* [PATCH 1/1] AF_UNIX: Fix poll locking problem when reading from a stream socket
@ 2011-11-21 23:35 Alexey Moiseytsev
2011-11-22 5:23 ` Eric Dumazet
0 siblings, 1 reply; 3+ messages in thread
From: Alexey Moiseytsev @ 2011-11-21 23:35 UTC (permalink / raw)
To: David S. Miller, Eric Dumazet; +Cc: netdev, linux-kernel, Alexey Moiseytsev
poll() call may be locked by concurrent reading from the same stream
socket.
Signed-off-by: Alexey Moiseytsev <himeraster@gmail.com>
---
net/unix/af_unix.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 466fbcc..b595a3d 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1957,6 +1957,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
if ((UNIXCB(skb).pid != siocb->scm->pid) ||
(UNIXCB(skb).cred != siocb->scm->cred)) {
skb_queue_head(&sk->sk_receive_queue, skb);
+ sk->sk_data_ready(sk, skb->len);
break;
}
} else {
@@ -1974,6 +1975,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
chunk = min_t(unsigned int, skb->len, size);
if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
skb_queue_head(&sk->sk_receive_queue, skb);
+ sk->sk_data_ready(sk, skb->len);
if (copied == 0)
copied = -EFAULT;
break;
@@ -1991,6 +1993,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
/* put the skb back if we didn't use it up.. */
if (skb->len) {
skb_queue_head(&sk->sk_receive_queue, skb);
+ sk->sk_data_ready(sk, skb->len);
break;
}
@@ -2006,6 +2009,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
/* put message back and return */
skb_queue_head(&sk->sk_receive_queue, skb);
+ sk->sk_data_ready(sk, skb->len);
break;
}
} while (size);
--
1.7.2.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] AF_UNIX: Fix poll locking problem when reading from a stream socket
2011-11-21 23:35 [PATCH 1/1] AF_UNIX: Fix poll locking problem when reading from a stream socket Alexey Moiseytsev
@ 2011-11-22 5:23 ` Eric Dumazet
2011-11-26 21:35 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: Eric Dumazet @ 2011-11-22 5:23 UTC (permalink / raw)
To: Alexey Moiseytsev; +Cc: David S. Miller, netdev, linux-kernel
Le mardi 22 novembre 2011 à 03:35 +0400, Alexey Moiseytsev a écrit :
> poll() call may be locked by concurrent reading from the same stream
> socket.
>
> Signed-off-by: Alexey Moiseytsev <himeraster@gmail.com>
> ---
> net/unix/af_unix.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> index 466fbcc..b595a3d 100644
> --- a/net/unix/af_unix.c
> +++ b/net/unix/af_unix.c
> @@ -1957,6 +1957,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
> if ((UNIXCB(skb).pid != siocb->scm->pid) ||
> (UNIXCB(skb).cred != siocb->scm->cred)) {
> skb_queue_head(&sk->sk_receive_queue, skb);
> + sk->sk_data_ready(sk, skb->len);
> break;
> }
> } else {
> @@ -1974,6 +1975,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
> chunk = min_t(unsigned int, skb->len, size);
> if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
> skb_queue_head(&sk->sk_receive_queue, skb);
> + sk->sk_data_ready(sk, skb->len);
> if (copied == 0)
> copied = -EFAULT;
> break;
> @@ -1991,6 +1993,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
> /* put the skb back if we didn't use it up.. */
> if (skb->len) {
> skb_queue_head(&sk->sk_receive_queue, skb);
> + sk->sk_data_ready(sk, skb->len);
> break;
> }
>
> @@ -2006,6 +2009,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
>
> /* put message back and return */
> skb_queue_head(&sk->sk_receive_queue, skb);
> + sk->sk_data_ready(sk, skb->len);
> break;
> }
> } while (size);
Fine, the fix is technically correct since we own u->readlock mutex,
another thread cannot consume the just requeued skb.
Small note : the words "locking" and "locked" are more used to describe
the action of taking a spinlock/mutex/rwlock or something, while the bug
you fixed is more about poll() system call being blocked/frozen forever.
Thanks !
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] AF_UNIX: Fix poll locking problem when reading from a stream socket
2011-11-22 5:23 ` Eric Dumazet
@ 2011-11-26 21:35 ` David Miller
0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2011-11-26 21:35 UTC (permalink / raw)
To: eric.dumazet; +Cc: himeraster, netdev, linux-kernel
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue, 22 Nov 2011 06:23:01 +0100
> Le mardi 22 novembre 2011 à 03:35 +0400, Alexey Moiseytsev a écrit :
>> poll() call may be locked by concurrent reading from the same stream
>> socket.
>>
>> Signed-off-by: Alexey Moiseytsev <himeraster@gmail.com>
..
> Fine, the fix is technically correct since we own u->readlock mutex,
> another thread cannot consume the just requeued skb.
>
> Small note : the words "locking" and "locked" are more used to describe
> the action of taking a spinlock/mutex/rwlock or something, while the bug
> you fixed is more about poll() system call being blocked/frozen forever.
>
> Thanks !
>
> Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Applied, with 'lock{ing,ed}' adjusted to 'block{ing,ed}'.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-11-26 21:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-21 23:35 [PATCH 1/1] AF_UNIX: Fix poll locking problem when reading from a stream socket Alexey Moiseytsev
2011-11-22 5:23 ` Eric Dumazet
2011-11-26 21:35 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).