 2nd patch fixes a regression that bluetooth can't be built as module. ==================== Link: https://lore.kernel.org/r/20230627174314.67688-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-04-24 14:07:52 -04:00 · 2023-06-27 10:50:24 -07:00 · 2023-06-27 10:50:24 -07:00 · ae23064219
commit ae23064219
parent 30ac666a2f a9c49cc2f5
2 changed files with 31 additions and 14 deletions
--- a/include/net/scm.h
+++ b/include/net/scm.h
@ -135,7 +135,9 @@ static __inline__ void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm
 		return;
 	}
-	WARN_ON_ONCE(!scm->pid);
+	if (!scm->pid)
 		return;
 	pidfd = pidfd_prepare(scm->pid, 0, &pidfd_file);
 	if (put_cmsg(msg, SOL_SOCKET, SCM_PIDFD, sizeof(int), &pidfd)) {
@ -151,7 +153,7 @@ static __inline__ void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm
 		fd_install(pidfd, pidfd_file);
 }
-static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
+static inline bool __scm_recv_common(struct socket *sock, struct msghdr *msg,
 				     struct scm_cookie *scm, int flags)
 {
 	if (!msg->msg_control) {
@ -160,7 +162,7 @@ static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
 		    scm->fp || scm_has_secdata(sock))
 			msg->msg_flags |= MSG_CTRUNC;
 		scm_destroy(scm);
-		return;
+		return false;
 	}
 	if (test_bit(SOCK_PASSCRED, &sock->flags)) {
@ -173,19 +175,34 @@ static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
 		put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(ucreds), &ucreds);
 	}
 	scm_passec(sock, msg, scm);
 	if (scm->fp)
 		scm_detach_fds(msg, scm);
 	return true;
 }
 static inline void scm_recv(struct socket *sock, struct msghdr *msg,
 			    struct scm_cookie *scm, int flags)
 {
 	if (!__scm_recv_common(sock, msg, scm, flags))
 		return;
 	scm_destroy_cred(scm);
 }
 static inline void scm_recv_unix(struct socket *sock, struct msghdr *msg,
 				 struct scm_cookie *scm, int flags)
 {
 	if (!__scm_recv_common(sock, msg, scm, flags))
 		return;
 	if (test_bit(SOCK_PASSPIDFD, &sock->flags))
 		scm_pidfd_recv(msg, scm);
 	scm_destroy_cred(scm);
 	scm_passec(sock, msg, scm);
 	if (!scm->fp)
 		return;
 	scm_detach_fds(msg, scm);
 }
 #endif /* __LINUX_NET_SCM_H */
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@ -2427,7 +2427,7 @@ int __unix_dgram_recvmsg(struct sock *sk, struct msghdr *msg, size_t size,
 	}
 	err = (flags & MSG_TRUNC) ? skb->len - skip : size;
-	scm_recv(sock, msg, &scm, flags);
+	scm_recv_unix(sock, msg, &scm, flags);
 out_free:
 	skb_free_datagram(sk, skb);
@ -2808,7 +2808,7 @@ unlock:
 	mutex_unlock(&u->iolock);
 	if (state->msg)
-		scm_recv(sock, state->msg, &scm, flags);
+		scm_recv_unix(sock, state->msg, &scm, flags);
 	else
 		scm_destroy(&scm);
 out: