path: root/changelog
AgeCommit message (Expand)AuthorFilesLines
2007-09-07New upstream release v0.50.5-1Tobias Klauser1-0/+7
2007-06-20New upstream release0.4-1Tobias Klauser1-0/+11
2007-04-18Update sourec for inotail 0.30.3-1Tobias Klauser1-0/+9
2007-03-03Initial import of debian package for inotail0.2-1Tobias Klauser1-0/+7
rederic Sowa <> Signed-off-by: David S. Miller <> 2016-02-08unix: correctly track in-flight fds in sending process user_structHannes Frederic Sowa1-2/+2 The commit referenced in the Fixes tag incorrectly accounted the number of in-flight fds over a unix domain socket to the original opener of the file-descriptor. This allows another process to arbitrary deplete the original file-openers resource limit for the maximum of open files. Instead the sending processes and its struct cred should be credited. To do so, we add a reference counted struct user_struct pointer to the scm_fp_list and use it to account for the number of inflight unix fds. Fixes: 712f4aad406bb1 ("unix: properly account for FDs passed over unix sockets") Reported-by: David Herrmann <> Cc: David Herrmann <> Cc: Willy Tarreau <> Cc: Linus Torvalds <> Suggested-by: Linus Torvalds <> Signed-off-by: Hannes Frederic Sowa <> Signed-off-by: David S. Miller <> 2015-11-23unix: avoid use-after-free in ep_remove_wait_queueRainer Weikusat1-0/+1 Rainer Weikusat <> writes: An AF_UNIX datagram socket being the client in an n:1 association with some server socket is only allowed to send messages to the server if the receive queue of this socket contains at most sk_max_ack_backlog datagrams. This implies that prospective writers might be forced to go to sleep despite none of the message presently enqueued on the server receive queue were sent by them. In order to ensure that these will be woken up once space becomes again available, the present unix_dgram_poll routine does a second sock_poll_wait call with the peer_wait wait queue of the server socket as queue argument (unix_dgram_recvmsg does a wake up on this queue after a datagram was received). This is inherently problematic because the server socket is only guaranteed to remain alive for as long as the client still holds a reference to it. In case the connection is dissolved via connect or by the dead peer detection logic in unix_dgram_sendmsg, the server socket may be freed despite "the polling mechanism" (in particular, epoll) still has a pointer to the corresponding peer_wait queue. There's no way to forcibly deregister a wait queue with epoll. Based on an idea by Jason Baron, the patch below changes the code such that a wait_queue_t belonging to the client socket is enqueued on the peer_wait queue of the server whenever the peer receive queue full condition is detected by either a sendmsg or a poll. A wake up on the peer queue is then relayed to the ordinary wait queue of the client socket via wake function. The connection to the peer wait queue is again dissolved if either a wake up is about to be relayed or the client socket reconnects or a dead peer is detected or the client socket is itself closed. This enables removing the second sock_poll_wait from unix_dgram_poll, thus avoiding the use-after-free, while still ensuring that no blocked writer sleeps forever. Signed-off-by: Rainer Weikusat <> Fixes: ec0d215f9420 ("af_unix: fix 'poll for write'/connected DGRAM sockets") Reviewed-by: Jason Baron <> Signed-off-by: David S. Miller <> 2015-10-08af_unix: constify the sock parameter in unix_sk()Paul Moore1-1/+1 Make unix_sk() just like inet[6]_sk() by constify'ing the sock parameter. Signed-off-by: Paul Moore <> Signed-off-by: David S. Miller <> 2015-09-29af_unix: Convert the unix_sk macro to an inline function for type safetyAaron Conole1-1/+5 As suggested by Eric Dumazet this change replaces the #define with a static inline function to enjoy complaints by the compiler when misusing the API. Signed-off-by: Aaron Conole <> Signed-off-by: David S. Miller <> 2015-06-10net/unix: support SCM_SECURITY for stream socketsStephen Smalley1-1/+0 SCM_SECURITY was originally only implemented for datagram sockets, not for stream sockets. However, SCM_CREDENTIALS is supported on Unix stream sockets. For consistency, implement Unix stream support for SCM_SECURITY as well. Also clean up the existing code and get rid of the superfluous UNIXSID macro. Motivated by, where systemd was using SCM_CREDENTIALS and assumed wrongly that SCM_SECURITY was also supported on Unix stream sockets. Signed-off-by: Stephen Smalley <> Acked-by: Paul Moore <> Signed-off-by: David S. Miller <> 2013-08-10af_unix: improve STREAM behavior with fragmented memoryEric Dumazet1-0/+1 unix_stream_sendmsg() currently uses order-2 allocations, and we had numerous reports this can fail. The __GFP_REPEAT flag present in sock_alloc_send_pskb() is not helping. This patch extends the work done in commit eb6a24816b247c ("af_unix: reduce high order page allocations) for datagram sockets. This opens the possibility of zero copy IO (splice() and friends) The trick is to not use skb_pull() anymore in recvmsg() path, and instead add a @consumed field in UNIXCB() to track amount of already read payload in the skb. There is a performance regression for large sends because of extra page allocations that will be addressed in a follow-up patch, allowing sock_alloc_send_pskb() to attempt high order page allocations. Signed-off-by: Eric Dumazet <> Cc: David Rientjes <> Signed-off-by: David S. Miller <> 2013-07-31af_unix.h: Remove extern from function prototypesJoe Perches1-8/+8 There are a mix of function prototypes with and without extern in the kernel sources. Standardize on not using extern for function prototypes. Function prototypes don't need to be written with extern. extern is assumed by the compiler. Its use is as unnecessary as using auto to declare automatic/local variables in a block. Reflow modified prototypes to 80 columns. Signed-off-by: Joe Perches <> Signed-off-by: David S. Miller <> 2013-05-01af_unix: fix a fatal race with bit fieldsEric Dumazet1-2/+3 Using bit fields is dangerous on ppc64/sparc64, as the compiler [1] uses 64bit instructions to manipulate them. If the 64bit word includes any atomic_t or spinlock_t, we can lose critical concurrent changes. This is happening in af_unix, where unix_sk(sk)->gc_candidate/ gc_maybe_cycle/lock share the same 64bit word. This leads to fatal deadlock, as one/several cpus spin forever on a spinlock that will never be available again. A safer way would be to use a long to store flags. This way we are sure compiler/arch wont do bad things. As we own unix_gc_lock spinlock when clearing or setting bits, we can use the non atomic __set_bit()/__clear_bit(). recursion_level can share the same 64bit location with the spinlock, as it is set only with this spinlock held. [1] bug fixed in gcc-4.8.0 : Reported-by: Ambrose Feinstein <> Signed-off-by: Eric Dumazet <> Cc: Benjamin Herrenschmidt <> Cc: Paul Mackerras <> Signed-off-by: David S. Miller <> 2013-04-07scm: Stop passing struct credEric W. Biederman1-1/+2 Now that uids and gids are completely encapsulated in kuid_t and kgid_t we no longer need to pass struct cred which allowed us to test both the uid and the user namespace for equality. Passing struct cred potentially allows us to pass the entire group list as BSD does but I don't believe the cost of cache line misses justifies retaining code for a future potential application. Signed-off-by: "Eric W. Biederman" <> Signed-off-by: David S. Miller <> 2012-10-21unix: Remove unused field from unix_sockPavel Emelyanov1-1/+0 The struct sock *other one seem to be unused. Grep and make do not object. Signed-off-by: Pavel Emelyanov <> Signed-off-by: David S. Miller <> 2012-06-08af_unix: speedup /proc/net/unixEric Dumazet1-1/+2 /proc/net/unix has quadratic behavior, and can hold unix_table_lock for a while if high number of unix sockets are alive. (90 ms for 200k sockets...) We already have a hash table, so its quite easy to use it. Problem is unbound sockets are still hashed in a single hash slot (unix_socket_table[UNIX_HASH_TABLE]) This patch also spreads unbound sockets to 256 hash slots, to speedup both /proc/net/unix and unix_diag. Time to read /proc/net/unix with 200k unix sockets : (time dd if=/proc/net/unix of=/dev/null bs=4k) before : 520 secs after : 2 secs Signed-off-by: Eric Dumazet <> Cc: Steven Whitehouse <> Cc: Pavel Emelyanov <> Signed-off-by: David S. Miller <> 2012-04-15net: cleanup unsigned to unsigned intEric Dumazet1-1/+1 Use of "unsigned int" is preferred to bare "unsigned" in net tree. Signed-off-by: Eric Dumazet <> Signed-off-by: David S. Miller <> 2012-03-20switch unix_sock to struct pathAl Viro1-2/+1 Signed-off-by: Al Viro <> 2011-12-30af_unix: Move CINQ/COUTQ code to helpersPavel Emelyanov1-0/+3 Currently tcp diag reports rqlen and wqlen values similar to how the CINQ/COUTQ iotcls do. To make unix diag report these values in the same way move the respective code into helpers. Signed-off-by: Pavel Emelyanov <> Signed-off-by: David S. Miller <> 2011-12-16af_unix: Export stuff required for diag modulePavel Emelyanov1-0/+3 Signed-off-by: Pavel Emelyanov <> Signed-off-by: David S. Miller <> 2011-04-24net: Remove __KERNEL__ cpp checks from include/netDavid S. Miller1-2/+0 These header files are never installed to user consumption, so any __KERNEL__ cpp checks are superfluous. Projects should also not copy these files into their userland utility sources and try to use them there. If they insist on doing so, the onus is on them to sanitize the headers as needed. Signed-off-by: David S. Miller <> 2010-11-29af_unix: limit recursion levelEric Dumazet1-0/+2 Its easy to eat all kernel memory and trigger NMI watchdog, using an exploit program that queues unix sockets on top of others. lkml ref : This mechanism is used in applications, one choice we have is to have a recursion limit. Other limits might be needed as well (if we queue other types of files), since the passfd mechanism is currently limited by socket receive queue sizes only. Add a recursion_level to unix socket, allowing up to 4 levels. Each time we send an unix socket through sendfd mechanism, we copy its recursion level (plus one) to receiver. This recursion level is cleared when socket receive queue is emptied. Reported-by: Марк Коренберг <> Signed-off-by: Eric Dumazet <> Signed-off-by: David S. Miller <>