2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #include <linux/module.h>
84 #include <linux/kernel.h>
85 #include <linux/signal.h>
86 #include <linux/sched.h>
87 #include <linux/errno.h>
88 #include <linux/string.h>
89 #include <linux/stat.h>
90 #include <linux/dcache.h>
91 #include <linux/namei.h>
92 #include <linux/socket.h>
94 #include <linux/fcntl.h>
95 #include <linux/termios.h>
96 #include <linux/sockios.h>
97 #include <linux/net.h>
100 #include <linux/slab.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <net/net_namespace.h>
105 #include <net/sock.h>
106 #include <net/tcp_states.h>
107 #include <net/af_unix.h>
108 #include <linux/proc_fs.h>
109 #include <linux/seq_file.h>
111 #include <linux/init.h>
112 #include <linux/poll.h>
113 #include <linux/rtnetlink.h>
114 #include <linux/mount.h>
115 #include <net/checksum.h>
116 #include <linux/security.h>
118 struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119 EXPORT_SYMBOL_GPL(unix_socket_table);
120 DEFINE_SPINLOCK(unix_table_lock);
121 EXPORT_SYMBOL_GPL(unix_table_lock);
122 static atomic_long_t unix_nr_socks;
124 #define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
126 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
128 #ifdef CONFIG_SECURITY_NETWORK
129 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
131 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
134 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
136 scm->secid = *UNIXSID(skb);
139 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
142 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
144 #endif /* CONFIG_SECURITY_NETWORK */
147 * SMP locking strategy:
148 * hash table is protected with spinlock unix_table_lock
149 * each socket state is protected by separate spin lock.
152 static inline unsigned unix_hash_fold(__wsum n)
154 unsigned hash = (__force unsigned)n;
157 return hash&(UNIX_HASH_SIZE-1);
160 #define unix_peer(sk) (unix_sk(sk)->peer)
162 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
164 return unix_peer(osk) == sk;
167 static inline int unix_may_send(struct sock *sk, struct sock *osk)
169 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
172 static inline int unix_recvq_full(struct sock const *sk)
174 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
177 struct sock *unix_peer_get(struct sock *s)
185 unix_state_unlock(s);
188 EXPORT_SYMBOL_GPL(unix_peer_get);
190 static inline void unix_release_addr(struct unix_address *addr)
192 if (atomic_dec_and_test(&addr->refcnt))
197 * Check unix socket name:
198 * - should be not zero length.
199 * - if started by not zero, should be NULL terminated (FS object)
200 * - if started by zero, it is abstract name.
203 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
205 if (len <= sizeof(short) || len > sizeof(*sunaddr))
207 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
209 if (sunaddr->sun_path[0]) {
211 * This may look like an off by one error but it is a bit more
212 * subtle. 108 is the longest valid AF_UNIX path for a binding.
213 * sun_path[108] doesn't as such exist. However in kernel space
214 * we are guaranteed that it is a valid memory location in our
215 * kernel address buffer.
217 ((char *)sunaddr)[len] = 0;
218 len = strlen(sunaddr->sun_path)+1+sizeof(short);
222 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
226 static void __unix_remove_socket(struct sock *sk)
228 sk_del_node_init(sk);
231 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
233 WARN_ON(!sk_unhashed(sk));
234 sk_add_node(sk, list);
237 static inline void unix_remove_socket(struct sock *sk)
239 spin_lock(&unix_table_lock);
240 __unix_remove_socket(sk);
241 spin_unlock(&unix_table_lock);
244 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
246 spin_lock(&unix_table_lock);
247 __unix_insert_socket(list, sk);
248 spin_unlock(&unix_table_lock);
251 static struct sock *__unix_find_socket_byname(struct net *net,
252 struct sockaddr_un *sunname,
253 int len, int type, unsigned hash)
256 struct hlist_node *node;
258 sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
259 struct unix_sock *u = unix_sk(s);
261 if (!net_eq(sock_net(s), net))
264 if (u->addr->len == len &&
265 !memcmp(u->addr->name, sunname, len))
273 static inline struct sock *unix_find_socket_byname(struct net *net,
274 struct sockaddr_un *sunname,
280 spin_lock(&unix_table_lock);
281 s = __unix_find_socket_byname(net, sunname, len, type, hash);
284 spin_unlock(&unix_table_lock);
288 static struct sock *unix_find_socket_byinode(struct inode *i)
291 struct hlist_node *node;
293 spin_lock(&unix_table_lock);
295 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
296 struct dentry *dentry = unix_sk(s)->dentry;
298 if (dentry && dentry->d_inode == i) {
305 spin_unlock(&unix_table_lock);
309 static inline int unix_writable(struct sock *sk)
311 return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
314 static void unix_write_space(struct sock *sk)
316 struct socket_wq *wq;
319 if (unix_writable(sk)) {
320 wq = rcu_dereference(sk->sk_wq);
321 if (wq_has_sleeper(wq))
322 wake_up_interruptible_sync_poll(&wq->wait,
323 POLLOUT | POLLWRNORM | POLLWRBAND);
324 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
329 /* When dgram socket disconnects (or changes its peer), we clear its receive
330 * queue of packets arrived from previous peer. First, it allows to do
331 * flow control based only on wmem_alloc; second, sk connected to peer
332 * may receive messages only from that peer. */
333 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
335 if (!skb_queue_empty(&sk->sk_receive_queue)) {
336 skb_queue_purge(&sk->sk_receive_queue);
337 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
339 /* If one link of bidirectional dgram pipe is disconnected,
340 * we signal error. Messages are lost. Do not make this,
341 * when peer was not connected to us.
343 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
344 other->sk_err = ECONNRESET;
345 other->sk_error_report(other);
350 static void unix_sock_destructor(struct sock *sk)
352 struct unix_sock *u = unix_sk(sk);
354 skb_queue_purge(&sk->sk_receive_queue);
356 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
357 WARN_ON(!sk_unhashed(sk));
358 WARN_ON(sk->sk_socket);
359 if (!sock_flag(sk, SOCK_DEAD)) {
360 printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
365 unix_release_addr(u->addr);
367 atomic_long_dec(&unix_nr_socks);
369 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
371 #ifdef UNIX_REFCNT_DEBUG
372 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
373 atomic_long_read(&unix_nr_socks));
377 static int unix_release_sock(struct sock *sk, int embrion)
379 struct unix_sock *u = unix_sk(sk);
380 struct dentry *dentry;
381 struct vfsmount *mnt;
386 unix_remove_socket(sk);
391 sk->sk_shutdown = SHUTDOWN_MASK;
396 state = sk->sk_state;
397 sk->sk_state = TCP_CLOSE;
398 unix_state_unlock(sk);
400 wake_up_interruptible_all(&u->peer_wait);
402 skpair = unix_peer(sk);
404 if (skpair != NULL) {
405 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
406 unix_state_lock(skpair);
408 skpair->sk_shutdown = SHUTDOWN_MASK;
409 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
410 skpair->sk_err = ECONNRESET;
411 unix_state_unlock(skpair);
412 skpair->sk_state_change(skpair);
413 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
415 sock_put(skpair); /* It may now die */
416 unix_peer(sk) = NULL;
419 /* Try to flush out this socket. Throw out buffers at least */
421 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
422 if (state == TCP_LISTEN)
423 unix_release_sock(skb->sk, 1);
424 /* passed fds are erased in the kfree_skb hook */
435 /* ---- Socket is dead now and most probably destroyed ---- */
438 * Fixme: BSD difference: In BSD all sockets connected to use get
439 * ECONNRESET and we die on the spot. In Linux we behave
440 * like files and pipes do and wait for the last
443 * Can't we simply set sock->err?
445 * What the above comment does talk about? --ANK(980817)
448 if (unix_tot_inflight)
449 unix_gc(); /* Garbage collect fds */
454 static void init_peercred(struct sock *sk)
456 put_pid(sk->sk_peer_pid);
457 if (sk->sk_peer_cred)
458 put_cred(sk->sk_peer_cred);
459 sk->sk_peer_pid = get_pid(task_tgid(current));
460 sk->sk_peer_cred = get_current_cred();
463 static void copy_peercred(struct sock *sk, struct sock *peersk)
465 put_pid(sk->sk_peer_pid);
466 if (sk->sk_peer_cred)
467 put_cred(sk->sk_peer_cred);
468 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
469 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
472 static int unix_listen(struct socket *sock, int backlog)
475 struct sock *sk = sock->sk;
476 struct unix_sock *u = unix_sk(sk);
477 struct pid *old_pid = NULL;
478 const struct cred *old_cred = NULL;
481 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
482 goto out; /* Only stream/seqpacket sockets accept */
485 goto out; /* No listens on an unbound socket */
487 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
489 if (backlog > sk->sk_max_ack_backlog)
490 wake_up_interruptible_all(&u->peer_wait);
491 sk->sk_max_ack_backlog = backlog;
492 sk->sk_state = TCP_LISTEN;
493 /* set credentials so connect can copy them */
498 unix_state_unlock(sk);
506 static int unix_release(struct socket *);
507 static int unix_bind(struct socket *, struct sockaddr *, int);
508 static int unix_stream_connect(struct socket *, struct sockaddr *,
509 int addr_len, int flags);
510 static int unix_socketpair(struct socket *, struct socket *);
511 static int unix_accept(struct socket *, struct socket *, int);
512 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
513 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
514 static unsigned int unix_dgram_poll(struct file *, struct socket *,
516 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
517 static int unix_shutdown(struct socket *, int);
518 static int unix_stream_sendmsg(struct kiocb *, struct socket *,
519 struct msghdr *, size_t);
520 static int unix_stream_recvmsg(struct kiocb *, struct socket *,
521 struct msghdr *, size_t, int);
522 static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
523 struct msghdr *, size_t);
524 static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
525 struct msghdr *, size_t, int);
526 static int unix_dgram_connect(struct socket *, struct sockaddr *,
528 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
529 struct msghdr *, size_t);
530 static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
531 struct msghdr *, size_t, int);
533 static const struct proto_ops unix_stream_ops = {
535 .owner = THIS_MODULE,
536 .release = unix_release,
538 .connect = unix_stream_connect,
539 .socketpair = unix_socketpair,
540 .accept = unix_accept,
541 .getname = unix_getname,
544 .listen = unix_listen,
545 .shutdown = unix_shutdown,
546 .setsockopt = sock_no_setsockopt,
547 .getsockopt = sock_no_getsockopt,
548 .sendmsg = unix_stream_sendmsg,
549 .recvmsg = unix_stream_recvmsg,
550 .mmap = sock_no_mmap,
551 .sendpage = sock_no_sendpage,
554 static const struct proto_ops unix_dgram_ops = {
556 .owner = THIS_MODULE,
557 .release = unix_release,
559 .connect = unix_dgram_connect,
560 .socketpair = unix_socketpair,
561 .accept = sock_no_accept,
562 .getname = unix_getname,
563 .poll = unix_dgram_poll,
565 .listen = sock_no_listen,
566 .shutdown = unix_shutdown,
567 .setsockopt = sock_no_setsockopt,
568 .getsockopt = sock_no_getsockopt,
569 .sendmsg = unix_dgram_sendmsg,
570 .recvmsg = unix_dgram_recvmsg,
571 .mmap = sock_no_mmap,
572 .sendpage = sock_no_sendpage,
575 static const struct proto_ops unix_seqpacket_ops = {
577 .owner = THIS_MODULE,
578 .release = unix_release,
580 .connect = unix_stream_connect,
581 .socketpair = unix_socketpair,
582 .accept = unix_accept,
583 .getname = unix_getname,
584 .poll = unix_dgram_poll,
586 .listen = unix_listen,
587 .shutdown = unix_shutdown,
588 .setsockopt = sock_no_setsockopt,
589 .getsockopt = sock_no_getsockopt,
590 .sendmsg = unix_seqpacket_sendmsg,
591 .recvmsg = unix_seqpacket_recvmsg,
592 .mmap = sock_no_mmap,
593 .sendpage = sock_no_sendpage,
596 static struct proto unix_proto = {
598 .owner = THIS_MODULE,
599 .obj_size = sizeof(struct unix_sock),
603 * AF_UNIX sockets do not interact with hardware, hence they
604 * dont trigger interrupts - so it's safe for them to have
605 * bh-unsafe locking for their sk_receive_queue.lock. Split off
606 * this special lock-class by reinitializing the spinlock key:
608 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
610 static struct sock *unix_create1(struct net *net, struct socket *sock)
612 struct sock *sk = NULL;
615 atomic_long_inc(&unix_nr_socks);
616 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
619 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
623 sock_init_data(sock, sk);
624 lockdep_set_class(&sk->sk_receive_queue.lock,
625 &af_unix_sk_receive_queue_lock_key);
627 sk->sk_write_space = unix_write_space;
628 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
629 sk->sk_destruct = unix_sock_destructor;
633 spin_lock_init(&u->lock);
634 atomic_long_set(&u->inflight, 0);
635 INIT_LIST_HEAD(&u->link);
636 mutex_init(&u->readlock); /* single task reading lock */
637 init_waitqueue_head(&u->peer_wait);
638 unix_insert_socket(unix_sockets_unbound, sk);
641 atomic_long_dec(&unix_nr_socks);
644 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
650 static int unix_create(struct net *net, struct socket *sock, int protocol,
653 if (protocol && protocol != PF_UNIX)
654 return -EPROTONOSUPPORT;
656 sock->state = SS_UNCONNECTED;
658 switch (sock->type) {
660 sock->ops = &unix_stream_ops;
663 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
667 sock->type = SOCK_DGRAM;
669 sock->ops = &unix_dgram_ops;
672 sock->ops = &unix_seqpacket_ops;
675 return -ESOCKTNOSUPPORT;
678 return unix_create1(net, sock) ? 0 : -ENOMEM;
681 static int unix_release(struct socket *sock)
683 struct sock *sk = sock->sk;
690 return unix_release_sock(sk, 0);
693 static int unix_autobind(struct socket *sock)
695 struct sock *sk = sock->sk;
696 struct net *net = sock_net(sk);
697 struct unix_sock *u = unix_sk(sk);
698 static u32 ordernum = 1;
699 struct unix_address *addr;
701 unsigned int retries = 0;
703 mutex_lock(&u->readlock);
710 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
714 addr->name->sun_family = AF_UNIX;
715 atomic_set(&addr->refcnt, 1);
718 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
719 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
721 spin_lock(&unix_table_lock);
722 ordernum = (ordernum+1)&0xFFFFF;
724 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
726 spin_unlock(&unix_table_lock);
728 * __unix_find_socket_byname() may take long time if many names
729 * are already in use.
732 /* Give up if all names seems to be in use. */
733 if (retries++ == 0xFFFFF) {
740 addr->hash ^= sk->sk_type;
742 __unix_remove_socket(sk);
744 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
745 spin_unlock(&unix_table_lock);
748 out: mutex_unlock(&u->readlock);
752 static struct sock *unix_find_other(struct net *net,
753 struct sockaddr_un *sunname, int len,
754 int type, unsigned hash, int *error)
760 if (sunname->sun_path[0]) {
762 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
765 inode = path.dentry->d_inode;
766 err = inode_permission(inode, MAY_WRITE);
771 if (!S_ISSOCK(inode->i_mode))
773 u = unix_find_socket_byinode(inode);
777 if (u->sk_type == type)
778 touch_atime(path.mnt, path.dentry);
783 if (u->sk_type != type) {
789 u = unix_find_socket_byname(net, sunname, len, type, hash);
791 struct dentry *dentry;
792 dentry = unix_sk(u)->dentry;
794 touch_atime(unix_sk(u)->mnt, dentry);
808 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
810 struct sock *sk = sock->sk;
811 struct net *net = sock_net(sk);
812 struct unix_sock *u = unix_sk(sk);
813 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
814 char *sun_path = sunaddr->sun_path;
815 struct dentry *dentry = NULL;
819 struct unix_address *addr;
820 struct hlist_head *list;
823 if (sunaddr->sun_family != AF_UNIX)
826 if (addr_len == sizeof(short)) {
827 err = unix_autobind(sock);
831 err = unix_mkname(sunaddr, addr_len, &hash);
836 mutex_lock(&u->readlock);
843 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
847 memcpy(addr->name, sunaddr, addr_len);
848 addr->len = addr_len;
849 addr->hash = hash ^ sk->sk_type;
850 atomic_set(&addr->refcnt, 1);
856 * Get the parent directory, calculate the hash for last
859 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
860 err = PTR_ERR(dentry);
862 goto out_mknod_parent;
865 * All right, let's create it.
868 (SOCK_INODE(sock)->i_mode & ~current_umask());
869 err = mnt_want_write(path.mnt);
872 err = security_path_mknod(&path, dentry, mode, 0);
874 goto out_mknod_drop_write;
875 err = vfs_mknod(path.dentry->d_inode, dentry, mode, 0);
876 out_mknod_drop_write:
877 mnt_drop_write(path.mnt);
880 mutex_unlock(&path.dentry->d_inode->i_mutex);
882 path.dentry = dentry;
884 addr->hash = UNIX_HASH_SIZE;
887 spin_lock(&unix_table_lock);
891 if (__unix_find_socket_byname(net, sunaddr, addr_len,
892 sk->sk_type, hash)) {
893 unix_release_addr(addr);
897 list = &unix_socket_table[addr->hash];
899 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
900 u->dentry = path.dentry;
905 __unix_remove_socket(sk);
907 __unix_insert_socket(list, sk);
910 spin_unlock(&unix_table_lock);
912 mutex_unlock(&u->readlock);
918 mutex_unlock(&path.dentry->d_inode->i_mutex);
923 unix_release_addr(addr);
927 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
929 if (unlikely(sk1 == sk2) || !sk2) {
930 unix_state_lock(sk1);
934 unix_state_lock(sk1);
935 unix_state_lock_nested(sk2);
937 unix_state_lock(sk2);
938 unix_state_lock_nested(sk1);
942 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
944 if (unlikely(sk1 == sk2) || !sk2) {
945 unix_state_unlock(sk1);
948 unix_state_unlock(sk1);
949 unix_state_unlock(sk2);
952 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
955 struct sock *sk = sock->sk;
956 struct net *net = sock_net(sk);
957 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
962 if (addr->sa_family != AF_UNSPEC) {
963 err = unix_mkname(sunaddr, alen, &hash);
968 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
969 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
973 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
977 unix_state_double_lock(sk, other);
979 /* Apparently VFS overslept socket death. Retry. */
980 if (sock_flag(other, SOCK_DEAD)) {
981 unix_state_double_unlock(sk, other);
987 if (!unix_may_send(sk, other))
990 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
996 * 1003.1g breaking connected state with AF_UNSPEC
999 unix_state_double_lock(sk, other);
1003 * If it was connected, reconnect.
1005 if (unix_peer(sk)) {
1006 struct sock *old_peer = unix_peer(sk);
1007 unix_peer(sk) = other;
1008 unix_state_double_unlock(sk, other);
1010 if (other != old_peer)
1011 unix_dgram_disconnected(sk, old_peer);
1014 unix_peer(sk) = other;
1015 unix_state_double_unlock(sk, other);
1020 unix_state_double_unlock(sk, other);
1026 static long unix_wait_for_peer(struct sock *other, long timeo)
1028 struct unix_sock *u = unix_sk(other);
1032 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1034 sched = !sock_flag(other, SOCK_DEAD) &&
1035 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1036 unix_recvq_full(other);
1038 unix_state_unlock(other);
1041 timeo = schedule_timeout(timeo);
1043 finish_wait(&u->peer_wait, &wait);
1047 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1048 int addr_len, int flags)
1050 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1051 struct sock *sk = sock->sk;
1052 struct net *net = sock_net(sk);
1053 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1054 struct sock *newsk = NULL;
1055 struct sock *other = NULL;
1056 struct sk_buff *skb = NULL;
1062 err = unix_mkname(sunaddr, addr_len, &hash);
1067 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1068 (err = unix_autobind(sock)) != 0)
1071 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1073 /* First of all allocate resources.
1074 If we will make it after state is locked,
1075 we will have to recheck all again in any case.
1080 /* create new sock for complete connection */
1081 newsk = unix_create1(sock_net(sk), NULL);
1085 /* Allocate skb for sending to listening sock */
1086 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1091 /* Find listening sock. */
1092 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1096 /* Latch state of peer */
1097 unix_state_lock(other);
1099 /* Apparently VFS overslept socket death. Retry. */
1100 if (sock_flag(other, SOCK_DEAD)) {
1101 unix_state_unlock(other);
1106 err = -ECONNREFUSED;
1107 if (other->sk_state != TCP_LISTEN)
1109 if (other->sk_shutdown & RCV_SHUTDOWN)
1112 if (unix_recvq_full(other)) {
1117 timeo = unix_wait_for_peer(other, timeo);
1119 err = sock_intr_errno(timeo);
1120 if (signal_pending(current))
1128 It is tricky place. We need to grab our state lock and cannot
1129 drop lock on peer. It is dangerous because deadlock is
1130 possible. Connect to self case and simultaneous
1131 attempt to connect are eliminated by checking socket
1132 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1133 check this before attempt to grab lock.
1135 Well, and we have to recheck the state after socket locked.
1141 /* This is ok... continue with connect */
1143 case TCP_ESTABLISHED:
1144 /* Socket is already connected */
1152 unix_state_lock_nested(sk);
1154 if (sk->sk_state != st) {
1155 unix_state_unlock(sk);
1156 unix_state_unlock(other);
1161 err = security_unix_stream_connect(sk, other, newsk);
1163 unix_state_unlock(sk);
1167 /* The way is open! Fastly set all the necessary fields... */
1170 unix_peer(newsk) = sk;
1171 newsk->sk_state = TCP_ESTABLISHED;
1172 newsk->sk_type = sk->sk_type;
1173 init_peercred(newsk);
1174 newu = unix_sk(newsk);
1175 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1176 otheru = unix_sk(other);
1178 /* copy address information from listening to new sock*/
1180 atomic_inc(&otheru->addr->refcnt);
1181 newu->addr = otheru->addr;
1183 if (otheru->dentry) {
1184 newu->dentry = dget(otheru->dentry);
1185 newu->mnt = mntget(otheru->mnt);
1188 /* Set credentials */
1189 copy_peercred(sk, other);
1191 sock->state = SS_CONNECTED;
1192 sk->sk_state = TCP_ESTABLISHED;
1195 smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1196 unix_peer(sk) = newsk;
1198 unix_state_unlock(sk);
1200 /* take ten and and send info to listening sock */
1201 spin_lock(&other->sk_receive_queue.lock);
1202 __skb_queue_tail(&other->sk_receive_queue, skb);
1203 spin_unlock(&other->sk_receive_queue.lock);
1204 unix_state_unlock(other);
1205 other->sk_data_ready(other, 0);
1211 unix_state_unlock(other);
1216 unix_release_sock(newsk, 0);
1222 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1224 struct sock *ska = socka->sk, *skb = sockb->sk;
1226 /* Join our sockets back to back */
1229 unix_peer(ska) = skb;
1230 unix_peer(skb) = ska;
1234 if (ska->sk_type != SOCK_DGRAM) {
1235 ska->sk_state = TCP_ESTABLISHED;
1236 skb->sk_state = TCP_ESTABLISHED;
1237 socka->state = SS_CONNECTED;
1238 sockb->state = SS_CONNECTED;
1243 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1245 struct sock *sk = sock->sk;
1247 struct sk_buff *skb;
1251 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1255 if (sk->sk_state != TCP_LISTEN)
1258 /* If socket state is TCP_LISTEN it cannot change (for now...),
1259 * so that no locks are necessary.
1262 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1264 /* This means receive shutdown. */
1271 skb_free_datagram(sk, skb);
1272 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1274 /* attach accepted sock to socket */
1275 unix_state_lock(tsk);
1276 newsock->state = SS_CONNECTED;
1277 sock_graft(tsk, newsock);
1278 unix_state_unlock(tsk);
1286 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1288 struct sock *sk = sock->sk;
1289 struct unix_sock *u;
1290 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1294 sk = unix_peer_get(sk);
1305 unix_state_lock(sk);
1307 sunaddr->sun_family = AF_UNIX;
1308 sunaddr->sun_path[0] = 0;
1309 *uaddr_len = sizeof(short);
1311 struct unix_address *addr = u->addr;
1313 *uaddr_len = addr->len;
1314 memcpy(sunaddr, addr->name, *uaddr_len);
1316 unix_state_unlock(sk);
1322 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1326 scm->fp = UNIXCB(skb).fp;
1327 UNIXCB(skb).fp = NULL;
1329 for (i = scm->fp->count-1; i >= 0; i--)
1330 unix_notinflight(scm->fp->fp[i]);
1333 static void unix_destruct_scm(struct sk_buff *skb)
1335 struct scm_cookie scm;
1336 memset(&scm, 0, sizeof(scm));
1337 scm.pid = UNIXCB(skb).pid;
1338 scm.cred = UNIXCB(skb).cred;
1340 unix_detach_fds(&scm, skb);
1342 /* Alas, it calls VFS */
1343 /* So fscking what? fput() had been SMP-safe since the last Summer */
1348 #define MAX_RECURSION_LEVEL 4
1350 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1353 unsigned char max_level = 0;
1354 int unix_sock_count = 0;
1356 for (i = scm->fp->count - 1; i >= 0; i--) {
1357 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1361 max_level = max(max_level,
1362 unix_sk(sk)->recursion_level);
1365 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1366 return -ETOOMANYREFS;
1369 * Need to duplicate file references for the sake of garbage
1370 * collection. Otherwise a socket in the fps might become a
1371 * candidate for GC while the skb is not yet queued.
1373 UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1374 if (!UNIXCB(skb).fp)
1377 if (unix_sock_count) {
1378 for (i = scm->fp->count - 1; i >= 0; i--)
1379 unix_inflight(scm->fp->fp[i]);
1384 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1388 UNIXCB(skb).pid = get_pid(scm->pid);
1390 UNIXCB(skb).cred = get_cred(scm->cred);
1391 UNIXCB(skb).fp = NULL;
1392 if (scm->fp && send_fds)
1393 err = unix_attach_fds(scm, skb);
1395 skb->destructor = unix_destruct_scm;
1400 * Some apps rely on write() giving SCM_CREDENTIALS
1401 * We include credentials if source or destination socket
1402 * asserted SOCK_PASSCRED.
1404 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1405 const struct sock *other)
1407 if (UNIXCB(skb).cred)
1409 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1410 !other->sk_socket ||
1411 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1412 UNIXCB(skb).pid = get_pid(task_tgid(current));
1413 UNIXCB(skb).cred = get_current_cred();
1418 * Send AF_UNIX data.
1421 static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1422 struct msghdr *msg, size_t len)
1424 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1425 struct sock *sk = sock->sk;
1426 struct net *net = sock_net(sk);
1427 struct unix_sock *u = unix_sk(sk);
1428 struct sockaddr_un *sunaddr = msg->msg_name;
1429 struct sock *other = NULL;
1430 int namelen = 0; /* fake GCC */
1433 struct sk_buff *skb;
1435 struct scm_cookie tmp_scm;
1438 if (NULL == siocb->scm)
1439 siocb->scm = &tmp_scm;
1441 err = scm_send(sock, msg, siocb->scm);
1446 if (msg->msg_flags&MSG_OOB)
1449 if (msg->msg_namelen) {
1450 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1457 other = unix_peer_get(sk);
1462 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1463 && (err = unix_autobind(sock)) != 0)
1467 if (len > sk->sk_sndbuf - 32)
1470 skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
1474 err = unix_scm_to_skb(siocb->scm, skb, true);
1477 max_level = err + 1;
1478 unix_get_secdata(siocb->scm, skb);
1480 skb_reset_transport_header(skb);
1481 err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
1485 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1490 if (sunaddr == NULL)
1493 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1499 if (sk_filter(other, skb) < 0) {
1500 /* Toss the packet but do not return any error to the sender */
1505 unix_state_lock(other);
1507 if (!unix_may_send(sk, other))
1510 if (sock_flag(other, SOCK_DEAD)) {
1512 * Check with 1003.1g - what should
1515 unix_state_unlock(other);
1519 unix_state_lock(sk);
1520 if (unix_peer(sk) == other) {
1521 unix_peer(sk) = NULL;
1522 unix_state_unlock(sk);
1524 unix_dgram_disconnected(sk, other);
1526 err = -ECONNREFUSED;
1528 unix_state_unlock(sk);
1538 if (other->sk_shutdown & RCV_SHUTDOWN)
1541 if (sk->sk_type != SOCK_SEQPACKET) {
1542 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1547 if (unix_peer(other) != sk && unix_recvq_full(other)) {
1553 timeo = unix_wait_for_peer(other, timeo);
1555 err = sock_intr_errno(timeo);
1556 if (signal_pending(current))
1562 if (sock_flag(other, SOCK_RCVTSTAMP))
1563 __net_timestamp(skb);
1564 maybe_add_creds(skb, sock, other);
1565 skb_queue_tail(&other->sk_receive_queue, skb);
1566 if (max_level > unix_sk(other)->recursion_level)
1567 unix_sk(other)->recursion_level = max_level;
1568 unix_state_unlock(other);
1569 other->sk_data_ready(other, len);
1571 scm_destroy(siocb->scm);
1575 unix_state_unlock(other);
1581 scm_destroy(siocb->scm);
1586 static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1587 struct msghdr *msg, size_t len)
1589 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1590 struct sock *sk = sock->sk;
1591 struct sock *other = NULL;
1593 struct sk_buff *skb;
1595 struct scm_cookie tmp_scm;
1596 bool fds_sent = false;
1599 if (NULL == siocb->scm)
1600 siocb->scm = &tmp_scm;
1602 err = scm_send(sock, msg, siocb->scm);
1607 if (msg->msg_flags&MSG_OOB)
1610 if (msg->msg_namelen) {
1611 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1615 other = unix_peer(sk);
1620 if (sk->sk_shutdown & SEND_SHUTDOWN)
1623 while (sent < len) {
1625 * Optimisation for the fact that under 0.01% of X
1626 * messages typically need breaking up.
1631 /* Keep two messages in the pipe so it schedules better */
1632 if (size > ((sk->sk_sndbuf >> 1) - 64))
1633 size = (sk->sk_sndbuf >> 1) - 64;
1635 if (size > SKB_MAX_ALLOC)
1636 size = SKB_MAX_ALLOC;
1642 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1649 * If you pass two values to the sock_alloc_send_skb
1650 * it tries to grab the large buffer with GFP_NOFS
1651 * (which can fail easily), and if it fails grab the
1652 * fallback size buffer which is under a page and will
1655 size = min_t(int, size, skb_tailroom(skb));
1658 /* Only send the fds in the first buffer */
1659 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1664 max_level = err + 1;
1667 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1673 unix_state_lock(other);
1675 if (sock_flag(other, SOCK_DEAD) ||
1676 (other->sk_shutdown & RCV_SHUTDOWN))
1679 maybe_add_creds(skb, sock, other);
1680 skb_queue_tail(&other->sk_receive_queue, skb);
1681 if (max_level > unix_sk(other)->recursion_level)
1682 unix_sk(other)->recursion_level = max_level;
1683 unix_state_unlock(other);
1684 other->sk_data_ready(other, size);
1688 scm_destroy(siocb->scm);
1694 unix_state_unlock(other);
1697 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1698 send_sig(SIGPIPE, current, 0);
1701 scm_destroy(siocb->scm);
1703 return sent ? : err;
1706 static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1707 struct msghdr *msg, size_t len)
1710 struct sock *sk = sock->sk;
1712 err = sock_error(sk);
1716 if (sk->sk_state != TCP_ESTABLISHED)
1719 if (msg->msg_namelen)
1720 msg->msg_namelen = 0;
1722 return unix_dgram_sendmsg(kiocb, sock, msg, len);
1725 static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1726 struct msghdr *msg, size_t size,
1729 struct sock *sk = sock->sk;
1731 if (sk->sk_state != TCP_ESTABLISHED)
1734 return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1737 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1739 struct unix_sock *u = unix_sk(sk);
1741 msg->msg_namelen = 0;
1743 msg->msg_namelen = u->addr->len;
1744 memcpy(msg->msg_name, u->addr->name, u->addr->len);
1748 static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1749 struct msghdr *msg, size_t size,
1752 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1753 struct scm_cookie tmp_scm;
1754 struct sock *sk = sock->sk;
1755 struct unix_sock *u = unix_sk(sk);
1756 int noblock = flags & MSG_DONTWAIT;
1757 struct sk_buff *skb;
1764 msg->msg_namelen = 0;
1766 err = mutex_lock_interruptible(&u->readlock);
1768 err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1772 skb = skb_recv_datagram(sk, flags, noblock, &err);
1774 unix_state_lock(sk);
1775 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1776 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1777 (sk->sk_shutdown & RCV_SHUTDOWN))
1779 unix_state_unlock(sk);
1783 wake_up_interruptible_sync_poll(&u->peer_wait,
1784 POLLOUT | POLLWRNORM | POLLWRBAND);
1787 unix_copy_addr(msg, skb->sk);
1789 if (size > skb->len)
1791 else if (size < skb->len)
1792 msg->msg_flags |= MSG_TRUNC;
1794 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1798 if (sock_flag(sk, SOCK_RCVTSTAMP))
1799 __sock_recv_timestamp(msg, sk, skb);
1802 siocb->scm = &tmp_scm;
1803 memset(&tmp_scm, 0, sizeof(tmp_scm));
1805 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1806 unix_set_secdata(siocb->scm, skb);
1808 if (!(flags & MSG_PEEK)) {
1810 unix_detach_fds(siocb->scm, skb);
1812 /* It is questionable: on PEEK we could:
1813 - do not return fds - good, but too simple 8)
1814 - return fds, and do not return them on read (old strategy,
1816 - clone fds (I chose it for now, it is the most universal
1819 POSIX 1003.1g does not actually define this clearly
1820 at all. POSIX 1003.1g doesn't define a lot of things
1825 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1829 scm_recv(sock, msg, siocb->scm, flags);
1832 skb_free_datagram(sk, skb);
1834 mutex_unlock(&u->readlock);
1840 * Sleep until data has arrive. But check for races..
1843 static long unix_stream_data_wait(struct sock *sk, long timeo)
1847 unix_state_lock(sk);
1850 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1852 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1854 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1855 signal_pending(current) ||
1859 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1860 unix_state_unlock(sk);
1861 timeo = schedule_timeout(timeo);
1862 unix_state_lock(sk);
1863 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1866 finish_wait(sk_sleep(sk), &wait);
1867 unix_state_unlock(sk);
1873 static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1874 struct msghdr *msg, size_t size,
1877 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1878 struct scm_cookie tmp_scm;
1879 struct sock *sk = sock->sk;
1880 struct unix_sock *u = unix_sk(sk);
1881 struct sockaddr_un *sunaddr = msg->msg_name;
1883 int check_creds = 0;
1889 if (sk->sk_state != TCP_ESTABLISHED)
1896 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1897 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1899 msg->msg_namelen = 0;
1901 /* Lock the socket to prevent queue disordering
1902 * while sleeps in memcpy_tomsg
1906 siocb->scm = &tmp_scm;
1907 memset(&tmp_scm, 0, sizeof(tmp_scm));
1910 err = mutex_lock_interruptible(&u->readlock);
1912 err = sock_intr_errno(timeo);
1918 struct sk_buff *skb;
1920 unix_state_lock(sk);
1921 skb = skb_dequeue(&sk->sk_receive_queue);
1923 unix_sk(sk)->recursion_level = 0;
1924 if (copied >= target)
1928 * POSIX 1003.1g mandates this order.
1931 err = sock_error(sk);
1934 if (sk->sk_shutdown & RCV_SHUTDOWN)
1937 unix_state_unlock(sk);
1941 mutex_unlock(&u->readlock);
1943 timeo = unix_stream_data_wait(sk, timeo);
1945 if (signal_pending(current)
1946 || mutex_lock_interruptible(&u->readlock)) {
1947 err = sock_intr_errno(timeo);
1953 unix_state_unlock(sk);
1956 unix_state_unlock(sk);
1959 /* Never glue messages from different writers */
1960 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1961 (UNIXCB(skb).cred != siocb->scm->cred)) {
1962 skb_queue_head(&sk->sk_receive_queue, skb);
1963 sk->sk_data_ready(sk, skb->len);
1967 /* Copy credentials */
1968 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1972 /* Copy address just once */
1974 unix_copy_addr(msg, skb->sk);
1978 chunk = min_t(unsigned int, skb->len, size);
1979 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1980 skb_queue_head(&sk->sk_receive_queue, skb);
1981 sk->sk_data_ready(sk, skb->len);
1989 /* Mark read part of skb as used */
1990 if (!(flags & MSG_PEEK)) {
1991 skb_pull(skb, chunk);
1994 unix_detach_fds(siocb->scm, skb);
1996 /* put the skb back if we didn't use it up.. */
1998 skb_queue_head(&sk->sk_receive_queue, skb);
1999 sk->sk_data_ready(sk, skb->len);
2008 /* It is questionable, see note in unix_dgram_recvmsg.
2011 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
2013 /* put message back and return */
2014 skb_queue_head(&sk->sk_receive_queue, skb);
2015 sk->sk_data_ready(sk, skb->len);
2020 mutex_unlock(&u->readlock);
2021 scm_recv(sock, msg, siocb->scm, flags);
2023 return copied ? : err;
2026 static int unix_shutdown(struct socket *sock, int mode)
2028 struct sock *sk = sock->sk;
2031 mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
2036 unix_state_lock(sk);
2037 sk->sk_shutdown |= mode;
2038 other = unix_peer(sk);
2041 unix_state_unlock(sk);
2042 sk->sk_state_change(sk);
2045 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2049 if (mode&RCV_SHUTDOWN)
2050 peer_mode |= SEND_SHUTDOWN;
2051 if (mode&SEND_SHUTDOWN)
2052 peer_mode |= RCV_SHUTDOWN;
2053 unix_state_lock(other);
2054 other->sk_shutdown |= peer_mode;
2055 unix_state_unlock(other);
2056 other->sk_state_change(other);
2057 if (peer_mode == SHUTDOWN_MASK)
2058 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2059 else if (peer_mode & RCV_SHUTDOWN)
2060 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2068 long unix_inq_len(struct sock *sk)
2070 struct sk_buff *skb;
2073 if (sk->sk_state == TCP_LISTEN)
2076 spin_lock(&sk->sk_receive_queue.lock);
2077 if (sk->sk_type == SOCK_STREAM ||
2078 sk->sk_type == SOCK_SEQPACKET) {
2079 skb_queue_walk(&sk->sk_receive_queue, skb)
2082 skb = skb_peek(&sk->sk_receive_queue);
2086 spin_unlock(&sk->sk_receive_queue.lock);
2090 EXPORT_SYMBOL_GPL(unix_inq_len);
2092 long unix_outq_len(struct sock *sk)
2094 return sk_wmem_alloc_get(sk);
2096 EXPORT_SYMBOL_GPL(unix_outq_len);
2098 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2100 struct sock *sk = sock->sk;
2106 amount = unix_outq_len(sk);
2107 err = put_user(amount, (int __user *)arg);
2110 amount = unix_inq_len(sk);
2114 err = put_user(amount, (int __user *)arg);
2123 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2125 struct sock *sk = sock->sk;
2128 sock_poll_wait(file, sk_sleep(sk), wait);
2131 /* exceptional events? */
2134 if (sk->sk_shutdown == SHUTDOWN_MASK)
2136 if (sk->sk_shutdown & RCV_SHUTDOWN)
2137 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2140 if (!skb_queue_empty(&sk->sk_receive_queue))
2141 mask |= POLLIN | POLLRDNORM;
2143 /* Connection-based need to check for termination and startup */
2144 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2145 sk->sk_state == TCP_CLOSE)
2149 * we set writable also when the other side has shut down the
2150 * connection. This prevents stuck sockets.
2152 if (unix_writable(sk))
2153 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2158 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2161 struct sock *sk = sock->sk, *other;
2162 unsigned int mask, writable;
2164 sock_poll_wait(file, sk_sleep(sk), wait);
2167 /* exceptional events? */
2168 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2170 if (sk->sk_shutdown & RCV_SHUTDOWN)
2171 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2172 if (sk->sk_shutdown == SHUTDOWN_MASK)
2176 if (!skb_queue_empty(&sk->sk_receive_queue))
2177 mask |= POLLIN | POLLRDNORM;
2179 /* Connection-based need to check for termination and startup */
2180 if (sk->sk_type == SOCK_SEQPACKET) {
2181 if (sk->sk_state == TCP_CLOSE)
2183 /* connection hasn't started yet? */
2184 if (sk->sk_state == TCP_SYN_SENT)
2188 /* No write status requested, avoid expensive OUT tests. */
2189 if (wait && !(wait->key & (POLLWRBAND | POLLWRNORM | POLLOUT)))
2192 writable = unix_writable(sk);
2193 other = unix_peer_get(sk);
2195 if (unix_peer(other) != sk) {
2196 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2197 if (unix_recvq_full(other))
2204 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2206 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2211 #ifdef CONFIG_PROC_FS
2212 static struct sock *first_unix_socket(int *i)
2214 for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
2215 if (!hlist_empty(&unix_socket_table[*i]))
2216 return __sk_head(&unix_socket_table[*i]);
2221 static struct sock *next_unix_socket(int *i, struct sock *s)
2223 struct sock *next = sk_next(s);
2224 /* More in this chain? */
2227 /* Look for next non-empty chain. */
2228 for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
2229 if (!hlist_empty(&unix_socket_table[*i]))
2230 return __sk_head(&unix_socket_table[*i]);
2235 struct unix_iter_state {
2236 struct seq_net_private p;
2240 static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos)
2242 struct unix_iter_state *iter = seq->private;
2246 for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
2247 if (sock_net(s) != seq_file_net(seq))
2256 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2257 __acquires(unix_table_lock)
2259 spin_lock(&unix_table_lock);
2260 return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2263 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2265 struct unix_iter_state *iter = seq->private;
2266 struct sock *sk = v;
2269 if (v == SEQ_START_TOKEN)
2270 sk = first_unix_socket(&iter->i);
2272 sk = next_unix_socket(&iter->i, sk);
2273 while (sk && (sock_net(sk) != seq_file_net(seq)))
2274 sk = next_unix_socket(&iter->i, sk);
2278 static void unix_seq_stop(struct seq_file *seq, void *v)
2279 __releases(unix_table_lock)
2281 spin_unlock(&unix_table_lock);
2284 static int unix_seq_show(struct seq_file *seq, void *v)
2287 if (v == SEQ_START_TOKEN)
2288 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2292 struct unix_sock *u = unix_sk(s);
2295 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2297 atomic_read(&s->sk_refcnt),
2299 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2302 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2303 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2311 len = u->addr->len - sizeof(short);
2312 if (!UNIX_ABSTRACT(s))
2318 for ( ; i < len; i++)
2319 seq_putc(seq, u->addr->name->sun_path[i]);
2321 unix_state_unlock(s);
2322 seq_putc(seq, '\n');
2328 static const struct seq_operations unix_seq_ops = {
2329 .start = unix_seq_start,
2330 .next = unix_seq_next,
2331 .stop = unix_seq_stop,
2332 .show = unix_seq_show,
2335 static int unix_seq_open(struct inode *inode, struct file *file)
2337 return seq_open_net(inode, file, &unix_seq_ops,
2338 sizeof(struct unix_iter_state));
2341 static const struct file_operations unix_seq_fops = {
2342 .owner = THIS_MODULE,
2343 .open = unix_seq_open,
2345 .llseek = seq_lseek,
2346 .release = seq_release_net,
2351 static const struct net_proto_family unix_family_ops = {
2353 .create = unix_create,
2354 .owner = THIS_MODULE,
2358 static int __net_init unix_net_init(struct net *net)
2360 int error = -ENOMEM;
2362 net->unx.sysctl_max_dgram_qlen = 10;
2363 if (unix_sysctl_register(net))
2366 #ifdef CONFIG_PROC_FS
2367 if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2368 unix_sysctl_unregister(net);
2377 static void __net_exit unix_net_exit(struct net *net)
2379 unix_sysctl_unregister(net);
2380 proc_net_remove(net, "unix");
2383 static struct pernet_operations unix_net_ops = {
2384 .init = unix_net_init,
2385 .exit = unix_net_exit,
2388 static int __init af_unix_init(void)
2391 struct sk_buff *dummy_skb;
2393 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2395 rc = proto_register(&unix_proto, 1);
2397 printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2402 sock_register(&unix_family_ops);
2403 register_pernet_subsys(&unix_net_ops);
2408 static void __exit af_unix_exit(void)
2410 sock_unregister(PF_UNIX);
2411 proto_unregister(&unix_proto);
2412 unregister_pernet_subsys(&unix_net_ops);
2415 /* Earlier than device_initcall() so that other drivers invoking
2416 request_module() don't end up in a loop when modprobe tries
2417 to use a UNIX socket. But later than subsys_initcall() because
2418 we depend on stuff initialised there */
2419 fs_initcall(af_unix_init);
2420 module_exit(af_unix_exit);
2422 MODULE_LICENSE("GPL");
2423 MODULE_ALIAS_NETPROTO(PF_UNIX);
Code Review / linux-2.6.git / blob