2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #include <linux/module.h>
84 #include <linux/kernel.h>
85 #include <linux/signal.h>
86 #include <linux/sched.h>
87 #include <linux/errno.h>
88 #include <linux/string.h>
89 #include <linux/stat.h>
90 #include <linux/dcache.h>
91 #include <linux/namei.h>
92 #include <linux/socket.h>
94 #include <linux/fcntl.h>
95 #include <linux/termios.h>
96 #include <linux/sockios.h>
97 #include <linux/net.h>
100 #include <linux/slab.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <net/net_namespace.h>
105 #include <net/sock.h>
106 #include <net/tcp_states.h>
107 #include <net/af_unix.h>
108 #include <linux/proc_fs.h>
109 #include <linux/seq_file.h>
111 #include <linux/init.h>
112 #include <linux/poll.h>
113 #include <linux/rtnetlink.h>
114 #include <linux/mount.h>
115 #include <net/checksum.h>
116 #include <linux/security.h>
118 struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119 EXPORT_SYMBOL_GPL(unix_socket_table);
120 DEFINE_SPINLOCK(unix_table_lock);
121 EXPORT_SYMBOL_GPL(unix_table_lock);
122 static atomic_long_t unix_nr_socks;
124 #define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
126 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
128 #ifdef CONFIG_SECURITY_NETWORK
129 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
131 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
134 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
136 scm->secid = *UNIXSID(skb);
139 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
142 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
144 #endif /* CONFIG_SECURITY_NETWORK */
147 * SMP locking strategy:
148 * hash table is protected with spinlock unix_table_lock
149 * each socket state is protected by separate spin lock.
152 static inline unsigned int unix_hash_fold(__wsum n)
154 unsigned int hash = (__force unsigned int)n;
158 return hash&(UNIX_HASH_SIZE-1);
161 #define unix_peer(sk) (unix_sk(sk)->peer)
163 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
165 return unix_peer(osk) == sk;
168 static inline int unix_may_send(struct sock *sk, struct sock *osk)
170 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
173 static inline int unix_recvq_full(struct sock const *sk)
175 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
178 struct sock *unix_peer_get(struct sock *s)
186 unix_state_unlock(s);
189 EXPORT_SYMBOL_GPL(unix_peer_get);
191 static inline void unix_release_addr(struct unix_address *addr)
193 if (atomic_dec_and_test(&addr->refcnt))
198 * Check unix socket name:
199 * - should be not zero length.
200 * - if started by not zero, should be NULL terminated (FS object)
201 * - if started by zero, it is abstract name.
204 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
206 if (len <= sizeof(short) || len > sizeof(*sunaddr))
208 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
210 if (sunaddr->sun_path[0]) {
212 * This may look like an off by one error but it is a bit more
213 * subtle. 108 is the longest valid AF_UNIX path for a binding.
214 * sun_path[108] doesn't as such exist. However in kernel space
215 * we are guaranteed that it is a valid memory location in our
216 * kernel address buffer.
218 ((char *)sunaddr)[len] = 0;
219 len = strlen(sunaddr->sun_path)+1+sizeof(short);
223 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
227 static void __unix_remove_socket(struct sock *sk)
229 sk_del_node_init(sk);
232 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
234 WARN_ON(!sk_unhashed(sk));
235 sk_add_node(sk, list);
238 static inline void unix_remove_socket(struct sock *sk)
240 spin_lock(&unix_table_lock);
241 __unix_remove_socket(sk);
242 spin_unlock(&unix_table_lock);
245 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
247 spin_lock(&unix_table_lock);
248 __unix_insert_socket(list, sk);
249 spin_unlock(&unix_table_lock);
252 static struct sock *__unix_find_socket_byname(struct net *net,
253 struct sockaddr_un *sunname,
254 int len, int type, unsigned int hash)
257 struct hlist_node *node;
259 sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
260 struct unix_sock *u = unix_sk(s);
262 if (!net_eq(sock_net(s), net))
265 if (u->addr->len == len &&
266 !memcmp(u->addr->name, sunname, len))
274 static inline struct sock *unix_find_socket_byname(struct net *net,
275 struct sockaddr_un *sunname,
281 spin_lock(&unix_table_lock);
282 s = __unix_find_socket_byname(net, sunname, len, type, hash);
285 spin_unlock(&unix_table_lock);
289 static struct sock *unix_find_socket_byinode(struct inode *i)
292 struct hlist_node *node;
294 spin_lock(&unix_table_lock);
296 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
297 struct dentry *dentry = unix_sk(s)->path.dentry;
299 if (dentry && dentry->d_inode == i) {
306 spin_unlock(&unix_table_lock);
310 static inline int unix_writable(struct sock *sk)
312 return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
315 static void unix_write_space(struct sock *sk)
317 struct socket_wq *wq;
320 if (unix_writable(sk)) {
321 wq = rcu_dereference(sk->sk_wq);
322 if (wq_has_sleeper(wq))
323 wake_up_interruptible_sync_poll(&wq->wait,
324 POLLOUT | POLLWRNORM | POLLWRBAND);
325 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
330 /* When dgram socket disconnects (or changes its peer), we clear its receive
331 * queue of packets arrived from previous peer. First, it allows to do
332 * flow control based only on wmem_alloc; second, sk connected to peer
333 * may receive messages only from that peer. */
334 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
336 if (!skb_queue_empty(&sk->sk_receive_queue)) {
337 skb_queue_purge(&sk->sk_receive_queue);
338 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
340 /* If one link of bidirectional dgram pipe is disconnected,
341 * we signal error. Messages are lost. Do not make this,
342 * when peer was not connected to us.
344 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
345 other->sk_err = ECONNRESET;
346 other->sk_error_report(other);
351 static void unix_sock_destructor(struct sock *sk)
353 struct unix_sock *u = unix_sk(sk);
355 skb_queue_purge(&sk->sk_receive_queue);
357 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
358 WARN_ON(!sk_unhashed(sk));
359 WARN_ON(sk->sk_socket);
360 if (!sock_flag(sk, SOCK_DEAD)) {
361 printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
366 unix_release_addr(u->addr);
368 atomic_long_dec(&unix_nr_socks);
370 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
372 #ifdef UNIX_REFCNT_DEBUG
373 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
374 atomic_long_read(&unix_nr_socks));
378 static int unix_release_sock(struct sock *sk, int embrion)
380 struct unix_sock *u = unix_sk(sk);
386 unix_remove_socket(sk);
391 sk->sk_shutdown = SHUTDOWN_MASK;
393 u->path.dentry = NULL;
395 state = sk->sk_state;
396 sk->sk_state = TCP_CLOSE;
397 unix_state_unlock(sk);
399 wake_up_interruptible_all(&u->peer_wait);
401 skpair = unix_peer(sk);
403 if (skpair != NULL) {
404 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
405 unix_state_lock(skpair);
407 skpair->sk_shutdown = SHUTDOWN_MASK;
408 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
409 skpair->sk_err = ECONNRESET;
410 unix_state_unlock(skpair);
411 skpair->sk_state_change(skpair);
412 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
414 sock_put(skpair); /* It may now die */
415 unix_peer(sk) = NULL;
418 /* Try to flush out this socket. Throw out buffers at least */
420 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
421 if (state == TCP_LISTEN)
422 unix_release_sock(skb->sk, 1);
423 /* passed fds are erased in the kfree_skb hook */
432 /* ---- Socket is dead now and most probably destroyed ---- */
435 * Fixme: BSD difference: In BSD all sockets connected to use get
436 * ECONNRESET and we die on the spot. In Linux we behave
437 * like files and pipes do and wait for the last
440 * Can't we simply set sock->err?
442 * What the above comment does talk about? --ANK(980817)
445 if (unix_tot_inflight)
446 unix_gc(); /* Garbage collect fds */
451 static void init_peercred(struct sock *sk)
453 put_pid(sk->sk_peer_pid);
454 if (sk->sk_peer_cred)
455 put_cred(sk->sk_peer_cred);
456 sk->sk_peer_pid = get_pid(task_tgid(current));
457 sk->sk_peer_cred = get_current_cred();
460 static void copy_peercred(struct sock *sk, struct sock *peersk)
462 put_pid(sk->sk_peer_pid);
463 if (sk->sk_peer_cred)
464 put_cred(sk->sk_peer_cred);
465 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
466 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
469 static int unix_listen(struct socket *sock, int backlog)
472 struct sock *sk = sock->sk;
473 struct unix_sock *u = unix_sk(sk);
474 struct pid *old_pid = NULL;
475 const struct cred *old_cred = NULL;
478 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
479 goto out; /* Only stream/seqpacket sockets accept */
482 goto out; /* No listens on an unbound socket */
484 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
486 if (backlog > sk->sk_max_ack_backlog)
487 wake_up_interruptible_all(&u->peer_wait);
488 sk->sk_max_ack_backlog = backlog;
489 sk->sk_state = TCP_LISTEN;
490 /* set credentials so connect can copy them */
495 unix_state_unlock(sk);
503 static int unix_release(struct socket *);
504 static int unix_bind(struct socket *, struct sockaddr *, int);
505 static int unix_stream_connect(struct socket *, struct sockaddr *,
506 int addr_len, int flags);
507 static int unix_socketpair(struct socket *, struct socket *);
508 static int unix_accept(struct socket *, struct socket *, int);
509 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
510 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
511 static unsigned int unix_dgram_poll(struct file *, struct socket *,
513 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
514 static int unix_shutdown(struct socket *, int);
515 static int unix_stream_sendmsg(struct kiocb *, struct socket *,
516 struct msghdr *, size_t);
517 static int unix_stream_recvmsg(struct kiocb *, struct socket *,
518 struct msghdr *, size_t, int);
519 static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
520 struct msghdr *, size_t);
521 static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
522 struct msghdr *, size_t, int);
523 static int unix_dgram_connect(struct socket *, struct sockaddr *,
525 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
526 struct msghdr *, size_t);
527 static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
528 struct msghdr *, size_t, int);
530 static void unix_set_peek_off(struct sock *sk, int val)
532 struct unix_sock *u = unix_sk(sk);
534 mutex_lock(&u->readlock);
535 sk->sk_peek_off = val;
536 mutex_unlock(&u->readlock);
540 static const struct proto_ops unix_stream_ops = {
542 .owner = THIS_MODULE,
543 .release = unix_release,
545 .connect = unix_stream_connect,
546 .socketpair = unix_socketpair,
547 .accept = unix_accept,
548 .getname = unix_getname,
551 .listen = unix_listen,
552 .shutdown = unix_shutdown,
553 .setsockopt = sock_no_setsockopt,
554 .getsockopt = sock_no_getsockopt,
555 .sendmsg = unix_stream_sendmsg,
556 .recvmsg = unix_stream_recvmsg,
557 .mmap = sock_no_mmap,
558 .sendpage = sock_no_sendpage,
559 .set_peek_off = unix_set_peek_off,
562 static const struct proto_ops unix_dgram_ops = {
564 .owner = THIS_MODULE,
565 .release = unix_release,
567 .connect = unix_dgram_connect,
568 .socketpair = unix_socketpair,
569 .accept = sock_no_accept,
570 .getname = unix_getname,
571 .poll = unix_dgram_poll,
573 .listen = sock_no_listen,
574 .shutdown = unix_shutdown,
575 .setsockopt = sock_no_setsockopt,
576 .getsockopt = sock_no_getsockopt,
577 .sendmsg = unix_dgram_sendmsg,
578 .recvmsg = unix_dgram_recvmsg,
579 .mmap = sock_no_mmap,
580 .sendpage = sock_no_sendpage,
581 .set_peek_off = unix_set_peek_off,
584 static const struct proto_ops unix_seqpacket_ops = {
586 .owner = THIS_MODULE,
587 .release = unix_release,
589 .connect = unix_stream_connect,
590 .socketpair = unix_socketpair,
591 .accept = unix_accept,
592 .getname = unix_getname,
593 .poll = unix_dgram_poll,
595 .listen = unix_listen,
596 .shutdown = unix_shutdown,
597 .setsockopt = sock_no_setsockopt,
598 .getsockopt = sock_no_getsockopt,
599 .sendmsg = unix_seqpacket_sendmsg,
600 .recvmsg = unix_seqpacket_recvmsg,
601 .mmap = sock_no_mmap,
602 .sendpage = sock_no_sendpage,
603 .set_peek_off = unix_set_peek_off,
606 static struct proto unix_proto = {
608 .owner = THIS_MODULE,
609 .obj_size = sizeof(struct unix_sock),
613 * AF_UNIX sockets do not interact with hardware, hence they
614 * dont trigger interrupts - so it's safe for them to have
615 * bh-unsafe locking for their sk_receive_queue.lock. Split off
616 * this special lock-class by reinitializing the spinlock key:
618 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
620 static struct sock *unix_create1(struct net *net, struct socket *sock)
622 struct sock *sk = NULL;
625 atomic_long_inc(&unix_nr_socks);
626 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
629 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
633 sock_init_data(sock, sk);
634 lockdep_set_class(&sk->sk_receive_queue.lock,
635 &af_unix_sk_receive_queue_lock_key);
637 sk->sk_write_space = unix_write_space;
638 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
639 sk->sk_destruct = unix_sock_destructor;
641 u->path.dentry = NULL;
643 spin_lock_init(&u->lock);
644 atomic_long_set(&u->inflight, 0);
645 INIT_LIST_HEAD(&u->link);
646 mutex_init(&u->readlock); /* single task reading lock */
647 init_waitqueue_head(&u->peer_wait);
648 unix_insert_socket(unix_sockets_unbound, sk);
651 atomic_long_dec(&unix_nr_socks);
654 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
660 static int unix_create(struct net *net, struct socket *sock, int protocol,
663 if (protocol && protocol != PF_UNIX)
664 return -EPROTONOSUPPORT;
666 sock->state = SS_UNCONNECTED;
668 switch (sock->type) {
670 sock->ops = &unix_stream_ops;
673 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
677 sock->type = SOCK_DGRAM;
679 sock->ops = &unix_dgram_ops;
682 sock->ops = &unix_seqpacket_ops;
685 return -ESOCKTNOSUPPORT;
688 return unix_create1(net, sock) ? 0 : -ENOMEM;
691 static int unix_release(struct socket *sock)
693 struct sock *sk = sock->sk;
700 return unix_release_sock(sk, 0);
703 static int unix_autobind(struct socket *sock)
705 struct sock *sk = sock->sk;
706 struct net *net = sock_net(sk);
707 struct unix_sock *u = unix_sk(sk);
708 static u32 ordernum = 1;
709 struct unix_address *addr;
711 unsigned int retries = 0;
713 mutex_lock(&u->readlock);
720 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
724 addr->name->sun_family = AF_UNIX;
725 atomic_set(&addr->refcnt, 1);
728 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
729 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
731 spin_lock(&unix_table_lock);
732 ordernum = (ordernum+1)&0xFFFFF;
734 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
736 spin_unlock(&unix_table_lock);
738 * __unix_find_socket_byname() may take long time if many names
739 * are already in use.
742 /* Give up if all names seems to be in use. */
743 if (retries++ == 0xFFFFF) {
750 addr->hash ^= sk->sk_type;
752 __unix_remove_socket(sk);
754 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
755 spin_unlock(&unix_table_lock);
758 out: mutex_unlock(&u->readlock);
762 static struct sock *unix_find_other(struct net *net,
763 struct sockaddr_un *sunname, int len,
764 int type, unsigned int hash, int *error)
770 if (sunname->sun_path[0]) {
772 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
775 inode = path.dentry->d_inode;
776 err = inode_permission(inode, MAY_WRITE);
781 if (!S_ISSOCK(inode->i_mode))
783 u = unix_find_socket_byinode(inode);
787 if (u->sk_type == type)
793 if (u->sk_type != type) {
799 u = unix_find_socket_byname(net, sunname, len, type, hash);
801 struct dentry *dentry;
802 dentry = unix_sk(u)->path.dentry;
804 touch_atime(&unix_sk(u)->path);
818 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
820 struct sock *sk = sock->sk;
821 struct net *net = sock_net(sk);
822 struct unix_sock *u = unix_sk(sk);
823 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
824 char *sun_path = sunaddr->sun_path;
825 struct dentry *dentry = NULL;
829 struct unix_address *addr;
830 struct hlist_head *list;
833 if (sunaddr->sun_family != AF_UNIX)
836 if (addr_len == sizeof(short)) {
837 err = unix_autobind(sock);
841 err = unix_mkname(sunaddr, addr_len, &hash);
846 mutex_lock(&u->readlock);
853 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
857 memcpy(addr->name, sunaddr, addr_len);
858 addr->len = addr_len;
859 addr->hash = hash ^ sk->sk_type;
860 atomic_set(&addr->refcnt, 1);
866 * Get the parent directory, calculate the hash for last
869 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
870 err = PTR_ERR(dentry);
872 goto out_mknod_parent;
875 * All right, let's create it.
878 (SOCK_INODE(sock)->i_mode & ~current_umask());
879 err = mnt_want_write(path.mnt);
882 err = security_path_mknod(&path, dentry, mode, 0);
884 goto out_mknod_drop_write;
885 err = vfs_mknod(path.dentry->d_inode, dentry, mode, 0);
886 out_mknod_drop_write:
887 mnt_drop_write(path.mnt);
890 mutex_unlock(&path.dentry->d_inode->i_mutex);
892 path.dentry = dentry;
894 addr->hash = UNIX_HASH_SIZE;
897 spin_lock(&unix_table_lock);
901 if (__unix_find_socket_byname(net, sunaddr, addr_len,
902 sk->sk_type, hash)) {
903 unix_release_addr(addr);
907 list = &unix_socket_table[addr->hash];
909 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
914 __unix_remove_socket(sk);
916 __unix_insert_socket(list, sk);
919 spin_unlock(&unix_table_lock);
921 mutex_unlock(&u->readlock);
927 mutex_unlock(&path.dentry->d_inode->i_mutex);
932 unix_release_addr(addr);
936 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
938 if (unlikely(sk1 == sk2) || !sk2) {
939 unix_state_lock(sk1);
943 unix_state_lock(sk1);
944 unix_state_lock_nested(sk2);
946 unix_state_lock(sk2);
947 unix_state_lock_nested(sk1);
951 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
953 if (unlikely(sk1 == sk2) || !sk2) {
954 unix_state_unlock(sk1);
957 unix_state_unlock(sk1);
958 unix_state_unlock(sk2);
961 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
964 struct sock *sk = sock->sk;
965 struct net *net = sock_net(sk);
966 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
971 if (addr->sa_family != AF_UNSPEC) {
972 err = unix_mkname(sunaddr, alen, &hash);
977 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
978 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
982 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
986 unix_state_double_lock(sk, other);
988 /* Apparently VFS overslept socket death. Retry. */
989 if (sock_flag(other, SOCK_DEAD)) {
990 unix_state_double_unlock(sk, other);
996 if (!unix_may_send(sk, other))
999 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1005 * 1003.1g breaking connected state with AF_UNSPEC
1008 unix_state_double_lock(sk, other);
1012 * If it was connected, reconnect.
1014 if (unix_peer(sk)) {
1015 struct sock *old_peer = unix_peer(sk);
1016 unix_peer(sk) = other;
1017 unix_state_double_unlock(sk, other);
1019 if (other != old_peer)
1020 unix_dgram_disconnected(sk, old_peer);
1023 unix_peer(sk) = other;
1024 unix_state_double_unlock(sk, other);
1029 unix_state_double_unlock(sk, other);
1035 static long unix_wait_for_peer(struct sock *other, long timeo)
1037 struct unix_sock *u = unix_sk(other);
1041 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1043 sched = !sock_flag(other, SOCK_DEAD) &&
1044 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1045 unix_recvq_full(other);
1047 unix_state_unlock(other);
1050 timeo = schedule_timeout(timeo);
1052 finish_wait(&u->peer_wait, &wait);
1056 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1057 int addr_len, int flags)
1059 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1060 struct sock *sk = sock->sk;
1061 struct net *net = sock_net(sk);
1062 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1063 struct sock *newsk = NULL;
1064 struct sock *other = NULL;
1065 struct sk_buff *skb = NULL;
1071 err = unix_mkname(sunaddr, addr_len, &hash);
1076 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1077 (err = unix_autobind(sock)) != 0)
1080 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1082 /* First of all allocate resources.
1083 If we will make it after state is locked,
1084 we will have to recheck all again in any case.
1089 /* create new sock for complete connection */
1090 newsk = unix_create1(sock_net(sk), NULL);
1094 /* Allocate skb for sending to listening sock */
1095 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1100 /* Find listening sock. */
1101 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1105 /* Latch state of peer */
1106 unix_state_lock(other);
1108 /* Apparently VFS overslept socket death. Retry. */
1109 if (sock_flag(other, SOCK_DEAD)) {
1110 unix_state_unlock(other);
1115 err = -ECONNREFUSED;
1116 if (other->sk_state != TCP_LISTEN)
1118 if (other->sk_shutdown & RCV_SHUTDOWN)
1121 if (unix_recvq_full(other)) {
1126 timeo = unix_wait_for_peer(other, timeo);
1128 err = sock_intr_errno(timeo);
1129 if (signal_pending(current))
1137 It is tricky place. We need to grab our state lock and cannot
1138 drop lock on peer. It is dangerous because deadlock is
1139 possible. Connect to self case and simultaneous
1140 attempt to connect are eliminated by checking socket
1141 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1142 check this before attempt to grab lock.
1144 Well, and we have to recheck the state after socket locked.
1150 /* This is ok... continue with connect */
1152 case TCP_ESTABLISHED:
1153 /* Socket is already connected */
1161 unix_state_lock_nested(sk);
1163 if (sk->sk_state != st) {
1164 unix_state_unlock(sk);
1165 unix_state_unlock(other);
1170 err = security_unix_stream_connect(sk, other, newsk);
1172 unix_state_unlock(sk);
1176 /* The way is open! Fastly set all the necessary fields... */
1179 unix_peer(newsk) = sk;
1180 newsk->sk_state = TCP_ESTABLISHED;
1181 newsk->sk_type = sk->sk_type;
1182 init_peercred(newsk);
1183 newu = unix_sk(newsk);
1184 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1185 otheru = unix_sk(other);
1187 /* copy address information from listening to new sock*/
1189 atomic_inc(&otheru->addr->refcnt);
1190 newu->addr = otheru->addr;
1192 if (otheru->path.dentry) {
1193 path_get(&otheru->path);
1194 newu->path = otheru->path;
1197 /* Set credentials */
1198 copy_peercred(sk, other);
1200 sock->state = SS_CONNECTED;
1201 sk->sk_state = TCP_ESTABLISHED;
1204 smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1205 unix_peer(sk) = newsk;
1207 unix_state_unlock(sk);
1209 /* take ten and and send info to listening sock */
1210 spin_lock(&other->sk_receive_queue.lock);
1211 __skb_queue_tail(&other->sk_receive_queue, skb);
1212 spin_unlock(&other->sk_receive_queue.lock);
1213 unix_state_unlock(other);
1214 other->sk_data_ready(other, 0);
1220 unix_state_unlock(other);
1225 unix_release_sock(newsk, 0);
1231 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1233 struct sock *ska = socka->sk, *skb = sockb->sk;
1235 /* Join our sockets back to back */
1238 unix_peer(ska) = skb;
1239 unix_peer(skb) = ska;
1243 if (ska->sk_type != SOCK_DGRAM) {
1244 ska->sk_state = TCP_ESTABLISHED;
1245 skb->sk_state = TCP_ESTABLISHED;
1246 socka->state = SS_CONNECTED;
1247 sockb->state = SS_CONNECTED;
1252 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1254 struct sock *sk = sock->sk;
1256 struct sk_buff *skb;
1260 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1264 if (sk->sk_state != TCP_LISTEN)
1267 /* If socket state is TCP_LISTEN it cannot change (for now...),
1268 * so that no locks are necessary.
1271 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1273 /* This means receive shutdown. */
1280 skb_free_datagram(sk, skb);
1281 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1283 /* attach accepted sock to socket */
1284 unix_state_lock(tsk);
1285 newsock->state = SS_CONNECTED;
1286 sock_graft(tsk, newsock);
1287 unix_state_unlock(tsk);
1295 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1297 struct sock *sk = sock->sk;
1298 struct unix_sock *u;
1299 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1303 sk = unix_peer_get(sk);
1314 unix_state_lock(sk);
1316 sunaddr->sun_family = AF_UNIX;
1317 sunaddr->sun_path[0] = 0;
1318 *uaddr_len = sizeof(short);
1320 struct unix_address *addr = u->addr;
1322 *uaddr_len = addr->len;
1323 memcpy(sunaddr, addr->name, *uaddr_len);
1325 unix_state_unlock(sk);
1331 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1335 scm->fp = UNIXCB(skb).fp;
1336 UNIXCB(skb).fp = NULL;
1338 for (i = scm->fp->count-1; i >= 0; i--)
1339 unix_notinflight(scm->fp->fp[i]);
1342 static void unix_destruct_scm(struct sk_buff *skb)
1344 struct scm_cookie scm;
1345 memset(&scm, 0, sizeof(scm));
1346 scm.pid = UNIXCB(skb).pid;
1347 scm.cred = UNIXCB(skb).cred;
1349 unix_detach_fds(&scm, skb);
1351 /* Alas, it calls VFS */
1352 /* So fscking what? fput() had been SMP-safe since the last Summer */
1357 #define MAX_RECURSION_LEVEL 4
1359 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1362 unsigned char max_level = 0;
1363 int unix_sock_count = 0;
1365 for (i = scm->fp->count - 1; i >= 0; i--) {
1366 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1370 max_level = max(max_level,
1371 unix_sk(sk)->recursion_level);
1374 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1375 return -ETOOMANYREFS;
1378 * Need to duplicate file references for the sake of garbage
1379 * collection. Otherwise a socket in the fps might become a
1380 * candidate for GC while the skb is not yet queued.
1382 UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1383 if (!UNIXCB(skb).fp)
1386 if (unix_sock_count) {
1387 for (i = scm->fp->count - 1; i >= 0; i--)
1388 unix_inflight(scm->fp->fp[i]);
1393 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1397 UNIXCB(skb).pid = get_pid(scm->pid);
1399 UNIXCB(skb).cred = get_cred(scm->cred);
1400 UNIXCB(skb).fp = NULL;
1401 if (scm->fp && send_fds)
1402 err = unix_attach_fds(scm, skb);
1404 skb->destructor = unix_destruct_scm;
1409 * Some apps rely on write() giving SCM_CREDENTIALS
1410 * We include credentials if source or destination socket
1411 * asserted SOCK_PASSCRED.
1413 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1414 const struct sock *other)
1416 if (UNIXCB(skb).cred)
1418 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1419 !other->sk_socket ||
1420 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1421 UNIXCB(skb).pid = get_pid(task_tgid(current));
1422 UNIXCB(skb).cred = get_current_cred();
1427 * Send AF_UNIX data.
1430 static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1431 struct msghdr *msg, size_t len)
1433 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1434 struct sock *sk = sock->sk;
1435 struct net *net = sock_net(sk);
1436 struct unix_sock *u = unix_sk(sk);
1437 struct sockaddr_un *sunaddr = msg->msg_name;
1438 struct sock *other = NULL;
1439 int namelen = 0; /* fake GCC */
1442 struct sk_buff *skb;
1444 struct scm_cookie tmp_scm;
1448 if (NULL == siocb->scm)
1449 siocb->scm = &tmp_scm;
1451 err = scm_send(sock, msg, siocb->scm);
1456 if (msg->msg_flags&MSG_OOB)
1459 if (msg->msg_namelen) {
1460 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1467 other = unix_peer_get(sk);
1472 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1473 && (err = unix_autobind(sock)) != 0)
1477 if (len > sk->sk_sndbuf - 32)
1480 if (len > SKB_MAX_ALLOC)
1481 data_len = min_t(size_t,
1482 len - SKB_MAX_ALLOC,
1483 MAX_SKB_FRAGS * PAGE_SIZE);
1485 skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1486 msg->msg_flags & MSG_DONTWAIT, &err);
1490 err = unix_scm_to_skb(siocb->scm, skb, true);
1493 max_level = err + 1;
1494 unix_get_secdata(siocb->scm, skb);
1496 skb_put(skb, len - data_len);
1497 skb->data_len = data_len;
1499 err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, 0, len);
1503 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1508 if (sunaddr == NULL)
1511 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1517 if (sk_filter(other, skb) < 0) {
1518 /* Toss the packet but do not return any error to the sender */
1523 unix_state_lock(other);
1525 if (!unix_may_send(sk, other))
1528 if (sock_flag(other, SOCK_DEAD)) {
1530 * Check with 1003.1g - what should
1533 unix_state_unlock(other);
1537 unix_state_lock(sk);
1538 if (unix_peer(sk) == other) {
1539 unix_peer(sk) = NULL;
1540 unix_state_unlock(sk);
1542 unix_dgram_disconnected(sk, other);
1544 err = -ECONNREFUSED;
1546 unix_state_unlock(sk);
1556 if (other->sk_shutdown & RCV_SHUTDOWN)
1559 if (sk->sk_type != SOCK_SEQPACKET) {
1560 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1565 if (unix_peer(other) != sk && unix_recvq_full(other)) {
1571 timeo = unix_wait_for_peer(other, timeo);
1573 err = sock_intr_errno(timeo);
1574 if (signal_pending(current))
1580 if (sock_flag(other, SOCK_RCVTSTAMP))
1581 __net_timestamp(skb);
1582 maybe_add_creds(skb, sock, other);
1583 skb_queue_tail(&other->sk_receive_queue, skb);
1584 if (max_level > unix_sk(other)->recursion_level)
1585 unix_sk(other)->recursion_level = max_level;
1586 unix_state_unlock(other);
1587 other->sk_data_ready(other, len);
1589 scm_destroy(siocb->scm);
1593 unix_state_unlock(other);
1599 scm_destroy(siocb->scm);
1604 static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1605 struct msghdr *msg, size_t len)
1607 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1608 struct sock *sk = sock->sk;
1609 struct sock *other = NULL;
1611 struct sk_buff *skb;
1613 struct scm_cookie tmp_scm;
1614 bool fds_sent = false;
1617 if (NULL == siocb->scm)
1618 siocb->scm = &tmp_scm;
1620 err = scm_send(sock, msg, siocb->scm);
1625 if (msg->msg_flags&MSG_OOB)
1628 if (msg->msg_namelen) {
1629 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1633 other = unix_peer(sk);
1638 if (sk->sk_shutdown & SEND_SHUTDOWN)
1641 while (sent < len) {
1643 * Optimisation for the fact that under 0.01% of X
1644 * messages typically need breaking up.
1649 /* Keep two messages in the pipe so it schedules better */
1650 if (size > ((sk->sk_sndbuf >> 1) - 64))
1651 size = (sk->sk_sndbuf >> 1) - 64;
1653 if (size > SKB_MAX_ALLOC)
1654 size = SKB_MAX_ALLOC;
1660 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1667 * If you pass two values to the sock_alloc_send_skb
1668 * it tries to grab the large buffer with GFP_NOFS
1669 * (which can fail easily), and if it fails grab the
1670 * fallback size buffer which is under a page and will
1673 size = min_t(int, size, skb_tailroom(skb));
1676 /* Only send the fds in the first buffer */
1677 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1682 max_level = err + 1;
1685 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1691 unix_state_lock(other);
1693 if (sock_flag(other, SOCK_DEAD) ||
1694 (other->sk_shutdown & RCV_SHUTDOWN))
1697 maybe_add_creds(skb, sock, other);
1698 skb_queue_tail(&other->sk_receive_queue, skb);
1699 if (max_level > unix_sk(other)->recursion_level)
1700 unix_sk(other)->recursion_level = max_level;
1701 unix_state_unlock(other);
1702 other->sk_data_ready(other, size);
1706 scm_destroy(siocb->scm);
1712 unix_state_unlock(other);
1715 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1716 send_sig(SIGPIPE, current, 0);
1719 scm_destroy(siocb->scm);
1721 return sent ? : err;
1724 static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1725 struct msghdr *msg, size_t len)
1728 struct sock *sk = sock->sk;
1730 err = sock_error(sk);
1734 if (sk->sk_state != TCP_ESTABLISHED)
1737 if (msg->msg_namelen)
1738 msg->msg_namelen = 0;
1740 return unix_dgram_sendmsg(kiocb, sock, msg, len);
1743 static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1744 struct msghdr *msg, size_t size,
1747 struct sock *sk = sock->sk;
1749 if (sk->sk_state != TCP_ESTABLISHED)
1752 return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1755 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1757 struct unix_sock *u = unix_sk(sk);
1759 msg->msg_namelen = 0;
1761 msg->msg_namelen = u->addr->len;
1762 memcpy(msg->msg_name, u->addr->name, u->addr->len);
1766 static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1767 struct msghdr *msg, size_t size,
1770 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1771 struct scm_cookie tmp_scm;
1772 struct sock *sk = sock->sk;
1773 struct unix_sock *u = unix_sk(sk);
1774 int noblock = flags & MSG_DONTWAIT;
1775 struct sk_buff *skb;
1783 msg->msg_namelen = 0;
1785 err = mutex_lock_interruptible(&u->readlock);
1787 err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1791 skip = sk_peek_offset(sk, flags);
1793 skb = __skb_recv_datagram(sk, flags, &peeked, &skip, &err);
1795 unix_state_lock(sk);
1796 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1797 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1798 (sk->sk_shutdown & RCV_SHUTDOWN))
1800 unix_state_unlock(sk);
1804 wake_up_interruptible_sync_poll(&u->peer_wait,
1805 POLLOUT | POLLWRNORM | POLLWRBAND);
1808 unix_copy_addr(msg, skb->sk);
1810 if (size > skb->len - skip)
1811 size = skb->len - skip;
1812 else if (size < skb->len - skip)
1813 msg->msg_flags |= MSG_TRUNC;
1815 err = skb_copy_datagram_iovec(skb, skip, msg->msg_iov, size);
1819 if (sock_flag(sk, SOCK_RCVTSTAMP))
1820 __sock_recv_timestamp(msg, sk, skb);
1823 siocb->scm = &tmp_scm;
1824 memset(&tmp_scm, 0, sizeof(tmp_scm));
1826 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1827 unix_set_secdata(siocb->scm, skb);
1829 if (!(flags & MSG_PEEK)) {
1831 unix_detach_fds(siocb->scm, skb);
1833 sk_peek_offset_bwd(sk, skb->len);
1835 /* It is questionable: on PEEK we could:
1836 - do not return fds - good, but too simple 8)
1837 - return fds, and do not return them on read (old strategy,
1839 - clone fds (I chose it for now, it is the most universal
1842 POSIX 1003.1g does not actually define this clearly
1843 at all. POSIX 1003.1g doesn't define a lot of things
1848 sk_peek_offset_fwd(sk, size);
1851 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1853 err = (flags & MSG_TRUNC) ? skb->len - skip : size;
1855 scm_recv(sock, msg, siocb->scm, flags);
1858 skb_free_datagram(sk, skb);
1860 mutex_unlock(&u->readlock);
1866 * Sleep until data has arrive. But check for races..
1869 static long unix_stream_data_wait(struct sock *sk, long timeo)
1873 unix_state_lock(sk);
1876 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1878 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1880 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1881 signal_pending(current) ||
1885 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1886 unix_state_unlock(sk);
1887 timeo = schedule_timeout(timeo);
1888 unix_state_lock(sk);
1889 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1892 finish_wait(sk_sleep(sk), &wait);
1893 unix_state_unlock(sk);
1899 static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1900 struct msghdr *msg, size_t size,
1903 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1904 struct scm_cookie tmp_scm;
1905 struct sock *sk = sock->sk;
1906 struct unix_sock *u = unix_sk(sk);
1907 struct sockaddr_un *sunaddr = msg->msg_name;
1909 int check_creds = 0;
1916 if (sk->sk_state != TCP_ESTABLISHED)
1923 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1924 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1926 msg->msg_namelen = 0;
1928 /* Lock the socket to prevent queue disordering
1929 * while sleeps in memcpy_tomsg
1933 siocb->scm = &tmp_scm;
1934 memset(&tmp_scm, 0, sizeof(tmp_scm));
1937 err = mutex_lock_interruptible(&u->readlock);
1939 err = sock_intr_errno(timeo);
1943 skip = sk_peek_offset(sk, flags);
1947 struct sk_buff *skb;
1949 unix_state_lock(sk);
1950 skb = skb_peek(&sk->sk_receive_queue);
1953 unix_sk(sk)->recursion_level = 0;
1954 if (copied >= target)
1958 * POSIX 1003.1g mandates this order.
1961 err = sock_error(sk);
1964 if (sk->sk_shutdown & RCV_SHUTDOWN)
1967 unix_state_unlock(sk);
1971 mutex_unlock(&u->readlock);
1973 timeo = unix_stream_data_wait(sk, timeo);
1975 if (signal_pending(current)
1976 || mutex_lock_interruptible(&u->readlock)) {
1977 err = sock_intr_errno(timeo);
1983 unix_state_unlock(sk);
1987 if (skip >= skb->len) {
1989 skb = skb_peek_next(skb, &sk->sk_receive_queue);
1993 unix_state_unlock(sk);
1996 /* Never glue messages from different writers */
1997 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1998 (UNIXCB(skb).cred != siocb->scm->cred))
2001 /* Copy credentials */
2002 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
2006 /* Copy address just once */
2008 unix_copy_addr(msg, skb->sk);
2012 chunk = min_t(unsigned int, skb->len - skip, size);
2013 if (memcpy_toiovec(msg->msg_iov, skb->data + skip, chunk)) {
2021 /* Mark read part of skb as used */
2022 if (!(flags & MSG_PEEK)) {
2023 skb_pull(skb, chunk);
2025 sk_peek_offset_bwd(sk, chunk);
2028 unix_detach_fds(siocb->scm, skb);
2033 skb_unlink(skb, &sk->sk_receive_queue);
2039 /* It is questionable, see note in unix_dgram_recvmsg.
2042 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
2044 sk_peek_offset_fwd(sk, chunk);
2050 mutex_unlock(&u->readlock);
2051 scm_recv(sock, msg, siocb->scm, flags);
2053 return copied ? : err;
2056 static int unix_shutdown(struct socket *sock, int mode)
2058 struct sock *sk = sock->sk;
2061 mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
2066 unix_state_lock(sk);
2067 sk->sk_shutdown |= mode;
2068 other = unix_peer(sk);
2071 unix_state_unlock(sk);
2072 sk->sk_state_change(sk);
2075 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2079 if (mode&RCV_SHUTDOWN)
2080 peer_mode |= SEND_SHUTDOWN;
2081 if (mode&SEND_SHUTDOWN)
2082 peer_mode |= RCV_SHUTDOWN;
2083 unix_state_lock(other);
2084 other->sk_shutdown |= peer_mode;
2085 unix_state_unlock(other);
2086 other->sk_state_change(other);
2087 if (peer_mode == SHUTDOWN_MASK)
2088 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2089 else if (peer_mode & RCV_SHUTDOWN)
2090 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2098 long unix_inq_len(struct sock *sk)
2100 struct sk_buff *skb;
2103 if (sk->sk_state == TCP_LISTEN)
2106 spin_lock(&sk->sk_receive_queue.lock);
2107 if (sk->sk_type == SOCK_STREAM ||
2108 sk->sk_type == SOCK_SEQPACKET) {
2109 skb_queue_walk(&sk->sk_receive_queue, skb)
2112 skb = skb_peek(&sk->sk_receive_queue);
2116 spin_unlock(&sk->sk_receive_queue.lock);
2120 EXPORT_SYMBOL_GPL(unix_inq_len);
2122 long unix_outq_len(struct sock *sk)
2124 return sk_wmem_alloc_get(sk);
2126 EXPORT_SYMBOL_GPL(unix_outq_len);
2128 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2130 struct sock *sk = sock->sk;
2136 amount = unix_outq_len(sk);
2137 err = put_user(amount, (int __user *)arg);
2140 amount = unix_inq_len(sk);
2144 err = put_user(amount, (int __user *)arg);
2153 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2155 struct sock *sk = sock->sk;
2158 sock_poll_wait(file, sk_sleep(sk), wait);
2161 /* exceptional events? */
2164 if (sk->sk_shutdown == SHUTDOWN_MASK)
2166 if (sk->sk_shutdown & RCV_SHUTDOWN)
2167 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2170 if (!skb_queue_empty(&sk->sk_receive_queue))
2171 mask |= POLLIN | POLLRDNORM;
2173 /* Connection-based need to check for termination and startup */
2174 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2175 sk->sk_state == TCP_CLOSE)
2179 * we set writable also when the other side has shut down the
2180 * connection. This prevents stuck sockets.
2182 if (unix_writable(sk))
2183 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2188 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2191 struct sock *sk = sock->sk, *other;
2192 unsigned int mask, writable;
2194 sock_poll_wait(file, sk_sleep(sk), wait);
2197 /* exceptional events? */
2198 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2200 if (sk->sk_shutdown & RCV_SHUTDOWN)
2201 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2202 if (sk->sk_shutdown == SHUTDOWN_MASK)
2206 if (!skb_queue_empty(&sk->sk_receive_queue))
2207 mask |= POLLIN | POLLRDNORM;
2209 /* Connection-based need to check for termination and startup */
2210 if (sk->sk_type == SOCK_SEQPACKET) {
2211 if (sk->sk_state == TCP_CLOSE)
2213 /* connection hasn't started yet? */
2214 if (sk->sk_state == TCP_SYN_SENT)
2218 /* No write status requested, avoid expensive OUT tests. */
2219 if (!(poll_requested_events(wait) & (POLLWRBAND|POLLWRNORM|POLLOUT)))
2222 writable = unix_writable(sk);
2223 other = unix_peer_get(sk);
2225 if (unix_peer(other) != sk) {
2226 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2227 if (unix_recvq_full(other))
2234 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2236 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2241 #ifdef CONFIG_PROC_FS
2242 static struct sock *first_unix_socket(int *i)
2244 for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
2245 if (!hlist_empty(&unix_socket_table[*i]))
2246 return __sk_head(&unix_socket_table[*i]);
2251 static struct sock *next_unix_socket(int *i, struct sock *s)
2253 struct sock *next = sk_next(s);
2254 /* More in this chain? */
2257 /* Look for next non-empty chain. */
2258 for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
2259 if (!hlist_empty(&unix_socket_table[*i]))
2260 return __sk_head(&unix_socket_table[*i]);
2265 struct unix_iter_state {
2266 struct seq_net_private p;
2270 static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos)
2272 struct unix_iter_state *iter = seq->private;
2276 for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
2277 if (sock_net(s) != seq_file_net(seq))
2286 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2287 __acquires(unix_table_lock)
2289 spin_lock(&unix_table_lock);
2290 return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2293 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2295 struct unix_iter_state *iter = seq->private;
2296 struct sock *sk = v;
2299 if (v == SEQ_START_TOKEN)
2300 sk = first_unix_socket(&iter->i);
2302 sk = next_unix_socket(&iter->i, sk);
2303 while (sk && (sock_net(sk) != seq_file_net(seq)))
2304 sk = next_unix_socket(&iter->i, sk);
2308 static void unix_seq_stop(struct seq_file *seq, void *v)
2309 __releases(unix_table_lock)
2311 spin_unlock(&unix_table_lock);
2314 static int unix_seq_show(struct seq_file *seq, void *v)
2317 if (v == SEQ_START_TOKEN)
2318 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2322 struct unix_sock *u = unix_sk(s);
2325 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2327 atomic_read(&s->sk_refcnt),
2329 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2332 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2333 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2341 len = u->addr->len - sizeof(short);
2342 if (!UNIX_ABSTRACT(s))
2348 for ( ; i < len; i++)
2349 seq_putc(seq, u->addr->name->sun_path[i]);
2351 unix_state_unlock(s);
2352 seq_putc(seq, '\n');
2358 static const struct seq_operations unix_seq_ops = {
2359 .start = unix_seq_start,
2360 .next = unix_seq_next,
2361 .stop = unix_seq_stop,
2362 .show = unix_seq_show,
2365 static int unix_seq_open(struct inode *inode, struct file *file)
2367 return seq_open_net(inode, file, &unix_seq_ops,
2368 sizeof(struct unix_iter_state));
2371 static const struct file_operations unix_seq_fops = {
2372 .owner = THIS_MODULE,
2373 .open = unix_seq_open,
2375 .llseek = seq_lseek,
2376 .release = seq_release_net,
2381 static const struct net_proto_family unix_family_ops = {
2383 .create = unix_create,
2384 .owner = THIS_MODULE,
2388 static int __net_init unix_net_init(struct net *net)
2390 int error = -ENOMEM;
2392 net->unx.sysctl_max_dgram_qlen = 10;
2393 if (unix_sysctl_register(net))
2396 #ifdef CONFIG_PROC_FS
2397 if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2398 unix_sysctl_unregister(net);
2407 static void __net_exit unix_net_exit(struct net *net)
2409 unix_sysctl_unregister(net);
2410 proc_net_remove(net, "unix");
2413 static struct pernet_operations unix_net_ops = {
2414 .init = unix_net_init,
2415 .exit = unix_net_exit,
2418 static int __init af_unix_init(void)
2421 struct sk_buff *dummy_skb;
2423 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2425 rc = proto_register(&unix_proto, 1);
2427 printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2432 sock_register(&unix_family_ops);
2433 register_pernet_subsys(&unix_net_ops);
2438 static void __exit af_unix_exit(void)
2440 sock_unregister(PF_UNIX);
2441 proto_unregister(&unix_proto);
2442 unregister_pernet_subsys(&unix_net_ops);
2445 /* Earlier than device_initcall() so that other drivers invoking
2446 request_module() don't end up in a loop when modprobe tries
2447 to use a UNIX socket. But later than subsys_initcall() because
2448 we depend on stuff initialised there */
2449 fs_initcall(af_unix_init);
2450 module_exit(af_unix_exit);
2452 MODULE_LICENSE("GPL");
2453 MODULE_ALIAS_NETPROTO(PF_UNIX);
projects / firefly-linux-kernel-4.4.55.git / blob