2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
85 #include <linux/module.h>
86 #include <linux/kernel.h>
87 #include <linux/signal.h>
88 #include <linux/sched.h>
89 #include <linux/errno.h>
90 #include <linux/string.h>
91 #include <linux/stat.h>
92 #include <linux/dcache.h>
93 #include <linux/namei.h>
94 #include <linux/socket.h>
96 #include <linux/fcntl.h>
97 #include <linux/termios.h>
98 #include <linux/sockios.h>
99 #include <linux/net.h>
100 #include <linux/in.h>
101 #include <linux/fs.h>
102 #include <linux/slab.h>
103 #include <asm/uaccess.h>
104 #include <linux/skbuff.h>
105 #include <linux/netdevice.h>
106 #include <net/net_namespace.h>
107 #include <net/sock.h>
108 #include <net/tcp_states.h>
109 #include <net/af_unix.h>
110 #include <linux/proc_fs.h>
111 #include <linux/seq_file.h>
113 #include <linux/init.h>
114 #include <linux/poll.h>
115 #include <linux/rtnetlink.h>
116 #include <linux/mount.h>
117 #include <net/checksum.h>
118 #include <linux/security.h>
119 #include <linux/freezer.h>
121 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
122 EXPORT_SYMBOL_GPL(unix_socket_table);
123 DEFINE_SPINLOCK(unix_table_lock);
124 EXPORT_SYMBOL_GPL(unix_table_lock);
125 static atomic_long_t unix_nr_socks;
128 static struct hlist_head *unix_sockets_unbound(void *addr)
130 unsigned long hash = (unsigned long)addr;
134 hash %= UNIX_HASH_SIZE;
135 return &unix_socket_table[UNIX_HASH_SIZE + hash];
138 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
140 #ifdef CONFIG_SECURITY_NETWORK
141 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
143 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
146 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
148 scm->secid = *UNIXSID(skb);
151 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
154 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
156 #endif /* CONFIG_SECURITY_NETWORK */
159 * SMP locking strategy:
160 * hash table is protected with spinlock unix_table_lock
161 * each socket state is protected by separate spin lock.
164 static inline unsigned int unix_hash_fold(__wsum n)
166 unsigned int hash = (__force unsigned int)csum_fold(n);
169 return hash&(UNIX_HASH_SIZE-1);
172 #define unix_peer(sk) (unix_sk(sk)->peer)
174 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
176 return unix_peer(osk) == sk;
179 static inline int unix_may_send(struct sock *sk, struct sock *osk)
181 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
184 static inline int unix_recvq_full(struct sock const *sk)
186 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
189 struct sock *unix_peer_get(struct sock *s)
197 unix_state_unlock(s);
200 EXPORT_SYMBOL_GPL(unix_peer_get);
202 static inline void unix_release_addr(struct unix_address *addr)
204 if (atomic_dec_and_test(&addr->refcnt))
209 * Check unix socket name:
210 * - should be not zero length.
211 * - if started by not zero, should be NULL terminated (FS object)
212 * - if started by zero, it is abstract name.
215 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
217 if (len <= sizeof(short) || len > sizeof(*sunaddr))
219 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
221 if (sunaddr->sun_path[0]) {
223 * This may look like an off by one error but it is a bit more
224 * subtle. 108 is the longest valid AF_UNIX path for a binding.
225 * sun_path[108] doesn't as such exist. However in kernel space
226 * we are guaranteed that it is a valid memory location in our
227 * kernel address buffer.
229 ((char *)sunaddr)[len] = 0;
230 len = strlen(sunaddr->sun_path)+1+sizeof(short);
234 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
238 static void __unix_remove_socket(struct sock *sk)
240 sk_del_node_init(sk);
243 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
245 WARN_ON(!sk_unhashed(sk));
246 sk_add_node(sk, list);
249 static inline void unix_remove_socket(struct sock *sk)
251 spin_lock(&unix_table_lock);
252 __unix_remove_socket(sk);
253 spin_unlock(&unix_table_lock);
256 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
258 spin_lock(&unix_table_lock);
259 __unix_insert_socket(list, sk);
260 spin_unlock(&unix_table_lock);
263 static struct sock *__unix_find_socket_byname(struct net *net,
264 struct sockaddr_un *sunname,
265 int len, int type, unsigned int hash)
269 sk_for_each(s, &unix_socket_table[hash ^ type]) {
270 struct unix_sock *u = unix_sk(s);
272 if (!net_eq(sock_net(s), net))
275 if (u->addr->len == len &&
276 !memcmp(u->addr->name, sunname, len))
284 static inline struct sock *unix_find_socket_byname(struct net *net,
285 struct sockaddr_un *sunname,
291 spin_lock(&unix_table_lock);
292 s = __unix_find_socket_byname(net, sunname, len, type, hash);
295 spin_unlock(&unix_table_lock);
299 static struct sock *unix_find_socket_byinode(struct inode *i)
303 spin_lock(&unix_table_lock);
305 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
306 struct dentry *dentry = unix_sk(s)->path.dentry;
308 if (dentry && d_backing_inode(dentry) == i) {
315 spin_unlock(&unix_table_lock);
319 static inline int unix_writable(struct sock *sk)
321 return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
324 static void unix_write_space(struct sock *sk)
326 struct socket_wq *wq;
329 if (unix_writable(sk)) {
330 wq = rcu_dereference(sk->sk_wq);
331 if (wq_has_sleeper(wq))
332 wake_up_interruptible_sync_poll(&wq->wait,
333 POLLOUT | POLLWRNORM | POLLWRBAND);
334 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
339 /* When dgram socket disconnects (or changes its peer), we clear its receive
340 * queue of packets arrived from previous peer. First, it allows to do
341 * flow control based only on wmem_alloc; second, sk connected to peer
342 * may receive messages only from that peer. */
343 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
345 if (!skb_queue_empty(&sk->sk_receive_queue)) {
346 skb_queue_purge(&sk->sk_receive_queue);
347 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
349 /* If one link of bidirectional dgram pipe is disconnected,
350 * we signal error. Messages are lost. Do not make this,
351 * when peer was not connected to us.
353 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
354 other->sk_err = ECONNRESET;
355 other->sk_error_report(other);
360 static void unix_sock_destructor(struct sock *sk)
362 struct unix_sock *u = unix_sk(sk);
364 skb_queue_purge(&sk->sk_receive_queue);
366 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
367 WARN_ON(!sk_unhashed(sk));
368 WARN_ON(sk->sk_socket);
369 if (!sock_flag(sk, SOCK_DEAD)) {
370 pr_info("Attempt to release alive unix socket: %p\n", sk);
375 unix_release_addr(u->addr);
377 atomic_long_dec(&unix_nr_socks);
379 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
381 #ifdef UNIX_REFCNT_DEBUG
382 pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk,
383 atomic_long_read(&unix_nr_socks));
387 static void unix_release_sock(struct sock *sk, int embrion)
389 struct unix_sock *u = unix_sk(sk);
395 unix_remove_socket(sk);
400 sk->sk_shutdown = SHUTDOWN_MASK;
402 u->path.dentry = NULL;
404 state = sk->sk_state;
405 sk->sk_state = TCP_CLOSE;
406 unix_state_unlock(sk);
408 wake_up_interruptible_all(&u->peer_wait);
410 skpair = unix_peer(sk);
412 if (skpair != NULL) {
413 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
414 unix_state_lock(skpair);
416 skpair->sk_shutdown = SHUTDOWN_MASK;
417 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
418 skpair->sk_err = ECONNRESET;
419 unix_state_unlock(skpair);
420 skpair->sk_state_change(skpair);
421 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
423 sock_put(skpair); /* It may now die */
424 unix_peer(sk) = NULL;
427 /* Try to flush out this socket. Throw out buffers at least */
429 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
430 if (state == TCP_LISTEN)
431 unix_release_sock(skb->sk, 1);
432 /* passed fds are erased in the kfree_skb hook */
441 /* ---- Socket is dead now and most probably destroyed ---- */
444 * Fixme: BSD difference: In BSD all sockets connected to us get
445 * ECONNRESET and we die on the spot. In Linux we behave
446 * like files and pipes do and wait for the last
449 * Can't we simply set sock->err?
451 * What the above comment does talk about? --ANK(980817)
454 if (unix_tot_inflight)
455 unix_gc(); /* Garbage collect fds */
458 static void init_peercred(struct sock *sk)
460 put_pid(sk->sk_peer_pid);
461 if (sk->sk_peer_cred)
462 put_cred(sk->sk_peer_cred);
463 sk->sk_peer_pid = get_pid(task_tgid(current));
464 sk->sk_peer_cred = get_current_cred();
467 static void copy_peercred(struct sock *sk, struct sock *peersk)
469 put_pid(sk->sk_peer_pid);
470 if (sk->sk_peer_cred)
471 put_cred(sk->sk_peer_cred);
472 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
473 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
476 static int unix_listen(struct socket *sock, int backlog)
479 struct sock *sk = sock->sk;
480 struct unix_sock *u = unix_sk(sk);
481 struct pid *old_pid = NULL;
484 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
485 goto out; /* Only stream/seqpacket sockets accept */
488 goto out; /* No listens on an unbound socket */
490 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
492 if (backlog > sk->sk_max_ack_backlog)
493 wake_up_interruptible_all(&u->peer_wait);
494 sk->sk_max_ack_backlog = backlog;
495 sk->sk_state = TCP_LISTEN;
496 /* set credentials so connect can copy them */
501 unix_state_unlock(sk);
507 static int unix_release(struct socket *);
508 static int unix_bind(struct socket *, struct sockaddr *, int);
509 static int unix_stream_connect(struct socket *, struct sockaddr *,
510 int addr_len, int flags);
511 static int unix_socketpair(struct socket *, struct socket *);
512 static int unix_accept(struct socket *, struct socket *, int);
513 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
514 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
515 static unsigned int unix_dgram_poll(struct file *, struct socket *,
517 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
518 static int unix_shutdown(struct socket *, int);
519 static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t);
520 static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int);
521 static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t);
522 static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int);
523 static int unix_dgram_connect(struct socket *, struct sockaddr *,
525 static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t);
526 static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t,
529 static int unix_set_peek_off(struct sock *sk, int val)
531 struct unix_sock *u = unix_sk(sk);
533 if (mutex_lock_interruptible(&u->readlock))
536 sk->sk_peek_off = val;
537 mutex_unlock(&u->readlock);
543 static const struct proto_ops unix_stream_ops = {
545 .owner = THIS_MODULE,
546 .release = unix_release,
548 .connect = unix_stream_connect,
549 .socketpair = unix_socketpair,
550 .accept = unix_accept,
551 .getname = unix_getname,
554 .listen = unix_listen,
555 .shutdown = unix_shutdown,
556 .setsockopt = sock_no_setsockopt,
557 .getsockopt = sock_no_getsockopt,
558 .sendmsg = unix_stream_sendmsg,
559 .recvmsg = unix_stream_recvmsg,
560 .mmap = sock_no_mmap,
561 .sendpage = sock_no_sendpage,
562 .set_peek_off = unix_set_peek_off,
565 static const struct proto_ops unix_dgram_ops = {
567 .owner = THIS_MODULE,
568 .release = unix_release,
570 .connect = unix_dgram_connect,
571 .socketpair = unix_socketpair,
572 .accept = sock_no_accept,
573 .getname = unix_getname,
574 .poll = unix_dgram_poll,
576 .listen = sock_no_listen,
577 .shutdown = unix_shutdown,
578 .setsockopt = sock_no_setsockopt,
579 .getsockopt = sock_no_getsockopt,
580 .sendmsg = unix_dgram_sendmsg,
581 .recvmsg = unix_dgram_recvmsg,
582 .mmap = sock_no_mmap,
583 .sendpage = sock_no_sendpage,
584 .set_peek_off = unix_set_peek_off,
587 static const struct proto_ops unix_seqpacket_ops = {
589 .owner = THIS_MODULE,
590 .release = unix_release,
592 .connect = unix_stream_connect,
593 .socketpair = unix_socketpair,
594 .accept = unix_accept,
595 .getname = unix_getname,
596 .poll = unix_dgram_poll,
598 .listen = unix_listen,
599 .shutdown = unix_shutdown,
600 .setsockopt = sock_no_setsockopt,
601 .getsockopt = sock_no_getsockopt,
602 .sendmsg = unix_seqpacket_sendmsg,
603 .recvmsg = unix_seqpacket_recvmsg,
604 .mmap = sock_no_mmap,
605 .sendpage = sock_no_sendpage,
606 .set_peek_off = unix_set_peek_off,
609 static struct proto unix_proto = {
611 .owner = THIS_MODULE,
612 .obj_size = sizeof(struct unix_sock),
616 * AF_UNIX sockets do not interact with hardware, hence they
617 * dont trigger interrupts - so it's safe for them to have
618 * bh-unsafe locking for their sk_receive_queue.lock. Split off
619 * this special lock-class by reinitializing the spinlock key:
621 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
623 static struct sock *unix_create1(struct net *net, struct socket *sock)
625 struct sock *sk = NULL;
628 atomic_long_inc(&unix_nr_socks);
629 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
632 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
636 sock_init_data(sock, sk);
637 lockdep_set_class(&sk->sk_receive_queue.lock,
638 &af_unix_sk_receive_queue_lock_key);
640 sk->sk_write_space = unix_write_space;
641 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
642 sk->sk_destruct = unix_sock_destructor;
644 u->path.dentry = NULL;
646 spin_lock_init(&u->lock);
647 atomic_long_set(&u->inflight, 0);
648 INIT_LIST_HEAD(&u->link);
649 mutex_init(&u->readlock); /* single task reading lock */
650 init_waitqueue_head(&u->peer_wait);
651 unix_insert_socket(unix_sockets_unbound(sk), sk);
654 atomic_long_dec(&unix_nr_socks);
657 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
663 static int unix_create(struct net *net, struct socket *sock, int protocol,
666 if (protocol && protocol != PF_UNIX)
667 return -EPROTONOSUPPORT;
669 sock->state = SS_UNCONNECTED;
671 switch (sock->type) {
673 sock->ops = &unix_stream_ops;
676 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
680 sock->type = SOCK_DGRAM;
682 sock->ops = &unix_dgram_ops;
685 sock->ops = &unix_seqpacket_ops;
688 return -ESOCKTNOSUPPORT;
691 return unix_create1(net, sock) ? 0 : -ENOMEM;
694 static int unix_release(struct socket *sock)
696 struct sock *sk = sock->sk;
701 unix_release_sock(sk, 0);
707 static int unix_autobind(struct socket *sock)
709 struct sock *sk = sock->sk;
710 struct net *net = sock_net(sk);
711 struct unix_sock *u = unix_sk(sk);
712 static u32 ordernum = 1;
713 struct unix_address *addr;
715 unsigned int retries = 0;
717 err = mutex_lock_interruptible(&u->readlock);
726 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
730 addr->name->sun_family = AF_UNIX;
731 atomic_set(&addr->refcnt, 1);
734 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
735 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
737 spin_lock(&unix_table_lock);
738 ordernum = (ordernum+1)&0xFFFFF;
740 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
742 spin_unlock(&unix_table_lock);
744 * __unix_find_socket_byname() may take long time if many names
745 * are already in use.
748 /* Give up if all names seems to be in use. */
749 if (retries++ == 0xFFFFF) {
756 addr->hash ^= sk->sk_type;
758 __unix_remove_socket(sk);
760 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
761 spin_unlock(&unix_table_lock);
764 out: mutex_unlock(&u->readlock);
768 static struct sock *unix_find_other(struct net *net,
769 struct sockaddr_un *sunname, int len,
770 int type, unsigned int hash, int *error)
776 if (sunname->sun_path[0]) {
778 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
781 inode = d_backing_inode(path.dentry);
782 err = inode_permission(inode, MAY_WRITE);
787 if (!S_ISSOCK(inode->i_mode))
789 u = unix_find_socket_byinode(inode);
793 if (u->sk_type == type)
799 if (u->sk_type != type) {
805 u = unix_find_socket_byname(net, sunname, len, type, hash);
807 struct dentry *dentry;
808 dentry = unix_sk(u)->path.dentry;
810 touch_atime(&unix_sk(u)->path);
823 static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
825 struct dentry *dentry;
829 * Get the parent directory, calculate the hash for last
832 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
833 err = PTR_ERR(dentry);
838 * All right, let's create it.
840 err = security_path_mknod(&path, dentry, mode, 0);
842 err = vfs_mknod(d_inode(path.dentry), dentry, mode, 0);
844 res->mnt = mntget(path.mnt);
845 res->dentry = dget(dentry);
848 done_path_create(&path, dentry);
852 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
854 struct sock *sk = sock->sk;
855 struct net *net = sock_net(sk);
856 struct unix_sock *u = unix_sk(sk);
857 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
858 char *sun_path = sunaddr->sun_path;
861 struct unix_address *addr;
862 struct hlist_head *list;
865 if (sunaddr->sun_family != AF_UNIX)
868 if (addr_len == sizeof(short)) {
869 err = unix_autobind(sock);
873 err = unix_mkname(sunaddr, addr_len, &hash);
878 err = mutex_lock_interruptible(&u->readlock);
887 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
891 memcpy(addr->name, sunaddr, addr_len);
892 addr->len = addr_len;
893 addr->hash = hash ^ sk->sk_type;
894 atomic_set(&addr->refcnt, 1);
898 umode_t mode = S_IFSOCK |
899 (SOCK_INODE(sock)->i_mode & ~current_umask());
900 err = unix_mknod(sun_path, mode, &path);
904 unix_release_addr(addr);
907 addr->hash = UNIX_HASH_SIZE;
908 hash = d_backing_inode(path.dentry)->i_ino & (UNIX_HASH_SIZE-1);
909 spin_lock(&unix_table_lock);
911 list = &unix_socket_table[hash];
913 spin_lock(&unix_table_lock);
915 if (__unix_find_socket_byname(net, sunaddr, addr_len,
916 sk->sk_type, hash)) {
917 unix_release_addr(addr);
921 list = &unix_socket_table[addr->hash];
925 __unix_remove_socket(sk);
927 __unix_insert_socket(list, sk);
930 spin_unlock(&unix_table_lock);
932 mutex_unlock(&u->readlock);
937 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
939 if (unlikely(sk1 == sk2) || !sk2) {
940 unix_state_lock(sk1);
944 unix_state_lock(sk1);
945 unix_state_lock_nested(sk2);
947 unix_state_lock(sk2);
948 unix_state_lock_nested(sk1);
952 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
954 if (unlikely(sk1 == sk2) || !sk2) {
955 unix_state_unlock(sk1);
958 unix_state_unlock(sk1);
959 unix_state_unlock(sk2);
962 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
965 struct sock *sk = sock->sk;
966 struct net *net = sock_net(sk);
967 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
972 if (addr->sa_family != AF_UNSPEC) {
973 err = unix_mkname(sunaddr, alen, &hash);
978 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
979 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
983 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
987 unix_state_double_lock(sk, other);
989 /* Apparently VFS overslept socket death. Retry. */
990 if (sock_flag(other, SOCK_DEAD)) {
991 unix_state_double_unlock(sk, other);
997 if (!unix_may_send(sk, other))
1000 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1006 * 1003.1g breaking connected state with AF_UNSPEC
1009 unix_state_double_lock(sk, other);
1013 * If it was connected, reconnect.
1015 if (unix_peer(sk)) {
1016 struct sock *old_peer = unix_peer(sk);
1017 unix_peer(sk) = other;
1018 unix_state_double_unlock(sk, other);
1020 if (other != old_peer)
1021 unix_dgram_disconnected(sk, old_peer);
1024 unix_peer(sk) = other;
1025 unix_state_double_unlock(sk, other);
1030 unix_state_double_unlock(sk, other);
1036 static long unix_wait_for_peer(struct sock *other, long timeo)
1038 struct unix_sock *u = unix_sk(other);
1042 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1044 sched = !sock_flag(other, SOCK_DEAD) &&
1045 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1046 unix_recvq_full(other);
1048 unix_state_unlock(other);
1051 timeo = schedule_timeout(timeo);
1053 finish_wait(&u->peer_wait, &wait);
1057 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1058 int addr_len, int flags)
1060 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1061 struct sock *sk = sock->sk;
1062 struct net *net = sock_net(sk);
1063 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1064 struct sock *newsk = NULL;
1065 struct sock *other = NULL;
1066 struct sk_buff *skb = NULL;
1072 err = unix_mkname(sunaddr, addr_len, &hash);
1077 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1078 (err = unix_autobind(sock)) != 0)
1081 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1083 /* First of all allocate resources.
1084 If we will make it after state is locked,
1085 we will have to recheck all again in any case.
1090 /* create new sock for complete connection */
1091 newsk = unix_create1(sock_net(sk), NULL);
1095 /* Allocate skb for sending to listening sock */
1096 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1101 /* Find listening sock. */
1102 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1106 /* Latch state of peer */
1107 unix_state_lock(other);
1109 /* Apparently VFS overslept socket death. Retry. */
1110 if (sock_flag(other, SOCK_DEAD)) {
1111 unix_state_unlock(other);
1116 err = -ECONNREFUSED;
1117 if (other->sk_state != TCP_LISTEN)
1119 if (other->sk_shutdown & RCV_SHUTDOWN)
1122 if (unix_recvq_full(other)) {
1127 timeo = unix_wait_for_peer(other, timeo);
1129 err = sock_intr_errno(timeo);
1130 if (signal_pending(current))
1138 It is tricky place. We need to grab our state lock and cannot
1139 drop lock on peer. It is dangerous because deadlock is
1140 possible. Connect to self case and simultaneous
1141 attempt to connect are eliminated by checking socket
1142 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1143 check this before attempt to grab lock.
1145 Well, and we have to recheck the state after socket locked.
1151 /* This is ok... continue with connect */
1153 case TCP_ESTABLISHED:
1154 /* Socket is already connected */
1162 unix_state_lock_nested(sk);
1164 if (sk->sk_state != st) {
1165 unix_state_unlock(sk);
1166 unix_state_unlock(other);
1171 err = security_unix_stream_connect(sk, other, newsk);
1173 unix_state_unlock(sk);
1177 /* The way is open! Fastly set all the necessary fields... */
1180 unix_peer(newsk) = sk;
1181 newsk->sk_state = TCP_ESTABLISHED;
1182 newsk->sk_type = sk->sk_type;
1183 init_peercred(newsk);
1184 newu = unix_sk(newsk);
1185 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1186 otheru = unix_sk(other);
1188 /* copy address information from listening to new sock*/
1190 atomic_inc(&otheru->addr->refcnt);
1191 newu->addr = otheru->addr;
1193 if (otheru->path.dentry) {
1194 path_get(&otheru->path);
1195 newu->path = otheru->path;
1198 /* Set credentials */
1199 copy_peercred(sk, other);
1201 sock->state = SS_CONNECTED;
1202 sk->sk_state = TCP_ESTABLISHED;
1205 smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */
1206 unix_peer(sk) = newsk;
1208 unix_state_unlock(sk);
1210 /* take ten and and send info to listening sock */
1211 spin_lock(&other->sk_receive_queue.lock);
1212 __skb_queue_tail(&other->sk_receive_queue, skb);
1213 spin_unlock(&other->sk_receive_queue.lock);
1214 unix_state_unlock(other);
1215 other->sk_data_ready(other);
1221 unix_state_unlock(other);
1226 unix_release_sock(newsk, 0);
1232 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1234 struct sock *ska = socka->sk, *skb = sockb->sk;
1236 /* Join our sockets back to back */
1239 unix_peer(ska) = skb;
1240 unix_peer(skb) = ska;
1244 if (ska->sk_type != SOCK_DGRAM) {
1245 ska->sk_state = TCP_ESTABLISHED;
1246 skb->sk_state = TCP_ESTABLISHED;
1247 socka->state = SS_CONNECTED;
1248 sockb->state = SS_CONNECTED;
1253 static void unix_sock_inherit_flags(const struct socket *old,
1256 if (test_bit(SOCK_PASSCRED, &old->flags))
1257 set_bit(SOCK_PASSCRED, &new->flags);
1258 if (test_bit(SOCK_PASSSEC, &old->flags))
1259 set_bit(SOCK_PASSSEC, &new->flags);
1262 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1264 struct sock *sk = sock->sk;
1266 struct sk_buff *skb;
1270 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1274 if (sk->sk_state != TCP_LISTEN)
1277 /* If socket state is TCP_LISTEN it cannot change (for now...),
1278 * so that no locks are necessary.
1281 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1283 /* This means receive shutdown. */
1290 skb_free_datagram(sk, skb);
1291 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1293 /* attach accepted sock to socket */
1294 unix_state_lock(tsk);
1295 newsock->state = SS_CONNECTED;
1296 unix_sock_inherit_flags(sock, newsock);
1297 sock_graft(tsk, newsock);
1298 unix_state_unlock(tsk);
1306 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1308 struct sock *sk = sock->sk;
1309 struct unix_sock *u;
1310 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1314 sk = unix_peer_get(sk);
1325 unix_state_lock(sk);
1327 sunaddr->sun_family = AF_UNIX;
1328 sunaddr->sun_path[0] = 0;
1329 *uaddr_len = sizeof(short);
1331 struct unix_address *addr = u->addr;
1333 *uaddr_len = addr->len;
1334 memcpy(sunaddr, addr->name, *uaddr_len);
1336 unix_state_unlock(sk);
1342 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1346 scm->fp = UNIXCB(skb).fp;
1347 UNIXCB(skb).fp = NULL;
1349 for (i = scm->fp->count-1; i >= 0; i--)
1350 unix_notinflight(scm->fp->fp[i]);
1353 static void unix_destruct_scm(struct sk_buff *skb)
1355 struct scm_cookie scm;
1356 memset(&scm, 0, sizeof(scm));
1357 scm.pid = UNIXCB(skb).pid;
1359 unix_detach_fds(&scm, skb);
1361 /* Alas, it calls VFS */
1362 /* So fscking what? fput() had been SMP-safe since the last Summer */
1367 #define MAX_RECURSION_LEVEL 4
1369 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1372 unsigned char max_level = 0;
1373 int unix_sock_count = 0;
1375 for (i = scm->fp->count - 1; i >= 0; i--) {
1376 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1380 max_level = max(max_level,
1381 unix_sk(sk)->recursion_level);
1384 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1385 return -ETOOMANYREFS;
1388 * Need to duplicate file references for the sake of garbage
1389 * collection. Otherwise a socket in the fps might become a
1390 * candidate for GC while the skb is not yet queued.
1392 UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1393 if (!UNIXCB(skb).fp)
1396 if (unix_sock_count) {
1397 for (i = scm->fp->count - 1; i >= 0; i--)
1398 unix_inflight(scm->fp->fp[i]);
1403 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1407 UNIXCB(skb).pid = get_pid(scm->pid);
1408 UNIXCB(skb).uid = scm->creds.uid;
1409 UNIXCB(skb).gid = scm->creds.gid;
1410 UNIXCB(skb).fp = NULL;
1411 if (scm->fp && send_fds)
1412 err = unix_attach_fds(scm, skb);
1414 skb->destructor = unix_destruct_scm;
1419 * Some apps rely on write() giving SCM_CREDENTIALS
1420 * We include credentials if source or destination socket
1421 * asserted SOCK_PASSCRED.
1423 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1424 const struct sock *other)
1426 if (UNIXCB(skb).pid)
1428 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1429 !other->sk_socket ||
1430 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1431 UNIXCB(skb).pid = get_pid(task_tgid(current));
1432 current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid);
1437 * Send AF_UNIX data.
1440 static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
1443 struct sock *sk = sock->sk;
1444 struct net *net = sock_net(sk);
1445 struct unix_sock *u = unix_sk(sk);
1446 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
1447 struct sock *other = NULL;
1448 int namelen = 0; /* fake GCC */
1451 struct sk_buff *skb;
1453 struct scm_cookie scm;
1458 err = scm_send(sock, msg, &scm, false);
1463 if (msg->msg_flags&MSG_OOB)
1466 if (msg->msg_namelen) {
1467 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1474 other = unix_peer_get(sk);
1479 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1480 && (err = unix_autobind(sock)) != 0)
1484 if (len > sk->sk_sndbuf - 32)
1487 if (len > SKB_MAX_ALLOC) {
1488 data_len = min_t(size_t,
1489 len - SKB_MAX_ALLOC,
1490 MAX_SKB_FRAGS * PAGE_SIZE);
1491 data_len = PAGE_ALIGN(data_len);
1493 BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE);
1496 skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1497 msg->msg_flags & MSG_DONTWAIT, &err,
1498 PAGE_ALLOC_COSTLY_ORDER);
1502 err = unix_scm_to_skb(&scm, skb, true);
1505 max_level = err + 1;
1506 unix_get_secdata(&scm, skb);
1508 skb_put(skb, len - data_len);
1509 skb->data_len = data_len;
1511 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len);
1515 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1520 if (sunaddr == NULL)
1523 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1529 if (sk_filter(other, skb) < 0) {
1530 /* Toss the packet but do not return any error to the sender */
1535 unix_state_lock(other);
1537 if (!unix_may_send(sk, other))
1540 if (sock_flag(other, SOCK_DEAD)) {
1542 * Check with 1003.1g - what should
1545 unix_state_unlock(other);
1549 unix_state_lock(sk);
1550 if (unix_peer(sk) == other) {
1551 unix_peer(sk) = NULL;
1552 unix_state_unlock(sk);
1554 unix_dgram_disconnected(sk, other);
1556 err = -ECONNREFUSED;
1558 unix_state_unlock(sk);
1568 if (other->sk_shutdown & RCV_SHUTDOWN)
1571 if (sk->sk_type != SOCK_SEQPACKET) {
1572 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1577 if (unix_peer(other) != sk && unix_recvq_full(other)) {
1583 timeo = unix_wait_for_peer(other, timeo);
1585 err = sock_intr_errno(timeo);
1586 if (signal_pending(current))
1592 if (sock_flag(other, SOCK_RCVTSTAMP))
1593 __net_timestamp(skb);
1594 maybe_add_creds(skb, sock, other);
1595 skb_queue_tail(&other->sk_receive_queue, skb);
1596 if (max_level > unix_sk(other)->recursion_level)
1597 unix_sk(other)->recursion_level = max_level;
1598 unix_state_unlock(other);
1599 other->sk_data_ready(other);
1605 unix_state_unlock(other);
1615 /* We use paged skbs for stream sockets, and limit occupancy to 32768
1616 * bytes, and a minimun of a full page.
1618 #define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768))
1620 static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
1623 struct sock *sk = sock->sk;
1624 struct sock *other = NULL;
1626 struct sk_buff *skb;
1628 struct scm_cookie scm;
1629 bool fds_sent = false;
1634 err = scm_send(sock, msg, &scm, false);
1639 if (msg->msg_flags&MSG_OOB)
1642 if (msg->msg_namelen) {
1643 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1647 other = unix_peer(sk);
1652 if (sk->sk_shutdown & SEND_SHUTDOWN)
1655 while (sent < len) {
1658 /* Keep two messages in the pipe so it schedules better */
1659 size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64);
1661 /* allow fallback to order-0 allocations */
1662 size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ);
1664 data_len = max_t(int, 0, size - SKB_MAX_HEAD(0));
1666 data_len = min_t(size_t, size, PAGE_ALIGN(data_len));
1668 skb = sock_alloc_send_pskb(sk, size - data_len, data_len,
1669 msg->msg_flags & MSG_DONTWAIT, &err,
1670 get_order(UNIX_SKB_FRAGS_SZ));
1674 /* Only send the fds in the first buffer */
1675 err = unix_scm_to_skb(&scm, skb, !fds_sent);
1680 max_level = err + 1;
1683 skb_put(skb, size - data_len);
1684 skb->data_len = data_len;
1686 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size);
1692 unix_state_lock(other);
1694 if (sock_flag(other, SOCK_DEAD) ||
1695 (other->sk_shutdown & RCV_SHUTDOWN))
1698 maybe_add_creds(skb, sock, other);
1699 skb_queue_tail(&other->sk_receive_queue, skb);
1700 if (max_level > unix_sk(other)->recursion_level)
1701 unix_sk(other)->recursion_level = max_level;
1702 unix_state_unlock(other);
1703 other->sk_data_ready(other);
1712 unix_state_unlock(other);
1715 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1716 send_sig(SIGPIPE, current, 0);
1720 return sent ? : err;
1723 static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
1727 struct sock *sk = sock->sk;
1729 err = sock_error(sk);
1733 if (sk->sk_state != TCP_ESTABLISHED)
1736 if (msg->msg_namelen)
1737 msg->msg_namelen = 0;
1739 return unix_dgram_sendmsg(sock, msg, len);
1742 static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg,
1743 size_t size, int flags)
1745 struct sock *sk = sock->sk;
1747 if (sk->sk_state != TCP_ESTABLISHED)
1750 return unix_dgram_recvmsg(sock, msg, size, flags);
1753 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1755 struct unix_sock *u = unix_sk(sk);
1758 msg->msg_namelen = u->addr->len;
1759 memcpy(msg->msg_name, u->addr->name, u->addr->len);
1763 static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg,
1764 size_t size, int flags)
1766 struct scm_cookie scm;
1767 struct sock *sk = sock->sk;
1768 struct unix_sock *u = unix_sk(sk);
1769 int noblock = flags & MSG_DONTWAIT;
1770 struct sk_buff *skb;
1778 err = mutex_lock_interruptible(&u->readlock);
1779 if (unlikely(err)) {
1780 /* recvmsg() in non blocking mode is supposed to return -EAGAIN
1781 * sk_rcvtimeo is not honored by mutex_lock_interruptible()
1783 err = noblock ? -EAGAIN : -ERESTARTSYS;
1787 skip = sk_peek_offset(sk, flags);
1789 skb = __skb_recv_datagram(sk, flags, &peeked, &skip, &err);
1791 unix_state_lock(sk);
1792 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1793 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1794 (sk->sk_shutdown & RCV_SHUTDOWN))
1796 unix_state_unlock(sk);
1800 wake_up_interruptible_sync_poll(&u->peer_wait,
1801 POLLOUT | POLLWRNORM | POLLWRBAND);
1804 unix_copy_addr(msg, skb->sk);
1806 if (size > skb->len - skip)
1807 size = skb->len - skip;
1808 else if (size < skb->len - skip)
1809 msg->msg_flags |= MSG_TRUNC;
1811 err = skb_copy_datagram_msg(skb, skip, msg, size);
1815 if (sock_flag(sk, SOCK_RCVTSTAMP))
1816 __sock_recv_timestamp(msg, sk, skb);
1818 memset(&scm, 0, sizeof(scm));
1820 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
1821 unix_set_secdata(&scm, skb);
1823 if (!(flags & MSG_PEEK)) {
1825 unix_detach_fds(&scm, skb);
1827 sk_peek_offset_bwd(sk, skb->len);
1829 /* It is questionable: on PEEK we could:
1830 - do not return fds - good, but too simple 8)
1831 - return fds, and do not return them on read (old strategy,
1833 - clone fds (I chose it for now, it is the most universal
1836 POSIX 1003.1g does not actually define this clearly
1837 at all. POSIX 1003.1g doesn't define a lot of things
1842 sk_peek_offset_fwd(sk, size);
1845 scm.fp = scm_fp_dup(UNIXCB(skb).fp);
1847 err = (flags & MSG_TRUNC) ? skb->len - skip : size;
1849 scm_recv(sock, msg, &scm, flags);
1852 skb_free_datagram(sk, skb);
1854 mutex_unlock(&u->readlock);
1860 * Sleep until more data has arrived. But check for races..
1862 static long unix_stream_data_wait(struct sock *sk, long timeo,
1863 struct sk_buff *last)
1867 unix_state_lock(sk);
1870 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1872 if (skb_peek_tail(&sk->sk_receive_queue) != last ||
1874 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1875 signal_pending(current) ||
1879 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1880 unix_state_unlock(sk);
1881 timeo = freezable_schedule_timeout(timeo);
1882 unix_state_lock(sk);
1884 if (sock_flag(sk, SOCK_DEAD))
1887 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1890 finish_wait(sk_sleep(sk), &wait);
1891 unix_state_unlock(sk);
1895 static unsigned int unix_skb_len(const struct sk_buff *skb)
1897 return skb->len - UNIXCB(skb).consumed;
1900 static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
1901 size_t size, int flags)
1903 struct scm_cookie scm;
1904 struct sock *sk = sock->sk;
1905 struct unix_sock *u = unix_sk(sk);
1906 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
1908 int noblock = flags & MSG_DONTWAIT;
1909 int check_creds = 0;
1916 if (sk->sk_state != TCP_ESTABLISHED)
1923 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1924 timeo = sock_rcvtimeo(sk, noblock);
1926 /* Lock the socket to prevent queue disordering
1927 * while sleeps in memcpy_tomsg
1930 memset(&scm, 0, sizeof(scm));
1932 err = mutex_lock_interruptible(&u->readlock);
1933 if (unlikely(err)) {
1934 /* recvmsg() in non blocking mode is supposed to return -EAGAIN
1935 * sk_rcvtimeo is not honored by mutex_lock_interruptible()
1937 err = noblock ? -EAGAIN : -ERESTARTSYS;
1943 struct sk_buff *skb, *last;
1945 unix_state_lock(sk);
1946 if (sock_flag(sk, SOCK_DEAD)) {
1950 last = skb = skb_peek(&sk->sk_receive_queue);
1953 unix_sk(sk)->recursion_level = 0;
1954 if (copied >= target)
1958 * POSIX 1003.1g mandates this order.
1961 err = sock_error(sk);
1964 if (sk->sk_shutdown & RCV_SHUTDOWN)
1967 unix_state_unlock(sk);
1971 mutex_unlock(&u->readlock);
1973 timeo = unix_stream_data_wait(sk, timeo, last);
1975 if (signal_pending(current)
1976 || mutex_lock_interruptible(&u->readlock)) {
1977 err = sock_intr_errno(timeo);
1983 unix_state_unlock(sk);
1987 skip = sk_peek_offset(sk, flags);
1988 while (skip >= unix_skb_len(skb)) {
1989 skip -= unix_skb_len(skb);
1991 skb = skb_peek_next(skb, &sk->sk_receive_queue);
1996 unix_state_unlock(sk);
1999 /* Never glue messages from different writers */
2000 if ((UNIXCB(skb).pid != scm.pid) ||
2001 !uid_eq(UNIXCB(skb).uid, scm.creds.uid) ||
2002 !gid_eq(UNIXCB(skb).gid, scm.creds.gid))
2004 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
2005 /* Copy credentials */
2006 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2010 /* Copy address just once */
2012 unix_copy_addr(msg, skb->sk);
2016 chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
2017 if (skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
2026 /* Mark read part of skb as used */
2027 if (!(flags & MSG_PEEK)) {
2028 UNIXCB(skb).consumed += chunk;
2030 sk_peek_offset_bwd(sk, chunk);
2033 unix_detach_fds(&scm, skb);
2035 if (unix_skb_len(skb))
2038 skb_unlink(skb, &sk->sk_receive_queue);
2044 /* It is questionable, see note in unix_dgram_recvmsg.
2047 scm.fp = scm_fp_dup(UNIXCB(skb).fp);
2049 sk_peek_offset_fwd(sk, chunk);
2055 mutex_unlock(&u->readlock);
2056 scm_recv(sock, msg, &scm, flags);
2058 return copied ? : err;
2061 static int unix_shutdown(struct socket *sock, int mode)
2063 struct sock *sk = sock->sk;
2066 if (mode < SHUT_RD || mode > SHUT_RDWR)
2069 * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2070 * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2071 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2075 unix_state_lock(sk);
2076 sk->sk_shutdown |= mode;
2077 other = unix_peer(sk);
2080 unix_state_unlock(sk);
2081 sk->sk_state_change(sk);
2084 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2088 if (mode&RCV_SHUTDOWN)
2089 peer_mode |= SEND_SHUTDOWN;
2090 if (mode&SEND_SHUTDOWN)
2091 peer_mode |= RCV_SHUTDOWN;
2092 unix_state_lock(other);
2093 other->sk_shutdown |= peer_mode;
2094 unix_state_unlock(other);
2095 other->sk_state_change(other);
2096 if (peer_mode == SHUTDOWN_MASK)
2097 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2098 else if (peer_mode & RCV_SHUTDOWN)
2099 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2107 long unix_inq_len(struct sock *sk)
2109 struct sk_buff *skb;
2112 if (sk->sk_state == TCP_LISTEN)
2115 spin_lock(&sk->sk_receive_queue.lock);
2116 if (sk->sk_type == SOCK_STREAM ||
2117 sk->sk_type == SOCK_SEQPACKET) {
2118 skb_queue_walk(&sk->sk_receive_queue, skb)
2119 amount += unix_skb_len(skb);
2121 skb = skb_peek(&sk->sk_receive_queue);
2125 spin_unlock(&sk->sk_receive_queue.lock);
2129 EXPORT_SYMBOL_GPL(unix_inq_len);
2131 long unix_outq_len(struct sock *sk)
2133 return sk_wmem_alloc_get(sk);
2135 EXPORT_SYMBOL_GPL(unix_outq_len);
2137 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2139 struct sock *sk = sock->sk;
2145 amount = unix_outq_len(sk);
2146 err = put_user(amount, (int __user *)arg);
2149 amount = unix_inq_len(sk);
2153 err = put_user(amount, (int __user *)arg);
2162 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2164 struct sock *sk = sock->sk;
2167 sock_poll_wait(file, sk_sleep(sk), wait);
2170 /* exceptional events? */
2173 if (sk->sk_shutdown == SHUTDOWN_MASK)
2175 if (sk->sk_shutdown & RCV_SHUTDOWN)
2176 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2179 if (!skb_queue_empty(&sk->sk_receive_queue))
2180 mask |= POLLIN | POLLRDNORM;
2182 /* Connection-based need to check for termination and startup */
2183 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2184 sk->sk_state == TCP_CLOSE)
2188 * we set writable also when the other side has shut down the
2189 * connection. This prevents stuck sockets.
2191 if (unix_writable(sk))
2192 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2197 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2200 struct sock *sk = sock->sk, *other;
2201 unsigned int mask, writable;
2203 sock_poll_wait(file, sk_sleep(sk), wait);
2206 /* exceptional events? */
2207 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2209 (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? POLLPRI : 0);
2211 if (sk->sk_shutdown & RCV_SHUTDOWN)
2212 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2213 if (sk->sk_shutdown == SHUTDOWN_MASK)
2217 if (!skb_queue_empty(&sk->sk_receive_queue))
2218 mask |= POLLIN | POLLRDNORM;
2220 /* Connection-based need to check for termination and startup */
2221 if (sk->sk_type == SOCK_SEQPACKET) {
2222 if (sk->sk_state == TCP_CLOSE)
2224 /* connection hasn't started yet? */
2225 if (sk->sk_state == TCP_SYN_SENT)
2229 /* No write status requested, avoid expensive OUT tests. */
2230 if (!(poll_requested_events(wait) & (POLLWRBAND|POLLWRNORM|POLLOUT)))
2233 writable = unix_writable(sk);
2234 other = unix_peer_get(sk);
2236 if (unix_peer(other) != sk) {
2237 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2238 if (unix_recvq_full(other))
2245 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2247 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2252 #ifdef CONFIG_PROC_FS
2254 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2256 #define get_bucket(x) ((x) >> BUCKET_SPACE)
2257 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2258 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2260 static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
2262 unsigned long offset = get_offset(*pos);
2263 unsigned long bucket = get_bucket(*pos);
2265 unsigned long count = 0;
2267 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
2268 if (sock_net(sk) != seq_file_net(seq))
2270 if (++count == offset)
2277 static struct sock *unix_next_socket(struct seq_file *seq,
2281 unsigned long bucket;
2283 while (sk > (struct sock *)SEQ_START_TOKEN) {
2287 if (sock_net(sk) == seq_file_net(seq))
2292 sk = unix_from_bucket(seq, pos);
2297 bucket = get_bucket(*pos) + 1;
2298 *pos = set_bucket_offset(bucket, 1);
2299 } while (bucket < ARRAY_SIZE(unix_socket_table));
2304 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2305 __acquires(unix_table_lock)
2307 spin_lock(&unix_table_lock);
2310 return SEQ_START_TOKEN;
2312 if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
2315 return unix_next_socket(seq, NULL, pos);
2318 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2321 return unix_next_socket(seq, v, pos);
2324 static void unix_seq_stop(struct seq_file *seq, void *v)
2325 __releases(unix_table_lock)
2327 spin_unlock(&unix_table_lock);
2330 static int unix_seq_show(struct seq_file *seq, void *v)
2333 if (v == SEQ_START_TOKEN)
2334 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2338 struct unix_sock *u = unix_sk(s);
2341 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2343 atomic_read(&s->sk_refcnt),
2345 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2348 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2349 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2357 len = u->addr->len - sizeof(short);
2358 if (!UNIX_ABSTRACT(s))
2364 for ( ; i < len; i++)
2365 seq_putc(seq, u->addr->name->sun_path[i]);
2367 unix_state_unlock(s);
2368 seq_putc(seq, '\n');
2374 static const struct seq_operations unix_seq_ops = {
2375 .start = unix_seq_start,
2376 .next = unix_seq_next,
2377 .stop = unix_seq_stop,
2378 .show = unix_seq_show,
2381 static int unix_seq_open(struct inode *inode, struct file *file)
2383 return seq_open_net(inode, file, &unix_seq_ops,
2384 sizeof(struct seq_net_private));
2387 static const struct file_operations unix_seq_fops = {
2388 .owner = THIS_MODULE,
2389 .open = unix_seq_open,
2391 .llseek = seq_lseek,
2392 .release = seq_release_net,
2397 static const struct net_proto_family unix_family_ops = {
2399 .create = unix_create,
2400 .owner = THIS_MODULE,
2404 static int __net_init unix_net_init(struct net *net)
2406 int error = -ENOMEM;
2408 net->unx.sysctl_max_dgram_qlen = 10;
2409 if (unix_sysctl_register(net))
2412 #ifdef CONFIG_PROC_FS
2413 if (!proc_create("unix", 0, net->proc_net, &unix_seq_fops)) {
2414 unix_sysctl_unregister(net);
2423 static void __net_exit unix_net_exit(struct net *net)
2425 unix_sysctl_unregister(net);
2426 remove_proc_entry("unix", net->proc_net);
2429 static struct pernet_operations unix_net_ops = {
2430 .init = unix_net_init,
2431 .exit = unix_net_exit,
2434 static int __init af_unix_init(void)
2438 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > FIELD_SIZEOF(struct sk_buff, cb));
2440 rc = proto_register(&unix_proto, 1);
2442 pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__);
2446 sock_register(&unix_family_ops);
2447 register_pernet_subsys(&unix_net_ops);
2452 static void __exit af_unix_exit(void)
2454 sock_unregister(PF_UNIX);
2455 proto_unregister(&unix_proto);
2456 unregister_pernet_subsys(&unix_net_ops);
2459 /* Earlier than device_initcall() so that other drivers invoking
2460 request_module() don't end up in a loop when modprobe tries
2461 to use a UNIX socket. But later than subsys_initcall() because
2462 we depend on stuff initialised there */
2463 fs_initcall(af_unix_init);
2464 module_exit(af_unix_exit);
2466 MODULE_LICENSE("GPL");
2467 MODULE_ALIAS_NETPROTO(PF_UNIX);
git.samba.org / sfrench / cifs-2.6.git / blob