linux/net/unix
Kuniyuki Iwashima 412f97f360 af_unix: Don't retry after unix_state_lock_nested() in unix_stream_connect().
[ Upstream commit 1ca27e0c8c ]

When a SOCK_(STREAM|SEQPACKET) socket connect()s to another one, we need
to lock the two sockets to check their states in unix_stream_connect().

We use unix_state_lock() for the server and unix_state_lock_nested() for
client with tricky sk->sk_state check to avoid deadlock.

The possible deadlock scenario are the following:

  1) Self connect()
  2) Simultaneous connect()

The former is simple, attempt to grab the same lock, and the latter is
AB-BA deadlock.

After the server's unix_state_lock(), we check the server socket's state,
and if it's not TCP_LISTEN, connect() fails with -EINVAL.

Then, we avoid the former deadlock by checking the client's state before
unix_state_lock_nested().  If its state is not TCP_LISTEN, we can make
sure that the client and the server are not identical based on the state.

Also, the latter deadlock can be avoided in the same way.  Due to the
server sk->sk_state requirement, AB-BA deadlock could happen only with
TCP_LISTEN sockets.  So, if the client's state is TCP_LISTEN, we can
give up the second lock to avoid the deadlock.

  CPU 1                 CPU 2                  CPU 3
  connect(A -> B)       connect(B -> A)        listen(A)
  ---                   ---                    ---
  unix_state_lock(B)
  B->sk_state == TCP_LISTEN
  READ_ONCE(A->sk_state) == TCP_CLOSE
                            ^^^^^^^^^
                            ok, will lock A    unix_state_lock(A)
             .--------------'                  WRITE_ONCE(A->sk_state, TCP_LISTEN)
             |                                 unix_state_unlock(A)
             |
             |          unix_state_lock(A)
             |          A->sk_sk_state == TCP_LISTEN
             |          READ_ONCE(B->sk_state) == TCP_LISTEN
             v                                    ^^^^^^^^^^
  unix_state_lock_nested(A)                       Don't lock B !!

Currently, while checking the client's state, we also check if it's
TCP_ESTABLISHED, but this is unlikely and can be checked after we know
the state is not TCP_CLOSE.

Moreover, if it happens after the second lock, we now jump to the restart
label, but it's unlikely that the server is not found during the retry,
so the jump is mostly to revist the client state check.

Let's remove the retry logic and check the state against TCP_CLOSE first.

Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-08-14 13:58:43 +02:00
..
af_unix.c af_unix: Don't retry after unix_state_lock_nested() in unix_stream_connect(). 2024-08-14 13:58:43 +02:00
diag.c af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). 2024-06-21 14:38:20 +02:00
garbage.c af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). 2024-05-02 16:32:40 +02:00
Kconfig af_unix: Kconfig: make CONFIG_UNIX bool 2023-06-12 10:45:50 +01:00
Makefile af_unix: Implement ->psock_update_sk_prot() 2021-07-15 18:17:50 -07:00
scm.c af_unix: Do not use atomic ops for unix_sk(sk)->inflight. 2024-04-17 11:19:32 +02:00
scm.h net: split out functions related to registering inflight socket files 2019-02-28 08:24:23 -07:00
sysctl_net_unix.c networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
unix_bpf.c af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash 2024-08-03 08:54:36 +02:00