2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #include <linux/module.h>
84 #include <linux/kernel.h>
85 #include <linux/signal.h>
86 #include <linux/sched.h>
87 #include <linux/errno.h>
88 #include <linux/string.h>
89 #include <linux/stat.h>
90 #include <linux/dcache.h>
91 #include <linux/namei.h>
92 #include <linux/socket.h>
94 #include <linux/fcntl.h>
95 #include <linux/termios.h>
96 #include <linux/sockios.h>
97 #include <linux/net.h>
100 #include <linux/slab.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <net/net_namespace.h>
105 #include <net/sock.h>
106 #include <net/tcp_states.h>
107 #include <net/af_unix.h>
108 #include <linux/proc_fs.h>
109 #include <linux/seq_file.h>
111 #include <linux/init.h>
112 #include <linux/poll.h>
113 #include <linux/rtnetlink.h>
114 #include <linux/mount.h>
115 #include <net/checksum.h>
116 #include <linux/security.h>
118 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
119 EXPORT_SYMBOL_GPL(unix_socket_table);
120 DEFINE_SPINLOCK(unix_table_lock);
121 EXPORT_SYMBOL_GPL(unix_table_lock);
122 static atomic_long_t unix_nr_socks;
125 static struct hlist_head *unix_sockets_unbound(void *addr)
127 unsigned long hash = (unsigned long)addr;
131 hash %= UNIX_HASH_SIZE;
132 return &unix_socket_table[UNIX_HASH_SIZE + hash];
135 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
137 #ifdef CONFIG_SECURITY_NETWORK
138 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
140 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
143 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
145 scm->secid = *UNIXSID(skb);
148 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
151 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
153 #endif /* CONFIG_SECURITY_NETWORK */
156 * SMP locking strategy:
157 * hash table is protected with spinlock unix_table_lock
158 * each socket state is protected by separate spin lock.
161 static inline unsigned int unix_hash_fold(__wsum n)
163 unsigned int hash = (__force unsigned int)n;
167 return hash&(UNIX_HASH_SIZE-1);
170 #define unix_peer(sk) (unix_sk(sk)->peer)
172 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
174 return unix_peer(osk) == sk;
177 static inline int unix_may_send(struct sock *sk, struct sock *osk)
179 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
182 static inline int unix_recvq_full(struct sock const *sk)
184 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
187 struct sock *unix_peer_get(struct sock *s)
195 unix_state_unlock(s);
198 EXPORT_SYMBOL_GPL(unix_peer_get);
200 static inline void unix_release_addr(struct unix_address *addr)
202 if (atomic_dec_and_test(&addr->refcnt))
207 * Check unix socket name:
208 * - should be not zero length.
209 * - if started by not zero, should be NULL terminated (FS object)
210 * - if started by zero, it is abstract name.
213 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
215 if (len <= sizeof(short) || len > sizeof(*sunaddr))
217 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
219 if (sunaddr->sun_path[0]) {
221 * This may look like an off by one error but it is a bit more
222 * subtle. 108 is the longest valid AF_UNIX path for a binding.
223 * sun_path[108] doesn't as such exist. However in kernel space
224 * we are guaranteed that it is a valid memory location in our
225 * kernel address buffer.
227 ((char *)sunaddr)[len] = 0;
228 len = strlen(sunaddr->sun_path)+1+sizeof(short);
232 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
236 static void __unix_remove_socket(struct sock *sk)
238 sk_del_node_init(sk);
241 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
243 WARN_ON(!sk_unhashed(sk));
244 sk_add_node(sk, list);
247 static inline void unix_remove_socket(struct sock *sk)
249 spin_lock(&unix_table_lock);
250 __unix_remove_socket(sk);
251 spin_unlock(&unix_table_lock);
254 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
256 spin_lock(&unix_table_lock);
257 __unix_insert_socket(list, sk);
258 spin_unlock(&unix_table_lock);
261 static struct sock *__unix_find_socket_byname(struct net *net,
262 struct sockaddr_un *sunname,
263 int len, int type, unsigned int hash)
267 sk_for_each(s, &unix_socket_table[hash ^ type]) {
268 struct unix_sock *u = unix_sk(s);
270 if (!net_eq(sock_net(s), net))
273 if (u->addr->len == len &&
274 !memcmp(u->addr->name, sunname, len))
282 static inline struct sock *unix_find_socket_byname(struct net *net,
283 struct sockaddr_un *sunname,
289 spin_lock(&unix_table_lock);
290 s = __unix_find_socket_byname(net, sunname, len, type, hash);
293 spin_unlock(&unix_table_lock);
297 static struct sock *unix_find_socket_byinode(struct inode *i)
301 spin_lock(&unix_table_lock);
303 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
304 struct dentry *dentry = unix_sk(s)->path.dentry;
306 if (dentry && dentry->d_inode == i) {
313 spin_unlock(&unix_table_lock);
317 static inline int unix_writable(struct sock *sk)
319 return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
322 static void unix_write_space(struct sock *sk)
324 struct socket_wq *wq;
327 if (unix_writable(sk)) {
328 wq = rcu_dereference(sk->sk_wq);
329 if (wq_has_sleeper(wq))
330 wake_up_interruptible_sync_poll(&wq->wait,
331 POLLOUT | POLLWRNORM | POLLWRBAND);
332 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
337 /* When dgram socket disconnects (or changes its peer), we clear its receive
338 * queue of packets arrived from previous peer. First, it allows to do
339 * flow control based only on wmem_alloc; second, sk connected to peer
340 * may receive messages only from that peer. */
341 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
343 if (!skb_queue_empty(&sk->sk_receive_queue)) {
344 skb_queue_purge(&sk->sk_receive_queue);
345 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
347 /* If one link of bidirectional dgram pipe is disconnected,
348 * we signal error. Messages are lost. Do not make this,
349 * when peer was not connected to us.
351 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
352 other->sk_err = ECONNRESET;
353 other->sk_error_report(other);
358 static void unix_sock_destructor(struct sock *sk)
360 struct unix_sock *u = unix_sk(sk);
362 skb_queue_purge(&sk->sk_receive_queue);
364 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
365 WARN_ON(!sk_unhashed(sk));
366 WARN_ON(sk->sk_socket);
367 if (!sock_flag(sk, SOCK_DEAD)) {
368 printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
373 unix_release_addr(u->addr);
375 atomic_long_dec(&unix_nr_socks);
377 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
379 #ifdef UNIX_REFCNT_DEBUG
380 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
381 atomic_long_read(&unix_nr_socks));
385 static int unix_release_sock(struct sock *sk, int embrion)
387 struct unix_sock *u = unix_sk(sk);
393 unix_remove_socket(sk);
398 sk->sk_shutdown = SHUTDOWN_MASK;
400 u->path.dentry = NULL;
402 state = sk->sk_state;
403 sk->sk_state = TCP_CLOSE;
404 unix_state_unlock(sk);
406 wake_up_interruptible_all(&u->peer_wait);
408 skpair = unix_peer(sk);
410 if (skpair != NULL) {
411 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
412 unix_state_lock(skpair);
414 skpair->sk_shutdown = SHUTDOWN_MASK;
415 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
416 skpair->sk_err = ECONNRESET;
417 unix_state_unlock(skpair);
418 skpair->sk_state_change(skpair);
419 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
421 sock_put(skpair); /* It may now die */
422 unix_peer(sk) = NULL;
425 /* Try to flush out this socket. Throw out buffers at least */
427 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
428 if (state == TCP_LISTEN)
429 unix_release_sock(skb->sk, 1);
430 /* passed fds are erased in the kfree_skb hook */
439 /* ---- Socket is dead now and most probably destroyed ---- */
442 * Fixme: BSD difference: In BSD all sockets connected to us get
443 * ECONNRESET and we die on the spot. In Linux we behave
444 * like files and pipes do and wait for the last
447 * Can't we simply set sock->err?
449 * What the above comment does talk about? --ANK(980817)
452 if (unix_tot_inflight)
453 unix_gc(); /* Garbage collect fds */
458 static void init_peercred(struct sock *sk)
460 put_pid(sk->sk_peer_pid);
461 if (sk->sk_peer_cred)
462 put_cred(sk->sk_peer_cred);
463 sk->sk_peer_pid = get_pid(task_tgid(current));
464 sk->sk_peer_cred = get_current_cred();
467 static void copy_peercred(struct sock *sk, struct sock *peersk)
469 put_pid(sk->sk_peer_pid);
470 if (sk->sk_peer_cred)
471 put_cred(sk->sk_peer_cred);
472 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
473 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
476 static int unix_listen(struct socket *sock, int backlog)
479 struct sock *sk = sock->sk;
480 struct unix_sock *u = unix_sk(sk);
481 struct pid *old_pid = NULL;
484 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
485 goto out; /* Only stream/seqpacket sockets accept */
488 goto out; /* No listens on an unbound socket */
490 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
492 if (backlog > sk->sk_max_ack_backlog)
493 wake_up_interruptible_all(&u->peer_wait);
494 sk->sk_max_ack_backlog = backlog;
495 sk->sk_state = TCP_LISTEN;
496 /* set credentials so connect can copy them */
501 unix_state_unlock(sk);
507 static int unix_release(struct socket *);
508 static int unix_bind(struct socket *, struct sockaddr *, int);
509 static int unix_stream_connect(struct socket *, struct sockaddr *,
510 int addr_len, int flags);
511 static int unix_socketpair(struct socket *, struct socket *);
512 static int unix_accept(struct socket *, struct socket *, int);
513 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
514 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
515 static unsigned int unix_dgram_poll(struct file *, struct socket *,
517 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
518 static int unix_shutdown(struct socket *, int);
519 static int unix_stream_sendmsg(struct kiocb *, struct socket *,
520 struct msghdr *, size_t);
521 static int unix_stream_recvmsg(struct kiocb *, struct socket *,
522 struct msghdr *, size_t, int);
523 static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
524 struct msghdr *, size_t);
525 static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
526 struct msghdr *, size_t, int);
527 static int unix_dgram_connect(struct socket *, struct sockaddr *,
529 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
530 struct msghdr *, size_t);
531 static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
532 struct msghdr *, size_t, int);
534 static void unix_set_peek_off(struct sock *sk, int val)
536 struct unix_sock *u = unix_sk(sk);
538 mutex_lock(&u->readlock);
539 sk->sk_peek_off = val;
540 mutex_unlock(&u->readlock);
544 static const struct proto_ops unix_stream_ops = {
546 .owner = THIS_MODULE,
547 .release = unix_release,
549 .connect = unix_stream_connect,
550 .socketpair = unix_socketpair,
551 .accept = unix_accept,
552 .getname = unix_getname,
555 .listen = unix_listen,
556 .shutdown = unix_shutdown,
557 .setsockopt = sock_no_setsockopt,
558 .getsockopt = sock_no_getsockopt,
559 .sendmsg = unix_stream_sendmsg,
560 .recvmsg = unix_stream_recvmsg,
561 .mmap = sock_no_mmap,
562 .sendpage = sock_no_sendpage,
563 .set_peek_off = unix_set_peek_off,
566 static const struct proto_ops unix_dgram_ops = {
568 .owner = THIS_MODULE,
569 .release = unix_release,
571 .connect = unix_dgram_connect,
572 .socketpair = unix_socketpair,
573 .accept = sock_no_accept,
574 .getname = unix_getname,
575 .poll = unix_dgram_poll,
577 .listen = sock_no_listen,
578 .shutdown = unix_shutdown,
579 .setsockopt = sock_no_setsockopt,
580 .getsockopt = sock_no_getsockopt,
581 .sendmsg = unix_dgram_sendmsg,
582 .recvmsg = unix_dgram_recvmsg,
583 .mmap = sock_no_mmap,
584 .sendpage = sock_no_sendpage,
585 .set_peek_off = unix_set_peek_off,
588 static const struct proto_ops unix_seqpacket_ops = {
590 .owner = THIS_MODULE,
591 .release = unix_release,
593 .connect = unix_stream_connect,
594 .socketpair = unix_socketpair,
595 .accept = unix_accept,
596 .getname = unix_getname,
597 .poll = unix_dgram_poll,
599 .listen = unix_listen,
600 .shutdown = unix_shutdown,
601 .setsockopt = sock_no_setsockopt,
602 .getsockopt = sock_no_getsockopt,
603 .sendmsg = unix_seqpacket_sendmsg,
604 .recvmsg = unix_seqpacket_recvmsg,
605 .mmap = sock_no_mmap,
606 .sendpage = sock_no_sendpage,
607 .set_peek_off = unix_set_peek_off,
610 static struct proto unix_proto = {
612 .owner = THIS_MODULE,
613 .obj_size = sizeof(struct unix_sock),
617 * AF_UNIX sockets do not interact with hardware, hence they
618 * dont trigger interrupts - so it's safe for them to have
619 * bh-unsafe locking for their sk_receive_queue.lock. Split off
620 * this special lock-class by reinitializing the spinlock key:
622 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
624 static struct sock *unix_create1(struct net *net, struct socket *sock)
626 struct sock *sk = NULL;
629 atomic_long_inc(&unix_nr_socks);
630 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
633 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
637 sock_init_data(sock, sk);
638 lockdep_set_class(&sk->sk_receive_queue.lock,
639 &af_unix_sk_receive_queue_lock_key);
641 sk->sk_write_space = unix_write_space;
642 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
643 sk->sk_destruct = unix_sock_destructor;
645 u->path.dentry = NULL;
647 spin_lock_init(&u->lock);
648 atomic_long_set(&u->inflight, 0);
649 INIT_LIST_HEAD(&u->link);
650 mutex_init(&u->readlock); /* single task reading lock */
651 init_waitqueue_head(&u->peer_wait);
652 unix_insert_socket(unix_sockets_unbound(sk), sk);
655 atomic_long_dec(&unix_nr_socks);
658 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
664 static int unix_create(struct net *net, struct socket *sock, int protocol,
667 if (protocol && protocol != PF_UNIX)
668 return -EPROTONOSUPPORT;
670 sock->state = SS_UNCONNECTED;
672 switch (sock->type) {
674 sock->ops = &unix_stream_ops;
677 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
681 sock->type = SOCK_DGRAM;
683 sock->ops = &unix_dgram_ops;
686 sock->ops = &unix_seqpacket_ops;
689 return -ESOCKTNOSUPPORT;
692 return unix_create1(net, sock) ? 0 : -ENOMEM;
695 static int unix_release(struct socket *sock)
697 struct sock *sk = sock->sk;
704 return unix_release_sock(sk, 0);
707 static int unix_autobind(struct socket *sock)
709 struct sock *sk = sock->sk;
710 struct net *net = sock_net(sk);
711 struct unix_sock *u = unix_sk(sk);
712 static u32 ordernum = 1;
713 struct unix_address *addr;
715 unsigned int retries = 0;
717 mutex_lock(&u->readlock);
724 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
728 addr->name->sun_family = AF_UNIX;
729 atomic_set(&addr->refcnt, 1);
732 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
733 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
735 spin_lock(&unix_table_lock);
736 ordernum = (ordernum+1)&0xFFFFF;
738 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
740 spin_unlock(&unix_table_lock);
742 * __unix_find_socket_byname() may take long time if many names
743 * are already in use.
746 /* Give up if all names seems to be in use. */
747 if (retries++ == 0xFFFFF) {
754 addr->hash ^= sk->sk_type;
756 __unix_remove_socket(sk);
758 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
759 spin_unlock(&unix_table_lock);
762 out: mutex_unlock(&u->readlock);
766 static struct sock *unix_find_other(struct net *net,
767 struct sockaddr_un *sunname, int len,
768 int type, unsigned int hash, int *error)
774 if (sunname->sun_path[0]) {
776 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
779 inode = path.dentry->d_inode;
780 err = inode_permission(inode, MAY_WRITE);
785 if (!S_ISSOCK(inode->i_mode))
787 u = unix_find_socket_byinode(inode);
791 if (u->sk_type == type)
797 if (u->sk_type != type) {
803 u = unix_find_socket_byname(net, sunname, len, type, hash);
805 struct dentry *dentry;
806 dentry = unix_sk(u)->path.dentry;
808 touch_atime(&unix_sk(u)->path);
821 static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
823 struct dentry *dentry;
827 * Get the parent directory, calculate the hash for last
830 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
831 err = PTR_ERR(dentry);
836 * All right, let's create it.
838 err = security_path_mknod(&path, dentry, mode, 0);
840 err = vfs_mknod(path.dentry->d_inode, dentry, mode, 0);
842 res->mnt = mntget(path.mnt);
843 res->dentry = dget(dentry);
846 done_path_create(&path, dentry);
850 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
852 struct sock *sk = sock->sk;
853 struct net *net = sock_net(sk);
854 struct unix_sock *u = unix_sk(sk);
855 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
856 char *sun_path = sunaddr->sun_path;
859 struct unix_address *addr;
860 struct hlist_head *list;
863 if (sunaddr->sun_family != AF_UNIX)
866 if (addr_len == sizeof(short)) {
867 err = unix_autobind(sock);
871 err = unix_mkname(sunaddr, addr_len, &hash);
876 mutex_lock(&u->readlock);
883 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
887 memcpy(addr->name, sunaddr, addr_len);
888 addr->len = addr_len;
889 addr->hash = hash ^ sk->sk_type;
890 atomic_set(&addr->refcnt, 1);
894 umode_t mode = S_IFSOCK |
895 (SOCK_INODE(sock)->i_mode & ~current_umask());
896 err = unix_mknod(sun_path, mode, &path);
900 unix_release_addr(addr);
903 addr->hash = UNIX_HASH_SIZE;
904 hash = path.dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1);
905 spin_lock(&unix_table_lock);
907 list = &unix_socket_table[hash];
909 spin_lock(&unix_table_lock);
911 if (__unix_find_socket_byname(net, sunaddr, addr_len,
912 sk->sk_type, hash)) {
913 unix_release_addr(addr);
917 list = &unix_socket_table[addr->hash];
921 __unix_remove_socket(sk);
923 __unix_insert_socket(list, sk);
926 spin_unlock(&unix_table_lock);
928 mutex_unlock(&u->readlock);
933 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
935 if (unlikely(sk1 == sk2) || !sk2) {
936 unix_state_lock(sk1);
940 unix_state_lock(sk1);
941 unix_state_lock_nested(sk2);
943 unix_state_lock(sk2);
944 unix_state_lock_nested(sk1);
948 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
950 if (unlikely(sk1 == sk2) || !sk2) {
951 unix_state_unlock(sk1);
954 unix_state_unlock(sk1);
955 unix_state_unlock(sk2);
958 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
961 struct sock *sk = sock->sk;
962 struct net *net = sock_net(sk);
963 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
968 if (addr->sa_family != AF_UNSPEC) {
969 err = unix_mkname(sunaddr, alen, &hash);
974 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
975 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
979 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
983 unix_state_double_lock(sk, other);
985 /* Apparently VFS overslept socket death. Retry. */
986 if (sock_flag(other, SOCK_DEAD)) {
987 unix_state_double_unlock(sk, other);
993 if (!unix_may_send(sk, other))
996 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1002 * 1003.1g breaking connected state with AF_UNSPEC
1005 unix_state_double_lock(sk, other);
1009 * If it was connected, reconnect.
1011 if (unix_peer(sk)) {
1012 struct sock *old_peer = unix_peer(sk);
1013 unix_peer(sk) = other;
1014 unix_state_double_unlock(sk, other);
1016 if (other != old_peer)
1017 unix_dgram_disconnected(sk, old_peer);
1020 unix_peer(sk) = other;
1021 unix_state_double_unlock(sk, other);
1026 unix_state_double_unlock(sk, other);
1032 static long unix_wait_for_peer(struct sock *other, long timeo)
1034 struct unix_sock *u = unix_sk(other);
1038 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1040 sched = !sock_flag(other, SOCK_DEAD) &&
1041 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1042 unix_recvq_full(other);
1044 unix_state_unlock(other);
1047 timeo = schedule_timeout(timeo);
1049 finish_wait(&u->peer_wait, &wait);
1053 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1054 int addr_len, int flags)
1056 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1057 struct sock *sk = sock->sk;
1058 struct net *net = sock_net(sk);
1059 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1060 struct sock *newsk = NULL;
1061 struct sock *other = NULL;
1062 struct sk_buff *skb = NULL;
1068 err = unix_mkname(sunaddr, addr_len, &hash);
1073 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1074 (err = unix_autobind(sock)) != 0)
1077 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1079 /* First of all allocate resources.
1080 If we will make it after state is locked,
1081 we will have to recheck all again in any case.
1086 /* create new sock for complete connection */
1087 newsk = unix_create1(sock_net(sk), NULL);
1091 /* Allocate skb for sending to listening sock */
1092 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1097 /* Find listening sock. */
1098 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1102 /* Latch state of peer */
1103 unix_state_lock(other);
1105 /* Apparently VFS overslept socket death. Retry. */
1106 if (sock_flag(other, SOCK_DEAD)) {
1107 unix_state_unlock(other);
1112 err = -ECONNREFUSED;
1113 if (other->sk_state != TCP_LISTEN)
1115 if (other->sk_shutdown & RCV_SHUTDOWN)
1118 if (unix_recvq_full(other)) {
1123 timeo = unix_wait_for_peer(other, timeo);
1125 err = sock_intr_errno(timeo);
1126 if (signal_pending(current))
1134 It is tricky place. We need to grab our state lock and cannot
1135 drop lock on peer. It is dangerous because deadlock is
1136 possible. Connect to self case and simultaneous
1137 attempt to connect are eliminated by checking socket
1138 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1139 check this before attempt to grab lock.
1141 Well, and we have to recheck the state after socket locked.
1147 /* This is ok... continue with connect */
1149 case TCP_ESTABLISHED:
1150 /* Socket is already connected */
1158 unix_state_lock_nested(sk);
1160 if (sk->sk_state != st) {
1161 unix_state_unlock(sk);
1162 unix_state_unlock(other);
1167 err = security_unix_stream_connect(sk, other, newsk);
1169 unix_state_unlock(sk);
1173 /* The way is open! Fastly set all the necessary fields... */
1176 unix_peer(newsk) = sk;
1177 newsk->sk_state = TCP_ESTABLISHED;
1178 newsk->sk_type = sk->sk_type;
1179 init_peercred(newsk);
1180 newu = unix_sk(newsk);
1181 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1182 otheru = unix_sk(other);
1184 /* copy address information from listening to new sock*/
1186 atomic_inc(&otheru->addr->refcnt);
1187 newu->addr = otheru->addr;
1189 if (otheru->path.dentry) {
1190 path_get(&otheru->path);
1191 newu->path = otheru->path;
1194 /* Set credentials */
1195 copy_peercred(sk, other);
1197 sock->state = SS_CONNECTED;
1198 sk->sk_state = TCP_ESTABLISHED;
1201 smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1202 unix_peer(sk) = newsk;
1204 unix_state_unlock(sk);
1206 /* take ten and and send info to listening sock */
1207 spin_lock(&other->sk_receive_queue.lock);
1208 __skb_queue_tail(&other->sk_receive_queue, skb);
1209 spin_unlock(&other->sk_receive_queue.lock);
1210 unix_state_unlock(other);
1211 other->sk_data_ready(other, 0);
1217 unix_state_unlock(other);
1222 unix_release_sock(newsk, 0);
1228 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1230 struct sock *ska = socka->sk, *skb = sockb->sk;
1232 /* Join our sockets back to back */
1235 unix_peer(ska) = skb;
1236 unix_peer(skb) = ska;
1240 if (ska->sk_type != SOCK_DGRAM) {
1241 ska->sk_state = TCP_ESTABLISHED;
1242 skb->sk_state = TCP_ESTABLISHED;
1243 socka->state = SS_CONNECTED;
1244 sockb->state = SS_CONNECTED;
1249 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1251 struct sock *sk = sock->sk;
1253 struct sk_buff *skb;
1257 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1261 if (sk->sk_state != TCP_LISTEN)
1264 /* If socket state is TCP_LISTEN it cannot change (for now...),
1265 * so that no locks are necessary.
1268 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1270 /* This means receive shutdown. */
1277 skb_free_datagram(sk, skb);
1278 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1280 /* attach accepted sock to socket */
1281 unix_state_lock(tsk);
1282 newsock->state = SS_CONNECTED;
1283 sock_graft(tsk, newsock);
1284 unix_state_unlock(tsk);
1292 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1294 struct sock *sk = sock->sk;
1295 struct unix_sock *u;
1296 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1300 sk = unix_peer_get(sk);
1311 unix_state_lock(sk);
1313 sunaddr->sun_family = AF_UNIX;
1314 sunaddr->sun_path[0] = 0;
1315 *uaddr_len = sizeof(short);
1317 struct unix_address *addr = u->addr;
1319 *uaddr_len = addr->len;
1320 memcpy(sunaddr, addr->name, *uaddr_len);
1322 unix_state_unlock(sk);
1328 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1332 scm->fp = UNIXCB(skb).fp;
1333 UNIXCB(skb).fp = NULL;
1335 for (i = scm->fp->count-1; i >= 0; i--)
1336 unix_notinflight(scm->fp->fp[i]);
1339 static void unix_destruct_scm(struct sk_buff *skb)
1341 struct scm_cookie scm;
1342 memset(&scm, 0, sizeof(scm));
1343 scm.pid = UNIXCB(skb).pid;
1344 scm.cred = UNIXCB(skb).cred;
1346 unix_detach_fds(&scm, skb);
1348 /* Alas, it calls VFS */
1349 /* So fscking what? fput() had been SMP-safe since the last Summer */
1354 #define MAX_RECURSION_LEVEL 4
1356 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1359 unsigned char max_level = 0;
1360 int unix_sock_count = 0;
1362 for (i = scm->fp->count - 1; i >= 0; i--) {
1363 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1367 max_level = max(max_level,
1368 unix_sk(sk)->recursion_level);
1371 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1372 return -ETOOMANYREFS;
1375 * Need to duplicate file references for the sake of garbage
1376 * collection. Otherwise a socket in the fps might become a
1377 * candidate for GC while the skb is not yet queued.
1379 UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1380 if (!UNIXCB(skb).fp)
1383 if (unix_sock_count) {
1384 for (i = scm->fp->count - 1; i >= 0; i--)
1385 unix_inflight(scm->fp->fp[i]);
1390 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1394 UNIXCB(skb).pid = get_pid(scm->pid);
1396 UNIXCB(skb).cred = get_cred(scm->cred);
1397 UNIXCB(skb).fp = NULL;
1398 if (scm->fp && send_fds)
1399 err = unix_attach_fds(scm, skb);
1401 skb->destructor = unix_destruct_scm;
1406 * Some apps rely on write() giving SCM_CREDENTIALS
1407 * We include credentials if source or destination socket
1408 * asserted SOCK_PASSCRED.
1410 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1411 const struct sock *other)
1413 if (UNIXCB(skb).cred)
1415 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1416 !other->sk_socket ||
1417 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1418 UNIXCB(skb).pid = get_pid(task_tgid(current));
1419 UNIXCB(skb).cred = get_current_cred();
1424 * Send AF_UNIX data.
1427 static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1428 struct msghdr *msg, size_t len)
1430 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1431 struct sock *sk = sock->sk;
1432 struct net *net = sock_net(sk);
1433 struct unix_sock *u = unix_sk(sk);
1434 struct sockaddr_un *sunaddr = msg->msg_name;
1435 struct sock *other = NULL;
1436 int namelen = 0; /* fake GCC */
1439 struct sk_buff *skb;
1441 struct scm_cookie tmp_scm;
1445 if (NULL == siocb->scm)
1446 siocb->scm = &tmp_scm;
1448 err = scm_send(sock, msg, siocb->scm, false);
1453 if (msg->msg_flags&MSG_OOB)
1456 if (msg->msg_namelen) {
1457 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1464 other = unix_peer_get(sk);
1469 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1470 && (err = unix_autobind(sock)) != 0)
1474 if (len > sk->sk_sndbuf - 32)
1477 if (len > SKB_MAX_ALLOC)
1478 data_len = min_t(size_t,
1479 len - SKB_MAX_ALLOC,
1480 MAX_SKB_FRAGS * PAGE_SIZE);
1482 skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1483 msg->msg_flags & MSG_DONTWAIT, &err);
1487 err = unix_scm_to_skb(siocb->scm, skb, true);
1490 max_level = err + 1;
1491 unix_get_secdata(siocb->scm, skb);
1493 skb_put(skb, len - data_len);
1494 skb->data_len = data_len;
1496 err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, 0, len);
1500 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1505 if (sunaddr == NULL)
1508 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1514 if (sk_filter(other, skb) < 0) {
1515 /* Toss the packet but do not return any error to the sender */
1520 unix_state_lock(other);
1522 if (!unix_may_send(sk, other))
1525 if (sock_flag(other, SOCK_DEAD)) {
1527 * Check with 1003.1g - what should
1530 unix_state_unlock(other);
1534 unix_state_lock(sk);
1535 if (unix_peer(sk) == other) {
1536 unix_peer(sk) = NULL;
1537 unix_state_unlock(sk);
1539 unix_dgram_disconnected(sk, other);
1541 err = -ECONNREFUSED;
1543 unix_state_unlock(sk);
1553 if (other->sk_shutdown & RCV_SHUTDOWN)
1556 if (sk->sk_type != SOCK_SEQPACKET) {
1557 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1562 if (unix_peer(other) != sk && unix_recvq_full(other)) {
1568 timeo = unix_wait_for_peer(other, timeo);
1570 err = sock_intr_errno(timeo);
1571 if (signal_pending(current))
1577 if (sock_flag(other, SOCK_RCVTSTAMP))
1578 __net_timestamp(skb);
1579 maybe_add_creds(skb, sock, other);
1580 skb_queue_tail(&other->sk_receive_queue, skb);
1581 if (max_level > unix_sk(other)->recursion_level)
1582 unix_sk(other)->recursion_level = max_level;
1583 unix_state_unlock(other);
1584 other->sk_data_ready(other, len);
1586 scm_destroy(siocb->scm);
1590 unix_state_unlock(other);
1596 scm_destroy(siocb->scm);
1601 static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1602 struct msghdr *msg, size_t len)
1604 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1605 struct sock *sk = sock->sk;
1606 struct sock *other = NULL;
1608 struct sk_buff *skb;
1610 struct scm_cookie tmp_scm;
1611 bool fds_sent = false;
1614 if (NULL == siocb->scm)
1615 siocb->scm = &tmp_scm;
1617 err = scm_send(sock, msg, siocb->scm, false);
1622 if (msg->msg_flags&MSG_OOB)
1625 if (msg->msg_namelen) {
1626 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1630 other = unix_peer(sk);
1635 if (sk->sk_shutdown & SEND_SHUTDOWN)
1638 while (sent < len) {
1640 * Optimisation for the fact that under 0.01% of X
1641 * messages typically need breaking up.
1646 /* Keep two messages in the pipe so it schedules better */
1647 if (size > ((sk->sk_sndbuf >> 1) - 64))
1648 size = (sk->sk_sndbuf >> 1) - 64;
1650 if (size > SKB_MAX_ALLOC)
1651 size = SKB_MAX_ALLOC;
1657 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1664 * If you pass two values to the sock_alloc_send_skb
1665 * it tries to grab the large buffer with GFP_NOFS
1666 * (which can fail easily), and if it fails grab the
1667 * fallback size buffer which is under a page and will
1670 size = min_t(int, size, skb_tailroom(skb));
1673 /* Only send the fds in the first buffer */
1674 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1679 max_level = err + 1;
1682 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1688 unix_state_lock(other);
1690 if (sock_flag(other, SOCK_DEAD) ||
1691 (other->sk_shutdown & RCV_SHUTDOWN))
1694 maybe_add_creds(skb, sock, other);
1695 skb_queue_tail(&other->sk_receive_queue, skb);
1696 if (max_level > unix_sk(other)->recursion_level)
1697 unix_sk(other)->recursion_level = max_level;
1698 unix_state_unlock(other);
1699 other->sk_data_ready(other, size);
1703 scm_destroy(siocb->scm);
1709 unix_state_unlock(other);
1712 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1713 send_sig(SIGPIPE, current, 0);
1716 scm_destroy(siocb->scm);
1718 return sent ? : err;
1721 static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1722 struct msghdr *msg, size_t len)
1725 struct sock *sk = sock->sk;
1727 err = sock_error(sk);
1731 if (sk->sk_state != TCP_ESTABLISHED)
1734 if (msg->msg_namelen)
1735 msg->msg_namelen = 0;
1737 return unix_dgram_sendmsg(kiocb, sock, msg, len);
1740 static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1741 struct msghdr *msg, size_t size,
1744 struct sock *sk = sock->sk;
1746 if (sk->sk_state != TCP_ESTABLISHED)
1749 return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1752 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1754 struct unix_sock *u = unix_sk(sk);
1756 msg->msg_namelen = 0;
1758 msg->msg_namelen = u->addr->len;
1759 memcpy(msg->msg_name, u->addr->name, u->addr->len);
1763 static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1764 struct msghdr *msg, size_t size,
1767 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1768 struct scm_cookie tmp_scm;
1769 struct sock *sk = sock->sk;
1770 struct unix_sock *u = unix_sk(sk);
1771 int noblock = flags & MSG_DONTWAIT;
1772 struct sk_buff *skb;
1780 msg->msg_namelen = 0;
1782 err = mutex_lock_interruptible(&u->readlock);
1784 err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1788 skip = sk_peek_offset(sk, flags);
1790 skb = __skb_recv_datagram(sk, flags, &peeked, &skip, &err);
1792 unix_state_lock(sk);
1793 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1794 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1795 (sk->sk_shutdown & RCV_SHUTDOWN))
1797 unix_state_unlock(sk);
1801 wake_up_interruptible_sync_poll(&u->peer_wait,
1802 POLLOUT | POLLWRNORM | POLLWRBAND);
1805 unix_copy_addr(msg, skb->sk);
1807 if (size > skb->len - skip)
1808 size = skb->len - skip;
1809 else if (size < skb->len - skip)
1810 msg->msg_flags |= MSG_TRUNC;
1812 err = skb_copy_datagram_iovec(skb, skip, msg->msg_iov, size);
1816 if (sock_flag(sk, SOCK_RCVTSTAMP))
1817 __sock_recv_timestamp(msg, sk, skb);
1820 siocb->scm = &tmp_scm;
1821 memset(&tmp_scm, 0, sizeof(tmp_scm));
1823 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1824 unix_set_secdata(siocb->scm, skb);
1826 if (!(flags & MSG_PEEK)) {
1828 unix_detach_fds(siocb->scm, skb);
1830 sk_peek_offset_bwd(sk, skb->len);
1832 /* It is questionable: on PEEK we could:
1833 - do not return fds - good, but too simple 8)
1834 - return fds, and do not return them on read (old strategy,
1836 - clone fds (I chose it for now, it is the most universal
1839 POSIX 1003.1g does not actually define this clearly
1840 at all. POSIX 1003.1g doesn't define a lot of things
1845 sk_peek_offset_fwd(sk, size);
1848 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1850 err = (flags & MSG_TRUNC) ? skb->len - skip : size;
1852 scm_recv(sock, msg, siocb->scm, flags);
1855 skb_free_datagram(sk, skb);
1857 mutex_unlock(&u->readlock);
1863 * Sleep until data has arrive. But check for races..
1866 static long unix_stream_data_wait(struct sock *sk, long timeo)
1870 unix_state_lock(sk);
1873 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1875 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1877 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1878 signal_pending(current) ||
1882 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1883 unix_state_unlock(sk);
1884 timeo = schedule_timeout(timeo);
1885 unix_state_lock(sk);
1886 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1889 finish_wait(sk_sleep(sk), &wait);
1890 unix_state_unlock(sk);
1896 static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1897 struct msghdr *msg, size_t size,
1900 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1901 struct scm_cookie tmp_scm;
1902 struct sock *sk = sock->sk;
1903 struct unix_sock *u = unix_sk(sk);
1904 struct sockaddr_un *sunaddr = msg->msg_name;
1906 int check_creds = 0;
1913 if (sk->sk_state != TCP_ESTABLISHED)
1920 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1921 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1923 msg->msg_namelen = 0;
1925 /* Lock the socket to prevent queue disordering
1926 * while sleeps in memcpy_tomsg
1930 siocb->scm = &tmp_scm;
1931 memset(&tmp_scm, 0, sizeof(tmp_scm));
1934 err = mutex_lock_interruptible(&u->readlock);
1936 err = sock_intr_errno(timeo);
1940 skip = sk_peek_offset(sk, flags);
1944 struct sk_buff *skb;
1946 unix_state_lock(sk);
1947 skb = skb_peek(&sk->sk_receive_queue);
1950 unix_sk(sk)->recursion_level = 0;
1951 if (copied >= target)
1955 * POSIX 1003.1g mandates this order.
1958 err = sock_error(sk);
1961 if (sk->sk_shutdown & RCV_SHUTDOWN)
1964 unix_state_unlock(sk);
1968 mutex_unlock(&u->readlock);
1970 timeo = unix_stream_data_wait(sk, timeo);
1972 if (signal_pending(current)
1973 || mutex_lock_interruptible(&u->readlock)) {
1974 err = sock_intr_errno(timeo);
1980 unix_state_unlock(sk);
1984 if (skip >= skb->len) {
1986 skb = skb_peek_next(skb, &sk->sk_receive_queue);
1990 unix_state_unlock(sk);
1993 /* Never glue messages from different writers */
1994 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1995 (UNIXCB(skb).cred != siocb->scm->cred))
1998 /* Copy credentials */
1999 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
2003 /* Copy address just once */
2005 unix_copy_addr(msg, skb->sk);
2009 chunk = min_t(unsigned int, skb->len - skip, size);
2010 if (memcpy_toiovec(msg->msg_iov, skb->data + skip, chunk)) {
2018 /* Mark read part of skb as used */
2019 if (!(flags & MSG_PEEK)) {
2020 skb_pull(skb, chunk);
2022 sk_peek_offset_bwd(sk, chunk);
2025 unix_detach_fds(siocb->scm, skb);
2030 skb_unlink(skb, &sk->sk_receive_queue);
2036 /* It is questionable, see note in unix_dgram_recvmsg.
2039 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
2041 sk_peek_offset_fwd(sk, chunk);
2047 mutex_unlock(&u->readlock);
2048 scm_recv(sock, msg, siocb->scm, flags);
2050 return copied ? : err;
2053 static int unix_shutdown(struct socket *sock, int mode)
2055 struct sock *sk = sock->sk;
2058 if (mode < SHUT_RD || mode > SHUT_RDWR)
2061 * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2062 * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2063 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2067 unix_state_lock(sk);
2068 sk->sk_shutdown |= mode;
2069 other = unix_peer(sk);
2072 unix_state_unlock(sk);
2073 sk->sk_state_change(sk);
2076 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2080 if (mode&RCV_SHUTDOWN)
2081 peer_mode |= SEND_SHUTDOWN;
2082 if (mode&SEND_SHUTDOWN)
2083 peer_mode |= RCV_SHUTDOWN;
2084 unix_state_lock(other);
2085 other->sk_shutdown |= peer_mode;
2086 unix_state_unlock(other);
2087 other->sk_state_change(other);
2088 if (peer_mode == SHUTDOWN_MASK)
2089 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2090 else if (peer_mode & RCV_SHUTDOWN)
2091 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2099 long unix_inq_len(struct sock *sk)
2101 struct sk_buff *skb;
2104 if (sk->sk_state == TCP_LISTEN)
2107 spin_lock(&sk->sk_receive_queue.lock);
2108 if (sk->sk_type == SOCK_STREAM ||
2109 sk->sk_type == SOCK_SEQPACKET) {
2110 skb_queue_walk(&sk->sk_receive_queue, skb)
2113 skb = skb_peek(&sk->sk_receive_queue);
2117 spin_unlock(&sk->sk_receive_queue.lock);
2121 EXPORT_SYMBOL_GPL(unix_inq_len);
2123 long unix_outq_len(struct sock *sk)
2125 return sk_wmem_alloc_get(sk);
2127 EXPORT_SYMBOL_GPL(unix_outq_len);
2129 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2131 struct sock *sk = sock->sk;
2137 amount = unix_outq_len(sk);
2138 err = put_user(amount, (int __user *)arg);
2141 amount = unix_inq_len(sk);
2145 err = put_user(amount, (int __user *)arg);
2154 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2156 struct sock *sk = sock->sk;
2159 sock_poll_wait(file, sk_sleep(sk), wait);
2162 /* exceptional events? */
2165 if (sk->sk_shutdown == SHUTDOWN_MASK)
2167 if (sk->sk_shutdown & RCV_SHUTDOWN)
2168 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2171 if (!skb_queue_empty(&sk->sk_receive_queue))
2172 mask |= POLLIN | POLLRDNORM;
2174 /* Connection-based need to check for termination and startup */
2175 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2176 sk->sk_state == TCP_CLOSE)
2180 * we set writable also when the other side has shut down the
2181 * connection. This prevents stuck sockets.
2183 if (unix_writable(sk))
2184 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2189 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2192 struct sock *sk = sock->sk, *other;
2193 unsigned int mask, writable;
2195 sock_poll_wait(file, sk_sleep(sk), wait);
2198 /* exceptional events? */
2199 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2201 if (sk->sk_shutdown & RCV_SHUTDOWN)
2202 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2203 if (sk->sk_shutdown == SHUTDOWN_MASK)
2207 if (!skb_queue_empty(&sk->sk_receive_queue))
2208 mask |= POLLIN | POLLRDNORM;
2210 /* Connection-based need to check for termination and startup */
2211 if (sk->sk_type == SOCK_SEQPACKET) {
2212 if (sk->sk_state == TCP_CLOSE)
2214 /* connection hasn't started yet? */
2215 if (sk->sk_state == TCP_SYN_SENT)
2219 /* No write status requested, avoid expensive OUT tests. */
2220 if (!(poll_requested_events(wait) & (POLLWRBAND|POLLWRNORM|POLLOUT)))
2223 writable = unix_writable(sk);
2224 other = unix_peer_get(sk);
2226 if (unix_peer(other) != sk) {
2227 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2228 if (unix_recvq_full(other))
2235 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2237 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2242 #ifdef CONFIG_PROC_FS
2244 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2246 #define get_bucket(x) ((x) >> BUCKET_SPACE)
2247 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2248 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2250 static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
2252 unsigned long offset = get_offset(*pos);
2253 unsigned long bucket = get_bucket(*pos);
2255 unsigned long count = 0;
2257 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
2258 if (sock_net(sk) != seq_file_net(seq))
2260 if (++count == offset)
2267 static struct sock *unix_next_socket(struct seq_file *seq,
2271 unsigned long bucket;
2273 while (sk > (struct sock *)SEQ_START_TOKEN) {
2277 if (sock_net(sk) == seq_file_net(seq))
2282 sk = unix_from_bucket(seq, pos);
2287 bucket = get_bucket(*pos) + 1;
2288 *pos = set_bucket_offset(bucket, 1);
2289 } while (bucket < ARRAY_SIZE(unix_socket_table));
2294 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2295 __acquires(unix_table_lock)
2297 spin_lock(&unix_table_lock);
2300 return SEQ_START_TOKEN;
2302 if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
2305 return unix_next_socket(seq, NULL, pos);
2308 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2311 return unix_next_socket(seq, v, pos);
2314 static void unix_seq_stop(struct seq_file *seq, void *v)
2315 __releases(unix_table_lock)
2317 spin_unlock(&unix_table_lock);
2320 static int unix_seq_show(struct seq_file *seq, void *v)
2323 if (v == SEQ_START_TOKEN)
2324 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2328 struct unix_sock *u = unix_sk(s);
2331 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2333 atomic_read(&s->sk_refcnt),
2335 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2338 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2339 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2347 len = u->addr->len - sizeof(short);
2348 if (!UNIX_ABSTRACT(s))
2354 for ( ; i < len; i++)
2355 seq_putc(seq, u->addr->name->sun_path[i]);
2357 unix_state_unlock(s);
2358 seq_putc(seq, '\n');
2364 static const struct seq_operations unix_seq_ops = {
2365 .start = unix_seq_start,
2366 .next = unix_seq_next,
2367 .stop = unix_seq_stop,
2368 .show = unix_seq_show,
2371 static int unix_seq_open(struct inode *inode, struct file *file)
2373 return seq_open_net(inode, file, &unix_seq_ops,
2374 sizeof(struct seq_net_private));
2377 static const struct file_operations unix_seq_fops = {
2378 .owner = THIS_MODULE,
2379 .open = unix_seq_open,
2381 .llseek = seq_lseek,
2382 .release = seq_release_net,
2387 static const struct net_proto_family unix_family_ops = {
2389 .create = unix_create,
2390 .owner = THIS_MODULE,
2394 static int __net_init unix_net_init(struct net *net)
2396 int error = -ENOMEM;
2398 net->unx.sysctl_max_dgram_qlen = 10;
2399 if (unix_sysctl_register(net))
2402 #ifdef CONFIG_PROC_FS
2403 if (!proc_create("unix", 0, net->proc_net, &unix_seq_fops)) {
2404 unix_sysctl_unregister(net);
2413 static void __net_exit unix_net_exit(struct net *net)
2415 unix_sysctl_unregister(net);
2416 remove_proc_entry("unix", net->proc_net);
2419 static struct pernet_operations unix_net_ops = {
2420 .init = unix_net_init,
2421 .exit = unix_net_exit,
2424 static int __init af_unix_init(void)
2428 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > FIELD_SIZEOF(struct sk_buff, cb));
2430 rc = proto_register(&unix_proto, 1);
2432 printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2437 sock_register(&unix_family_ops);
2438 register_pernet_subsys(&unix_net_ops);
2443 static void __exit af_unix_exit(void)
2445 sock_unregister(PF_UNIX);
2446 proto_unregister(&unix_proto);
2447 unregister_pernet_subsys(&unix_net_ops);
2450 /* Earlier than device_initcall() so that other drivers invoking
2451 request_module() don't end up in a loop when modprobe tries
2452 to use a UNIX socket. But later than subsys_initcall() because
2453 we depend on stuff initialised there */
2454 fs_initcall(af_unix_init);
2455 module_exit(af_unix_exit);
2457 MODULE_LICENSE("GPL");
2458 MODULE_ALIAS_NETPROTO(PF_UNIX);
projects / firefly-linux-kernel-4.4.55.git / blob