af_unix: Cache state->msg in unix_stream_read_generic().

[ Upstream commit 8b77338eb2af74bb93986e4a8cfd86724168fe39 ]

In unix_stream_read_generic(), state->msg is fetched multiple times.

Let's cache it in a local variable.

Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20250702223606.1054680-6-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 7bf3a476ce43 ("af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic().")
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 45f8e21829ecd07c628b6f872a8c58bf8e96097c..26d37a90b755d04da359b1dc80aab58c6434a745 100644 (file)
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2769,20 +2769,21 @@ static int unix_stream_read_skb(struct sock *sk, skb_read_actor_t recv_actor)
 static int unix_stream_read_generic(struct unix_stream_read_state *state,
                                    bool freezable)
 {
-       struct scm_cookie scm;
+       int noblock = state->flags & MSG_DONTWAIT;
        struct socket *sock = state->socket;
+       struct msghdr *msg = state->msg;
        struct sock *sk = sock->sk;
-       struct unix_sock *u = unix_sk(sk);
-       int copied = 0;
+       size_t size = state->size;
        int flags = state->flags;
-       int noblock = flags & MSG_DONTWAIT;
        bool check_creds = false;
-       int target;
+       struct scm_cookie scm;
+       unsigned int last_len;
+       struct unix_sock *u;
+       int copied = 0;
        int err = 0;
        long timeo;
+       int target;
        int skip;
-       size_t size = state->size;
-       unsigned int last_len;
 
        if (unlikely(READ_ONCE(sk->sk_state) != TCP_ESTABLISHED)) {
                err = -EINVAL;
@@ -2802,6 +2803,8 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state,
 
        memset(&scm, 0, sizeof(scm));
 
+       u = unix_sk(sk);
+
        /* Lock the socket to prevent queue disordering
         * while sleeps in memcpy_tomsg
         */
@@ -2894,14 +2897,12 @@ unlock:
                }
 
                /* Copy address just once */
-               if (state->msg && state->msg->msg_name) {
-                       DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
-                                        state->msg->msg_name);
-                       unix_copy_addr(state->msg, skb->sk);
+               if (msg && msg->msg_name) {
+                       DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
 
-                       BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
-                                                             state->msg->msg_name,
-                                                             &state->msg->msg_namelen);
+                       unix_copy_addr(msg, skb->sk);
+                       BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk, msg->msg_name,
+                                                             &msg->msg_namelen);
 
                        sunaddr = NULL;
                }
@@ -2959,8 +2960,8 @@ unlock:
        } while (size);
 
        mutex_unlock(&u->iolock);
-       if (state->msg)
-               scm_recv_unix(sock, state->msg, &scm, flags);
+       if (msg)
+               scm_recv_unix(sock, msg, &scm, flags);
        else
                scm_destroy(&scm);
 out: