41feca3bef86346f3890f8c428c795ff7316abf5
[linux-2.6.git] / net / unix / af_unix.c
1 /*
2  * NET4:        Implementation of BSD Unix domain sockets.
3  *
4  * Authors:     Alan Cox, <alan.cox@linux.org>
5  *
6  *              This program is free software; you can redistribute it and/or
7  *              modify it under the terms of the GNU General Public License
8  *              as published by the Free Software Foundation; either version
9  *              2 of the License, or (at your option) any later version.
10  *
11  * Version:     $Id: af_unix.c,v 1.133 2002/02/08 03:57:19 davem Exp $
12  *
13  * Fixes:
14  *              Linus Torvalds  :       Assorted bug cures.
15  *              Niibe Yutaka    :       async I/O support.
16  *              Carsten Paeth   :       PF_UNIX check, address fixes.
17  *              Alan Cox        :       Limit size of allocated blocks.
18  *              Alan Cox        :       Fixed the stupid socketpair bug.
19  *              Alan Cox        :       BSD compatibility fine tuning.
20  *              Alan Cox        :       Fixed a bug in connect when interrupted.
21  *              Alan Cox        :       Sorted out a proper draft version of
22  *                                      file descriptor passing hacked up from
23  *                                      Mike Shaver's work.
24  *              Marty Leisner   :       Fixes to fd passing
25  *              Nick Nevin      :       recvmsg bugfix.
26  *              Alan Cox        :       Started proper garbage collector
27  *              Heiko EiBfeldt  :       Missing verify_area check
28  *              Alan Cox        :       Started POSIXisms
29  *              Andreas Schwab  :       Replace inode by dentry for proper
30  *                                      reference counting
31  *              Kirk Petersen   :       Made this a module
32  *          Christoph Rohland   :       Elegant non-blocking accept/connect algorithm.
33  *                                      Lots of bug fixes.
34  *           Alexey Kuznetosv   :       Repaired (I hope) bugs introduces
35  *                                      by above two patches.
36  *           Andrea Arcangeli   :       If possible we block in connect(2)
37  *                                      if the max backlog of the listen socket
38  *                                      is been reached. This won't break
39  *                                      old apps and it will avoid huge amount
40  *                                      of socks hashed (this for unix_gc()
41  *                                      performances reasons).
42  *                                      Security fix that limits the max
43  *                                      number of socks to 2*max_files and
44  *                                      the number of skb queueable in the
45  *                                      dgram receiver.
46  *              Artur Skawina   :       Hash function optimizations
47  *           Alexey Kuznetsov   :       Full scale SMP. Lot of bugs are introduced 8)
48  *            Malcolm Beattie   :       Set peercred for socketpair
49  *           Michal Ostrowski   :       Module initialization cleanup.
50  *           Arnaldo C. Melo    :       Remove MOD_{INC,DEC}_USE_COUNT,
51  *                                      the core infrastructure is doing that
52  *                                      for all net proto families now (2.5.69+)
53  *
54  *
55  * Known differences from reference BSD that was tested:
56  *
57  *      [TO FIX]
58  *      ECONNREFUSED is not returned from one end of a connected() socket to the
59  *              other the moment one end closes.
60  *      fstat() doesn't return st_dev=0, and give the blksize as high water mark
61  *              and a fake inode identifier (nor the BSD first socket fstat twice bug).
62  *      [NOT TO FIX]
63  *      accept() returns a path name even if the connecting socket has closed
64  *              in the meantime (BSD loses the path and gives up).
65  *      accept() returns 0 length path for an unbound connector. BSD returns 16
66  *              and a null first byte in the path (but not for gethost/peername - BSD bug ??)
67  *      socketpair(...SOCK_RAW..) doesn't panic the kernel.
68  *      BSD af_unix apparently has connect forgetting to block properly.
69  *              (need to check this with the POSIX spec in detail)
70  *
71  * Differences from 2.0.0-11-... (ANK)
72  *      Bug fixes and improvements.
73  *              - client shutdown killed server socket.
74  *              - removed all useless cli/sti pairs.
75  *
76  *      Semantic changes/extensions.
77  *              - generic control message passing.
78  *              - SCM_CREDENTIALS control message.
79  *              - "Abstract" (not FS based) socket bindings.
80  *                Abstract names are sequences of bytes (not zero terminated)
81  *                started by 0, so that this name space does not intersect
82  *                with BSD names.
83  */
84
85 #include <linux/module.h>
86 #include <linux/config.h>
87 #include <linux/kernel.h>
88 #include <linux/signal.h>
89 #include <linux/sched.h>
90 #include <linux/errno.h>
91 #include <linux/string.h>
92 #include <linux/stat.h>
93 #include <linux/dcache.h>
94 #include <linux/namei.h>
95 #include <linux/socket.h>
96 #include <linux/un.h>
97 #include <linux/fcntl.h>
98 #include <linux/termios.h>
99 #include <linux/sockios.h>
100 #include <linux/net.h>
101 #include <linux/in.h>
102 #include <linux/fs.h>
103 #include <linux/slab.h>
104 #include <asm/uaccess.h>
105 #include <linux/skbuff.h>
106 #include <linux/netdevice.h>
107 #include <net/sock.h>
108 #include <net/tcp_states.h>
109 #include <net/af_unix.h>
110 #include <linux/proc_fs.h>
111 #include <linux/seq_file.h>
112 #include <net/scm.h>
113 #include <linux/init.h>
114 #include <linux/poll.h>
115 #include <linux/smp_lock.h>
116 #include <linux/rtnetlink.h>
117 #include <linux/mount.h>
118 #include <net/checksum.h>
119 #include <linux/security.h>
120
121 int sysctl_unix_max_dgram_qlen = 10;
122
123 struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
124 DEFINE_RWLOCK(unix_table_lock);
125 static atomic_t unix_nr_socks = ATOMIC_INIT(0);
126
127 #define unix_sockets_unbound    (&unix_socket_table[UNIX_HASH_SIZE])
128
129 #define UNIX_ABSTRACT(sk)       (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
130
131 /*
132  *  SMP locking strategy:
133  *    hash table is protected with rwlock unix_table_lock
134  *    each socket state is protected by separate rwlock.
135  */
136
137 static inline unsigned unix_hash_fold(unsigned hash)
138 {
139         hash ^= hash>>16;
140         hash ^= hash>>8;
141         return hash&(UNIX_HASH_SIZE-1);
142 }
143
144 #define unix_peer(sk) (unix_sk(sk)->peer)
145
146 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
147 {
148         return unix_peer(osk) == sk;
149 }
150
151 static inline int unix_may_send(struct sock *sk, struct sock *osk)
152 {
153         return (unix_peer(osk) == NULL || unix_our_peer(sk, osk));
154 }
155
156 static struct sock *unix_peer_get(struct sock *s)
157 {
158         struct sock *peer;
159
160         unix_state_rlock(s);
161         peer = unix_peer(s);
162         if (peer)
163                 sock_hold(peer);
164         unix_state_runlock(s);
165         return peer;
166 }
167
168 static inline void unix_release_addr(struct unix_address *addr)
169 {
170         if (atomic_dec_and_test(&addr->refcnt))
171                 kfree(addr);
172 }
173
174 /*
175  *      Check unix socket name:
176  *              - should be not zero length.
177  *              - if started by not zero, should be NULL terminated (FS object)
178  *              - if started by zero, it is abstract name.
179  */
180  
181 static int unix_mkname(struct sockaddr_un * sunaddr, int len, unsigned *hashp)
182 {
183         if (len <= sizeof(short) || len > sizeof(*sunaddr))
184                 return -EINVAL;
185         if (!sunaddr || sunaddr->sun_family != AF_UNIX)
186                 return -EINVAL;
187         if (sunaddr->sun_path[0]) {
188                 /*
189                  * This may look like an off by one error but it is a bit more
190                  * subtle. 108 is the longest valid AF_UNIX path for a binding.
191                  * sun_path[108] doesnt as such exist.  However in kernel space
192                  * we are guaranteed that it is a valid memory location in our
193                  * kernel address buffer.
194                  */
195                 ((char *)sunaddr)[len]=0;
196                 len = strlen(sunaddr->sun_path)+1+sizeof(short);
197                 return len;
198         }
199
200         *hashp = unix_hash_fold(csum_partial((char*)sunaddr, len, 0));
201         return len;
202 }
203
204 static void __unix_remove_socket(struct sock *sk)
205 {
206         sk_del_node_init(sk);
207 }
208
209 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
210 {
211         BUG_TRAP(sk_unhashed(sk));
212         sk_add_node(sk, list);
213 }
214
215 static inline void unix_remove_socket(struct sock *sk)
216 {
217         write_lock(&unix_table_lock);
218         __unix_remove_socket(sk);
219         write_unlock(&unix_table_lock);
220 }
221
222 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
223 {
224         write_lock(&unix_table_lock);
225         __unix_insert_socket(list, sk);
226         write_unlock(&unix_table_lock);
227 }
228
229 static struct sock *__unix_find_socket_byname(struct sockaddr_un *sunname,
230                                               int len, int type, unsigned hash)
231 {
232         struct sock *s;
233         struct hlist_node *node;
234
235         sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
236                 struct unix_sock *u = unix_sk(s);
237
238                 if (u->addr->len == len &&
239                     !memcmp(u->addr->name, sunname, len))
240                         goto found;
241         }
242         s = NULL;
243 found:
244         return s;
245 }
246
247 static inline struct sock *unix_find_socket_byname(struct sockaddr_un *sunname,
248                                                    int len, int type,
249                                                    unsigned hash)
250 {
251         struct sock *s;
252
253         read_lock(&unix_table_lock);
254         s = __unix_find_socket_byname(sunname, len, type, hash);
255         if (s)
256                 sock_hold(s);
257         read_unlock(&unix_table_lock);
258         return s;
259 }
260
261 static struct sock *unix_find_socket_byinode(struct inode *i)
262 {
263         struct sock *s;
264         struct hlist_node *node;
265
266         read_lock(&unix_table_lock);
267         sk_for_each(s, node,
268                     &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
269                 struct dentry *dentry = unix_sk(s)->dentry;
270
271                 if(dentry && dentry->d_inode == i)
272                 {
273                         sock_hold(s);
274                         goto found;
275                 }
276         }
277         s = NULL;
278 found:
279         read_unlock(&unix_table_lock);
280         return s;
281 }
282
283 static inline int unix_writable(struct sock *sk)
284 {
285         return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
286 }
287
288 static void unix_write_space(struct sock *sk)
289 {
290         read_lock(&sk->sk_callback_lock);
291         if (unix_writable(sk)) {
292                 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep))
293                         wake_up_interruptible(sk->sk_sleep);
294                 sk_wake_async(sk, 2, POLL_OUT);
295         }
296         read_unlock(&sk->sk_callback_lock);
297 }
298
299 /* When dgram socket disconnects (or changes its peer), we clear its receive
300  * queue of packets arrived from previous peer. First, it allows to do
301  * flow control based only on wmem_alloc; second, sk connected to peer
302  * may receive messages only from that peer. */
303 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
304 {
305         if (!skb_queue_empty(&sk->sk_receive_queue)) {
306                 skb_queue_purge(&sk->sk_receive_queue);
307                 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
308
309                 /* If one link of bidirectional dgram pipe is disconnected,
310                  * we signal error. Messages are lost. Do not make this,
311                  * when peer was not connected to us.
312                  */
313                 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
314                         other->sk_err = ECONNRESET;
315                         other->sk_error_report(other);
316                 }
317         }
318 }
319
320 static void unix_sock_destructor(struct sock *sk)
321 {
322         struct unix_sock *u = unix_sk(sk);
323
324         skb_queue_purge(&sk->sk_receive_queue);
325
326         BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc));
327         BUG_TRAP(sk_unhashed(sk));
328         BUG_TRAP(!sk->sk_socket);
329         if (!sock_flag(sk, SOCK_DEAD)) {
330                 printk("Attempt to release alive unix socket: %p\n", sk);
331                 return;
332         }
333
334         if (u->addr)
335                 unix_release_addr(u->addr);
336
337         atomic_dec(&unix_nr_socks);
338 #ifdef UNIX_REFCNT_DEBUG
339         printk(KERN_DEBUG "UNIX %p is destroyed, %d are still alive.\n", sk, atomic_read(&unix_nr_socks));
340 #endif
341 }
342
343 static int unix_release_sock (struct sock *sk, int embrion)
344 {
345         struct unix_sock *u = unix_sk(sk);
346         struct dentry *dentry;
347         struct vfsmount *mnt;
348         struct sock *skpair;
349         struct sk_buff *skb;
350         int state;
351
352         unix_remove_socket(sk);
353
354         /* Clear state */
355         unix_state_wlock(sk);
356         sock_orphan(sk);
357         sk->sk_shutdown = SHUTDOWN_MASK;
358         dentry       = u->dentry;
359         u->dentry    = NULL;
360         mnt          = u->mnt;
361         u->mnt       = NULL;
362         state = sk->sk_state;
363         sk->sk_state = TCP_CLOSE;
364         unix_state_wunlock(sk);
365
366         wake_up_interruptible_all(&u->peer_wait);
367
368         skpair=unix_peer(sk);
369
370         if (skpair!=NULL) {
371                 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
372                         unix_state_wlock(skpair);
373                         /* No more writes */
374                         skpair->sk_shutdown = SHUTDOWN_MASK;
375                         if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
376                                 skpair->sk_err = ECONNRESET;
377                         unix_state_wunlock(skpair);
378                         skpair->sk_state_change(skpair);
379                         read_lock(&skpair->sk_callback_lock);
380                         sk_wake_async(skpair,1,POLL_HUP);
381                         read_unlock(&skpair->sk_callback_lock);
382                 }
383                 sock_put(skpair); /* It may now die */
384                 unix_peer(sk) = NULL;
385         }
386
387         /* Try to flush out this socket. Throw out buffers at least */
388
389         while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
390                 if (state==TCP_LISTEN)
391                         unix_release_sock(skb->sk, 1);
392                 /* passed fds are erased in the kfree_skb hook        */
393                 kfree_skb(skb);
394         }
395
396         if (dentry) {
397                 dput(dentry);
398                 mntput(mnt);
399         }
400
401         sock_put(sk);
402
403         /* ---- Socket is dead now and most probably destroyed ---- */
404
405         /*
406          * Fixme: BSD difference: In BSD all sockets connected to use get
407          *        ECONNRESET and we die on the spot. In Linux we behave
408          *        like files and pipes do and wait for the last
409          *        dereference.
410          *
411          * Can't we simply set sock->err?
412          *
413          *        What the above comment does talk about? --ANK(980817)
414          */
415
416         if (atomic_read(&unix_tot_inflight))
417                 unix_gc();              /* Garbage collect fds */       
418
419         return 0;
420 }
421
422 static int unix_listen(struct socket *sock, int backlog)
423 {
424         int err;
425         struct sock *sk = sock->sk;
426         struct unix_sock *u = unix_sk(sk);
427
428         err = -EOPNOTSUPP;
429         if (sock->type!=SOCK_STREAM && sock->type!=SOCK_SEQPACKET)
430                 goto out;                       /* Only stream/seqpacket sockets accept */
431         err = -EINVAL;
432         if (!u->addr)
433                 goto out;                       /* No listens on an unbound socket */
434         unix_state_wlock(sk);
435         if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
436                 goto out_unlock;
437         if (backlog > sk->sk_max_ack_backlog)
438                 wake_up_interruptible_all(&u->peer_wait);
439         sk->sk_max_ack_backlog  = backlog;
440         sk->sk_state            = TCP_LISTEN;
441         /* set credentials so connect can copy them */
442         sk->sk_peercred.pid     = current->tgid;
443         sk->sk_peercred.uid     = current->euid;
444         sk->sk_peercred.gid     = current->egid;
445         err = 0;
446
447 out_unlock:
448         unix_state_wunlock(sk);
449 out:
450         return err;
451 }
452
453 static int unix_release(struct socket *);
454 static int unix_bind(struct socket *, struct sockaddr *, int);
455 static int unix_stream_connect(struct socket *, struct sockaddr *,
456                                int addr_len, int flags);
457 static int unix_socketpair(struct socket *, struct socket *);
458 static int unix_accept(struct socket *, struct socket *, int);
459 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
460 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
461 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
462 static int unix_shutdown(struct socket *, int);
463 static int unix_stream_sendmsg(struct kiocb *, struct socket *,
464                                struct msghdr *, size_t);
465 static int unix_stream_recvmsg(struct kiocb *, struct socket *,
466                                struct msghdr *, size_t, int);
467 static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
468                               struct msghdr *, size_t);
469 static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
470                               struct msghdr *, size_t, int);
471 static int unix_dgram_connect(struct socket *, struct sockaddr *,
472                               int, int);
473 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
474                                   struct msghdr *, size_t);
475
476 static struct proto_ops unix_stream_ops = {
477         .family =       PF_UNIX,
478         .owner =        THIS_MODULE,
479         .release =      unix_release,
480         .bind =         unix_bind,
481         .connect =      unix_stream_connect,
482         .socketpair =   unix_socketpair,
483         .accept =       unix_accept,
484         .getname =      unix_getname,
485         .poll =         unix_poll,
486         .ioctl =        unix_ioctl,
487         .listen =       unix_listen,
488         .shutdown =     unix_shutdown,
489         .setsockopt =   sock_no_setsockopt,
490         .getsockopt =   sock_no_getsockopt,
491         .sendmsg =      unix_stream_sendmsg,
492         .recvmsg =      unix_stream_recvmsg,
493         .mmap =         sock_no_mmap,
494         .sendpage =     sock_no_sendpage,
495 };
496
497 static struct proto_ops unix_dgram_ops = {
498         .family =       PF_UNIX,
499         .owner =        THIS_MODULE,
500         .release =      unix_release,
501         .bind =         unix_bind,
502         .connect =      unix_dgram_connect,
503         .socketpair =   unix_socketpair,
504         .accept =       sock_no_accept,
505         .getname =      unix_getname,
506         .poll =         datagram_poll,
507         .ioctl =        unix_ioctl,
508         .listen =       sock_no_listen,
509         .shutdown =     unix_shutdown,
510         .setsockopt =   sock_no_setsockopt,
511         .getsockopt =   sock_no_getsockopt,
512         .sendmsg =      unix_dgram_sendmsg,
513         .recvmsg =      unix_dgram_recvmsg,
514         .mmap =         sock_no_mmap,
515         .sendpage =     sock_no_sendpage,
516 };
517
518 static struct proto_ops unix_seqpacket_ops = {
519         .family =       PF_UNIX,
520         .owner =        THIS_MODULE,
521         .release =      unix_release,
522         .bind =         unix_bind,
523         .connect =      unix_stream_connect,
524         .socketpair =   unix_socketpair,
525         .accept =       unix_accept,
526         .getname =      unix_getname,
527         .poll =         datagram_poll,
528         .ioctl =        unix_ioctl,
529         .listen =       unix_listen,
530         .shutdown =     unix_shutdown,
531         .setsockopt =   sock_no_setsockopt,
532         .getsockopt =   sock_no_getsockopt,
533         .sendmsg =      unix_seqpacket_sendmsg,
534         .recvmsg =      unix_dgram_recvmsg,
535         .mmap =         sock_no_mmap,
536         .sendpage =     sock_no_sendpage,
537 };
538
539 static struct proto unix_proto = {
540         .name     = "UNIX",
541         .owner    = THIS_MODULE,
542         .obj_size = sizeof(struct unix_sock),
543 };
544
545 static struct sock * unix_create1(struct socket *sock)
546 {
547         struct sock *sk = NULL;
548         struct unix_sock *u;
549
550         if (atomic_read(&unix_nr_socks) >= 2*files_stat.max_files)
551                 goto out;
552
553         sk = sk_alloc(PF_UNIX, GFP_KERNEL, &unix_proto, 1);
554         if (!sk)
555                 goto out;
556
557         atomic_inc(&unix_nr_socks);
558
559         sock_init_data(sock,sk);
560
561         sk->sk_write_space      = unix_write_space;
562         sk->sk_max_ack_backlog  = sysctl_unix_max_dgram_qlen;
563         sk->sk_destruct         = unix_sock_destructor;
564         u         = unix_sk(sk);
565         u->dentry = NULL;
566         u->mnt    = NULL;
567         rwlock_init(&u->lock);
568         atomic_set(&u->inflight, sock ? 0 : -1);
569         init_MUTEX(&u->readsem); /* single task reading lock */
570         init_waitqueue_head(&u->peer_wait);
571         unix_insert_socket(unix_sockets_unbound, sk);
572 out:
573         return sk;
574 }
575
576 static int unix_create(struct socket *sock, int protocol)
577 {
578         if (protocol && protocol != PF_UNIX)
579                 return -EPROTONOSUPPORT;
580
581         sock->state = SS_UNCONNECTED;
582
583         switch (sock->type) {
584         case SOCK_STREAM:
585                 sock->ops = &unix_stream_ops;
586                 break;
587                 /*
588                  *      Believe it or not BSD has AF_UNIX, SOCK_RAW though
589                  *      nothing uses it.
590                  */
591         case SOCK_RAW:
592                 sock->type=SOCK_DGRAM;
593         case SOCK_DGRAM:
594                 sock->ops = &unix_dgram_ops;
595                 break;
596         case SOCK_SEQPACKET:
597                 sock->ops = &unix_seqpacket_ops;
598                 break;
599         default:
600                 return -ESOCKTNOSUPPORT;
601         }
602
603         return unix_create1(sock) ? 0 : -ENOMEM;
604 }
605
606 static int unix_release(struct socket *sock)
607 {
608         struct sock *sk = sock->sk;
609
610         if (!sk)
611                 return 0;
612
613         sock->sk = NULL;
614
615         return unix_release_sock (sk, 0);
616 }
617
618 static int unix_autobind(struct socket *sock)
619 {
620         struct sock *sk = sock->sk;
621         struct unix_sock *u = unix_sk(sk);
622         static u32 ordernum = 1;
623         struct unix_address * addr;
624         int err;
625
626         down(&u->readsem);
627
628         err = 0;
629         if (u->addr)
630                 goto out;
631
632         err = -ENOMEM;
633         addr = kmalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
634         if (!addr)
635                 goto out;
636
637         memset(addr, 0, sizeof(*addr) + sizeof(short) + 16);
638         addr->name->sun_family = AF_UNIX;
639         atomic_set(&addr->refcnt, 1);
640
641 retry:
642         addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
643         addr->hash = unix_hash_fold(csum_partial((void*)addr->name, addr->len, 0));
644
645         write_lock(&unix_table_lock);
646         ordernum = (ordernum+1)&0xFFFFF;
647
648         if (__unix_find_socket_byname(addr->name, addr->len, sock->type,
649                                       addr->hash)) {
650                 write_unlock(&unix_table_lock);
651                 /* Sanity yield. It is unusual case, but yet... */
652                 if (!(ordernum&0xFF))
653                         yield();
654                 goto retry;
655         }
656         addr->hash ^= sk->sk_type;
657
658         __unix_remove_socket(sk);
659         u->addr = addr;
660         __unix_insert_socket(&unix_socket_table[addr->hash], sk);
661         write_unlock(&unix_table_lock);
662         err = 0;
663
664 out:    up(&u->readsem);
665         return err;
666 }
667
668 static struct sock *unix_find_other(struct sockaddr_un *sunname, int len,
669                                     int type, unsigned hash, int *error)
670 {
671         struct sock *u;
672         struct nameidata nd;
673         int err = 0;
674         
675         if (sunname->sun_path[0]) {
676                 err = path_lookup(sunname->sun_path, LOOKUP_FOLLOW, &nd);
677                 if (err)
678                         goto fail;
679                 err = permission(nd.dentry->d_inode,MAY_WRITE, &nd);
680                 if (err)
681                         goto put_fail;
682
683                 err = -ECONNREFUSED;
684                 if (!S_ISSOCK(nd.dentry->d_inode->i_mode))
685                         goto put_fail;
686                 u=unix_find_socket_byinode(nd.dentry->d_inode);
687                 if (!u)
688                         goto put_fail;
689
690                 if (u->sk_type == type)
691                         touch_atime(nd.mnt, nd.dentry);
692
693                 path_release(&nd);
694
695                 err=-EPROTOTYPE;
696                 if (u->sk_type != type) {
697                         sock_put(u);
698                         goto fail;
699                 }
700         } else {
701                 err = -ECONNREFUSED;
702                 u=unix_find_socket_byname(sunname, len, type, hash);
703                 if (u) {
704                         struct dentry *dentry;
705                         dentry = unix_sk(u)->dentry;
706                         if (dentry)
707                                 touch_atime(unix_sk(u)->mnt, dentry);
708                 } else
709                         goto fail;
710         }
711         return u;
712
713 put_fail:
714         path_release(&nd);
715 fail:
716         *error=err;
717         return NULL;
718 }
719
720
721 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
722 {
723         struct sock *sk = sock->sk;
724         struct unix_sock *u = unix_sk(sk);
725         struct sockaddr_un *sunaddr=(struct sockaddr_un *)uaddr;
726         struct dentry * dentry = NULL;
727         struct nameidata nd;
728         int err;
729         unsigned hash;
730         struct unix_address *addr;
731         struct hlist_head *list;
732
733         err = -EINVAL;
734         if (sunaddr->sun_family != AF_UNIX)
735                 goto out;
736
737         if (addr_len==sizeof(short)) {
738                 err = unix_autobind(sock);
739                 goto out;
740         }
741
742         err = unix_mkname(sunaddr, addr_len, &hash);
743         if (err < 0)
744                 goto out;
745         addr_len = err;
746
747         down(&u->readsem);
748
749         err = -EINVAL;
750         if (u->addr)
751                 goto out_up;
752
753         err = -ENOMEM;
754         addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
755         if (!addr)
756                 goto out_up;
757
758         memcpy(addr->name, sunaddr, addr_len);
759         addr->len = addr_len;
760         addr->hash = hash ^ sk->sk_type;
761         atomic_set(&addr->refcnt, 1);
762
763         if (sunaddr->sun_path[0]) {
764                 unsigned int mode;
765                 err = 0;
766                 /*
767                  * Get the parent directory, calculate the hash for last
768                  * component.
769                  */
770                 err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd);
771                 if (err)
772                         goto out_mknod_parent;
773
774                 dentry = lookup_create(&nd, 0);
775                 err = PTR_ERR(dentry);
776                 if (IS_ERR(dentry))
777                         goto out_mknod_unlock;
778
779                 /*
780                  * All right, let's create it.
781                  */
782                 mode = S_IFSOCK |
783                        (SOCK_INODE(sock)->i_mode & ~current->fs->umask);
784                 err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
785                 if (err)
786                         goto out_mknod_dput;
787                 up(&nd.dentry->d_inode->i_sem);
788                 dput(nd.dentry);
789                 nd.dentry = dentry;
790
791                 addr->hash = UNIX_HASH_SIZE;
792         }
793
794         write_lock(&unix_table_lock);
795
796         if (!sunaddr->sun_path[0]) {
797                 err = -EADDRINUSE;
798                 if (__unix_find_socket_byname(sunaddr, addr_len,
799                                               sk->sk_type, hash)) {
800                         unix_release_addr(addr);
801                         goto out_unlock;
802                 }
803
804                 list = &unix_socket_table[addr->hash];
805         } else {
806                 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
807                 u->dentry = nd.dentry;
808                 u->mnt    = nd.mnt;
809         }
810
811         err = 0;
812         __unix_remove_socket(sk);
813         u->addr = addr;
814         __unix_insert_socket(list, sk);
815
816 out_unlock:
817         write_unlock(&unix_table_lock);
818 out_up:
819         up(&u->readsem);
820 out:
821         return err;
822
823 out_mknod_dput:
824         dput(dentry);
825 out_mknod_unlock:
826         up(&nd.dentry->d_inode->i_sem);
827         path_release(&nd);
828 out_mknod_parent:
829         if (err==-EEXIST)
830                 err=-EADDRINUSE;
831         unix_release_addr(addr);
832         goto out_up;
833 }
834
835 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
836                               int alen, int flags)
837 {
838         struct sock *sk = sock->sk;
839         struct sockaddr_un *sunaddr=(struct sockaddr_un*)addr;
840         struct sock *other;
841         unsigned hash;
842         int err;
843
844         if (addr->sa_family != AF_UNSPEC) {
845                 err = unix_mkname(sunaddr, alen, &hash);
846                 if (err < 0)
847                         goto out;
848                 alen = err;
849
850                 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
851                     !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
852                         goto out;
853
854                 other=unix_find_other(sunaddr, alen, sock->type, hash, &err);
855                 if (!other)
856                         goto out;
857
858                 unix_state_wlock(sk);
859
860                 err = -EPERM;
861                 if (!unix_may_send(sk, other))
862                         goto out_unlock;
863
864                 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
865                 if (err)
866                         goto out_unlock;
867
868         } else {
869                 /*
870                  *      1003.1g breaking connected state with AF_UNSPEC
871                  */
872                 other = NULL;
873                 unix_state_wlock(sk);
874         }
875
876         /*
877          * If it was connected, reconnect.
878          */
879         if (unix_peer(sk)) {
880                 struct sock *old_peer = unix_peer(sk);
881                 unix_peer(sk)=other;
882                 unix_state_wunlock(sk);
883
884                 if (other != old_peer)
885                         unix_dgram_disconnected(sk, old_peer);
886                 sock_put(old_peer);
887         } else {
888                 unix_peer(sk)=other;
889                 unix_state_wunlock(sk);
890         }
891         return 0;
892
893 out_unlock:
894         unix_state_wunlock(sk);
895         sock_put(other);
896 out:
897         return err;
898 }
899
900 static long unix_wait_for_peer(struct sock *other, long timeo)
901 {
902         struct unix_sock *u = unix_sk(other);
903         int sched;
904         DEFINE_WAIT(wait);
905
906         prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
907
908         sched = !sock_flag(other, SOCK_DEAD) &&
909                 !(other->sk_shutdown & RCV_SHUTDOWN) &&
910                 (skb_queue_len(&other->sk_receive_queue) >
911                  other->sk_max_ack_backlog);
912
913         unix_state_runlock(other);
914
915         if (sched)
916                 timeo = schedule_timeout(timeo);
917
918         finish_wait(&u->peer_wait, &wait);
919         return timeo;
920 }
921
922 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
923                                int addr_len, int flags)
924 {
925         struct sockaddr_un *sunaddr=(struct sockaddr_un *)uaddr;
926         struct sock *sk = sock->sk;
927         struct unix_sock *u = unix_sk(sk), *newu, *otheru;
928         struct sock *newsk = NULL;
929         struct sock *other = NULL;
930         struct sk_buff *skb = NULL;
931         unsigned hash;
932         int st;
933         int err;
934         long timeo;
935
936         err = unix_mkname(sunaddr, addr_len, &hash);
937         if (err < 0)
938                 goto out;
939         addr_len = err;
940
941         if (test_bit(SOCK_PASSCRED, &sock->flags)
942                 && !u->addr && (err = unix_autobind(sock)) != 0)
943                 goto out;
944
945         timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
946
947         /* First of all allocate resources.
948            If we will make it after state is locked,
949            we will have to recheck all again in any case.
950          */
951
952         err = -ENOMEM;
953
954         /* create new sock for complete connection */
955         newsk = unix_create1(NULL);
956         if (newsk == NULL)
957                 goto out;
958
959         /* Allocate skb for sending to listening sock */
960         skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
961         if (skb == NULL)
962                 goto out;
963
964 restart:
965         /*  Find listening sock. */
966         other = unix_find_other(sunaddr, addr_len, sk->sk_type, hash, &err);
967         if (!other)
968                 goto out;
969
970         /* Latch state of peer */
971         unix_state_rlock(other);
972
973         /* Apparently VFS overslept socket death. Retry. */
974         if (sock_flag(other, SOCK_DEAD)) {
975                 unix_state_runlock(other);
976                 sock_put(other);
977                 goto restart;
978         }
979
980         err = -ECONNREFUSED;
981         if (other->sk_state != TCP_LISTEN)
982                 goto out_unlock;
983
984         if (skb_queue_len(&other->sk_receive_queue) >
985             other->sk_max_ack_backlog) {
986                 err = -EAGAIN;
987                 if (!timeo)
988                         goto out_unlock;
989
990                 timeo = unix_wait_for_peer(other, timeo);
991
992                 err = sock_intr_errno(timeo);
993                 if (signal_pending(current))
994                         goto out;
995                 sock_put(other);
996                 goto restart;
997         }
998
999         /* Latch our state.
1000
1001            It is tricky place. We need to grab write lock and cannot
1002            drop lock on peer. It is dangerous because deadlock is
1003            possible. Connect to self case and simultaneous
1004            attempt to connect are eliminated by checking socket
1005            state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1006            check this before attempt to grab lock.
1007
1008            Well, and we have to recheck the state after socket locked.
1009          */
1010         st = sk->sk_state;
1011
1012         switch (st) {
1013         case TCP_CLOSE:
1014                 /* This is ok... continue with connect */
1015                 break;
1016         case TCP_ESTABLISHED:
1017                 /* Socket is already connected */
1018                 err = -EISCONN;
1019                 goto out_unlock;
1020         default:
1021                 err = -EINVAL;
1022                 goto out_unlock;
1023         }
1024
1025         unix_state_wlock(sk);
1026
1027         if (sk->sk_state != st) {
1028                 unix_state_wunlock(sk);
1029                 unix_state_runlock(other);
1030                 sock_put(other);
1031                 goto restart;
1032         }
1033
1034         err = security_unix_stream_connect(sock, other->sk_socket, newsk);
1035         if (err) {
1036                 unix_state_wunlock(sk);
1037                 goto out_unlock;
1038         }
1039
1040         /* The way is open! Fastly set all the necessary fields... */
1041
1042         sock_hold(sk);
1043         unix_peer(newsk)        = sk;
1044         newsk->sk_state         = TCP_ESTABLISHED;
1045         newsk->sk_type          = sk->sk_type;
1046         newsk->sk_peercred.pid  = current->tgid;
1047         newsk->sk_peercred.uid  = current->euid;
1048         newsk->sk_peercred.gid  = current->egid;
1049         newu = unix_sk(newsk);
1050         newsk->sk_sleep         = &newu->peer_wait;
1051         otheru = unix_sk(other);
1052
1053         /* copy address information from listening to new sock*/
1054         if (otheru->addr) {
1055                 atomic_inc(&otheru->addr->refcnt);
1056                 newu->addr = otheru->addr;
1057         }
1058         if (otheru->dentry) {
1059                 newu->dentry    = dget(otheru->dentry);
1060                 newu->mnt       = mntget(otheru->mnt);
1061         }
1062
1063         /* Set credentials */
1064         sk->sk_peercred = other->sk_peercred;
1065
1066         sock_hold(newsk);
1067         unix_peer(sk)   = newsk;
1068         sock->state     = SS_CONNECTED;
1069         sk->sk_state    = TCP_ESTABLISHED;
1070
1071         unix_state_wunlock(sk);
1072
1073         /* take ten and and send info to listening sock */
1074         spin_lock(&other->sk_receive_queue.lock);
1075         __skb_queue_tail(&other->sk_receive_queue, skb);
1076         /* Undo artificially decreased inflight after embrion
1077          * is installed to listening socket. */
1078         atomic_inc(&newu->inflight);
1079         spin_unlock(&other->sk_receive_queue.lock);
1080         unix_state_runlock(other);
1081         other->sk_data_ready(other, 0);
1082         sock_put(other);
1083         return 0;
1084
1085 out_unlock:
1086         if (other)
1087                 unix_state_runlock(other);
1088
1089 out:
1090         if (skb)
1091                 kfree_skb(skb);
1092         if (newsk)
1093                 unix_release_sock(newsk, 0);
1094         if (other)
1095                 sock_put(other);
1096         return err;
1097 }
1098
1099 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1100 {
1101         struct sock *ska=socka->sk, *skb = sockb->sk;
1102
1103         /* Join our sockets back to back */
1104         sock_hold(ska);
1105         sock_hold(skb);
1106         unix_peer(ska)=skb;
1107         unix_peer(skb)=ska;
1108         ska->sk_peercred.pid = skb->sk_peercred.pid = current->tgid;
1109         ska->sk_peercred.uid = skb->sk_peercred.uid = current->euid;
1110         ska->sk_peercred.gid = skb->sk_peercred.gid = current->egid;
1111
1112         if (ska->sk_type != SOCK_DGRAM) {
1113                 ska->sk_state = TCP_ESTABLISHED;
1114                 skb->sk_state = TCP_ESTABLISHED;
1115                 socka->state  = SS_CONNECTED;
1116                 sockb->state  = SS_CONNECTED;
1117         }
1118         return 0;
1119 }
1120
1121 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1122 {
1123         struct sock *sk = sock->sk;
1124         struct sock *tsk;
1125         struct sk_buff *skb;
1126         int err;
1127
1128         err = -EOPNOTSUPP;
1129         if (sock->type!=SOCK_STREAM && sock->type!=SOCK_SEQPACKET)
1130                 goto out;
1131
1132         err = -EINVAL;
1133         if (sk->sk_state != TCP_LISTEN)
1134                 goto out;
1135
1136         /* If socket state is TCP_LISTEN it cannot change (for now...),
1137          * so that no locks are necessary.
1138          */
1139
1140         skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1141         if (!skb) {
1142                 /* This means receive shutdown. */
1143                 if (err == 0)
1144                         err = -EINVAL;
1145                 goto out;
1146         }
1147
1148         tsk = skb->sk;
1149         skb_free_datagram(sk, skb);
1150         wake_up_interruptible(&unix_sk(sk)->peer_wait);
1151
1152         /* attach accepted sock to socket */
1153         unix_state_wlock(tsk);
1154         newsock->state = SS_CONNECTED;
1155         sock_graft(tsk, newsock);
1156         unix_state_wunlock(tsk);
1157         return 0;
1158
1159 out:
1160         return err;
1161 }
1162
1163
1164 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1165 {
1166         struct sock *sk = sock->sk;
1167         struct unix_sock *u;
1168         struct sockaddr_un *sunaddr=(struct sockaddr_un *)uaddr;
1169         int err = 0;
1170
1171         if (peer) {
1172                 sk = unix_peer_get(sk);
1173
1174                 err = -ENOTCONN;
1175                 if (!sk)
1176                         goto out;
1177                 err = 0;
1178         } else {
1179                 sock_hold(sk);
1180         }
1181
1182         u = unix_sk(sk);
1183         unix_state_rlock(sk);
1184         if (!u->addr) {
1185                 sunaddr->sun_family = AF_UNIX;
1186                 sunaddr->sun_path[0] = 0;
1187                 *uaddr_len = sizeof(short);
1188         } else {
1189                 struct unix_address *addr = u->addr;
1190
1191                 *uaddr_len = addr->len;
1192                 memcpy(sunaddr, addr->name, *uaddr_len);
1193         }
1194         unix_state_runlock(sk);
1195         sock_put(sk);
1196 out:
1197         return err;
1198 }
1199
1200 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1201 {
1202         int i;
1203
1204         scm->fp = UNIXCB(skb).fp;
1205         skb->destructor = sock_wfree;
1206         UNIXCB(skb).fp = NULL;
1207
1208         for (i=scm->fp->count-1; i>=0; i--)
1209                 unix_notinflight(scm->fp->fp[i]);
1210 }
1211
1212 static void unix_destruct_fds(struct sk_buff *skb)
1213 {
1214         struct scm_cookie scm;
1215         memset(&scm, 0, sizeof(scm));
1216         unix_detach_fds(&scm, skb);
1217
1218         /* Alas, it calls VFS */
1219         /* So fscking what? fput() had been SMP-safe since the last Summer */
1220         scm_destroy(&scm);
1221         sock_wfree(skb);
1222 }
1223
1224 static void unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1225 {
1226         int i;
1227         for (i=scm->fp->count-1; i>=0; i--)
1228                 unix_inflight(scm->fp->fp[i]);
1229         UNIXCB(skb).fp = scm->fp;
1230         skb->destructor = unix_destruct_fds;
1231         scm->fp = NULL;
1232 }
1233
1234 /*
1235  *      Send AF_UNIX data.
1236  */
1237
1238 static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1239                               struct msghdr *msg, size_t len)
1240 {
1241         struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1242         struct sock *sk = sock->sk;
1243         struct unix_sock *u = unix_sk(sk);
1244         struct sockaddr_un *sunaddr=msg->msg_name;
1245         struct sock *other = NULL;
1246         int namelen = 0; /* fake GCC */
1247         int err;
1248         unsigned hash;
1249         struct sk_buff *skb;
1250         long timeo;
1251         struct scm_cookie tmp_scm;
1252
1253         if (NULL == siocb->scm)
1254                 siocb->scm = &tmp_scm;
1255         err = scm_send(sock, msg, siocb->scm);
1256         if (err < 0)
1257                 return err;
1258
1259         err = -EOPNOTSUPP;
1260         if (msg->msg_flags&MSG_OOB)
1261                 goto out;
1262
1263         if (msg->msg_namelen) {
1264                 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1265                 if (err < 0)
1266                         goto out;
1267                 namelen = err;
1268         } else {
1269                 sunaddr = NULL;
1270                 err = -ENOTCONN;
1271                 other = unix_peer_get(sk);
1272                 if (!other)
1273                         goto out;
1274         }
1275
1276         if (test_bit(SOCK_PASSCRED, &sock->flags)
1277                 && !u->addr && (err = unix_autobind(sock)) != 0)
1278                 goto out;
1279
1280         err = -EMSGSIZE;
1281         if (len > sk->sk_sndbuf - 32)
1282                 goto out;
1283
1284         skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
1285         if (skb==NULL)
1286                 goto out;
1287
1288         memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1289         if (siocb->scm->fp)
1290                 unix_attach_fds(siocb->scm, skb);
1291
1292         skb->h.raw = skb->data;
1293         err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len);
1294         if (err)
1295                 goto out_free;
1296
1297         timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1298
1299 restart:
1300         if (!other) {
1301                 err = -ECONNRESET;
1302                 if (sunaddr == NULL)
1303                         goto out_free;
1304
1305                 other = unix_find_other(sunaddr, namelen, sk->sk_type,
1306                                         hash, &err);
1307                 if (other==NULL)
1308                         goto out_free;
1309         }
1310
1311         unix_state_rlock(other);
1312         err = -EPERM;
1313         if (!unix_may_send(sk, other))
1314                 goto out_unlock;
1315
1316         if (sock_flag(other, SOCK_DEAD)) {
1317                 /*
1318                  *      Check with 1003.1g - what should
1319                  *      datagram error
1320                  */
1321                 unix_state_runlock(other);
1322                 sock_put(other);
1323
1324                 err = 0;
1325                 unix_state_wlock(sk);
1326                 if (unix_peer(sk) == other) {
1327                         unix_peer(sk)=NULL;
1328                         unix_state_wunlock(sk);
1329
1330                         unix_dgram_disconnected(sk, other);
1331                         sock_put(other);
1332                         err = -ECONNREFUSED;
1333                 } else {
1334                         unix_state_wunlock(sk);
1335                 }
1336
1337                 other = NULL;
1338                 if (err)
1339                         goto out_free;
1340                 goto restart;
1341         }
1342
1343         err = -EPIPE;
1344         if (other->sk_shutdown & RCV_SHUTDOWN)
1345                 goto out_unlock;
1346
1347         if (sk->sk_type != SOCK_SEQPACKET) {
1348                 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1349                 if (err)
1350                         goto out_unlock;
1351         }
1352
1353         if (unix_peer(other) != sk &&
1354             (skb_queue_len(&other->sk_receive_queue) >
1355              other->sk_max_ack_backlog)) {
1356                 if (!timeo) {
1357                         err = -EAGAIN;
1358                         goto out_unlock;
1359                 }
1360
1361                 timeo = unix_wait_for_peer(other, timeo);
1362
1363                 err = sock_intr_errno(timeo);
1364                 if (signal_pending(current))
1365                         goto out_free;
1366
1367                 goto restart;
1368         }
1369
1370         skb_queue_tail(&other->sk_receive_queue, skb);
1371         unix_state_runlock(other);
1372         other->sk_data_ready(other, len);
1373         sock_put(other);
1374         scm_destroy(siocb->scm);
1375         return len;
1376
1377 out_unlock:
1378         unix_state_runlock(other);
1379 out_free:
1380         kfree_skb(skb);
1381 out:
1382         if (other)
1383                 sock_put(other);
1384         scm_destroy(siocb->scm);
1385         return err;
1386 }
1387
1388                 
1389 static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1390                                struct msghdr *msg, size_t len)
1391 {
1392         struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1393         struct sock *sk = sock->sk;
1394         struct sock *other = NULL;
1395         struct sockaddr_un *sunaddr=msg->msg_name;
1396         int err,size;
1397         struct sk_buff *skb;
1398         int sent=0;
1399         struct scm_cookie tmp_scm;
1400
1401         if (NULL == siocb->scm)
1402                 siocb->scm = &tmp_scm;
1403         err = scm_send(sock, msg, siocb->scm);
1404         if (err < 0)
1405                 return err;
1406
1407         err = -EOPNOTSUPP;
1408         if (msg->msg_flags&MSG_OOB)
1409                 goto out_err;
1410
1411         if (msg->msg_namelen) {
1412                 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1413                 goto out_err;
1414         } else {
1415                 sunaddr = NULL;
1416                 err = -ENOTCONN;
1417                 other = unix_peer_get(sk);
1418                 if (!other)
1419                         goto out_err;
1420         }
1421
1422         if (sk->sk_shutdown & SEND_SHUTDOWN)
1423                 goto pipe_err;
1424
1425         while(sent < len)
1426         {
1427                 /*
1428                  *      Optimisation for the fact that under 0.01% of X messages typically
1429                  *      need breaking up.
1430                  */
1431
1432                 size=len-sent;
1433
1434                 /* Keep two messages in the pipe so it schedules better */
1435                 if (size > sk->sk_sndbuf / 2 - 64)
1436                         size = sk->sk_sndbuf / 2 - 64;
1437
1438                 if (size > SKB_MAX_ALLOC)
1439                         size = SKB_MAX_ALLOC;
1440                         
1441                 /*
1442                  *      Grab a buffer
1443                  */
1444                  
1445                 skb=sock_alloc_send_skb(sk,size,msg->msg_flags&MSG_DONTWAIT, &err);
1446
1447                 if (skb==NULL)
1448                         goto out_err;
1449
1450                 /*
1451                  *      If you pass two values to the sock_alloc_send_skb
1452                  *      it tries to grab the large buffer with GFP_NOFS
1453                  *      (which can fail easily), and if it fails grab the
1454                  *      fallback size buffer which is under a page and will
1455                  *      succeed. [Alan]
1456                  */
1457                 size = min_t(int, size, skb_tailroom(skb));
1458
1459                 memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1460                 if (siocb->scm->fp)
1461                         unix_attach_fds(siocb->scm, skb);
1462
1463                 if ((err = memcpy_fromiovec(skb_put(skb,size), msg->msg_iov, size)) != 0) {
1464                         kfree_skb(skb);
1465                         goto out_err;
1466                 }
1467
1468                 unix_state_rlock(other);
1469
1470                 if (sock_flag(other, SOCK_DEAD) ||
1471                     (other->sk_shutdown & RCV_SHUTDOWN))
1472                         goto pipe_err_free;
1473
1474                 skb_queue_tail(&other->sk_receive_queue, skb);
1475                 unix_state_runlock(other);
1476                 other->sk_data_ready(other, size);
1477                 sent+=size;
1478         }
1479         sock_put(other);
1480
1481         scm_destroy(siocb->scm);
1482         siocb->scm = NULL;
1483
1484         return sent;
1485
1486 pipe_err_free:
1487         unix_state_runlock(other);
1488         kfree_skb(skb);
1489 pipe_err:
1490         if (sent==0 && !(msg->msg_flags&MSG_NOSIGNAL))
1491                 send_sig(SIGPIPE,current,0);
1492         err = -EPIPE;
1493 out_err:
1494         if (other)
1495                 sock_put(other);
1496         scm_destroy(siocb->scm);
1497         siocb->scm = NULL;
1498         return sent ? : err;
1499 }
1500
1501 static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1502                                   struct msghdr *msg, size_t len)
1503 {
1504         int err;
1505         struct sock *sk = sock->sk;
1506         
1507         err = sock_error(sk);
1508         if (err)
1509                 return err;
1510
1511         if (sk->sk_state != TCP_ESTABLISHED)
1512                 return -ENOTCONN;
1513
1514         if (msg->msg_namelen)
1515                 msg->msg_namelen = 0;
1516
1517         return unix_dgram_sendmsg(kiocb, sock, msg, len);
1518 }
1519                                                                                             
1520 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1521 {
1522         struct unix_sock *u = unix_sk(sk);
1523
1524         msg->msg_namelen = 0;
1525         if (u->addr) {
1526                 msg->msg_namelen = u->addr->len;
1527                 memcpy(msg->msg_name, u->addr->name, u->addr->len);
1528         }
1529 }
1530
1531 static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1532                               struct msghdr *msg, size_t size,
1533                               int flags)
1534 {
1535         struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1536         struct scm_cookie tmp_scm;
1537         struct sock *sk = sock->sk;
1538         struct unix_sock *u = unix_sk(sk);
1539         int noblock = flags & MSG_DONTWAIT;
1540         struct sk_buff *skb;
1541         int err;
1542
1543         err = -EOPNOTSUPP;
1544         if (flags&MSG_OOB)
1545                 goto out;
1546
1547         msg->msg_namelen = 0;
1548
1549         down(&u->readsem);
1550
1551         skb = skb_recv_datagram(sk, flags, noblock, &err);
1552         if (!skb)
1553                 goto out_unlock;
1554
1555         wake_up_interruptible(&u->peer_wait);
1556
1557         if (msg->msg_name)
1558                 unix_copy_addr(msg, skb->sk);
1559
1560         if (size > skb->len)
1561                 size = skb->len;
1562         else if (size < skb->len)
1563                 msg->msg_flags |= MSG_TRUNC;
1564
1565         err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1566         if (err)
1567                 goto out_free;
1568
1569         if (!siocb->scm) {
1570                 siocb->scm = &tmp_scm;
1571                 memset(&tmp_scm, 0, sizeof(tmp_scm));
1572         }
1573         siocb->scm->creds = *UNIXCREDS(skb);
1574
1575         if (!(flags & MSG_PEEK))
1576         {
1577                 if (UNIXCB(skb).fp)
1578                         unix_detach_fds(siocb->scm, skb);
1579         }
1580         else 
1581         {
1582                 /* It is questionable: on PEEK we could:
1583                    - do not return fds - good, but too simple 8)
1584                    - return fds, and do not return them on read (old strategy,
1585                      apparently wrong)
1586                    - clone fds (I chose it for now, it is the most universal
1587                      solution)
1588                 
1589                    POSIX 1003.1g does not actually define this clearly
1590                    at all. POSIX 1003.1g doesn't define a lot of things
1591                    clearly however!                  
1592                    
1593                 */
1594                 if (UNIXCB(skb).fp)
1595                         siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1596         }
1597         err = size;
1598
1599         scm_recv(sock, msg, siocb->scm, flags);
1600
1601 out_free:
1602         skb_free_datagram(sk,skb);
1603 out_unlock:
1604         up(&u->readsem);
1605 out:
1606         return err;
1607 }
1608
1609 /*
1610  *      Sleep until data has arrive. But check for races..
1611  */
1612  
1613 static long unix_stream_data_wait(struct sock * sk, long timeo)
1614 {
1615         DEFINE_WAIT(wait);
1616
1617         unix_state_rlock(sk);
1618
1619         for (;;) {
1620                 prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);
1621
1622                 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1623                     sk->sk_err ||
1624                     (sk->sk_shutdown & RCV_SHUTDOWN) ||
1625                     signal_pending(current) ||
1626                     !timeo)
1627                         break;
1628
1629                 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1630                 unix_state_runlock(sk);
1631                 timeo = schedule_timeout(timeo);
1632                 unix_state_rlock(sk);
1633                 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1634         }
1635
1636         finish_wait(sk->sk_sleep, &wait);
1637         unix_state_runlock(sk);
1638         return timeo;
1639 }
1640
1641
1642
1643 static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1644                                struct msghdr *msg, size_t size,
1645                                int flags)
1646 {
1647         struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1648         struct scm_cookie tmp_scm;
1649         struct sock *sk = sock->sk;
1650         struct unix_sock *u = unix_sk(sk);
1651         struct sockaddr_un *sunaddr=msg->msg_name;
1652         int copied = 0;
1653         int check_creds = 0;
1654         int target;
1655         int err = 0;
1656         long timeo;
1657
1658         err = -EINVAL;
1659         if (sk->sk_state != TCP_ESTABLISHED)
1660                 goto out;
1661
1662         err = -EOPNOTSUPP;
1663         if (flags&MSG_OOB)
1664                 goto out;
1665
1666         target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1667         timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1668
1669         msg->msg_namelen = 0;
1670
1671         /* Lock the socket to prevent queue disordering
1672          * while sleeps in memcpy_tomsg
1673          */
1674
1675         if (!siocb->scm) {
1676                 siocb->scm = &tmp_scm;
1677                 memset(&tmp_scm, 0, sizeof(tmp_scm));
1678         }
1679
1680         down(&u->readsem);
1681
1682         do
1683         {
1684                 int chunk;
1685                 struct sk_buff *skb;
1686
1687                 skb = skb_dequeue(&sk->sk_receive_queue);
1688                 if (skb==NULL)
1689                 {
1690                         if (copied >= target)
1691                                 break;
1692
1693                         /*
1694                          *      POSIX 1003.1g mandates this order.
1695                          */
1696                          
1697                         if ((err = sock_error(sk)) != 0)
1698                                 break;
1699                         if (sk->sk_shutdown & RCV_SHUTDOWN)
1700                                 break;
1701                         err = -EAGAIN;
1702                         if (!timeo)
1703                                 break;
1704                         up(&u->readsem);
1705
1706                         timeo = unix_stream_data_wait(sk, timeo);
1707
1708                         if (signal_pending(current)) {
1709                                 err = sock_intr_errno(timeo);
1710                                 goto out;
1711                         }
1712                         down(&u->readsem);
1713                         continue;
1714                 }
1715
1716                 if (check_creds) {
1717                         /* Never glue messages from different writers */
1718                         if (memcmp(UNIXCREDS(skb), &siocb->scm->creds, sizeof(siocb->scm->creds)) != 0) {
1719                                 skb_queue_head(&sk->sk_receive_queue, skb);
1720                                 break;
1721                         }
1722                 } else {
1723                         /* Copy credentials */
1724                         siocb->scm->creds = *UNIXCREDS(skb);
1725                         check_creds = 1;
1726                 }
1727
1728                 /* Copy address just once */
1729                 if (sunaddr)
1730                 {
1731                         unix_copy_addr(msg, skb->sk);
1732                         sunaddr = NULL;
1733                 }
1734
1735                 chunk = min_t(unsigned int, skb->len, size);
1736                 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1737                         skb_queue_head(&sk->sk_receive_queue, skb);
1738                         if (copied == 0)
1739                                 copied = -EFAULT;
1740                         break;
1741                 }
1742                 copied += chunk;
1743                 size -= chunk;
1744
1745                 /* Mark read part of skb as used */
1746                 if (!(flags & MSG_PEEK))
1747                 {
1748                         skb_pull(skb, chunk);
1749
1750                         if (UNIXCB(skb).fp)
1751                                 unix_detach_fds(siocb->scm, skb);
1752
1753                         /* put the skb back if we didn't use it up.. */
1754                         if (skb->len)
1755                         {
1756                                 skb_queue_head(&sk->sk_receive_queue, skb);
1757                                 break;
1758                         }
1759
1760                         kfree_skb(skb);
1761
1762                         if (siocb->scm->fp)
1763                                 break;
1764                 }
1765                 else
1766                 {
1767                         /* It is questionable, see note in unix_dgram_recvmsg.
1768                          */
1769                         if (UNIXCB(skb).fp)
1770                                 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1771
1772                         /* put message back and return */
1773                         skb_queue_head(&sk->sk_receive_queue, skb);
1774                         break;
1775                 }
1776         } while (size);
1777
1778         up(&u->readsem);
1779         scm_recv(sock, msg, siocb->scm, flags);
1780 out:
1781         return copied ? : err;
1782 }
1783
1784 static int unix_shutdown(struct socket *sock, int mode)
1785 {
1786         struct sock *sk = sock->sk;
1787         struct sock *other;
1788
1789         mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
1790
1791         if (mode) {
1792                 unix_state_wlock(sk);
1793                 sk->sk_shutdown |= mode;
1794                 other=unix_peer(sk);
1795                 if (other)
1796                         sock_hold(other);
1797                 unix_state_wunlock(sk);
1798                 sk->sk_state_change(sk);
1799
1800                 if (other &&
1801                         (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
1802
1803                         int peer_mode = 0;
1804
1805                         if (mode&RCV_SHUTDOWN)
1806                                 peer_mode |= SEND_SHUTDOWN;
1807                         if (mode&SEND_SHUTDOWN)
1808                                 peer_mode |= RCV_SHUTDOWN;
1809                         unix_state_wlock(other);
1810                         other->sk_shutdown |= peer_mode;
1811                         unix_state_wunlock(other);
1812                         other->sk_state_change(other);
1813                         read_lock(&other->sk_callback_lock);
1814                         if (peer_mode == SHUTDOWN_MASK)
1815                                 sk_wake_async(other,1,POLL_HUP);
1816                         else if (peer_mode & RCV_SHUTDOWN)
1817                                 sk_wake_async(other,1,POLL_IN);
1818                         read_unlock(&other->sk_callback_lock);
1819                 }
1820                 if (other)
1821                         sock_put(other);
1822         }
1823         return 0;
1824 }
1825
1826 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1827 {
1828         struct sock *sk = sock->sk;
1829         long amount=0;
1830         int err;
1831
1832         switch(cmd)
1833         {
1834                 case SIOCOUTQ:
1835                         amount = atomic_read(&sk->sk_wmem_alloc);
1836                         err = put_user(amount, (int __user *)arg);
1837                         break;
1838                 case SIOCINQ:
1839                 {
1840                         struct sk_buff *skb;
1841
1842                         if (sk->sk_state == TCP_LISTEN) {
1843                                 err = -EINVAL;
1844                                 break;
1845                         }
1846
1847                         spin_lock(&sk->sk_receive_queue.lock);
1848                         if (sk->sk_type == SOCK_STREAM ||
1849                             sk->sk_type == SOCK_SEQPACKET) {
1850                                 skb_queue_walk(&sk->sk_receive_queue, skb)
1851                                         amount += skb->len;
1852                         } else {
1853                                 skb = skb_peek(&sk->sk_receive_queue);
1854                                 if (skb)
1855                                         amount=skb->len;
1856                         }
1857                         spin_unlock(&sk->sk_receive_queue.lock);
1858                         err = put_user(amount, (int __user *)arg);
1859                         break;
1860                 }
1861
1862                 default:
1863                         err = dev_ioctl(cmd, (void __user *)arg);
1864                         break;
1865         }
1866         return err;
1867 }
1868
1869 static unsigned int unix_poll(struct file * file, struct socket *sock, poll_table *wait)
1870 {
1871         struct sock *sk = sock->sk;
1872         unsigned int mask;
1873
1874         poll_wait(file, sk->sk_sleep, wait);
1875         mask = 0;
1876
1877         /* exceptional events? */
1878         if (sk->sk_err)
1879                 mask |= POLLERR;
1880         if (sk->sk_shutdown == SHUTDOWN_MASK)
1881                 mask |= POLLHUP;
1882
1883         /* readable? */
1884         if (!skb_queue_empty(&sk->sk_receive_queue) ||
1885             (sk->sk_shutdown & RCV_SHUTDOWN))
1886                 mask |= POLLIN | POLLRDNORM;
1887
1888         /* Connection-based need to check for termination and startup */
1889         if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) && sk->sk_state == TCP_CLOSE)
1890                 mask |= POLLHUP;
1891
1892         /*
1893          * we set writable also when the other side has shut down the
1894          * connection. This prevents stuck sockets.
1895          */
1896         if (unix_writable(sk))
1897                 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
1898
1899         return mask;
1900 }
1901
1902
1903 #ifdef CONFIG_PROC_FS
1904 static struct sock *unix_seq_idx(int *iter, loff_t pos)
1905 {
1906         loff_t off = 0;
1907         struct sock *s;
1908
1909         for (s = first_unix_socket(iter); s; s = next_unix_socket(iter, s)) {
1910                 if (off == pos) 
1911                         return s;
1912                 ++off;
1913         }
1914         return NULL;
1915 }
1916
1917
1918 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
1919 {
1920         read_lock(&unix_table_lock);
1921         return *pos ? unix_seq_idx(seq->private, *pos - 1) : ((void *) 1);
1922 }
1923
1924 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1925 {
1926         ++*pos;
1927
1928         if (v == (void *)1) 
1929                 return first_unix_socket(seq->private);
1930         return next_unix_socket(seq->private, v);
1931 }
1932
1933 static void unix_seq_stop(struct seq_file *seq, void *v)
1934 {
1935         read_unlock(&unix_table_lock);
1936 }
1937
1938 static int unix_seq_show(struct seq_file *seq, void *v)
1939 {
1940         
1941         if (v == (void *)1)
1942                 seq_puts(seq, "Num       RefCount Protocol Flags    Type St "
1943                          "Inode Path\n");
1944         else {
1945                 struct sock *s = v;
1946                 struct unix_sock *u = unix_sk(s);
1947                 unix_state_rlock(s);
1948
1949                 seq_printf(seq, "%p: %08X %08X %08X %04X %02X %5lu",
1950                         s,
1951                         atomic_read(&s->sk_refcnt),
1952                         0,
1953                         s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
1954                         s->sk_type,
1955                         s->sk_socket ?
1956                         (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
1957                         (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
1958                         sock_i_ino(s));
1959
1960                 if (u->addr) {
1961                         int i, len;
1962                         seq_putc(seq, ' ');
1963
1964                         i = 0;
1965                         len = u->addr->len - sizeof(short);
1966                         if (!UNIX_ABSTRACT(s))
1967                                 len--;
1968                         else {
1969                                 seq_putc(seq, '@');
1970                                 i++;
1971                         }
1972                         for ( ; i < len; i++)
1973                                 seq_putc(seq, u->addr->name->sun_path[i]);
1974                 }
1975                 unix_state_runlock(s);
1976                 seq_putc(seq, '\n');
1977         }
1978
1979         return 0;
1980 }
1981
1982 static struct seq_operations unix_seq_ops = {
1983         .start  = unix_seq_start,
1984         .next   = unix_seq_next,
1985         .stop   = unix_seq_stop,
1986         .show   = unix_seq_show,
1987 };
1988
1989
1990 static int unix_seq_open(struct inode *inode, struct file *file)
1991 {
1992         struct seq_file *seq;
1993         int rc = -ENOMEM;
1994         int *iter = kmalloc(sizeof(int), GFP_KERNEL);
1995
1996         if (!iter)
1997                 goto out;
1998
1999         rc = seq_open(file, &unix_seq_ops);
2000         if (rc)
2001                 goto out_kfree;
2002
2003         seq          = file->private_data;
2004         seq->private = iter;
2005         *iter = 0;
2006 out:
2007         return rc;
2008 out_kfree:
2009         kfree(iter);
2010         goto out;
2011 }
2012
2013 static struct file_operations unix_seq_fops = {
2014         .owner          = THIS_MODULE,
2015         .open           = unix_seq_open,
2016         .read           = seq_read,
2017         .llseek         = seq_lseek,
2018         .release        = seq_release_private,
2019 };
2020
2021 #endif
2022
2023 static struct net_proto_family unix_family_ops = {
2024         .family = PF_UNIX,
2025         .create = unix_create,
2026         .owner  = THIS_MODULE,
2027 };
2028
2029 static int __init af_unix_init(void)
2030 {
2031         int rc = -1;
2032         struct sk_buff *dummy_skb;
2033
2034         if (sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb)) {
2035                 printk(KERN_CRIT "%s: panic\n", __FUNCTION__);
2036                 goto out;
2037         }
2038
2039         rc = proto_register(&unix_proto, 1);
2040         if (rc != 0) {
2041                 printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2042                        __FUNCTION__);
2043                 goto out;
2044         }
2045
2046         sock_register(&unix_family_ops);
2047 #ifdef CONFIG_PROC_FS
2048         proc_net_fops_create("unix", 0, &unix_seq_fops);
2049 #endif
2050         unix_sysctl_register();
2051 out:
2052         return rc;
2053 }
2054
2055 static void __exit af_unix_exit(void)
2056 {
2057         sock_unregister(PF_UNIX);
2058         unix_sysctl_unregister();
2059         proc_net_remove("unix");
2060         proto_unregister(&unix_proto);
2061 }
2062
2063 module_init(af_unix_init);
2064 module_exit(af_unix_exit);
2065
2066 MODULE_LICENSE("GPL");
2067 MODULE_ALIAS_NETPROTO(PF_UNIX);