linux/net/unix/af_unix.c
<<
>>
Prefs
   1/*
   2 * NET4:        Implementation of BSD Unix domain sockets.
   3 *
   4 * Authors:     Alan Cox, <alan@lxorguk.ukuu.org.uk>
   5 *
   6 *              This program is free software; you can redistribute it and/or
   7 *              modify it under the terms of the GNU General Public License
   8 *              as published by the Free Software Foundation; either version
   9 *              2 of the License, or (at your option) any later version.
  10 *
  11 * Fixes:
  12 *              Linus Torvalds  :       Assorted bug cures.
  13 *              Niibe Yutaka    :       async I/O support.
  14 *              Carsten Paeth   :       PF_UNIX check, address fixes.
  15 *              Alan Cox        :       Limit size of allocated blocks.
  16 *              Alan Cox        :       Fixed the stupid socketpair bug.
  17 *              Alan Cox        :       BSD compatibility fine tuning.
  18 *              Alan Cox        :       Fixed a bug in connect when interrupted.
  19 *              Alan Cox        :       Sorted out a proper draft version of
  20 *                                      file descriptor passing hacked up from
  21 *                                      Mike Shaver's work.
  22 *              Marty Leisner   :       Fixes to fd passing
  23 *              Nick Nevin      :       recvmsg bugfix.
  24 *              Alan Cox        :       Started proper garbage collector
  25 *              Heiko EiBfeldt  :       Missing verify_area check
  26 *              Alan Cox        :       Started POSIXisms
  27 *              Andreas Schwab  :       Replace inode by dentry for proper
  28 *                                      reference counting
  29 *              Kirk Petersen   :       Made this a module
  30 *          Christoph Rohland   :       Elegant non-blocking accept/connect algorithm.
  31 *                                      Lots of bug fixes.
  32 *           Alexey Kuznetosv   :       Repaired (I hope) bugs introduces
  33 *                                      by above two patches.
  34 *           Andrea Arcangeli   :       If possible we block in connect(2)
  35 *                                      if the max backlog of the listen socket
  36 *                                      is been reached. This won't break
  37 *                                      old apps and it will avoid huge amount
  38 *                                      of socks hashed (this for unix_gc()
  39 *                                      performances reasons).
  40 *                                      Security fix that limits the max
  41 *                                      number of socks to 2*max_files and
  42 *                                      the number of skb queueable in the
  43 *                                      dgram receiver.
  44 *              Artur Skawina   :       Hash function optimizations
  45 *           Alexey Kuznetsov   :       Full scale SMP. Lot of bugs are introduced 8)
  46 *            Malcolm Beattie   :       Set peercred for socketpair
  47 *           Michal Ostrowski   :       Module initialization cleanup.
  48 *           Arnaldo C. Melo    :       Remove MOD_{INC,DEC}_USE_COUNT,
  49 *                                      the core infrastructure is doing that
  50 *                                      for all net proto families now (2.5.69+)
  51 *
  52 *
  53 * Known differences from reference BSD that was tested:
  54 *
  55 *      [TO FIX]
  56 *      ECONNREFUSED is not returned from one end of a connected() socket to the
  57 *              other the moment one end closes.
  58 *      fstat() doesn't return st_dev=0, and give the blksize as high water mark
  59 *              and a fake inode identifier (nor the BSD first socket fstat twice bug).
  60 *      [NOT TO FIX]
  61 *      accept() returns a path name even if the connecting socket has closed
  62 *              in the meantime (BSD loses the path and gives up).
  63 *      accept() returns 0 length path for an unbound connector. BSD returns 16
  64 *              and a null first byte in the path (but not for gethost/peername - BSD bug ??)
  65 *      socketpair(...SOCK_RAW..) doesn't panic the kernel.
  66 *      BSD af_unix apparently has connect forgetting to block properly.
  67 *              (need to check this with the POSIX spec in detail)
  68 *
  69 * Differences from 2.0.0-11-... (ANK)
  70 *      Bug fixes and improvements.
  71 *              - client shutdown killed server socket.
  72 *              - removed all useless cli/sti pairs.
  73 *
  74 *      Semantic changes/extensions.
  75 *              - generic control message passing.
  76 *              - SCM_CREDENTIALS control message.
  77 *              - "Abstract" (not FS based) socket bindings.
  78 *                Abstract names are sequences of bytes (not zero terminated)
  79 *                started by 0, so that this name space does not intersect
  80 *                with BSD names.
  81 */
  82
  83#include <linux/module.h>
  84#include <linux/kernel.h>
  85#include <linux/signal.h>
  86#include <linux/sched.h>
  87#include <linux/errno.h>
  88#include <linux/string.h>
  89#include <linux/stat.h>
  90#include <linux/dcache.h>
  91#include <linux/namei.h>
  92#include <linux/socket.h>
  93#include <linux/un.h>
  94#include <linux/fcntl.h>
  95#include <linux/termios.h>
  96#include <linux/sockios.h>
  97#include <linux/net.h>
  98#include <linux/in.h>
  99#include <linux/fs.h>
 100#include <linux/slab.h>
 101#include <asm/uaccess.h>
 102#include <linux/skbuff.h>
 103#include <linux/netdevice.h>
 104#include <net/net_namespace.h>
 105#include <net/sock.h>
 106#include <net/tcp_states.h>
 107#include <net/af_unix.h>
 108#include <linux/proc_fs.h>
 109#include <linux/seq_file.h>
 110#include <net/scm.h>
 111#include <linux/init.h>
 112#include <linux/poll.h>
 113#include <linux/rtnetlink.h>
 114#include <linux/mount.h>
 115#include <net/checksum.h>
 116#include <linux/security.h>
 117
 118struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
 119EXPORT_SYMBOL_GPL(unix_socket_table);
 120DEFINE_SPINLOCK(unix_table_lock);
 121EXPORT_SYMBOL_GPL(unix_table_lock);
 122static atomic_long_t unix_nr_socks;
 123
 124
 125static struct hlist_head *unix_sockets_unbound(void *addr)
 126{
 127        unsigned long hash = (unsigned long)addr;
 128
 129        hash ^= hash >> 16;
 130        hash ^= hash >> 8;
 131        hash %= UNIX_HASH_SIZE;
 132        return &unix_socket_table[UNIX_HASH_SIZE + hash];
 133}
 134
 135#define UNIX_ABSTRACT(sk)       (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
 136
 137#ifdef CONFIG_SECURITY_NETWORK
 138static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
 139{
 140        memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
 141}
 142
 143static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
 144{
 145        scm->secid = *UNIXSID(skb);
 146}
 147#else
 148static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
 149{ }
 150
 151static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
 152{ }
 153#endif /* CONFIG_SECURITY_NETWORK */
 154
 155/*
 156 *  SMP locking strategy:
 157 *    hash table is protected with spinlock unix_table_lock
 158 *    each socket state is protected by separate spin lock.
 159 */
 160
 161static inline unsigned int unix_hash_fold(__wsum n)
 162{
 163        unsigned int hash = (__force unsigned int)n;
 164
 165        hash ^= hash>>16;
 166        hash ^= hash>>8;
 167        return hash&(UNIX_HASH_SIZE-1);
 168}
 169
 170#define unix_peer(sk) (unix_sk(sk)->peer)
 171
 172static inline int unix_our_peer(struct sock *sk, struct sock *osk)
 173{
 174        return unix_peer(osk) == sk;
 175}
 176
 177static inline int unix_may_send(struct sock *sk, struct sock *osk)
 178{
 179        return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
 180}
 181
 182static inline int unix_recvq_full(struct sock const *sk)
 183{
 184        return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
 185}
 186
 187struct sock *unix_peer_get(struct sock *s)
 188{
 189        struct sock *peer;
 190
 191        unix_state_lock(s);
 192        peer = unix_peer(s);
 193        if (peer)
 194                sock_hold(peer);
 195        unix_state_unlock(s);
 196        return peer;
 197}
 198EXPORT_SYMBOL_GPL(unix_peer_get);
 199
 200static inline void unix_release_addr(struct unix_address *addr)
 201{
 202        if (atomic_dec_and_test(&addr->refcnt))
 203                kfree(addr);
 204}
 205
 206/*
 207 *      Check unix socket name:
 208 *              - should be not zero length.
 209 *              - if started by not zero, should be NULL terminated (FS object)
 210 *              - if started by zero, it is abstract name.
 211 */
 212
 213static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
 214{
 215        if (len <= sizeof(short) || len > sizeof(*sunaddr))
 216                return -EINVAL;
 217        if (!sunaddr || sunaddr->sun_family != AF_UNIX)
 218                return -EINVAL;
 219        if (sunaddr->sun_path[0]) {
 220                /*
 221                 * This may look like an off by one error but it is a bit more
 222                 * subtle. 108 is the longest valid AF_UNIX path for a binding.
 223                 * sun_path[108] doesn't as such exist.  However in kernel space
 224                 * we are guaranteed that it is a valid memory location in our
 225                 * kernel address buffer.
 226                 */
 227                ((char *)sunaddr)[len] = 0;
 228                len = strlen(sunaddr->sun_path)+1+sizeof(short);
 229                return len;
 230        }
 231
 232        *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
 233        return len;
 234}
 235
 236static void __unix_remove_socket(struct sock *sk)
 237{
 238        sk_del_node_init(sk);
 239}
 240
 241static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
 242{
 243        WARN_ON(!sk_unhashed(sk));
 244        sk_add_node(sk, list);
 245}
 246
 247static inline void unix_remove_socket(struct sock *sk)
 248{
 249        spin_lock(&unix_table_lock);
 250        __unix_remove_socket(sk);
 251        spin_unlock(&unix_table_lock);
 252}
 253
 254static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
 255{
 256        spin_lock(&unix_table_lock);
 257        __unix_insert_socket(list, sk);
 258        spin_unlock(&unix_table_lock);
 259}
 260
 261static struct sock *__unix_find_socket_byname(struct net *net,
 262                                              struct sockaddr_un *sunname,
 263                                              int len, int type, unsigned int hash)
 264{
 265        struct sock *s;
 266        struct hlist_node *node;
 267
 268        sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
 269                struct unix_sock *u = unix_sk(s);
 270
 271                if (!net_eq(sock_net(s), net))
 272                        continue;
 273
 274                if (u->addr->len == len &&
 275                    !memcmp(u->addr->name, sunname, len))
 276                        goto found;
 277        }
 278        s = NULL;
 279found:
 280        return s;
 281}
 282
 283static inline struct sock *unix_find_socket_byname(struct net *net,
 284                                                   struct sockaddr_un *sunname,
 285                                                   int len, int type,
 286                                                   unsigned int hash)
 287{
 288        struct sock *s;
 289
 290        spin_lock(&unix_table_lock);
 291        s = __unix_find_socket_byname(net, sunname, len, type, hash);
 292        if (s)
 293                sock_hold(s);
 294        spin_unlock(&unix_table_lock);
 295        return s;
 296}
 297
 298static struct sock *unix_find_socket_byinode(struct inode *i)
 299{
 300        struct sock *s;
 301        struct hlist_node *node;
 302
 303        spin_lock(&unix_table_lock);
 304        sk_for_each(s, node,
 305                    &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
 306                struct dentry *dentry = unix_sk(s)->path.dentry;
 307
 308                if (dentry && dentry->d_inode == i) {
 309                        sock_hold(s);
 310                        goto found;
 311                }
 312        }
 313        s = NULL;
 314found:
 315        spin_unlock(&unix_table_lock);
 316        return s;
 317}
 318
 319static inline int unix_writable(struct sock *sk)
 320{
 321        return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
 322}
 323
 324static void unix_write_space(struct sock *sk)
 325{
 326        struct socket_wq *wq;
 327
 328        rcu_read_lock();
 329        if (unix_writable(sk)) {
 330                wq = rcu_dereference(sk->sk_wq);
 331                if (wq_has_sleeper(wq))
 332                        wake_up_interruptible_sync_poll(&wq->wait,
 333                                POLLOUT | POLLWRNORM | POLLWRBAND);
 334                sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
 335        }
 336        rcu_read_unlock();
 337}
 338
 339/* When dgram socket disconnects (or changes its peer), we clear its receive
 340 * queue of packets arrived from previous peer. First, it allows to do
 341 * flow control based only on wmem_alloc; second, sk connected to peer
 342 * may receive messages only from that peer. */
 343static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
 344{
 345        if (!skb_queue_empty(&sk->sk_receive_queue)) {
 346                skb_queue_purge(&sk->sk_receive_queue);
 347                wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
 348
 349                /* If one link of bidirectional dgram pipe is disconnected,
 350                 * we signal error. Messages are lost. Do not make this,
 351                 * when peer was not connected to us.
 352                 */
 353                if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
 354                        other->sk_err = ECONNRESET;
 355                        other->sk_error_report(other);
 356                }
 357        }
 358}
 359
 360static void unix_sock_destructor(struct sock *sk)
 361{
 362        struct unix_sock *u = unix_sk(sk);
 363
 364        skb_queue_purge(&sk->sk_receive_queue);
 365
 366        WARN_ON(atomic_read(&sk->sk_wmem_alloc));
 367        WARN_ON(!sk_unhashed(sk));
 368        WARN_ON(sk->sk_socket);
 369        if (!sock_flag(sk, SOCK_DEAD)) {
 370                printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
 371                return;
 372        }
 373
 374        if (u->addr)
 375                unix_release_addr(u->addr);
 376
 377        atomic_long_dec(&unix_nr_socks);
 378        local_bh_disable();
 379        sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
 380        local_bh_enable();
 381#ifdef UNIX_REFCNT_DEBUG
 382        printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
 383                atomic_long_read(&unix_nr_socks));
 384#endif
 385}
 386
 387static int unix_release_sock(struct sock *sk, int embrion)
 388{
 389        struct unix_sock *u = unix_sk(sk);
 390        struct path path;
 391        struct sock *skpair;
 392        struct sk_buff *skb;
 393        int state;
 394
 395        unix_remove_socket(sk);
 396
 397        /* Clear state */
 398        unix_state_lock(sk);
 399        sock_orphan(sk);
 400        sk->sk_shutdown = SHUTDOWN_MASK;
 401        path         = u->path;
 402        u->path.dentry = NULL;
 403        u->path.mnt = NULL;
 404        state = sk->sk_state;
 405        sk->sk_state = TCP_CLOSE;
 406        unix_state_unlock(sk);
 407
 408        wake_up_interruptible_all(&u->peer_wait);
 409
 410        skpair = unix_peer(sk);
 411
 412        if (skpair != NULL) {
 413                if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
 414                        unix_state_lock(skpair);
 415                        /* No more writes */
 416                        skpair->sk_shutdown = SHUTDOWN_MASK;
 417                        if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
 418                                skpair->sk_err = ECONNRESET;
 419                        unix_state_unlock(skpair);
 420                        skpair->sk_state_change(skpair);
 421                        sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
 422                }
 423                sock_put(skpair); /* It may now die */
 424                unix_peer(sk) = NULL;
 425        }
 426
 427        /* Try to flush out this socket. Throw out buffers at least */
 428
 429        while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
 430                if (state == TCP_LISTEN)
 431                        unix_release_sock(skb->sk, 1);
 432                /* passed fds are erased in the kfree_skb hook        */
 433                kfree_skb(skb);
 434        }
 435
 436        if (path.dentry)
 437                path_put(&path);
 438
 439        sock_put(sk);
 440
 441        /* ---- Socket is dead now and most probably destroyed ---- */
 442
 443        /*
 444         * Fixme: BSD difference: In BSD all sockets connected to us get
 445         *        ECONNRESET and we die on the spot. In Linux we behave
 446         *        like files and pipes do and wait for the last
 447         *        dereference.
 448         *
 449         * Can't we simply set sock->err?
 450         *
 451         *        What the above comment does talk about? --ANK(980817)
 452         */
 453
 454        if (unix_tot_inflight)
 455                unix_gc();              /* Garbage collect fds */
 456
 457        return 0;
 458}
 459
 460static void init_peercred(struct sock *sk)
 461{
 462        put_pid(sk->sk_peer_pid);
 463        if (sk->sk_peer_cred)
 464                put_cred(sk->sk_peer_cred);
 465        sk->sk_peer_pid  = get_pid(task_tgid(current));
 466        sk->sk_peer_cred = get_current_cred();
 467}
 468
 469static void copy_peercred(struct sock *sk, struct sock *peersk)
 470{
 471        put_pid(sk->sk_peer_pid);
 472        if (sk->sk_peer_cred)
 473                put_cred(sk->sk_peer_cred);
 474        sk->sk_peer_pid  = get_pid(peersk->sk_peer_pid);
 475        sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
 476}
 477
 478static int unix_listen(struct socket *sock, int backlog)
 479{
 480        int err;
 481        struct sock *sk = sock->sk;
 482        struct unix_sock *u = unix_sk(sk);
 483        struct pid *old_pid = NULL;
 484
 485        err = -EOPNOTSUPP;
 486        if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
 487                goto out;       /* Only stream/seqpacket sockets accept */
 488        err = -EINVAL;
 489        if (!u->addr)
 490                goto out;       /* No listens on an unbound socket */
 491        unix_state_lock(sk);
 492        if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
 493                goto out_unlock;
 494        if (backlog > sk->sk_max_ack_backlog)
 495                wake_up_interruptible_all(&u->peer_wait);
 496        sk->sk_max_ack_backlog  = backlog;
 497        sk->sk_state            = TCP_LISTEN;
 498        /* set credentials so connect can copy them */
 499        init_peercred(sk);
 500        err = 0;
 501
 502out_unlock:
 503        unix_state_unlock(sk);
 504        put_pid(old_pid);
 505out:
 506        return err;
 507}
 508
 509static int unix_release(struct socket *);
 510static int unix_bind(struct socket *, struct sockaddr *, int);
 511static int unix_stream_connect(struct socket *, struct sockaddr *,
 512                               int addr_len, int flags);
 513static int unix_socketpair(struct socket *, struct socket *);
 514static int unix_accept(struct socket *, struct socket *, int);
 515static int unix_getname(struct socket *, struct sockaddr *, int *, int);
 516static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
 517static unsigned int unix_dgram_poll(struct file *, struct socket *,
 518                                    poll_table *);
 519static int unix_ioctl(struct socket *, unsigned int, unsigned long);
 520static int unix_shutdown(struct socket *, int);
 521static int unix_stream_sendmsg(struct kiocb *, struct socket *,
 522                               struct msghdr *, size_t);
 523static int unix_stream_recvmsg(struct kiocb *, struct socket *,
 524                               struct msghdr *, size_t, int);
 525static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
 526                              struct msghdr *, size_t);
 527static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
 528                              struct msghdr *, size_t, int);
 529static int unix_dgram_connect(struct socket *, struct sockaddr *,
 530                              int, int);
 531static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
 532                                  struct msghdr *, size_t);
 533static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
 534                                  struct msghdr *, size_t, int);
 535
 536static void unix_set_peek_off(struct sock *sk, int val)
 537{
 538        struct unix_sock *u = unix_sk(sk);
 539
 540        mutex_lock(&u->readlock);
 541        sk->sk_peek_off = val;
 542        mutex_unlock(&u->readlock);
 543}
 544
 545
 546static const struct proto_ops unix_stream_ops = {
 547        .family =       PF_UNIX,
 548        .owner =        THIS_MODULE,
 549        .release =      unix_release,
 550        .bind =         unix_bind,
 551        .connect =      unix_stream_connect,
 552        .socketpair =   unix_socketpair,
 553        .accept =       unix_accept,
 554        .getname =      unix_getname,
 555        .poll =         unix_poll,
 556        .ioctl =        unix_ioctl,
 557        .listen =       unix_listen,
 558        .shutdown =     unix_shutdown,
 559        .setsockopt =   sock_no_setsockopt,
 560        .getsockopt =   sock_no_getsockopt,
 561        .sendmsg =      unix_stream_sendmsg,
 562        .recvmsg =      unix_stream_recvmsg,
 563        .mmap =         sock_no_mmap,
 564        .sendpage =     sock_no_sendpage,
 565        .set_peek_off = unix_set_peek_off,
 566};
 567
 568static const struct proto_ops unix_dgram_ops = {
 569        .family =       PF_UNIX,
 570        .owner =        THIS_MODULE,
 571        .release =      unix_release,
 572        .bind =         unix_bind,
 573        .connect =      unix_dgram_connect,
 574        .socketpair =   unix_socketpair,
 575        .accept =       sock_no_accept,
 576        .getname =      unix_getname,
 577        .poll =         unix_dgram_poll,
 578        .ioctl =        unix_ioctl,
 579        .listen =       sock_no_listen,
 580        .shutdown =     unix_shutdown,
 581        .setsockopt =   sock_no_setsockopt,
 582        .getsockopt =   sock_no_getsockopt,
 583        .sendmsg =      unix_dgram_sendmsg,
 584        .recvmsg =      unix_dgram_recvmsg,
 585        .mmap =         sock_no_mmap,
 586        .sendpage =     sock_no_sendpage,
 587        .set_peek_off = unix_set_peek_off,
 588};
 589
 590static const struct proto_ops unix_seqpacket_ops = {
 591        .family =       PF_UNIX,
 592        .owner =        THIS_MODULE,
 593        .release =      unix_release,
 594        .bind =         unix_bind,
 595        .connect =      unix_stream_connect,
 596        .socketpair =   unix_socketpair,
 597        .accept =       unix_accept,
 598        .getname =      unix_getname,
 599        .poll =         unix_dgram_poll,
 600        .ioctl =        unix_ioctl,
 601        .listen =       unix_listen,
 602        .shutdown =     unix_shutdown,
 603        .setsockopt =   sock_no_setsockopt,
 604        .getsockopt =   sock_no_getsockopt,
 605        .sendmsg =      unix_seqpacket_sendmsg,
 606        .recvmsg =      unix_seqpacket_recvmsg,
 607        .mmap =         sock_no_mmap,
 608        .sendpage =     sock_no_sendpage,
 609        .set_peek_off = unix_set_peek_off,
 610};
 611
 612static struct proto unix_proto = {
 613        .name                   = "UNIX",
 614        .owner                  = THIS_MODULE,
 615        .obj_size               = sizeof(struct unix_sock),
 616};
 617
 618/*
 619 * AF_UNIX sockets do not interact with hardware, hence they
 620 * dont trigger interrupts - so it's safe for them to have
 621 * bh-unsafe locking for their sk_receive_queue.lock. Split off
 622 * this special lock-class by reinitializing the spinlock key:
 623 */
 624static struct lock_class_key af_unix_sk_receive_queue_lock_key;
 625
 626static struct sock *unix_create1(struct net *net, struct socket *sock)
 627{
 628        struct sock *sk = NULL;
 629        struct unix_sock *u;
 630
 631        atomic_long_inc(&unix_nr_socks);
 632        if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
 633                goto out;
 634
 635        sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
 636        if (!sk)
 637                goto out;
 638
 639        sock_init_data(sock, sk);
 640        lockdep_set_class(&sk->sk_receive_queue.lock,
 641                                &af_unix_sk_receive_queue_lock_key);
 642
 643        sk->sk_write_space      = unix_write_space;
 644        sk->sk_max_ack_backlog  = net->unx.sysctl_max_dgram_qlen;
 645        sk->sk_destruct         = unix_sock_destructor;
 646        u         = unix_sk(sk);
 647        u->path.dentry = NULL;
 648        u->path.mnt = NULL;
 649        spin_lock_init(&u->lock);
 650        atomic_long_set(&u->inflight, 0);
 651        INIT_LIST_HEAD(&u->link);
 652        mutex_init(&u->readlock); /* single task reading lock */
 653        init_waitqueue_head(&u->peer_wait);
 654        unix_insert_socket(unix_sockets_unbound(sk), sk);
 655out:
 656        if (sk == NULL)
 657                atomic_long_dec(&unix_nr_socks);
 658        else {
 659                local_bh_disable();
 660                sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
 661                local_bh_enable();
 662        }
 663        return sk;
 664}
 665
 666static int unix_create(struct net *net, struct socket *sock, int protocol,
 667                       int kern)
 668{
 669        if (protocol && protocol != PF_UNIX)
 670                return -EPROTONOSUPPORT;
 671
 672        sock->state = SS_UNCONNECTED;
 673
 674        switch (sock->type) {
 675        case SOCK_STREAM:
 676                sock->ops = &unix_stream_ops;
 677                break;
 678                /*
 679                 *      Believe it or not BSD has AF_UNIX, SOCK_RAW though
 680                 *      nothing uses it.
 681                 */
 682        case SOCK_RAW:
 683                sock->type = SOCK_DGRAM;
 684        case SOCK_DGRAM:
 685                sock->ops = &unix_dgram_ops;
 686                break;
 687        case SOCK_SEQPACKET:
 688                sock->ops = &unix_seqpacket_ops;
 689                break;
 690        default:
 691                return -ESOCKTNOSUPPORT;
 692        }
 693
 694        return unix_create1(net, sock) ? 0 : -ENOMEM;
 695}
 696
 697static int unix_release(struct socket *sock)
 698{
 699        struct sock *sk = sock->sk;
 700
 701        if (!sk)
 702                return 0;
 703
 704        sock->sk = NULL;
 705
 706        return unix_release_sock(sk, 0);
 707}
 708
 709static int unix_autobind(struct socket *sock)
 710{
 711        struct sock *sk = sock->sk;
 712        struct net *net = sock_net(sk);
 713        struct unix_sock *u = unix_sk(sk);
 714        static u32 ordernum = 1;
 715        struct unix_address *addr;
 716        int err;
 717        unsigned int retries = 0;
 718
 719        mutex_lock(&u->readlock);
 720
 721        err = 0;
 722        if (u->addr)
 723                goto out;
 724
 725        err = -ENOMEM;
 726        addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
 727        if (!addr)
 728                goto out;
 729
 730        addr->name->sun_family = AF_UNIX;
 731        atomic_set(&addr->refcnt, 1);
 732
 733retry:
 734        addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
 735        addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
 736
 737        spin_lock(&unix_table_lock);
 738        ordernum = (ordernum+1)&0xFFFFF;
 739
 740        if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
 741                                      addr->hash)) {
 742                spin_unlock(&unix_table_lock);
 743                /*
 744                 * __unix_find_socket_byname() may take long time if many names
 745                 * are already in use.
 746                 */
 747                cond_resched();
 748                /* Give up if all names seems to be in use. */
 749                if (retries++ == 0xFFFFF) {
 750                        err = -ENOSPC;
 751                        kfree(addr);
 752                        goto out;
 753                }
 754                goto retry;
 755        }
 756        addr->hash ^= sk->sk_type;
 757
 758        __unix_remove_socket(sk);
 759        u->addr = addr;
 760        __unix_insert_socket(&unix_socket_table[addr->hash], sk);
 761        spin_unlock(&unix_table_lock);
 762        err = 0;
 763
 764out:    mutex_unlock(&u->readlock);
 765        return err;
 766}
 767
 768static struct sock *unix_find_other(struct net *net,
 769                                    struct sockaddr_un *sunname, int len,
 770                                    int type, unsigned int hash, int *error)
 771{
 772        struct sock *u;
 773        struct path path;
 774        int err = 0;
 775
 776        if (sunname->sun_path[0]) {
 777                struct inode *inode;
 778                err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
 779                if (err)
 780                        goto fail;
 781                inode = path.dentry->d_inode;
 782                err = inode_permission(inode, MAY_WRITE);
 783                if (err)
 784                        goto put_fail;
 785
 786                err = -ECONNREFUSED;
 787                if (!S_ISSOCK(inode->i_mode))
 788                        goto put_fail;
 789                u = unix_find_socket_byinode(inode);
 790                if (!u)
 791                        goto put_fail;
 792
 793                if (u->sk_type == type)
 794                        touch_atime(&path);
 795
 796                path_put(&path);
 797
 798                err = -EPROTOTYPE;
 799                if (u->sk_type != type) {
 800                        sock_put(u);
 801                        goto fail;
 802                }
 803        } else {
 804                err = -ECONNREFUSED;
 805                u = unix_find_socket_byname(net, sunname, len, type, hash);
 806                if (u) {
 807                        struct dentry *dentry;
 808                        dentry = unix_sk(u)->path.dentry;
 809                        if (dentry)
 810                                touch_atime(&unix_sk(u)->path);
 811                } else
 812                        goto fail;
 813        }
 814        return u;
 815
 816put_fail:
 817        path_put(&path);
 818fail:
 819        *error = err;
 820        return NULL;
 821}
 822
 823static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
 824{
 825        struct dentry *dentry;
 826        struct path path;
 827        int err = 0;
 828        /*
 829         * Get the parent directory, calculate the hash for last
 830         * component.
 831         */
 832        dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
 833        err = PTR_ERR(dentry);
 834        if (IS_ERR(dentry))
 835                return err;
 836
 837        /*
 838         * All right, let's create it.
 839         */
 840        err = security_path_mknod(&path, dentry, mode, 0);
 841        if (!err) {
 842                err = vfs_mknod(path.dentry->d_inode, dentry, mode, 0);
 843                if (!err) {
 844                        res->mnt = mntget(path.mnt);
 845                        res->dentry = dget(dentry);
 846                }
 847        }
 848        done_path_create(&path, dentry);
 849        return err;
 850}
 851
 852static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 853{
 854        struct sock *sk = sock->sk;
 855        struct net *net = sock_net(sk);
 856        struct unix_sock *u = unix_sk(sk);
 857        struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
 858        char *sun_path = sunaddr->sun_path;
 859        int err;
 860        unsigned int hash;
 861        struct unix_address *addr;
 862        struct hlist_head *list;
 863
 864        err = -EINVAL;
 865        if (sunaddr->sun_family != AF_UNIX)
 866                goto out;
 867
 868        if (addr_len == sizeof(short)) {
 869                err = unix_autobind(sock);
 870                goto out;
 871        }
 872
 873        err = unix_mkname(sunaddr, addr_len, &hash);
 874        if (err < 0)
 875                goto out;
 876        addr_len = err;
 877
 878        mutex_lock(&u->readlock);
 879
 880        err = -EINVAL;
 881        if (u->addr)
 882                goto out_up;
 883
 884        err = -ENOMEM;
 885        addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
 886        if (!addr)
 887                goto out_up;
 888
 889        memcpy(addr->name, sunaddr, addr_len);
 890        addr->len = addr_len;
 891        addr->hash = hash ^ sk->sk_type;
 892        atomic_set(&addr->refcnt, 1);
 893
 894        if (sun_path[0]) {
 895                struct path path;
 896                umode_t mode = S_IFSOCK |
 897                       (SOCK_INODE(sock)->i_mode & ~current_umask());
 898                err = unix_mknod(sun_path, mode, &path);
 899                if (err) {
 900                        if (err == -EEXIST)
 901                                err = -EADDRINUSE;
 902                        unix_release_addr(addr);
 903                        goto out_up;
 904                }
 905                addr->hash = UNIX_HASH_SIZE;
 906                hash = path.dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1);
 907                spin_lock(&unix_table_lock);
 908                u->path = path;
 909                list = &unix_socket_table[hash];
 910        } else {
 911                spin_lock(&unix_table_lock);
 912                err = -EADDRINUSE;
 913                if (__unix_find_socket_byname(net, sunaddr, addr_len,
 914                                              sk->sk_type, hash)) {
 915                        unix_release_addr(addr);
 916                        goto out_unlock;
 917                }
 918
 919                list = &unix_socket_table[addr->hash];
 920        }
 921
 922        err = 0;
 923        __unix_remove_socket(sk);
 924        u->addr = addr;
 925        __unix_insert_socket(list, sk);
 926
 927out_unlock:
 928        spin_unlock(&unix_table_lock);
 929out_up:
 930        mutex_unlock(&u->readlock);
 931out:
 932        return err;
 933}
 934
 935static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
 936{
 937        if (unlikely(sk1 == sk2) || !sk2) {
 938                unix_state_lock(sk1);
 939                return;
 940        }
 941        if (sk1 < sk2) {
 942                unix_state_lock(sk1);
 943                unix_state_lock_nested(sk2);
 944        } else {
 945                unix_state_lock(sk2);
 946                unix_state_lock_nested(sk1);
 947        }
 948}
 949
 950static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
 951{
 952        if (unlikely(sk1 == sk2) || !sk2) {
 953                unix_state_unlock(sk1);
 954                return;
 955        }
 956        unix_state_unlock(sk1);
 957        unix_state_unlock(sk2);
 958}
 959
 960static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
 961                              int alen, int flags)
 962{
 963        struct sock *sk = sock->sk;
 964        struct net *net = sock_net(sk);
 965        struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
 966        struct sock *other;
 967        unsigned int hash;
 968        int err;
 969
 970        if (addr->sa_family != AF_UNSPEC) {
 971                err = unix_mkname(sunaddr, alen, &hash);
 972                if (err < 0)
 973                        goto out;
 974                alen = err;
 975
 976                if (test_bit(SOCK_PASSCRED, &sock->flags) &&
 977                    !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
 978                        goto out;
 979
 980restart:
 981                other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
 982                if (!other)
 983                        goto out;
 984
 985                unix_state_double_lock(sk, other);
 986
 987                /* Apparently VFS overslept socket death. Retry. */
 988                if (sock_flag(other, SOCK_DEAD)) {
 989                        unix_state_double_unlock(sk, other);
 990                        sock_put(other);
 991                        goto restart;
 992                }
 993
 994                err = -EPERM;
 995                if (!unix_may_send(sk, other))
 996                        goto out_unlock;
 997
 998                err = security_unix_may_send(sk->sk_socket, other->sk_socket);
 999                if (err)
1000                        goto out_unlock;
1001
1002        } else {
1003                /*
1004                 *      1003.1g breaking connected state with AF_UNSPEC
1005                 */
1006                other = NULL;
1007                unix_state_double_lock(sk, other);
1008        }
1009
1010        /*
1011         * If it was connected, reconnect.
1012         */
1013        if (unix_peer(sk)) {
1014                struct sock *old_peer = unix_peer(sk);
1015                unix_peer(sk) = other;
1016                unix_state_double_unlock(sk, other);
1017
1018                if (other != old_peer)
1019                        unix_dgram_disconnected(sk, old_peer);
1020                sock_put(old_peer);
1021        } else {
1022                unix_peer(sk) = other;
1023                unix_state_double_unlock(sk, other);
1024        }
1025        return 0;
1026
1027out_unlock:
1028        unix_state_double_unlock(sk, other);
1029        sock_put(other);
1030out:
1031        return err;
1032}
1033
1034static long unix_wait_for_peer(struct sock *other, long timeo)
1035{
1036        struct unix_sock *u = unix_sk(other);
1037        int sched;
1038        DEFINE_WAIT(wait);
1039
1040        prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1041
1042        sched = !sock_flag(other, SOCK_DEAD) &&
1043                !(other->sk_shutdown & RCV_SHUTDOWN) &&
1044                unix_recvq_full(other);
1045
1046        unix_state_unlock(other);
1047
1048        if (sched)
1049                timeo = schedule_timeout(timeo);
1050
1051        finish_wait(&u->peer_wait, &wait);
1052        return timeo;
1053}
1054
1055static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1056                               int addr_len, int flags)
1057{
1058        struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1059        struct sock *sk = sock->sk;
1060        struct net *net = sock_net(sk);
1061        struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1062        struct sock *newsk = NULL;
1063        struct sock *other = NULL;
1064        struct sk_buff *skb = NULL;
1065        unsigned int hash;
1066        int st;
1067        int err;
1068        long timeo;
1069
1070        err = unix_mkname(sunaddr, addr_len, &hash);
1071        if (err < 0)
1072                goto out;
1073        addr_len = err;
1074
1075        if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1076            (err = unix_autobind(sock)) != 0)
1077                goto out;
1078
1079        timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1080
1081        /* First of all allocate resources.
1082           If we will make it after state is locked,
1083           we will have to recheck all again in any case.
1084         */
1085
1086        err = -ENOMEM;
1087
1088        /* create new sock for complete connection */
1089        newsk = unix_create1(sock_net(sk), NULL);
1090        if (newsk == NULL)
1091                goto out;
1092
1093        /* Allocate skb for sending to listening sock */
1094        skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1095        if (skb == NULL)
1096                goto out;
1097
1098restart:
1099        /*  Find listening sock. */
1100        other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1101        if (!other)
1102                goto out;
1103
1104        /* Latch state of peer */
1105        unix_state_lock(other);
1106
1107        /* Apparently VFS overslept socket death. Retry. */
1108        if (sock_flag(other, SOCK_DEAD)) {
1109                unix_state_unlock(other);
1110                sock_put(other);
1111                goto restart;
1112        }
1113
1114        err = -ECONNREFUSED;
1115        if (other->sk_state != TCP_LISTEN)
1116                goto out_unlock;
1117        if (other->sk_shutdown & RCV_SHUTDOWN)
1118                goto out_unlock;
1119
1120        if (unix_recvq_full(other)) {
1121                err = -EAGAIN;
1122                if (!timeo)
1123                        goto out_unlock;
1124
1125                timeo = unix_wait_for_peer(other, timeo);
1126
1127                err = sock_intr_errno(timeo);
1128                if (signal_pending(current))
1129                        goto out;
1130                sock_put(other);
1131                goto restart;
1132        }
1133
1134        /* Latch our state.
1135
1136           It is tricky place. We need to grab our state lock and cannot
1137           drop lock on peer. It is dangerous because deadlock is
1138           possible. Connect to self case and simultaneous
1139           attempt to connect are eliminated by checking socket
1140           state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1141           check this before attempt to grab lock.
1142
1143           Well, and we have to recheck the state after socket locked.
1144         */
1145        st = sk->sk_state;
1146
1147        switch (st) {
1148        case TCP_CLOSE:
1149                /* This is ok... continue with connect */
1150                break;
1151        case TCP_ESTABLISHED:
1152                /* Socket is already connected */
1153                err = -EISCONN;
1154                goto out_unlock;
1155        default:
1156                err = -EINVAL;
1157                goto out_unlock;
1158        }
1159
1160        unix_state_lock_nested(sk);
1161
1162        if (sk->sk_state != st) {
1163                unix_state_unlock(sk);
1164                unix_state_unlock(other);
1165                sock_put(other);
1166                goto restart;
1167        }
1168
1169        err = security_unix_stream_connect(sk, other, newsk);
1170        if (err) {
1171                unix_state_unlock(sk);
1172                goto out_unlock;
1173        }
1174
1175        /* The way is open! Fastly set all the necessary fields... */
1176
1177        sock_hold(sk);
1178        unix_peer(newsk)        = sk;
1179        newsk->sk_state         = TCP_ESTABLISHED;
1180        newsk->sk_type          = sk->sk_type;
1181        init_peercred(newsk);
1182        newu = unix_sk(newsk);
1183        RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1184        otheru = unix_sk(other);
1185
1186        /* copy address information from listening to new sock*/
1187        if (otheru->addr) {
1188                atomic_inc(&otheru->addr->refcnt);
1189                newu->addr = otheru->addr;
1190        }
1191        if (otheru->path.dentry) {
1192                path_get(&otheru->path);
1193                newu->path = otheru->path;
1194        }
1195
1196        /* Set credentials */
1197        copy_peercred(sk, other);
1198
1199        sock->state     = SS_CONNECTED;
1200        sk->sk_state    = TCP_ESTABLISHED;
1201        sock_hold(newsk);
1202
1203        smp_mb__after_atomic_inc();     /* sock_hold() does an atomic_inc() */
1204        unix_peer(sk)   = newsk;
1205
1206        unix_state_unlock(sk);
1207
1208        /* take ten and and send info to listening sock */
1209        spin_lock(&other->sk_receive_queue.lock);
1210        __skb_queue_tail(&other->sk_receive_queue, skb);
1211        spin_unlock(&other->sk_receive_queue.lock);
1212        unix_state_unlock(other);
1213        other->sk_data_ready(other, 0);
1214        sock_put(other);
1215        return 0;
1216
1217out_unlock:
1218        if (other)
1219                unix_state_unlock(other);
1220
1221out:
1222        kfree_skb(skb);
1223        if (newsk)
1224                unix_release_sock(newsk, 0);
1225        if (other)
1226                sock_put(other);
1227        return err;
1228}
1229
1230static int unix_socketpair(struct socket *socka, struct socket *sockb)
1231{
1232        struct sock *ska = socka->sk, *skb = sockb->sk;
1233
1234        /* Join our sockets back to back */
1235        sock_hold(ska);
1236        sock_hold(skb);
1237        unix_peer(ska) = skb;
1238        unix_peer(skb) = ska;
1239        init_peercred(ska);
1240        init_peercred(skb);
1241
1242        if (ska->sk_type != SOCK_DGRAM) {
1243                ska->sk_state = TCP_ESTABLISHED;
1244                skb->sk_state = TCP_ESTABLISHED;
1245                socka->state  = SS_CONNECTED;
1246                sockb->state  = SS_CONNECTED;
1247        }
1248        return 0;
1249}
1250
1251static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1252{
1253        struct sock *sk = sock->sk;
1254        struct sock *tsk;
1255        struct sk_buff *skb;
1256        int err;
1257
1258        err = -EOPNOTSUPP;
1259        if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1260                goto out;
1261
1262        err = -EINVAL;
1263        if (sk->sk_state != TCP_LISTEN)
1264                goto out;
1265
1266        /* If socket state is TCP_LISTEN it cannot change (for now...),
1267         * so that no locks are necessary.
1268         */
1269
1270        skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1271        if (!skb) {
1272                /* This means receive shutdown. */
1273                if (err == 0)
1274                        err = -EINVAL;
1275                goto out;
1276        }
1277
1278        tsk = skb->sk;
1279        skb_free_datagram(sk, skb);
1280        wake_up_interruptible(&unix_sk(sk)->peer_wait);
1281
1282        /* attach accepted sock to socket */
1283        unix_state_lock(tsk);
1284        newsock->state = SS_CONNECTED;
1285        sock_graft(tsk, newsock);
1286        unix_state_unlock(tsk);
1287        return 0;
1288
1289out:
1290        return err;
1291}
1292
1293
1294static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1295{
1296        struct sock *sk = sock->sk;
1297        struct unix_sock *u;
1298        DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1299        int err = 0;
1300
1301        if (peer) {
1302                sk = unix_peer_get(sk);
1303
1304                err = -ENOTCONN;
1305                if (!sk)
1306                        goto out;
1307                err = 0;
1308        } else {
1309                sock_hold(sk);
1310        }
1311
1312        u = unix_sk(sk);
1313        unix_state_lock(sk);
1314        if (!u->addr) {
1315                sunaddr->sun_family = AF_UNIX;
1316                sunaddr->sun_path[0] = 0;
1317                *uaddr_len = sizeof(short);
1318        } else {
1319                struct unix_address *addr = u->addr;
1320
1321                *uaddr_len = addr->len;
1322                memcpy(sunaddr, addr->name, *uaddr_len);
1323        }
1324        unix_state_unlock(sk);
1325        sock_put(sk);
1326out:
1327        return err;
1328}
1329
1330static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1331{
1332        int i;
1333
1334        scm->fp = UNIXCB(skb).fp;
1335        UNIXCB(skb).fp = NULL;
1336
1337        for (i = scm->fp->count-1; i >= 0; i--)
1338                unix_notinflight(scm->fp->fp[i]);
1339}
1340
1341static void unix_destruct_scm(struct sk_buff *skb)
1342{
1343        struct scm_cookie scm;
1344        memset(&scm, 0, sizeof(scm));
1345        scm.pid  = UNIXCB(skb).pid;
1346        scm.cred = UNIXCB(skb).cred;
1347        if (UNIXCB(skb).fp)
1348                unix_detach_fds(&scm, skb);
1349
1350        /* Alas, it calls VFS */
1351        /* So fscking what? fput() had been SMP-safe since the last Summer */
1352        scm_destroy(&scm);
1353        sock_wfree(skb);
1354}
1355
1356#define MAX_RECURSION_LEVEL 4
1357
1358static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1359{
1360        int i;
1361        unsigned char max_level = 0;
1362        int unix_sock_count = 0;
1363
1364        for (i = scm->fp->count - 1; i >= 0; i--) {
1365                struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1366
1367                if (sk) {
1368                        unix_sock_count++;
1369                        max_level = max(max_level,
1370                                        unix_sk(sk)->recursion_level);
1371                }
1372        }
1373        if (unlikely(max_level > MAX_RECURSION_LEVEL))
1374                return -ETOOMANYREFS;
1375
1376        /*
1377         * Need to duplicate file references for the sake of garbage
1378         * collection.  Otherwise a socket in the fps might become a
1379         * candidate for GC while the skb is not yet queued.
1380         */
1381        UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1382        if (!UNIXCB(skb).fp)
1383                return -ENOMEM;
1384
1385        if (unix_sock_count) {
1386                for (i = scm->fp->count - 1; i >= 0; i--)
1387                        unix_inflight(scm->fp->fp[i]);
1388        }
1389        return max_level;
1390}
1391
1392static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1393{
1394        int err = 0;
1395
1396        UNIXCB(skb).pid  = get_pid(scm->pid);
1397        if (scm->cred)
1398                UNIXCB(skb).cred = get_cred(scm->cred);
1399        UNIXCB(skb).fp = NULL;
1400        if (scm->fp && send_fds)
1401                err = unix_attach_fds(scm, skb);
1402
1403        skb->destructor = unix_destruct_scm;
1404        return err;
1405}
1406
1407/*
1408 * Some apps rely on write() giving SCM_CREDENTIALS
1409 * We include credentials if source or destination socket
1410 * asserted SOCK_PASSCRED.
1411 */
1412static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1413                            const struct sock *other)
1414{
1415        if (UNIXCB(skb).cred)
1416                return;
1417        if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1418            !other->sk_socket ||
1419            test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1420                UNIXCB(skb).pid  = get_pid(task_tgid(current));
1421                UNIXCB(skb).cred = get_current_cred();
1422        }
1423}
1424
1425/*
1426 *      Send AF_UNIX data.
1427 */
1428
1429static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1430                              struct msghdr *msg, size_t len)
1431{
1432        struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1433        struct sock *sk = sock->sk;
1434        struct net *net = sock_net(sk);
1435        struct unix_sock *u = unix_sk(sk);
1436        struct sockaddr_un *sunaddr = msg->msg_name;
1437        struct sock *other = NULL;
1438        int namelen = 0; /* fake GCC */
1439        int err;
1440        unsigned int hash;
1441        struct sk_buff *skb;
1442        long timeo;
1443        struct scm_cookie tmp_scm;
1444        int max_level;
1445        int data_len = 0;
1446
1447        if (NULL == siocb->scm)
1448                siocb->scm = &tmp_scm;
1449        wait_for_unix_gc();
1450        err = scm_send(sock, msg, siocb->scm, false);
1451        if (err < 0)
1452                return err;
1453
1454        err = -EOPNOTSUPP;
1455        if (msg->msg_flags&MSG_OOB)
1456                goto out;
1457
1458        if (msg->msg_namelen) {
1459                err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1460                if (err < 0)
1461                        goto out;
1462                namelen = err;
1463        } else {
1464                sunaddr = NULL;
1465                err = -ENOTCONN;
1466                other = unix_peer_get(sk);
1467                if (!other)
1468                        goto out;
1469        }
1470
1471        if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1472            && (err = unix_autobind(sock)) != 0)
1473                goto out;
1474
1475        err = -EMSGSIZE;
1476        if (len > sk->sk_sndbuf - 32)
1477                goto out;
1478
1479        if (len > SKB_MAX_ALLOC)
1480                data_len = min_t(size_t,
1481                                 len - SKB_MAX_ALLOC,
1482                                 MAX_SKB_FRAGS * PAGE_SIZE);
1483
1484        skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1485                                   msg->msg_flags & MSG_DONTWAIT, &err);
1486        if (skb == NULL)
1487                goto out;
1488
1489        err = unix_scm_to_skb(siocb->scm, skb, true);
1490        if (err < 0)
1491                goto out_free;
1492        max_level = err + 1;
1493        unix_get_secdata(siocb->scm, skb);
1494
1495        skb_put(skb, len - data_len);
1496        skb->data_len = data_len;
1497        skb->len = len;
1498        err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, 0, len);
1499        if (err)
1500                goto out_free;
1501
1502        timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1503
1504restart:
1505        if (!other) {
1506                err = -ECONNRESET;
1507                if (sunaddr == NULL)
1508                        goto out_free;
1509
1510                other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1511                                        hash, &err);
1512                if (other == NULL)
1513                        goto out_free;
1514        }
1515
1516        if (sk_filter(other, skb) < 0) {
1517                /* Toss the packet but do not return any error to the sender */
1518                err = len;
1519                goto out_free;
1520        }
1521
1522        unix_state_lock(other);
1523        err = -EPERM;
1524        if (!unix_may_send(sk, other))
1525                goto out_unlock;
1526
1527        if (sock_flag(other, SOCK_DEAD)) {
1528                /*
1529                 *      Check with 1003.1g - what should
1530                 *      datagram error
1531                 */
1532                unix_state_unlock(other);
1533                sock_put(other);
1534
1535                err = 0;
1536                unix_state_lock(sk);
1537                if (unix_peer(sk) == other) {
1538                        unix_peer(sk) = NULL;
1539                        unix_state_unlock(sk);
1540
1541                        unix_dgram_disconnected(sk, other);
1542                        sock_put(other);
1543                        err = -ECONNREFUSED;
1544                } else {
1545                        unix_state_unlock(sk);
1546                }
1547
1548                other = NULL;
1549                if (err)
1550                        goto out_free;
1551                goto restart;
1552        }
1553
1554        err = -EPIPE;
1555        if (other->sk_shutdown & RCV_SHUTDOWN)
1556                goto out_unlock;
1557
1558        if (sk->sk_type != SOCK_SEQPACKET) {
1559                err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1560                if (err)
1561                        goto out_unlock;
1562        }
1563
1564        if (unix_peer(other) != sk && unix_recvq_full(other)) {
1565                if (!timeo) {
1566                        err = -EAGAIN;
1567                        goto out_unlock;
1568                }
1569
1570                timeo = unix_wait_for_peer(other, timeo);
1571
1572                err = sock_intr_errno(timeo);
1573                if (signal_pending(current))
1574                        goto out_free;
1575
1576                goto restart;
1577        }
1578
1579        if (sock_flag(other, SOCK_RCVTSTAMP))
1580                __net_timestamp(skb);
1581        maybe_add_creds(skb, sock, other);
1582        skb_queue_tail(&other->sk_receive_queue, skb);
1583        if (max_level > unix_sk(other)->recursion_level)
1584                unix_sk(other)->recursion_level = max_level;
1585        unix_state_unlock(other);
1586        other->sk_data_ready(other, len);
1587        sock_put(other);
1588        scm_destroy(siocb->scm);
1589        return len;
1590
1591out_unlock:
1592        unix_state_unlock(other);
1593out_free:
1594        kfree_skb(skb);
1595out:
1596        if (other)
1597                sock_put(other);
1598        scm_destroy(siocb->scm);
1599        return err;
1600}
1601
1602
1603static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1604                               struct msghdr *msg, size_t len)
1605{
1606        struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1607        struct sock *sk = sock->sk;
1608        struct sock *other = NULL;
1609        int err, size;
1610        struct sk_buff *skb;
1611        int sent = 0;
1612        struct scm_cookie tmp_scm;
1613        bool fds_sent = false;
1614        int max_level;
1615
1616        if (NULL == siocb->scm)
1617                siocb->scm = &tmp_scm;
1618        wait_for_unix_gc();
1619        err = scm_send(sock, msg, siocb->scm, false);
1620        if (err < 0)
1621                return err;
1622
1623        err = -EOPNOTSUPP;
1624        if (msg->msg_flags&MSG_OOB)
1625                goto out_err;
1626
1627        if (msg->msg_namelen) {
1628                err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1629                goto out_err;
1630        } else {
1631                err = -ENOTCONN;
1632                other = unix_peer(sk);
1633                if (!other)
1634                        goto out_err;
1635        }
1636
1637        if (sk->sk_shutdown & SEND_SHUTDOWN)
1638                goto pipe_err;
1639
1640        while (sent < len) {
1641                /*
1642                 *      Optimisation for the fact that under 0.01% of X
1643                 *      messages typically need breaking up.
1644                 */
1645
1646                size = len-sent;
1647
1648                /* Keep two messages in the pipe so it schedules better */
1649                if (size > ((sk->sk_sndbuf >> 1) - 64))
1650                        size = (sk->sk_sndbuf >> 1) - 64;
1651
1652                if (size > SKB_MAX_ALLOC)
1653                        size = SKB_MAX_ALLOC;
1654
1655                /*
1656                 *      Grab a buffer
1657                 */
1658
1659                skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1660                                          &err);
1661
1662                if (skb == NULL)
1663                        goto out_err;
1664
1665                /*
1666                 *      If you pass two values to the sock_alloc_send_skb
1667                 *      it tries to grab the large buffer with GFP_NOFS
1668                 *      (which can fail easily), and if it fails grab the
1669                 *      fallback size buffer which is under a page and will
1670                 *      succeed. [Alan]
1671                 */
1672                size = min_t(int, size, skb_tailroom(skb));
1673
1674
1675                /* Only send the fds in the first buffer */
1676                err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1677                if (err < 0) {
1678                        kfree_skb(skb);
1679                        goto out_err;
1680                }
1681                max_level = err + 1;
1682                fds_sent = true;
1683
1684                err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1685                if (err) {
1686                        kfree_skb(skb);
1687                        goto out_err;
1688                }
1689
1690                unix_state_lock(other);
1691
1692                if (sock_flag(other, SOCK_DEAD) ||
1693                    (other->sk_shutdown & RCV_SHUTDOWN))
1694                        goto pipe_err_free;
1695
1696                maybe_add_creds(skb, sock, other);
1697                skb_queue_tail(&other->sk_receive_queue, skb);
1698                if (max_level > unix_sk(other)->recursion_level)
1699                        unix_sk(other)->recursion_level = max_level;
1700                unix_state_unlock(other);
1701                other->sk_data_ready(other, size);
1702                sent += size;
1703        }
1704
1705        scm_destroy(siocb->scm);
1706        siocb->scm = NULL;
1707
1708        return sent;
1709
1710pipe_err_free:
1711        unix_state_unlock(other);
1712        kfree_skb(skb);
1713pipe_err:
1714        if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1715                send_sig(SIGPIPE, current, 0);
1716        err = -EPIPE;
1717out_err:
1718        scm_destroy(siocb->scm);
1719        siocb->scm = NULL;
1720        return sent ? : err;
1721}
1722
1723static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1724                                  struct msghdr *msg, size_t len)
1725{
1726        int err;
1727        struct sock *sk = sock->sk;
1728
1729        err = sock_error(sk);
1730        if (err)
1731                return err;
1732
1733        if (sk->sk_state != TCP_ESTABLISHED)
1734                return -ENOTCONN;
1735
1736        if (msg->msg_namelen)
1737                msg->msg_namelen = 0;
1738
1739        return unix_dgram_sendmsg(kiocb, sock, msg, len);
1740}
1741
1742static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1743                              struct msghdr *msg, size_t size,
1744                              int flags)
1745{
1746        struct sock *sk = sock->sk;
1747
1748        if (sk->sk_state != TCP_ESTABLISHED)
1749                return -ENOTCONN;
1750
1751        return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1752}
1753
1754static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1755{
1756        struct unix_sock *u = unix_sk(sk);
1757
1758        msg->msg_namelen = 0;
1759        if (u->addr) {
1760                msg->msg_namelen = u->addr->len;
1761                memcpy(msg->msg_name, u->addr->name, u->addr->len);
1762        }
1763}
1764
1765static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1766                              struct msghdr *msg, size_t size,
1767                              int flags)
1768{
1769        struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1770        struct scm_cookie tmp_scm;
1771        struct sock *sk = sock->sk;
1772        struct unix_sock *u = unix_sk(sk);
1773        int noblock = flags & MSG_DONTWAIT;
1774        struct sk_buff *skb;
1775        int err;
1776        int peeked, skip;
1777
1778        err = -EOPNOTSUPP;
1779        if (flags&MSG_OOB)
1780                goto out;
1781
1782        msg->msg_namelen = 0;
1783
1784        err = mutex_lock_interruptible(&u->readlock);
1785        if (err) {
1786                err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1787                goto out;
1788        }
1789
1790        skip = sk_peek_offset(sk, flags);
1791
1792        skb = __skb_recv_datagram(sk, flags, &peeked, &skip, &err);
1793        if (!skb) {
1794                unix_state_lock(sk);
1795                /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1796                if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1797                    (sk->sk_shutdown & RCV_SHUTDOWN))
1798                        err = 0;
1799                unix_state_unlock(sk);
1800                goto out_unlock;
1801        }
1802
1803        wake_up_interruptible_sync_poll(&u->peer_wait,
1804                                        POLLOUT | POLLWRNORM | POLLWRBAND);
1805
1806        if (msg->msg_name)
1807                unix_copy_addr(msg, skb->sk);
1808
1809        if (size > skb->len - skip)
1810                size = skb->len - skip;
1811        else if (size < skb->len - skip)
1812                msg->msg_flags |= MSG_TRUNC;
1813
1814        err = skb_copy_datagram_iovec(skb, skip, msg->msg_iov, size);
1815        if (err)
1816                goto out_free;
1817
1818        if (sock_flag(sk, SOCK_RCVTSTAMP))
1819                __sock_recv_timestamp(msg, sk, skb);
1820
1821        if (!siocb->scm) {
1822                siocb->scm = &tmp_scm;
1823                memset(&tmp_scm, 0, sizeof(tmp_scm));
1824        }
1825        scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1826        unix_set_secdata(siocb->scm, skb);
1827
1828        if (!(flags & MSG_PEEK)) {
1829                if (UNIXCB(skb).fp)
1830                        unix_detach_fds(siocb->scm, skb);
1831
1832                sk_peek_offset_bwd(sk, skb->len);
1833        } else {
1834                /* It is questionable: on PEEK we could:
1835                   - do not return fds - good, but too simple 8)
1836                   - return fds, and do not return them on read (old strategy,
1837                     apparently wrong)
1838                   - clone fds (I chose it for now, it is the most universal
1839                     solution)
1840
1841                   POSIX 1003.1g does not actually define this clearly
1842                   at all. POSIX 1003.1g doesn't define a lot of things
1843                   clearly however!
1844
1845                */
1846
1847                sk_peek_offset_fwd(sk, size);
1848
1849                if (UNIXCB(skb).fp)
1850                        siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1851        }
1852        err = (flags & MSG_TRUNC) ? skb->len - skip : size;
1853
1854        scm_recv(sock, msg, siocb->scm, flags);
1855
1856out_free:
1857        skb_free_datagram(sk, skb);
1858out_unlock:
1859        mutex_unlock(&u->readlock);
1860out:
1861        return err;
1862}
1863
1864/*
1865 *      Sleep until data has arrive. But check for races..
1866 */
1867
1868static long unix_stream_data_wait(struct sock *sk, long timeo)
1869{
1870        DEFINE_WAIT(wait);
1871
1872        unix_state_lock(sk);
1873
1874        for (;;) {
1875                prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1876
1877                if (!skb_queue_empty(&sk->sk_receive_queue) ||
1878                    sk->sk_err ||
1879                    (sk->sk_shutdown & RCV_SHUTDOWN) ||
1880                    signal_pending(current) ||
1881                    !timeo)
1882                        break;
1883
1884                set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1885                unix_state_unlock(sk);
1886                timeo = schedule_timeout(timeo);
1887                unix_state_lock(sk);
1888                clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1889        }
1890
1891        finish_wait(sk_sleep(sk), &wait);
1892        unix_state_unlock(sk);
1893        return timeo;
1894}
1895
1896
1897
1898static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1899                               struct msghdr *msg, size_t size,
1900                               int flags)
1901{
1902        struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1903        struct scm_cookie tmp_scm;
1904        struct sock *sk = sock->sk;
1905        struct unix_sock *u = unix_sk(sk);
1906        struct sockaddr_un *sunaddr = msg->msg_name;
1907        int copied = 0;
1908        int check_creds = 0;
1909        int target;
1910        int err = 0;
1911        long timeo;
1912        int skip;
1913
1914        err = -EINVAL;
1915        if (sk->sk_state != TCP_ESTABLISHED)
1916                goto out;
1917
1918        err = -EOPNOTSUPP;
1919        if (flags&MSG_OOB)
1920                goto out;
1921
1922        target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1923        timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1924
1925        msg->msg_namelen = 0;
1926
1927        /* Lock the socket to prevent queue disordering
1928         * while sleeps in memcpy_tomsg
1929         */
1930
1931        if (!siocb->scm) {
1932                siocb->scm = &tmp_scm;
1933                memset(&tmp_scm, 0, sizeof(tmp_scm));
1934        }
1935
1936        err = mutex_lock_interruptible(&u->readlock);
1937        if (err) {
1938                err = sock_intr_errno(timeo);
1939                goto out;
1940        }
1941
1942        skip = sk_peek_offset(sk, flags);
1943
1944        do {
1945                int chunk;
1946                struct sk_buff *skb;
1947
1948                unix_state_lock(sk);
1949                skb = skb_peek(&sk->sk_receive_queue);
1950again:
1951                if (skb == NULL) {
1952                        unix_sk(sk)->recursion_level = 0;
1953                        if (copied >= target)
1954                                goto unlock;
1955
1956                        /*
1957                         *      POSIX 1003.1g mandates this order.
1958                         */
1959
1960                        err = sock_error(sk);
1961                        if (err)
1962                                goto unlock;
1963                        if (sk->sk_shutdown & RCV_SHUTDOWN)
1964                                goto unlock;
1965
1966                        unix_state_unlock(sk);
1967                        err = -EAGAIN;
1968                        if (!timeo)
1969                                break;
1970                        mutex_unlock(&u->readlock);
1971
1972                        timeo = unix_stream_data_wait(sk, timeo);
1973
1974                        if (signal_pending(current)
1975                            ||  mutex_lock_interruptible(&u->readlock)) {
1976                                err = sock_intr_errno(timeo);
1977                                goto out;
1978                        }
1979
1980                        continue;
1981 unlock:
1982                        unix_state_unlock(sk);
1983                        break;
1984                }
1985
1986                if (skip >= skb->len) {
1987                        skip -= skb->len;
1988                        skb = skb_peek_next(skb, &sk->sk_receive_queue);
1989                        goto again;
1990                }
1991
1992                unix_state_unlock(sk);
1993
1994                if (check_creds) {
1995                        /* Never glue messages from different writers */
1996                        if ((UNIXCB(skb).pid  != siocb->scm->pid) ||
1997                            (UNIXCB(skb).cred != siocb->scm->cred))
1998                                break;
1999                } else {
2000                        /* Copy credentials */
2001                        scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
2002                        check_creds = 1;
2003                }
2004
2005                /* Copy address just once */
2006                if (sunaddr) {
2007                        unix_copy_addr(msg, skb->sk);
2008                        sunaddr = NULL;
2009                }
2010
2011                chunk = min_t(unsigned int, skb->len - skip, size);
2012                if (memcpy_toiovec(msg->msg_iov, skb->data + skip, chunk)) {
2013                        if (copied == 0)
2014                                copied = -EFAULT;
2015                        break;
2016                }
2017                copied += chunk;
2018                size -= chunk;
2019
2020                /* Mark read part of skb as used */
2021                if (!(flags & MSG_PEEK)) {
2022                        skb_pull(skb, chunk);
2023
2024                        sk_peek_offset_bwd(sk, chunk);
2025
2026                        if (UNIXCB(skb).fp)
2027                                unix_detach_fds(siocb->scm, skb);
2028
2029                        if (skb->len)
2030                                break;
2031
2032                        skb_unlink(skb, &sk->sk_receive_queue);
2033                        consume_skb(skb);
2034
2035                        if (siocb->scm->fp)
2036                                break;
2037                } else {
2038                        /* It is questionable, see note in unix_dgram_recvmsg.
2039                         */
2040                        if (UNIXCB(skb).fp)
2041                                siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
2042
2043                        sk_peek_offset_fwd(sk, chunk);
2044
2045                        break;
2046                }
2047        } while (size);
2048
2049        mutex_unlock(&u->readlock);
2050        scm_recv(sock, msg, siocb->scm, flags);
2051out:
2052        return copied ? : err;
2053}
2054
2055static int unix_shutdown(struct socket *sock, int mode)
2056{
2057        struct sock *sk = sock->sk;
2058        struct sock *other;
2059
2060        if (mode < SHUT_RD || mode > SHUT_RDWR)
2061                return -EINVAL;
2062        /* This maps:
2063         * SHUT_RD   (0) -> RCV_SHUTDOWN  (1)
2064         * SHUT_WR   (1) -> SEND_SHUTDOWN (2)
2065         * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2066         */
2067        ++mode;
2068
2069        unix_state_lock(sk);
2070        sk->sk_shutdown |= mode;
2071        other = unix_peer(sk);
2072        if (other)
2073                sock_hold(other);
2074        unix_state_unlock(sk);
2075        sk->sk_state_change(sk);
2076
2077        if (other &&
2078                (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2079
2080                int peer_mode = 0;
2081
2082                if (mode&RCV_SHUTDOWN)
2083                        peer_mode |= SEND_SHUTDOWN;
2084                if (mode&SEND_SHUTDOWN)
2085                        peer_mode |= RCV_SHUTDOWN;
2086                unix_state_lock(other);
2087                other->sk_shutdown |= peer_mode;
2088                unix_state_unlock(other);
2089                other->sk_state_change(other);
2090                if (peer_mode == SHUTDOWN_MASK)
2091                        sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2092                else if (peer_mode & RCV_SHUTDOWN)
2093                        sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2094        }
2095        if (other)
2096                sock_put(other);
2097
2098        return 0;
2099}
2100
2101long unix_inq_len(struct sock *sk)
2102{
2103        struct sk_buff *skb;
2104        long amount = 0;
2105
2106        if (sk->sk_state == TCP_LISTEN)
2107                return -EINVAL;
2108
2109        spin_lock(&sk->sk_receive_queue.lock);
2110        if (sk->sk_type == SOCK_STREAM ||
2111            sk->sk_type == SOCK_SEQPACKET) {
2112                skb_queue_walk(&sk->sk_receive_queue, skb)
2113                        amount += skb->len;
2114        } else {
2115                skb = skb_peek(&sk->sk_receive_queue);
2116                if (skb)
2117                        amount = skb->len;
2118        }
2119        spin_unlock(&sk->sk_receive_queue.lock);
2120
2121        return amount;
2122}
2123EXPORT_SYMBOL_GPL(unix_inq_len);
2124
2125long unix_outq_len(struct sock *sk)
2126{
2127        return sk_wmem_alloc_get(sk);
2128}
2129EXPORT_SYMBOL_GPL(unix_outq_len);
2130
2131static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2132{
2133        struct sock *sk = sock->sk;
2134        long amount = 0;
2135        int err;
2136
2137        switch (cmd) {
2138        case SIOCOUTQ:
2139                amount = unix_outq_len(sk);
2140                err = put_user(amount, (int __user *)arg);
2141                break;
2142        case SIOCINQ:
2143                amount = unix_inq_len(sk);
2144                if (amount < 0)
2145                        err = amount;
2146                else
2147                        err = put_user(amount, (int __user *)arg);
2148                break;
2149        default:
2150                err = -ENOIOCTLCMD;
2151                break;
2152        }
2153        return err;
2154}
2155
2156static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2157{
2158        struct sock *sk = sock->sk;
2159        unsigned int mask;
2160
2161        sock_poll_wait(file, sk_sleep(sk), wait);
2162        mask = 0;
2163
2164        /* exceptional events? */
2165        if (sk->sk_err)
2166                mask |= POLLERR;
2167        if (sk->sk_shutdown == SHUTDOWN_MASK)
2168                mask |= POLLHUP;
2169        if (sk->sk_shutdown & RCV_SHUTDOWN)
2170                mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2171
2172        /* readable? */
2173        if (!skb_queue_empty(&sk->sk_receive_queue))
2174                mask |= POLLIN | POLLRDNORM;
2175
2176        /* Connection-based need to check for termination and startup */
2177        if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2178            sk->sk_state == TCP_CLOSE)
2179                mask |= POLLHUP;
2180
2181        /*
2182         * we set writable also when the other side has shut down the
2183         * connection. This prevents stuck sockets.
2184         */
2185        if (unix_writable(sk))
2186                mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2187
2188        return mask;
2189}
2190
2191static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2192                                    poll_table *wait)
2193{
2194        struct sock *sk = sock->sk, *other;
2195        unsigned int mask, writable;
2196
2197        sock_poll_wait(file, sk_sleep(sk), wait);
2198        mask = 0;
2199
2200        /* exceptional events? */
2201        if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2202                mask |= POLLERR;
2203        if (sk->sk_shutdown & RCV_SHUTDOWN)
2204                mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2205        if (sk->sk_shutdown == SHUTDOWN_MASK)
2206                mask |= POLLHUP;
2207
2208        /* readable? */
2209        if (!skb_queue_empty(&sk->sk_receive_queue))
2210                mask |= POLLIN | POLLRDNORM;
2211
2212        /* Connection-based need to check for termination and startup */
2213        if (sk->sk_type == SOCK_SEQPACKET) {
2214                if (sk->sk_state == TCP_CLOSE)
2215                        mask |= POLLHUP;
2216                /* connection hasn't started yet? */
2217                if (sk->sk_state == TCP_SYN_SENT)
2218                        return mask;
2219        }
2220
2221        /* No write status requested, avoid expensive OUT tests. */
2222        if (!(poll_requested_events(wait) & (POLLWRBAND|POLLWRNORM|POLLOUT)))
2223                return mask;
2224
2225        writable = unix_writable(sk);
2226        other = unix_peer_get(sk);
2227        if (other) {
2228                if (unix_peer(other) != sk) {
2229                        sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2230                        if (unix_recvq_full(other))
2231                                writable = 0;
2232                }
2233                sock_put(other);
2234        }
2235
2236        if (writable)
2237                mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2238        else
2239                set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2240
2241        return mask;
2242}
2243
2244#ifdef CONFIG_PROC_FS
2245
2246#define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2247
2248#define get_bucket(x) ((x) >> BUCKET_SPACE)
2249#define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2250#define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2251
2252static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
2253{
2254        unsigned long offset = get_offset(*pos);
2255        unsigned long bucket = get_bucket(*pos);
2256        struct sock *sk;
2257        unsigned long count = 0;
2258
2259        for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
2260                if (sock_net(sk) != seq_file_net(seq))
2261                        continue;
2262                if (++count == offset)
2263                        break;
2264        }
2265
2266        return sk;
2267}
2268
2269static struct sock *unix_next_socket(struct seq_file *seq,
2270                                     struct sock *sk,
2271                                     loff_t *pos)
2272{
2273        unsigned long bucket;
2274
2275        while (sk > (struct sock *)SEQ_START_TOKEN) {
2276                sk = sk_next(sk);
2277                if (!sk)
2278                        goto next_bucket;
2279                if (sock_net(sk) == seq_file_net(seq))
2280                        return sk;
2281        }
2282
2283        do {
2284                sk = unix_from_bucket(seq, pos);
2285                if (sk)
2286                        return sk;
2287
2288next_bucket:
2289                bucket = get_bucket(*pos) + 1;
2290                *pos = set_bucket_offset(bucket, 1);
2291        } while (bucket < ARRAY_SIZE(unix_socket_table));
2292
2293        return NULL;
2294}
2295
2296static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2297        __acquires(unix_table_lock)
2298{
2299        spin_lock(&unix_table_lock);
2300
2301        if (!*pos)
2302                return SEQ_START_TOKEN;
2303
2304        if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
2305                return NULL;
2306
2307        return unix_next_socket(seq, NULL, pos);
2308}
2309
2310static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2311{
2312        ++*pos;
2313        return unix_next_socket(seq, v, pos);
2314}
2315
2316static void unix_seq_stop(struct seq_file *seq, void *v)
2317        __releases(unix_table_lock)
2318{
2319        spin_unlock(&unix_table_lock);
2320}
2321
2322static int unix_seq_show(struct seq_file *seq, void *v)
2323{
2324
2325        if (v == SEQ_START_TOKEN)
2326                seq_puts(seq, "Num       RefCount Protocol Flags    Type St "
2327                         "Inode Path\n");
2328        else {
2329                struct sock *s = v;
2330                struct unix_sock *u = unix_sk(s);
2331                unix_state_lock(s);
2332
2333                seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2334                        s,
2335                        atomic_read(&s->sk_refcnt),
2336                        0,
2337                        s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2338                        s->sk_type,
2339                        s->sk_socket ?
2340                        (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2341                        (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2342                        sock_i_ino(s));
2343
2344                if (u->addr) {
2345                        int i, len;
2346                        seq_putc(seq, ' ');
2347
2348                        i = 0;
2349                        len = u->addr->len - sizeof(short);
2350                        if (!UNIX_ABSTRACT(s))
2351                                len--;
2352                        else {
2353                                seq_putc(seq, '@');
2354                                i++;
2355                        }
2356                        for ( ; i < len; i++)
2357                                seq_putc(seq, u->addr->name->sun_path[i]);
2358                }
2359                unix_state_unlock(s);
2360                seq_putc(seq, '\n');
2361        }
2362
2363        return 0;
2364}
2365
2366static const struct seq_operations unix_seq_ops = {
2367        .start  = unix_seq_start,
2368        .next   = unix_seq_next,
2369        .stop   = unix_seq_stop,
2370        .show   = unix_seq_show,
2371};
2372
2373static int unix_seq_open(struct inode *inode, struct file *file)
2374{
2375        return seq_open_net(inode, file, &unix_seq_ops,
2376                            sizeof(struct seq_net_private));
2377}
2378
2379static const struct file_operations unix_seq_fops = {
2380        .owner          = THIS_MODULE,
2381        .open           = unix_seq_open,
2382        .read           = seq_read,
2383        .llseek         = seq_lseek,
2384        .release        = seq_release_net,
2385};
2386
2387#endif
2388
2389static const struct net_proto_family unix_family_ops = {
2390        .family = PF_UNIX,
2391        .create = unix_create,
2392        .owner  = THIS_MODULE,
2393};
2394
2395
2396static int __net_init unix_net_init(struct net *net)
2397{
2398        int error = -ENOMEM;
2399
2400        net->unx.sysctl_max_dgram_qlen = 10;
2401        if (unix_sysctl_register(net))
2402                goto out;
2403
2404#ifdef CONFIG_PROC_FS
2405        if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2406                unix_sysctl_unregister(net);
2407                goto out;
2408        }
2409#endif
2410        error = 0;
2411out:
2412        return error;
2413}
2414
2415static void __net_exit unix_net_exit(struct net *net)
2416{
2417        unix_sysctl_unregister(net);
2418        proc_net_remove(net, "unix");
2419}
2420
2421static struct pernet_operations unix_net_ops = {
2422        .init = unix_net_init,
2423        .exit = unix_net_exit,
2424};
2425
2426static int __init af_unix_init(void)
2427{
2428        int rc = -1;
2429        struct sk_buff *dummy_skb;
2430
2431        BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2432
2433        rc = proto_register(&unix_proto, 1);
2434        if (rc != 0) {
2435                printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2436                       __func__);
2437                goto out;
2438        }
2439
2440        sock_register(&unix_family_ops);
2441        register_pernet_subsys(&unix_net_ops);
2442out:
2443        return rc;
2444}
2445
2446static void __exit af_unix_exit(void)
2447{
2448        sock_unregister(PF_UNIX);
2449        proto_unregister(&unix_proto);
2450        unregister_pernet_subsys(&unix_net_ops);
2451}
2452
2453/* Earlier than device_initcall() so that other drivers invoking
2454   request_module() don't end up in a loop when modprobe tries
2455   to use a UNIX socket. But later than subsys_initcall() because
2456   we depend on stuff initialised there */
2457fs_initcall(af_unix_init);
2458module_exit(af_unix_exit);
2459
2460MODULE_LICENSE("GPL");
2461MODULE_ALIAS_NETPROTO(PF_UNIX);
2462
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.