af_unix: Use consume_skb() in connect() and sendmsg().

This is based on Donald Hunter's patch.

These functions could fail for various reasons, sometimes
triggering kfree_skb().

  * unix_stream_connect() : connect()
  * unix_stream_sendmsg() : sendmsg()
  * queue_oob()           : sendmsg(MSG_OOB)
  * unix_dgram_sendmsg()  : sendmsg()

Such kfree_skb() is tied to the errno of connect() and
sendmsg(), and we need not define skb drop reasons.

Let's use consume_skb() not to churn kfree_skb() events.

Link: https://lore.kernel.org/netdev/eb30b164-7f86-46bf-a5d3-0f8bda5e9398@redhat.com/
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250116053441.5758-10-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 43a45cf06f2e8b40f832e9dcb35ac51d467b4871..34945de1fb1fa3de21c1aa863852699aa2fb83f1 100644 (file)
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1701,7 +1701,7 @@ out_unlock:
        unix_state_unlock(other);
        sock_put(other);
 out_free_skb:
-       kfree_skb(skb);
+       consume_skb(skb);
 out_free_sk:
        unix_release_sock(newsk, 0);
 out:
@@ -2172,7 +2172,7 @@ out_unlock:
 out_sock_put:
        sock_put(other);
 out_free:
-       kfree_skb(skb);
+       consume_skb(skb);
 out:
        scm_destroy(&scm);
        return err;
@@ -2189,7 +2189,7 @@ static int queue_oob(struct socket *sock, struct msghdr *msg, struct sock *other
 {
        struct unix_sock *ousk = unix_sk(other);
        struct sk_buff *skb;
-       int err = 0;
+       int err;
 
        skb = sock_alloc_send_skb(sock->sk, 1, msg->msg_flags & MSG_DONTWAIT, &err);
 
@@ -2197,25 +2197,22 @@ static int queue_oob(struct socket *sock, struct msghdr *msg, struct sock *other
                return err;
 
        err = unix_scm_to_skb(scm, skb, !fds_sent);
-       if (err < 0) {
-               kfree_skb(skb);
-               return err;
-       }
+       if (err < 0)
+               goto out;
+
        skb_put(skb, 1);
        err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, 1);
 
-       if (err) {
-               kfree_skb(skb);
-               return err;
-       }
+       if (err)
+               goto out;
 
        unix_state_lock(other);
 
        if (sock_flag(other, SOCK_DEAD) ||
            (other->sk_shutdown & RCV_SHUTDOWN)) {
                unix_state_unlock(other);
-               kfree_skb(skb);
-               return -EPIPE;
+               err = -EPIPE;
+               goto out;
        }
 
        maybe_add_creds(skb, sock, other);
@@ -2230,6 +2227,9 @@ static int queue_oob(struct socket *sock, struct msghdr *msg, struct sock *other
        unix_state_unlock(other);
        other->sk_data_ready(other);
 
+       return 0;
+out:
+       consume_skb(skb);
        return err;
 }
 #endif
@@ -2359,7 +2359,7 @@ out_pipe:
                send_sig(SIGPIPE, current, 0);
        err = -EPIPE;
 out_free:
-       kfree_skb(skb);
+       consume_skb(skb);
 out_err:
        scm_destroy(&scm);
        return sent ? : err;