Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
af_unix.c
Go to the documentation of this file.
1 /*
2  * NET4: Implementation of BSD Unix domain sockets.
3  *
4  * Authors: Alan Cox, <[email protected]>
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  *
11  * Fixes:
12  * Linus Torvalds : Assorted bug cures.
13  * Niibe Yutaka : async I/O support.
14  * Carsten Paeth : PF_UNIX check, address fixes.
15  * Alan Cox : Limit size of allocated blocks.
16  * Alan Cox : Fixed the stupid socketpair bug.
17  * Alan Cox : BSD compatibility fine tuning.
18  * Alan Cox : Fixed a bug in connect when interrupted.
19  * Alan Cox : Sorted out a proper draft version of
20  * file descriptor passing hacked up from
21  * Mike Shaver's work.
22  * Marty Leisner : Fixes to fd passing
23  * Nick Nevin : recvmsg bugfix.
24  * Alan Cox : Started proper garbage collector
25  * Heiko EiBfeldt : Missing verify_area check
26  * Alan Cox : Started POSIXisms
27  * Andreas Schwab : Replace inode by dentry for proper
28  * reference counting
29  * Kirk Petersen : Made this a module
30  * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
31  * Lots of bug fixes.
32  * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33  * by above two patches.
34  * Andrea Arcangeli : If possible we block in connect(2)
35  * if the max backlog of the listen socket
36  * is been reached. This won't break
37  * old apps and it will avoid huge amount
38  * of socks hashed (this for unix_gc()
39  * performances reasons).
40  * Security fix that limits the max
41  * number of socks to 2*max_files and
42  * the number of skb queueable in the
43  * dgram receiver.
44  * Artur Skawina : Hash function optimizations
45  * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46  * Malcolm Beattie : Set peercred for socketpair
47  * Michal Ostrowski : Module initialization cleanup.
48  * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49  * the core infrastructure is doing that
50  * for all net proto families now (2.5.69+)
51  *
52  *
53  * Known differences from reference BSD that was tested:
54  *
55  * [TO FIX]
56  * ECONNREFUSED is not returned from one end of a connected() socket to the
57  * other the moment one end closes.
58  * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59  * and a fake inode identifier (nor the BSD first socket fstat twice bug).
60  * [NOT TO FIX]
61  * accept() returns a path name even if the connecting socket has closed
62  * in the meantime (BSD loses the path and gives up).
63  * accept() returns 0 length path for an unbound connector. BSD returns 16
64  * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65  * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66  * BSD af_unix apparently has connect forgetting to block properly.
67  * (need to check this with the POSIX spec in detail)
68  *
69  * Differences from 2.0.0-11-... (ANK)
70  * Bug fixes and improvements.
71  * - client shutdown killed server socket.
72  * - removed all useless cli/sti pairs.
73  *
74  * Semantic changes/extensions.
75  * - generic control message passing.
76  * - SCM_CREDENTIALS control message.
77  * - "Abstract" (not FS based) socket bindings.
78  * Abstract names are sequences of bytes (not zero terminated)
79  * started by 0, so that this name space does not intersect
80  * with BSD names.
81  */
82 
83 #include <linux/module.h>
84 #include <linux/kernel.h>
85 #include <linux/signal.h>
86 #include <linux/sched.h>
87 #include <linux/errno.h>
88 #include <linux/string.h>
89 #include <linux/stat.h>
90 #include <linux/dcache.h>
91 #include <linux/namei.h>
92 #include <linux/socket.h>
93 #include <linux/un.h>
94 #include <linux/fcntl.h>
95 #include <linux/termios.h>
96 #include <linux/sockios.h>
97 #include <linux/net.h>
98 #include <linux/in.h>
99 #include <linux/fs.h>
100 #include <linux/slab.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <net/net_namespace.h>
105 #include <net/sock.h>
106 #include <net/tcp_states.h>
107 #include <net/af_unix.h>
108 #include <linux/proc_fs.h>
109 #include <linux/seq_file.h>
110 #include <net/scm.h>
111 #include <linux/init.h>
112 #include <linux/poll.h>
113 #include <linux/rtnetlink.h>
114 #include <linux/mount.h>
115 #include <net/checksum.h>
116 #include <linux/security.h>
117 
118 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
119 EXPORT_SYMBOL_GPL(unix_socket_table);
120 DEFINE_SPINLOCK(unix_table_lock);
121 EXPORT_SYMBOL_GPL(unix_table_lock);
122 static atomic_long_t unix_nr_socks;
123 
124 
125 static struct hlist_head *unix_sockets_unbound(void *addr)
126 {
127  unsigned long hash = (unsigned long)addr;
128 
129  hash ^= hash >> 16;
130  hash ^= hash >> 8;
131  hash %= UNIX_HASH_SIZE;
132  return &unix_socket_table[UNIX_HASH_SIZE + hash];
133 }
134 
135 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
136 
137 #ifdef CONFIG_SECURITY_NETWORK
138 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
139 {
140  memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
141 }
142 
143 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
144 {
145  scm->secid = *UNIXSID(skb);
146 }
147 #else
148 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
149 { }
150 
151 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
152 { }
153 #endif /* CONFIG_SECURITY_NETWORK */
154 
155 /*
156  * SMP locking strategy:
157  * hash table is protected with spinlock unix_table_lock
158  * each socket state is protected by separate spin lock.
159  */
160 
161 static inline unsigned int unix_hash_fold(__wsum n)
162 {
163  unsigned int hash = (__force unsigned int)n;
164 
165  hash ^= hash>>16;
166  hash ^= hash>>8;
167  return hash&(UNIX_HASH_SIZE-1);
168 }
169 
170 #define unix_peer(sk) (unix_sk(sk)->peer)
171 
172 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
173 {
174  return unix_peer(osk) == sk;
175 }
176 
177 static inline int unix_may_send(struct sock *sk, struct sock *osk)
178 {
179  return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
180 }
181 
182 static inline int unix_recvq_full(struct sock const *sk)
183 {
184  return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
185 }
186 
187 struct sock *unix_peer_get(struct sock *s)
188 {
189  struct sock *peer;
190 
191  unix_state_lock(s);
192  peer = unix_peer(s);
193  if (peer)
194  sock_hold(peer);
195  unix_state_unlock(s);
196  return peer;
197 }
198 EXPORT_SYMBOL_GPL(unix_peer_get);
199 
200 static inline void unix_release_addr(struct unix_address *addr)
201 {
202  if (atomic_dec_and_test(&addr->refcnt))
203  kfree(addr);
204 }
205 
206 /*
207  * Check unix socket name:
208  * - should be not zero length.
209  * - if started by not zero, should be NULL terminated (FS object)
210  * - if started by zero, it is abstract name.
211  */
212 
213 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
214 {
215  if (len <= sizeof(short) || len > sizeof(*sunaddr))
216  return -EINVAL;
217  if (!sunaddr || sunaddr->sun_family != AF_UNIX)
218  return -EINVAL;
219  if (sunaddr->sun_path[0]) {
220  /*
221  * This may look like an off by one error but it is a bit more
222  * subtle. 108 is the longest valid AF_UNIX path for a binding.
223  * sun_path[108] doesn't as such exist. However in kernel space
224  * we are guaranteed that it is a valid memory location in our
225  * kernel address buffer.
226  */
227  ((char *)sunaddr)[len] = 0;
228  len = strlen(sunaddr->sun_path)+1+sizeof(short);
229  return len;
230  }
231 
232  *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
233  return len;
234 }
235 
236 static void __unix_remove_socket(struct sock *sk)
237 {
238  sk_del_node_init(sk);
239 }
240 
241 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
242 {
243  WARN_ON(!sk_unhashed(sk));
244  sk_add_node(sk, list);
245 }
246 
247 static inline void unix_remove_socket(struct sock *sk)
248 {
249  spin_lock(&unix_table_lock);
250  __unix_remove_socket(sk);
251  spin_unlock(&unix_table_lock);
252 }
253 
254 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
255 {
256  spin_lock(&unix_table_lock);
257  __unix_insert_socket(list, sk);
258  spin_unlock(&unix_table_lock);
259 }
260 
261 static struct sock *__unix_find_socket_byname(struct net *net,
262  struct sockaddr_un *sunname,
263  int len, int type, unsigned int hash)
264 {
265  struct sock *s;
266  struct hlist_node *node;
267 
268  sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
269  struct unix_sock *u = unix_sk(s);
270 
271  if (!net_eq(sock_net(s), net))
272  continue;
273 
274  if (u->addr->len == len &&
275  !memcmp(u->addr->name, sunname, len))
276  goto found;
277  }
278  s = NULL;
279 found:
280  return s;
281 }
282 
283 static inline struct sock *unix_find_socket_byname(struct net *net,
284  struct sockaddr_un *sunname,
285  int len, int type,
286  unsigned int hash)
287 {
288  struct sock *s;
289 
290  spin_lock(&unix_table_lock);
291  s = __unix_find_socket_byname(net, sunname, len, type, hash);
292  if (s)
293  sock_hold(s);
294  spin_unlock(&unix_table_lock);
295  return s;
296 }
297 
298 static struct sock *unix_find_socket_byinode(struct inode *i)
299 {
300  struct sock *s;
301  struct hlist_node *node;
302 
303  spin_lock(&unix_table_lock);
304  sk_for_each(s, node,
305  &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
306  struct dentry *dentry = unix_sk(s)->path.dentry;
307 
308  if (dentry && dentry->d_inode == i) {
309  sock_hold(s);
310  goto found;
311  }
312  }
313  s = NULL;
314 found:
315  spin_unlock(&unix_table_lock);
316  return s;
317 }
318 
319 static inline int unix_writable(struct sock *sk)
320 {
321  return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
322 }
323 
324 static void unix_write_space(struct sock *sk)
325 {
326  struct socket_wq *wq;
327 
328  rcu_read_lock();
329  if (unix_writable(sk)) {
330  wq = rcu_dereference(sk->sk_wq);
331  if (wq_has_sleeper(wq))
332  wake_up_interruptible_sync_poll(&wq->wait,
333  POLLOUT | POLLWRNORM | POLLWRBAND);
334  sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
335  }
336  rcu_read_unlock();
337 }
338 
339 /* When dgram socket disconnects (or changes its peer), we clear its receive
340  * queue of packets arrived from previous peer. First, it allows to do
341  * flow control based only on wmem_alloc; second, sk connected to peer
342  * may receive messages only from that peer. */
343 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
344 {
345  if (!skb_queue_empty(&sk->sk_receive_queue)) {
346  skb_queue_purge(&sk->sk_receive_queue);
347  wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
348 
349  /* If one link of bidirectional dgram pipe is disconnected,
350  * we signal error. Messages are lost. Do not make this,
351  * when peer was not connected to us.
352  */
353  if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
354  other->sk_err = ECONNRESET;
355  other->sk_error_report(other);
356  }
357  }
358 }
359 
360 static void unix_sock_destructor(struct sock *sk)
361 {
362  struct unix_sock *u = unix_sk(sk);
363 
364  skb_queue_purge(&sk->sk_receive_queue);
365 
366  WARN_ON(atomic_read(&sk->sk_wmem_alloc));
367  WARN_ON(!sk_unhashed(sk));
368  WARN_ON(sk->sk_socket);
369  if (!sock_flag(sk, SOCK_DEAD)) {
370  printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
371  return;
372  }
373 
374  if (u->addr)
375  unix_release_addr(u->addr);
376 
377  atomic_long_dec(&unix_nr_socks);
378  local_bh_disable();
379  sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
380  local_bh_enable();
381 #ifdef UNIX_REFCNT_DEBUG
382  printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
383  atomic_long_read(&unix_nr_socks));
384 #endif
385 }
386 
387 static int unix_release_sock(struct sock *sk, int embrion)
388 {
389  struct unix_sock *u = unix_sk(sk);
390  struct path path;
391  struct sock *skpair;
392  struct sk_buff *skb;
393  int state;
394 
395  unix_remove_socket(sk);
396 
397  /* Clear state */
398  unix_state_lock(sk);
399  sock_orphan(sk);
400  sk->sk_shutdown = SHUTDOWN_MASK;
401  path = u->path;
402  u->path.dentry = NULL;
403  u->path.mnt = NULL;
404  state = sk->sk_state;
405  sk->sk_state = TCP_CLOSE;
406  unix_state_unlock(sk);
407 
408  wake_up_interruptible_all(&u->peer_wait);
409 
410  skpair = unix_peer(sk);
411 
412  if (skpair != NULL) {
413  if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
414  unix_state_lock(skpair);
415  /* No more writes */
416  skpair->sk_shutdown = SHUTDOWN_MASK;
417  if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
418  skpair->sk_err = ECONNRESET;
419  unix_state_unlock(skpair);
420  skpair->sk_state_change(skpair);
421  sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
422  }
423  sock_put(skpair); /* It may now die */
424  unix_peer(sk) = NULL;
425  }
426 
427  /* Try to flush out this socket. Throw out buffers at least */
428 
429  while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
430  if (state == TCP_LISTEN)
431  unix_release_sock(skb->sk, 1);
432  /* passed fds are erased in the kfree_skb hook */
433  kfree_skb(skb);
434  }
435 
436  if (path.dentry)
437  path_put(&path);
438 
439  sock_put(sk);
440 
441  /* ---- Socket is dead now and most probably destroyed ---- */
442 
443  /*
444  * Fixme: BSD difference: In BSD all sockets connected to us get
445  * ECONNRESET and we die on the spot. In Linux we behave
446  * like files and pipes do and wait for the last
447  * dereference.
448  *
449  * Can't we simply set sock->err?
450  *
451  * What the above comment does talk about? --ANK(980817)
452  */
453 
454  if (unix_tot_inflight)
455  unix_gc(); /* Garbage collect fds */
456 
457  return 0;
458 }
459 
460 static void init_peercred(struct sock *sk)
461 {
462  put_pid(sk->sk_peer_pid);
463  if (sk->sk_peer_cred)
464  put_cred(sk->sk_peer_cred);
465  sk->sk_peer_pid = get_pid(task_tgid(current));
466  sk->sk_peer_cred = get_current_cred();
467 }
468 
469 static void copy_peercred(struct sock *sk, struct sock *peersk)
470 {
471  put_pid(sk->sk_peer_pid);
472  if (sk->sk_peer_cred)
473  put_cred(sk->sk_peer_cred);
474  sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
475  sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
476 }
477 
478 static int unix_listen(struct socket *sock, int backlog)
479 {
480  int err;
481  struct sock *sk = sock->sk;
482  struct unix_sock *u = unix_sk(sk);
483  struct pid *old_pid = NULL;
484 
485  err = -EOPNOTSUPP;
486  if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
487  goto out; /* Only stream/seqpacket sockets accept */
488  err = -EINVAL;
489  if (!u->addr)
490  goto out; /* No listens on an unbound socket */
491  unix_state_lock(sk);
492  if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
493  goto out_unlock;
494  if (backlog > sk->sk_max_ack_backlog)
495  wake_up_interruptible_all(&u->peer_wait);
496  sk->sk_max_ack_backlog = backlog;
497  sk->sk_state = TCP_LISTEN;
498  /* set credentials so connect can copy them */
499  init_peercred(sk);
500  err = 0;
501 
502 out_unlock:
503  unix_state_unlock(sk);
504  put_pid(old_pid);
505 out:
506  return err;
507 }
508 
509 static int unix_release(struct socket *);
510 static int unix_bind(struct socket *, struct sockaddr *, int);
511 static int unix_stream_connect(struct socket *, struct sockaddr *,
512  int addr_len, int flags);
513 static int unix_socketpair(struct socket *, struct socket *);
514 static int unix_accept(struct socket *, struct socket *, int);
515 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
516 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
517 static unsigned int unix_dgram_poll(struct file *, struct socket *,
518  poll_table *);
519 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
520 static int unix_shutdown(struct socket *, int);
521 static int unix_stream_sendmsg(struct kiocb *, struct socket *,
522  struct msghdr *, size_t);
523 static int unix_stream_recvmsg(struct kiocb *, struct socket *,
524  struct msghdr *, size_t, int);
525 static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
526  struct msghdr *, size_t);
527 static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
528  struct msghdr *, size_t, int);
529 static int unix_dgram_connect(struct socket *, struct sockaddr *,
530  int, int);
531 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
532  struct msghdr *, size_t);
533 static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
534  struct msghdr *, size_t, int);
535 
536 static void unix_set_peek_off(struct sock *sk, int val)
537 {
538  struct unix_sock *u = unix_sk(sk);
539 
540  mutex_lock(&u->readlock);
541  sk->sk_peek_off = val;
542  mutex_unlock(&u->readlock);
543 }
544 
545 
546 static const struct proto_ops unix_stream_ops = {
547  .family = PF_UNIX,
548  .owner = THIS_MODULE,
549  .release = unix_release,
550  .bind = unix_bind,
551  .connect = unix_stream_connect,
552  .socketpair = unix_socketpair,
553  .accept = unix_accept,
554  .getname = unix_getname,
555  .poll = unix_poll,
556  .ioctl = unix_ioctl,
557  .listen = unix_listen,
558  .shutdown = unix_shutdown,
559  .setsockopt = sock_no_setsockopt,
560  .getsockopt = sock_no_getsockopt,
561  .sendmsg = unix_stream_sendmsg,
562  .recvmsg = unix_stream_recvmsg,
563  .mmap = sock_no_mmap,
564  .sendpage = sock_no_sendpage,
565  .set_peek_off = unix_set_peek_off,
566 };
567 
568 static const struct proto_ops unix_dgram_ops = {
569  .family = PF_UNIX,
570  .owner = THIS_MODULE,
571  .release = unix_release,
572  .bind = unix_bind,
573  .connect = unix_dgram_connect,
574  .socketpair = unix_socketpair,
575  .accept = sock_no_accept,
576  .getname = unix_getname,
577  .poll = unix_dgram_poll,
578  .ioctl = unix_ioctl,
579  .listen = sock_no_listen,
580  .shutdown = unix_shutdown,
581  .setsockopt = sock_no_setsockopt,
582  .getsockopt = sock_no_getsockopt,
583  .sendmsg = unix_dgram_sendmsg,
584  .recvmsg = unix_dgram_recvmsg,
585  .mmap = sock_no_mmap,
586  .sendpage = sock_no_sendpage,
587  .set_peek_off = unix_set_peek_off,
588 };
589 
590 static const struct proto_ops unix_seqpacket_ops = {
591  .family = PF_UNIX,
592  .owner = THIS_MODULE,
593  .release = unix_release,
594  .bind = unix_bind,
595  .connect = unix_stream_connect,
596  .socketpair = unix_socketpair,
597  .accept = unix_accept,
598  .getname = unix_getname,
599  .poll = unix_dgram_poll,
600  .ioctl = unix_ioctl,
601  .listen = unix_listen,
602  .shutdown = unix_shutdown,
603  .setsockopt = sock_no_setsockopt,
604  .getsockopt = sock_no_getsockopt,
605  .sendmsg = unix_seqpacket_sendmsg,
606  .recvmsg = unix_seqpacket_recvmsg,
607  .mmap = sock_no_mmap,
608  .sendpage = sock_no_sendpage,
609  .set_peek_off = unix_set_peek_off,
610 };
611 
612 static struct proto unix_proto = {
613  .name = "UNIX",
614  .owner = THIS_MODULE,
615  .obj_size = sizeof(struct unix_sock),
616 };
617 
618 /*
619  * AF_UNIX sockets do not interact with hardware, hence they
620  * dont trigger interrupts - so it's safe for them to have
621  * bh-unsafe locking for their sk_receive_queue.lock. Split off
622  * this special lock-class by reinitializing the spinlock key:
623  */
624 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
625 
626 static struct sock *unix_create1(struct net *net, struct socket *sock)
627 {
628  struct sock *sk = NULL;
629  struct unix_sock *u;
630 
631  atomic_long_inc(&unix_nr_socks);
632  if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
633  goto out;
634 
635  sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
636  if (!sk)
637  goto out;
638 
639  sock_init_data(sock, sk);
640  lockdep_set_class(&sk->sk_receive_queue.lock,
641  &af_unix_sk_receive_queue_lock_key);
642 
643  sk->sk_write_space = unix_write_space;
644  sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
645  sk->sk_destruct = unix_sock_destructor;
646  u = unix_sk(sk);
647  u->path.dentry = NULL;
648  u->path.mnt = NULL;
649  spin_lock_init(&u->lock);
650  atomic_long_set(&u->inflight, 0);
651  INIT_LIST_HEAD(&u->link);
652  mutex_init(&u->readlock); /* single task reading lock */
653  init_waitqueue_head(&u->peer_wait);
654  unix_insert_socket(unix_sockets_unbound(sk), sk);
655 out:
656  if (sk == NULL)
657  atomic_long_dec(&unix_nr_socks);
658  else {
659  local_bh_disable();
660  sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
661  local_bh_enable();
662  }
663  return sk;
664 }
665 
666 static int unix_create(struct net *net, struct socket *sock, int protocol,
667  int kern)
668 {
669  if (protocol && protocol != PF_UNIX)
670  return -EPROTONOSUPPORT;
671 
672  sock->state = SS_UNCONNECTED;
673 
674  switch (sock->type) {
675  case SOCK_STREAM:
676  sock->ops = &unix_stream_ops;
677  break;
678  /*
679  * Believe it or not BSD has AF_UNIX, SOCK_RAW though
680  * nothing uses it.
681  */
682  case SOCK_RAW:
683  sock->type = SOCK_DGRAM;
684  case SOCK_DGRAM:
685  sock->ops = &unix_dgram_ops;
686  break;
687  case SOCK_SEQPACKET:
688  sock->ops = &unix_seqpacket_ops;
689  break;
690  default:
691  return -ESOCKTNOSUPPORT;
692  }
693 
694  return unix_create1(net, sock) ? 0 : -ENOMEM;
695 }
696 
697 static int unix_release(struct socket *sock)
698 {
699  struct sock *sk = sock->sk;
700 
701  if (!sk)
702  return 0;
703 
704  sock->sk = NULL;
705 
706  return unix_release_sock(sk, 0);
707 }
708 
709 static int unix_autobind(struct socket *sock)
710 {
711  struct sock *sk = sock->sk;
712  struct net *net = sock_net(sk);
713  struct unix_sock *u = unix_sk(sk);
714  static u32 ordernum = 1;
715  struct unix_address *addr;
716  int err;
717  unsigned int retries = 0;
718 
719  mutex_lock(&u->readlock);
720 
721  err = 0;
722  if (u->addr)
723  goto out;
724 
725  err = -ENOMEM;
726  addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
727  if (!addr)
728  goto out;
729 
730  addr->name->sun_family = AF_UNIX;
731  atomic_set(&addr->refcnt, 1);
732 
733 retry:
734  addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
735  addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
736 
737  spin_lock(&unix_table_lock);
738  ordernum = (ordernum+1)&0xFFFFF;
739 
740  if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
741  addr->hash)) {
742  spin_unlock(&unix_table_lock);
743  /*
744  * __unix_find_socket_byname() may take long time if many names
745  * are already in use.
746  */
747  cond_resched();
748  /* Give up if all names seems to be in use. */
749  if (retries++ == 0xFFFFF) {
750  err = -ENOSPC;
751  kfree(addr);
752  goto out;
753  }
754  goto retry;
755  }
756  addr->hash ^= sk->sk_type;
757 
758  __unix_remove_socket(sk);
759  u->addr = addr;
760  __unix_insert_socket(&unix_socket_table[addr->hash], sk);
761  spin_unlock(&unix_table_lock);
762  err = 0;
763 
764 out: mutex_unlock(&u->readlock);
765  return err;
766 }
767 
768 static struct sock *unix_find_other(struct net *net,
769  struct sockaddr_un *sunname, int len,
770  int type, unsigned int hash, int *error)
771 {
772  struct sock *u;
773  struct path path;
774  int err = 0;
775 
776  if (sunname->sun_path[0]) {
777  struct inode *inode;
778  err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
779  if (err)
780  goto fail;
781  inode = path.dentry->d_inode;
782  err = inode_permission(inode, MAY_WRITE);
783  if (err)
784  goto put_fail;
785 
786  err = -ECONNREFUSED;
787  if (!S_ISSOCK(inode->i_mode))
788  goto put_fail;
789  u = unix_find_socket_byinode(inode);
790  if (!u)
791  goto put_fail;
792 
793  if (u->sk_type == type)
794  touch_atime(&path);
795 
796  path_put(&path);
797 
798  err = -EPROTOTYPE;
799  if (u->sk_type != type) {
800  sock_put(u);
801  goto fail;
802  }
803  } else {
804  err = -ECONNREFUSED;
805  u = unix_find_socket_byname(net, sunname, len, type, hash);
806  if (u) {
807  struct dentry *dentry;
808  dentry = unix_sk(u)->path.dentry;
809  if (dentry)
810  touch_atime(&unix_sk(u)->path);
811  } else
812  goto fail;
813  }
814  return u;
815 
816 put_fail:
817  path_put(&path);
818 fail:
819  *error = err;
820  return NULL;
821 }
822 
823 static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
824 {
825  struct dentry *dentry;
826  struct path path;
827  int err = 0;
828  /*
829  * Get the parent directory, calculate the hash for last
830  * component.
831  */
832  dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
833  err = PTR_ERR(dentry);
834  if (IS_ERR(dentry))
835  return err;
836 
837  /*
838  * All right, let's create it.
839  */
840  err = security_path_mknod(&path, dentry, mode, 0);
841  if (!err) {
842  err = vfs_mknod(path.dentry->d_inode, dentry, mode, 0);
843  if (!err) {
844  res->mnt = mntget(path.mnt);
845  res->dentry = dget(dentry);
846  }
847  }
848  done_path_create(&path, dentry);
849  return err;
850 }
851 
852 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
853 {
854  struct sock *sk = sock->sk;
855  struct net *net = sock_net(sk);
856  struct unix_sock *u = unix_sk(sk);
857  struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
858  char *sun_path = sunaddr->sun_path;
859  int err;
860  unsigned int hash;
861  struct unix_address *addr;
862  struct hlist_head *list;
863 
864  err = -EINVAL;
865  if (sunaddr->sun_family != AF_UNIX)
866  goto out;
867 
868  if (addr_len == sizeof(short)) {
869  err = unix_autobind(sock);
870  goto out;
871  }
872 
873  err = unix_mkname(sunaddr, addr_len, &hash);
874  if (err < 0)
875  goto out;
876  addr_len = err;
877 
878  mutex_lock(&u->readlock);
879 
880  err = -EINVAL;
881  if (u->addr)
882  goto out_up;
883 
884  err = -ENOMEM;
885  addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
886  if (!addr)
887  goto out_up;
888 
889  memcpy(addr->name, sunaddr, addr_len);
890  addr->len = addr_len;
891  addr->hash = hash ^ sk->sk_type;
892  atomic_set(&addr->refcnt, 1);
893 
894  if (sun_path[0]) {
895  struct path path;
896  umode_t mode = S_IFSOCK |
897  (SOCK_INODE(sock)->i_mode & ~current_umask());
898  err = unix_mknod(sun_path, mode, &path);
899  if (err) {
900  if (err == -EEXIST)
901  err = -EADDRINUSE;
902  unix_release_addr(addr);
903  goto out_up;
904  }
905  addr->hash = UNIX_HASH_SIZE;
906  hash = path.dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1);
907  spin_lock(&unix_table_lock);
908  u->path = path;
909  list = &unix_socket_table[hash];
910  } else {
911  spin_lock(&unix_table_lock);
912  err = -EADDRINUSE;
913  if (__unix_find_socket_byname(net, sunaddr, addr_len,
914  sk->sk_type, hash)) {
915  unix_release_addr(addr);
916  goto out_unlock;
917  }
918 
919  list = &unix_socket_table[addr->hash];
920  }
921 
922  err = 0;
923  __unix_remove_socket(sk);
924  u->addr = addr;
925  __unix_insert_socket(list, sk);
926 
927 out_unlock:
928  spin_unlock(&unix_table_lock);
929 out_up:
930  mutex_unlock(&u->readlock);
931 out:
932  return err;
933 }
934 
935 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
936 {
937  if (unlikely(sk1 == sk2) || !sk2) {
938  unix_state_lock(sk1);
939  return;
940  }
941  if (sk1 < sk2) {
942  unix_state_lock(sk1);
943  unix_state_lock_nested(sk2);
944  } else {
945  unix_state_lock(sk2);
946  unix_state_lock_nested(sk1);
947  }
948 }
949 
950 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
951 {
952  if (unlikely(sk1 == sk2) || !sk2) {
953  unix_state_unlock(sk1);
954  return;
955  }
956  unix_state_unlock(sk1);
957  unix_state_unlock(sk2);
958 }
959 
960 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
961  int alen, int flags)
962 {
963  struct sock *sk = sock->sk;
964  struct net *net = sock_net(sk);
965  struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
966  struct sock *other;
967  unsigned int hash;
968  int err;
969 
970  if (addr->sa_family != AF_UNSPEC) {
971  err = unix_mkname(sunaddr, alen, &hash);
972  if (err < 0)
973  goto out;
974  alen = err;
975 
976  if (test_bit(SOCK_PASSCRED, &sock->flags) &&
977  !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
978  goto out;
979 
980 restart:
981  other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
982  if (!other)
983  goto out;
984 
985  unix_state_double_lock(sk, other);
986 
987  /* Apparently VFS overslept socket death. Retry. */
988  if (sock_flag(other, SOCK_DEAD)) {
989  unix_state_double_unlock(sk, other);
990  sock_put(other);
991  goto restart;
992  }
993 
994  err = -EPERM;
995  if (!unix_may_send(sk, other))
996  goto out_unlock;
997 
998  err = security_unix_may_send(sk->sk_socket, other->sk_socket);
999  if (err)
1000  goto out_unlock;
1001 
1002  } else {
1003  /*
1004  * 1003.1g breaking connected state with AF_UNSPEC
1005  */
1006  other = NULL;
1007  unix_state_double_lock(sk, other);
1008  }
1009 
1010  /*
1011  * If it was connected, reconnect.
1012  */
1013  if (unix_peer(sk)) {
1014  struct sock *old_peer = unix_peer(sk);
1015  unix_peer(sk) = other;
1016  unix_state_double_unlock(sk, other);
1017 
1018  if (other != old_peer)
1019  unix_dgram_disconnected(sk, old_peer);
1020  sock_put(old_peer);
1021  } else {
1022  unix_peer(sk) = other;
1023  unix_state_double_unlock(sk, other);
1024  }
1025  return 0;
1026 
1027 out_unlock:
1028  unix_state_double_unlock(sk, other);
1029  sock_put(other);
1030 out:
1031  return err;
1032 }
1033 
1034 static long unix_wait_for_peer(struct sock *other, long timeo)
1035 {
1036  struct unix_sock *u = unix_sk(other);
1037  int sched;
1038  DEFINE_WAIT(wait);
1039 
1040  prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1041 
1042  sched = !sock_flag(other, SOCK_DEAD) &&
1043  !(other->sk_shutdown & RCV_SHUTDOWN) &&
1044  unix_recvq_full(other);
1045 
1046  unix_state_unlock(other);
1047 
1048  if (sched)
1049  timeo = schedule_timeout(timeo);
1050 
1051  finish_wait(&u->peer_wait, &wait);
1052  return timeo;
1053 }
1054 
1055 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1056  int addr_len, int flags)
1057 {
1058  struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1059  struct sock *sk = sock->sk;
1060  struct net *net = sock_net(sk);
1061  struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1062  struct sock *newsk = NULL;
1063  struct sock *other = NULL;
1064  struct sk_buff *skb = NULL;
1065  unsigned int hash;
1066  int st;
1067  int err;
1068  long timeo;
1069 
1070  err = unix_mkname(sunaddr, addr_len, &hash);
1071  if (err < 0)
1072  goto out;
1073  addr_len = err;
1074 
1075  if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1076  (err = unix_autobind(sock)) != 0)
1077  goto out;
1078 
1079  timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1080 
1081  /* First of all allocate resources.
1082  If we will make it after state is locked,
1083  we will have to recheck all again in any case.
1084  */
1085 
1086  err = -ENOMEM;
1087 
1088  /* create new sock for complete connection */
1089  newsk = unix_create1(sock_net(sk), NULL);
1090  if (newsk == NULL)
1091  goto out;
1092 
1093  /* Allocate skb for sending to listening sock */
1094  skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1095  if (skb == NULL)
1096  goto out;
1097 
1098 restart:
1099  /* Find listening sock. */
1100  other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1101  if (!other)
1102  goto out;
1103 
1104  /* Latch state of peer */
1105  unix_state_lock(other);
1106 
1107  /* Apparently VFS overslept socket death. Retry. */
1108  if (sock_flag(other, SOCK_DEAD)) {
1109  unix_state_unlock(other);
1110  sock_put(other);
1111  goto restart;
1112  }
1113 
1114  err = -ECONNREFUSED;
1115  if (other->sk_state != TCP_LISTEN)
1116  goto out_unlock;
1117  if (other->sk_shutdown & RCV_SHUTDOWN)
1118  goto out_unlock;
1119 
1120  if (unix_recvq_full(other)) {
1121  err = -EAGAIN;
1122  if (!timeo)
1123  goto out_unlock;
1124 
1125  timeo = unix_wait_for_peer(other, timeo);
1126 
1127  err = sock_intr_errno(timeo);
1128  if (signal_pending(current))
1129  goto out;
1130  sock_put(other);
1131  goto restart;
1132  }
1133 
1134  /* Latch our state.
1135 
1136  It is tricky place. We need to grab our state lock and cannot
1137  drop lock on peer. It is dangerous because deadlock is
1138  possible. Connect to self case and simultaneous
1139  attempt to connect are eliminated by checking socket
1140  state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1141  check this before attempt to grab lock.
1142 
1143  Well, and we have to recheck the state after socket locked.
1144  */
1145  st = sk->sk_state;
1146 
1147  switch (st) {
1148  case TCP_CLOSE:
1149  /* This is ok... continue with connect */
1150  break;
1151  case TCP_ESTABLISHED:
1152  /* Socket is already connected */
1153  err = -EISCONN;
1154  goto out_unlock;
1155  default:
1156  err = -EINVAL;
1157  goto out_unlock;
1158  }
1159 
1160  unix_state_lock_nested(sk);
1161 
1162  if (sk->sk_state != st) {
1163  unix_state_unlock(sk);
1164  unix_state_unlock(other);
1165  sock_put(other);
1166  goto restart;
1167  }
1168 
1169  err = security_unix_stream_connect(sk, other, newsk);
1170  if (err) {
1171  unix_state_unlock(sk);
1172  goto out_unlock;
1173  }
1174 
1175  /* The way is open! Fastly set all the necessary fields... */
1176 
1177  sock_hold(sk);
1178  unix_peer(newsk) = sk;
1179  newsk->sk_state = TCP_ESTABLISHED;
1180  newsk->sk_type = sk->sk_type;
1181  init_peercred(newsk);
1182  newu = unix_sk(newsk);
1183  RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1184  otheru = unix_sk(other);
1185 
1186  /* copy address information from listening to new sock*/
1187  if (otheru->addr) {
1188  atomic_inc(&otheru->addr->refcnt);
1189  newu->addr = otheru->addr;
1190  }
1191  if (otheru->path.dentry) {
1192  path_get(&otheru->path);
1193  newu->path = otheru->path;
1194  }
1195 
1196  /* Set credentials */
1197  copy_peercred(sk, other);
1198 
1199  sock->state = SS_CONNECTED;
1200  sk->sk_state = TCP_ESTABLISHED;
1201  sock_hold(newsk);
1202 
1203  smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1204  unix_peer(sk) = newsk;
1205 
1206  unix_state_unlock(sk);
1207 
1208  /* take ten and and send info to listening sock */
1209  spin_lock(&other->sk_receive_queue.lock);
1210  __skb_queue_tail(&other->sk_receive_queue, skb);
1211  spin_unlock(&other->sk_receive_queue.lock);
1212  unix_state_unlock(other);
1213  other->sk_data_ready(other, 0);
1214  sock_put(other);
1215  return 0;
1216 
1217 out_unlock:
1218  if (other)
1219  unix_state_unlock(other);
1220 
1221 out:
1222  kfree_skb(skb);
1223  if (newsk)
1224  unix_release_sock(newsk, 0);
1225  if (other)
1226  sock_put(other);
1227  return err;
1228 }
1229 
1230 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1231 {
1232  struct sock *ska = socka->sk, *skb = sockb->sk;
1233 
1234  /* Join our sockets back to back */
1235  sock_hold(ska);
1236  sock_hold(skb);
1237  unix_peer(ska) = skb;
1238  unix_peer(skb) = ska;
1239  init_peercred(ska);
1240  init_peercred(skb);
1241 
1242  if (ska->sk_type != SOCK_DGRAM) {
1243  ska->sk_state = TCP_ESTABLISHED;
1244  skb->sk_state = TCP_ESTABLISHED;
1245  socka->state = SS_CONNECTED;
1246  sockb->state = SS_CONNECTED;
1247  }
1248  return 0;
1249 }
1250 
1251 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1252 {
1253  struct sock *sk = sock->sk;
1254  struct sock *tsk;
1255  struct sk_buff *skb;
1256  int err;
1257 
1258  err = -EOPNOTSUPP;
1259  if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1260  goto out;
1261 
1262  err = -EINVAL;
1263  if (sk->sk_state != TCP_LISTEN)
1264  goto out;
1265 
1266  /* If socket state is TCP_LISTEN it cannot change (for now...),
1267  * so that no locks are necessary.
1268  */
1269 
1270  skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1271  if (!skb) {
1272  /* This means receive shutdown. */
1273  if (err == 0)
1274  err = -EINVAL;
1275  goto out;
1276  }
1277 
1278  tsk = skb->sk;
1279  skb_free_datagram(sk, skb);
1280  wake_up_interruptible(&unix_sk(sk)->peer_wait);
1281 
1282  /* attach accepted sock to socket */
1283  unix_state_lock(tsk);
1284  newsock->state = SS_CONNECTED;
1285  sock_graft(tsk, newsock);
1286  unix_state_unlock(tsk);
1287  return 0;
1288 
1289 out:
1290  return err;
1291 }
1292 
1293 
1294 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1295 {
1296  struct sock *sk = sock->sk;
1297  struct unix_sock *u;
1298  DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1299  int err = 0;
1300 
1301  if (peer) {
1302  sk = unix_peer_get(sk);
1303 
1304  err = -ENOTCONN;
1305  if (!sk)
1306  goto out;
1307  err = 0;
1308  } else {
1309  sock_hold(sk);
1310  }
1311 
1312  u = unix_sk(sk);
1313  unix_state_lock(sk);
1314  if (!u->addr) {
1315  sunaddr->sun_family = AF_UNIX;
1316  sunaddr->sun_path[0] = 0;
1317  *uaddr_len = sizeof(short);
1318  } else {
1319  struct unix_address *addr = u->addr;
1320 
1321  *uaddr_len = addr->len;
1322  memcpy(sunaddr, addr->name, *uaddr_len);
1323  }
1324  unix_state_unlock(sk);
1325  sock_put(sk);
1326 out:
1327  return err;
1328 }
1329 
1330 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1331 {
1332  int i;
1333 
1334  scm->fp = UNIXCB(skb).fp;
1335  UNIXCB(skb).fp = NULL;
1336 
1337  for (i = scm->fp->count-1; i >= 0; i--)
1338  unix_notinflight(scm->fp->fp[i]);
1339 }
1340 
1341 static void unix_destruct_scm(struct sk_buff *skb)
1342 {
1343  struct scm_cookie scm;
1344  memset(&scm, 0, sizeof(scm));
1345  scm.pid = UNIXCB(skb).pid;
1346  scm.cred = UNIXCB(skb).cred;
1347  if (UNIXCB(skb).fp)
1348  unix_detach_fds(&scm, skb);
1349 
1350  /* Alas, it calls VFS */
1351  /* So fscking what? fput() had been SMP-safe since the last Summer */
1352  scm_destroy(&scm);
1353  sock_wfree(skb);
1354 }
1355 
1356 #define MAX_RECURSION_LEVEL 4
1357 
1358 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1359 {
1360  int i;
1361  unsigned char max_level = 0;
1362  int unix_sock_count = 0;
1363 
1364  for (i = scm->fp->count - 1; i >= 0; i--) {
1365  struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1366 
1367  if (sk) {
1368  unix_sock_count++;
1369  max_level = max(max_level,
1370  unix_sk(sk)->recursion_level);
1371  }
1372  }
1373  if (unlikely(max_level > MAX_RECURSION_LEVEL))
1374  return -ETOOMANYREFS;
1375 
1376  /*
1377  * Need to duplicate file references for the sake of garbage
1378  * collection. Otherwise a socket in the fps might become a
1379  * candidate for GC while the skb is not yet queued.
1380  */
1381  UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1382  if (!UNIXCB(skb).fp)
1383  return -ENOMEM;
1384 
1385  if (unix_sock_count) {
1386  for (i = scm->fp->count - 1; i >= 0; i--)
1387  unix_inflight(scm->fp->fp[i]);
1388  }
1389  return max_level;
1390 }
1391 
1392 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1393 {
1394  int err = 0;
1395 
1396  UNIXCB(skb).pid = get_pid(scm->pid);
1397  if (scm->cred)
1398  UNIXCB(skb).cred = get_cred(scm->cred);
1399  UNIXCB(skb).fp = NULL;
1400  if (scm->fp && send_fds)
1401  err = unix_attach_fds(scm, skb);
1402 
1403  skb->destructor = unix_destruct_scm;
1404  return err;
1405 }
1406 
1407 /*
1408  * Some apps rely on write() giving SCM_CREDENTIALS
1409  * We include credentials if source or destination socket
1410  * asserted SOCK_PASSCRED.
1411  */
1412 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1413  const struct sock *other)
1414 {
1415  if (UNIXCB(skb).cred)
1416  return;
1417  if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1418  !other->sk_socket ||
1419  test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1420  UNIXCB(skb).pid = get_pid(task_tgid(current));
1421  UNIXCB(skb).cred = get_current_cred();
1422  }
1423 }
1424 
1425 /*
1426  * Send AF_UNIX data.
1427  */
1428 
1429 static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1430  struct msghdr *msg, size_t len)
1431 {
1432  struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1433  struct sock *sk = sock->sk;
1434  struct net *net = sock_net(sk);
1435  struct unix_sock *u = unix_sk(sk);
1436  struct sockaddr_un *sunaddr = msg->msg_name;
1437  struct sock *other = NULL;
1438  int namelen = 0; /* fake GCC */
1439  int err;
1440  unsigned int hash;
1441  struct sk_buff *skb;
1442  long timeo;
1443  struct scm_cookie tmp_scm;
1444  int max_level;
1445  int data_len = 0;
1446 
1447  if (NULL == siocb->scm)
1448  siocb->scm = &tmp_scm;
1449  wait_for_unix_gc();
1450  err = scm_send(sock, msg, siocb->scm, false);
1451  if (err < 0)
1452  return err;
1453 
1454  err = -EOPNOTSUPP;
1455  if (msg->msg_flags&MSG_OOB)
1456  goto out;
1457 
1458  if (msg->msg_namelen) {
1459  err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1460  if (err < 0)
1461  goto out;
1462  namelen = err;
1463  } else {
1464  sunaddr = NULL;
1465  err = -ENOTCONN;
1466  other = unix_peer_get(sk);
1467  if (!other)
1468  goto out;
1469  }
1470 
1471  if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1472  && (err = unix_autobind(sock)) != 0)
1473  goto out;
1474 
1475  err = -EMSGSIZE;
1476  if (len > sk->sk_sndbuf - 32)
1477  goto out;
1478 
1479  if (len > SKB_MAX_ALLOC)
1480  data_len = min_t(size_t,
1481  len - SKB_MAX_ALLOC,
1482  MAX_SKB_FRAGS * PAGE_SIZE);
1483 
1484  skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1485  msg->msg_flags & MSG_DONTWAIT, &err);
1486  if (skb == NULL)
1487  goto out;
1488 
1489  err = unix_scm_to_skb(siocb->scm, skb, true);
1490  if (err < 0)
1491  goto out_free;
1492  max_level = err + 1;
1493  unix_get_secdata(siocb->scm, skb);
1494 
1495  skb_put(skb, len - data_len);
1496  skb->data_len = data_len;
1497  skb->len = len;
1498  err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, 0, len);
1499  if (err)
1500  goto out_free;
1501 
1502  timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1503 
1504 restart:
1505  if (!other) {
1506  err = -ECONNRESET;
1507  if (sunaddr == NULL)
1508  goto out_free;
1509 
1510  other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1511  hash, &err);
1512  if (other == NULL)
1513  goto out_free;
1514  }
1515 
1516  if (sk_filter(other, skb) < 0) {
1517  /* Toss the packet but do not return any error to the sender */
1518  err = len;
1519  goto out_free;
1520  }
1521 
1522  unix_state_lock(other);
1523  err = -EPERM;
1524  if (!unix_may_send(sk, other))
1525  goto out_unlock;
1526 
1527  if (sock_flag(other, SOCK_DEAD)) {
1528  /*
1529  * Check with 1003.1g - what should
1530  * datagram error
1531  */
1532  unix_state_unlock(other);
1533  sock_put(other);
1534 
1535  err = 0;
1536  unix_state_lock(sk);
1537  if (unix_peer(sk) == other) {
1538  unix_peer(sk) = NULL;
1539  unix_state_unlock(sk);
1540 
1541  unix_dgram_disconnected(sk, other);
1542  sock_put(other);
1543  err = -ECONNREFUSED;
1544  } else {
1545  unix_state_unlock(sk);
1546  }
1547 
1548  other = NULL;
1549  if (err)
1550  goto out_free;
1551  goto restart;
1552  }
1553 
1554  err = -EPIPE;
1555  if (other->sk_shutdown & RCV_SHUTDOWN)
1556  goto out_unlock;
1557 
1558  if (sk->sk_type != SOCK_SEQPACKET) {
1559  err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1560  if (err)
1561  goto out_unlock;
1562  }
1563 
1564  if (unix_peer(other) != sk && unix_recvq_full(other)) {
1565  if (!timeo) {
1566  err = -EAGAIN;
1567  goto out_unlock;
1568  }
1569 
1570  timeo = unix_wait_for_peer(other, timeo);
1571 
1572  err = sock_intr_errno(timeo);
1573  if (signal_pending(current))
1574  goto out_free;
1575 
1576  goto restart;
1577  }
1578 
1579  if (sock_flag(other, SOCK_RCVTSTAMP))
1580  __net_timestamp(skb);
1581  maybe_add_creds(skb, sock, other);
1582  skb_queue_tail(&other->sk_receive_queue, skb);
1583  if (max_level > unix_sk(other)->recursion_level)
1584  unix_sk(other)->recursion_level = max_level;
1585  unix_state_unlock(other);
1586  other->sk_data_ready(other, len);
1587  sock_put(other);
1588  scm_destroy(siocb->scm);
1589  return len;
1590 
1591 out_unlock:
1592  unix_state_unlock(other);
1593 out_free:
1594  kfree_skb(skb);
1595 out:
1596  if (other)
1597  sock_put(other);
1598  scm_destroy(siocb->scm);
1599  return err;
1600 }
1601 
1602 
1603 static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1604  struct msghdr *msg, size_t len)
1605 {
1606  struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1607  struct sock *sk = sock->sk;
1608  struct sock *other = NULL;
1609  int err, size;
1610  struct sk_buff *skb;
1611  int sent = 0;
1612  struct scm_cookie tmp_scm;
1613  bool fds_sent = false;
1614  int max_level;
1615 
1616  if (NULL == siocb->scm)
1617  siocb->scm = &tmp_scm;
1618  wait_for_unix_gc();
1619  err = scm_send(sock, msg, siocb->scm, false);
1620  if (err < 0)
1621  return err;
1622 
1623  err = -EOPNOTSUPP;
1624  if (msg->msg_flags&MSG_OOB)
1625  goto out_err;
1626 
1627  if (msg->msg_namelen) {
1628  err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1629  goto out_err;
1630  } else {
1631  err = -ENOTCONN;
1632  other = unix_peer(sk);
1633  if (!other)
1634  goto out_err;
1635  }
1636 
1637  if (sk->sk_shutdown & SEND_SHUTDOWN)
1638  goto pipe_err;
1639 
1640  while (sent < len) {
1641  /*
1642  * Optimisation for the fact that under 0.01% of X
1643  * messages typically need breaking up.
1644  */
1645 
1646  size = len-sent;
1647 
1648  /* Keep two messages in the pipe so it schedules better */
1649  if (size > ((sk->sk_sndbuf >> 1) - 64))
1650  size = (sk->sk_sndbuf >> 1) - 64;
1651 
1652  if (size > SKB_MAX_ALLOC)
1653  size = SKB_MAX_ALLOC;
1654 
1655  /*
1656  * Grab a buffer
1657  */
1658 
1659  skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1660  &err);
1661 
1662  if (skb == NULL)
1663  goto out_err;
1664 
1665  /*
1666  * If you pass two values to the sock_alloc_send_skb
1667  * it tries to grab the large buffer with GFP_NOFS
1668  * (which can fail easily), and if it fails grab the
1669  * fallback size buffer which is under a page and will
1670  * succeed. [Alan]
1671  */
1672  size = min_t(int, size, skb_tailroom(skb));
1673 
1674 
1675  /* Only send the fds in the first buffer */
1676  err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1677  if (err < 0) {
1678  kfree_skb(skb);
1679  goto out_err;
1680  }
1681  max_level = err + 1;
1682  fds_sent = true;
1683 
1684  err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1685  if (err) {
1686  kfree_skb(skb);
1687  goto out_err;
1688  }
1689 
1690  unix_state_lock(other);
1691 
1692  if (sock_flag(other, SOCK_DEAD) ||
1693  (other->sk_shutdown & RCV_SHUTDOWN))
1694  goto pipe_err_free;
1695 
1696  maybe_add_creds(skb, sock, other);
1697  skb_queue_tail(&other->sk_receive_queue, skb);
1698  if (max_level > unix_sk(other)->recursion_level)
1699  unix_sk(other)->recursion_level = max_level;
1700  unix_state_unlock(other);
1701  other->sk_data_ready(other, size);
1702  sent += size;
1703  }
1704 
1705  scm_destroy(siocb->scm);
1706  siocb->scm = NULL;
1707 
1708  return sent;
1709 
1710 pipe_err_free:
1711  unix_state_unlock(other);
1712  kfree_skb(skb);
1713 pipe_err:
1714  if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1715  send_sig(SIGPIPE, current, 0);
1716  err = -EPIPE;
1717 out_err:
1718  scm_destroy(siocb->scm);
1719  siocb->scm = NULL;
1720  return sent ? : err;
1721 }
1722 
1723 static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1724  struct msghdr *msg, size_t len)
1725 {
1726  int err;
1727  struct sock *sk = sock->sk;
1728 
1729  err = sock_error(sk);
1730  if (err)
1731  return err;
1732 
1733  if (sk->sk_state != TCP_ESTABLISHED)
1734  return -ENOTCONN;
1735 
1736  if (msg->msg_namelen)
1737  msg->msg_namelen = 0;
1738 
1739  return unix_dgram_sendmsg(kiocb, sock, msg, len);
1740 }
1741 
1742 static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1743  struct msghdr *msg, size_t size,
1744  int flags)
1745 {
1746  struct sock *sk = sock->sk;
1747 
1748  if (sk->sk_state != TCP_ESTABLISHED)
1749  return -ENOTCONN;
1750 
1751  return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1752 }
1753 
1754 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1755 {
1756  struct unix_sock *u = unix_sk(sk);
1757 
1758  msg->msg_namelen = 0;
1759  if (u->addr) {
1760  msg->msg_namelen = u->addr->len;
1761  memcpy(msg->msg_name, u->addr->name, u->addr->len);
1762  }
1763 }
1764 
1765 static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1766  struct msghdr *msg, size_t size,
1767  int flags)
1768 {
1769  struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1770  struct scm_cookie tmp_scm;
1771  struct sock *sk = sock->sk;
1772  struct unix_sock *u = unix_sk(sk);
1773  int noblock = flags & MSG_DONTWAIT;
1774  struct sk_buff *skb;
1775  int err;
1776  int peeked, skip;
1777 
1778  err = -EOPNOTSUPP;
1779  if (flags&MSG_OOB)
1780  goto out;
1781 
1782  msg->msg_namelen = 0;
1783 
1784  err = mutex_lock_interruptible(&u->readlock);
1785  if (err) {
1786  err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1787  goto out;
1788  }
1789 
1790  skip = sk_peek_offset(sk, flags);
1791 
1792  skb = __skb_recv_datagram(sk, flags, &peeked, &skip, &err);
1793  if (!skb) {
1794  unix_state_lock(sk);
1795  /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1796  if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1797  (sk->sk_shutdown & RCV_SHUTDOWN))
1798  err = 0;
1799  unix_state_unlock(sk);
1800  goto out_unlock;
1801  }
1802 
1803  wake_up_interruptible_sync_poll(&u->peer_wait,
1804  POLLOUT | POLLWRNORM | POLLWRBAND);
1805 
1806  if (msg->msg_name)
1807  unix_copy_addr(msg, skb->sk);
1808 
1809  if (size > skb->len - skip)
1810  size = skb->len - skip;
1811  else if (size < skb->len - skip)
1812  msg->msg_flags |= MSG_TRUNC;
1813 
1814  err = skb_copy_datagram_iovec(skb, skip, msg->msg_iov, size);
1815  if (err)
1816  goto out_free;
1817 
1818  if (sock_flag(sk, SOCK_RCVTSTAMP))
1819  __sock_recv_timestamp(msg, sk, skb);
1820 
1821  if (!siocb->scm) {
1822  siocb->scm = &tmp_scm;
1823  memset(&tmp_scm, 0, sizeof(tmp_scm));
1824  }
1825  scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1826  unix_set_secdata(siocb->scm, skb);
1827 
1828  if (!(flags & MSG_PEEK)) {
1829  if (UNIXCB(skb).fp)
1830  unix_detach_fds(siocb->scm, skb);
1831 
1832  sk_peek_offset_bwd(sk, skb->len);
1833  } else {
1834  /* It is questionable: on PEEK we could:
1835  - do not return fds - good, but too simple 8)
1836  - return fds, and do not return them on read (old strategy,
1837  apparently wrong)
1838  - clone fds (I chose it for now, it is the most universal
1839  solution)
1840 
1841  POSIX 1003.1g does not actually define this clearly
1842  at all. POSIX 1003.1g doesn't define a lot of things
1843  clearly however!
1844 
1845  */
1846 
1847  sk_peek_offset_fwd(sk, size);
1848 
1849  if (UNIXCB(skb).fp)
1850  siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1851  }
1852  err = (flags & MSG_TRUNC) ? skb->len - skip : size;
1853 
1854  scm_recv(sock, msg, siocb->scm, flags);
1855 
1856 out_free:
1857  skb_free_datagram(sk, skb);
1858 out_unlock:
1859  mutex_unlock(&u->readlock);
1860 out:
1861  return err;
1862 }
1863 
1864 /*
1865  * Sleep until data has arrive. But check for races..
1866  */
1867 
1868 static long unix_stream_data_wait(struct sock *sk, long timeo)
1869 {
1870  DEFINE_WAIT(wait);
1871 
1872  unix_state_lock(sk);
1873 
1874  for (;;) {
1875  prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1876 
1877  if (!skb_queue_empty(&sk->sk_receive_queue) ||
1878  sk->sk_err ||
1879  (sk->sk_shutdown & RCV_SHUTDOWN) ||
1880  signal_pending(current) ||
1881  !timeo)
1882  break;
1883 
1884  set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1885  unix_state_unlock(sk);
1886  timeo = schedule_timeout(timeo);
1887  unix_state_lock(sk);
1888  clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1889  }
1890 
1891  finish_wait(sk_sleep(sk), &wait);
1892  unix_state_unlock(sk);
1893  return timeo;
1894 }
1895 
1896 
1897 
1898 static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1899  struct msghdr *msg, size_t size,
1900  int flags)
1901 {
1902  struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1903  struct scm_cookie tmp_scm;
1904  struct sock *sk = sock->sk;
1905  struct unix_sock *u = unix_sk(sk);
1906  struct sockaddr_un *sunaddr = msg->msg_name;
1907  int copied = 0;
1908  int check_creds = 0;
1909  int target;
1910  int err = 0;
1911  long timeo;
1912  int skip;
1913 
1914  err = -EINVAL;
1915  if (sk->sk_state != TCP_ESTABLISHED)
1916  goto out;
1917 
1918  err = -EOPNOTSUPP;
1919  if (flags&MSG_OOB)
1920  goto out;
1921 
1922  target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1923  timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1924 
1925  msg->msg_namelen = 0;
1926 
1927  /* Lock the socket to prevent queue disordering
1928  * while sleeps in memcpy_tomsg
1929  */
1930 
1931  if (!siocb->scm) {
1932  siocb->scm = &tmp_scm;
1933  memset(&tmp_scm, 0, sizeof(tmp_scm));
1934  }
1935 
1936  err = mutex_lock_interruptible(&u->readlock);
1937  if (err) {
1938  err = sock_intr_errno(timeo);
1939  goto out;
1940  }
1941 
1942  skip = sk_peek_offset(sk, flags);
1943 
1944  do {
1945  int chunk;
1946  struct sk_buff *skb;
1947 
1948  unix_state_lock(sk);
1949  skb = skb_peek(&sk->sk_receive_queue);
1950 again:
1951  if (skb == NULL) {
1952  unix_sk(sk)->recursion_level = 0;
1953  if (copied >= target)
1954  goto unlock;
1955 
1956  /*
1957  * POSIX 1003.1g mandates this order.
1958  */
1959 
1960  err = sock_error(sk);
1961  if (err)
1962  goto unlock;
1963  if (sk->sk_shutdown & RCV_SHUTDOWN)
1964  goto unlock;
1965 
1966  unix_state_unlock(sk);
1967  err = -EAGAIN;
1968  if (!timeo)
1969  break;
1970  mutex_unlock(&u->readlock);
1971 
1972  timeo = unix_stream_data_wait(sk, timeo);
1973 
1974  if (signal_pending(current)
1975  || mutex_lock_interruptible(&u->readlock)) {
1976  err = sock_intr_errno(timeo);
1977  goto out;
1978  }
1979 
1980  continue;
1981  unlock:
1982  unix_state_unlock(sk);
1983  break;
1984  }
1985 
1986  if (skip >= skb->len) {
1987  skip -= skb->len;
1988  skb = skb_peek_next(skb, &sk->sk_receive_queue);
1989  goto again;
1990  }
1991 
1992  unix_state_unlock(sk);
1993 
1994  if (check_creds) {
1995  /* Never glue messages from different writers */
1996  if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1997  (UNIXCB(skb).cred != siocb->scm->cred))
1998  break;
1999  } else {
2000  /* Copy credentials */
2001  scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
2002  check_creds = 1;
2003  }
2004 
2005  /* Copy address just once */
2006  if (sunaddr) {
2007  unix_copy_addr(msg, skb->sk);
2008  sunaddr = NULL;
2009  }
2010 
2011  chunk = min_t(unsigned int, skb->len - skip, size);
2012  if (memcpy_toiovec(msg->msg_iov, skb->data + skip, chunk)) {
2013  if (copied == 0)
2014  copied = -EFAULT;
2015  break;
2016  }
2017  copied += chunk;
2018  size -= chunk;
2019 
2020  /* Mark read part of skb as used */
2021  if (!(flags & MSG_PEEK)) {
2022  skb_pull(skb, chunk);
2023 
2024  sk_peek_offset_bwd(sk, chunk);
2025 
2026  if (UNIXCB(skb).fp)
2027  unix_detach_fds(siocb->scm, skb);
2028 
2029  if (skb->len)
2030  break;
2031 
2032  skb_unlink(skb, &sk->sk_receive_queue);
2033  consume_skb(skb);
2034 
2035  if (siocb->scm->fp)
2036  break;
2037  } else {
2038  /* It is questionable, see note in unix_dgram_recvmsg.
2039  */
2040  if (UNIXCB(skb).fp)
2041  siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
2042 
2043  sk_peek_offset_fwd(sk, chunk);
2044 
2045  break;
2046  }
2047  } while (size);
2048 
2049  mutex_unlock(&u->readlock);
2050  scm_recv(sock, msg, siocb->scm, flags);
2051 out:
2052  return copied ? : err;
2053 }
2054 
2055 static int unix_shutdown(struct socket *sock, int mode)
2056 {
2057  struct sock *sk = sock->sk;
2058  struct sock *other;
2059 
2060  if (mode < SHUT_RD || mode > SHUT_RDWR)
2061  return -EINVAL;
2062  /* This maps:
2063  * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2064  * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2065  * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2066  */
2067  ++mode;
2068 
2069  unix_state_lock(sk);
2070  sk->sk_shutdown |= mode;
2071  other = unix_peer(sk);
2072  if (other)
2073  sock_hold(other);
2074  unix_state_unlock(sk);
2075  sk->sk_state_change(sk);
2076 
2077  if (other &&
2078  (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2079 
2080  int peer_mode = 0;
2081 
2082  if (mode&RCV_SHUTDOWN)
2083  peer_mode |= SEND_SHUTDOWN;
2084  if (mode&SEND_SHUTDOWN)
2085  peer_mode |= RCV_SHUTDOWN;
2086  unix_state_lock(other);
2087  other->sk_shutdown |= peer_mode;
2088  unix_state_unlock(other);
2089  other->sk_state_change(other);
2090  if (peer_mode == SHUTDOWN_MASK)
2091  sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2092  else if (peer_mode & RCV_SHUTDOWN)
2093  sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2094  }
2095  if (other)
2096  sock_put(other);
2097 
2098  return 0;
2099 }
2100 
2101 long unix_inq_len(struct sock *sk)
2102 {
2103  struct sk_buff *skb;
2104  long amount = 0;
2105 
2106  if (sk->sk_state == TCP_LISTEN)
2107  return -EINVAL;
2108 
2109  spin_lock(&sk->sk_receive_queue.lock);
2110  if (sk->sk_type == SOCK_STREAM ||
2111  sk->sk_type == SOCK_SEQPACKET) {
2112  skb_queue_walk(&sk->sk_receive_queue, skb)
2113  amount += skb->len;
2114  } else {
2115  skb = skb_peek(&sk->sk_receive_queue);
2116  if (skb)
2117  amount = skb->len;
2118  }
2119  spin_unlock(&sk->sk_receive_queue.lock);
2120 
2121  return amount;
2122 }
2123 EXPORT_SYMBOL_GPL(unix_inq_len);
2124 
2125 long unix_outq_len(struct sock *sk)
2126 {
2127  return sk_wmem_alloc_get(sk);
2128 }
2129 EXPORT_SYMBOL_GPL(unix_outq_len);
2130 
2131 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2132 {
2133  struct sock *sk = sock->sk;
2134  long amount = 0;
2135  int err;
2136 
2137  switch (cmd) {
2138  case SIOCOUTQ:
2139  amount = unix_outq_len(sk);
2140  err = put_user(amount, (int __user *)arg);
2141  break;
2142  case SIOCINQ:
2143  amount = unix_inq_len(sk);
2144  if (amount < 0)
2145  err = amount;
2146  else
2147  err = put_user(amount, (int __user *)arg);
2148  break;
2149  default:
2150  err = -ENOIOCTLCMD;
2151  break;
2152  }
2153  return err;
2154 }
2155 
2156 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2157 {
2158  struct sock *sk = sock->sk;
2159  unsigned int mask;
2160 
2161  sock_poll_wait(file, sk_sleep(sk), wait);
2162  mask = 0;
2163 
2164  /* exceptional events? */
2165  if (sk->sk_err)
2166  mask |= POLLERR;
2167  if (sk->sk_shutdown == SHUTDOWN_MASK)
2168  mask |= POLLHUP;
2169  if (sk->sk_shutdown & RCV_SHUTDOWN)
2170  mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2171 
2172  /* readable? */
2173  if (!skb_queue_empty(&sk->sk_receive_queue))
2174  mask |= POLLIN | POLLRDNORM;
2175 
2176  /* Connection-based need to check for termination and startup */
2177  if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2178  sk->sk_state == TCP_CLOSE)
2179  mask |= POLLHUP;
2180 
2181  /*
2182  * we set writable also when the other side has shut down the
2183  * connection. This prevents stuck sockets.
2184  */
2185  if (unix_writable(sk))
2186  mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2187 
2188  return mask;
2189 }
2190 
2191 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2192  poll_table *wait)
2193 {
2194  struct sock *sk = sock->sk, *other;
2195  unsigned int mask, writable;
2196 
2197  sock_poll_wait(file, sk_sleep(sk), wait);
2198  mask = 0;
2199 
2200  /* exceptional events? */
2201  if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2202  mask |= POLLERR;
2203  if (sk->sk_shutdown & RCV_SHUTDOWN)
2204  mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2205  if (sk->sk_shutdown == SHUTDOWN_MASK)
2206  mask |= POLLHUP;
2207 
2208  /* readable? */
2209  if (!skb_queue_empty(&sk->sk_receive_queue))
2210  mask |= POLLIN | POLLRDNORM;
2211 
2212  /* Connection-based need to check for termination and startup */
2213  if (sk->sk_type == SOCK_SEQPACKET) {
2214  if (sk->sk_state == TCP_CLOSE)
2215  mask |= POLLHUP;
2216  /* connection hasn't started yet? */
2217  if (sk->sk_state == TCP_SYN_SENT)
2218  return mask;
2219  }
2220 
2221  /* No write status requested, avoid expensive OUT tests. */
2222  if (!(poll_requested_events(wait) & (POLLWRBAND|POLLWRNORM|POLLOUT)))
2223  return mask;
2224 
2225  writable = unix_writable(sk);
2226  other = unix_peer_get(sk);
2227  if (other) {
2228  if (unix_peer(other) != sk) {
2229  sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2230  if (unix_recvq_full(other))
2231  writable = 0;
2232  }
2233  sock_put(other);
2234  }
2235 
2236  if (writable)
2237  mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2238  else
2239  set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2240 
2241  return mask;
2242 }
2243 
2244 #ifdef CONFIG_PROC_FS
2245 
2246 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2247 
2248 #define get_bucket(x) ((x) >> BUCKET_SPACE)
2249 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2250 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2251 
2252 static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
2253 {
2254  unsigned long offset = get_offset(*pos);
2255  unsigned long bucket = get_bucket(*pos);
2256  struct sock *sk;
2257  unsigned long count = 0;
2258 
2259  for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
2260  if (sock_net(sk) != seq_file_net(seq))
2261  continue;
2262  if (++count == offset)
2263  break;
2264  }
2265 
2266  return sk;
2267 }
2268 
2269 static struct sock *unix_next_socket(struct seq_file *seq,
2270  struct sock *sk,
2271  loff_t *pos)
2272 {
2273  unsigned long bucket;
2274 
2275  while (sk > (struct sock *)SEQ_START_TOKEN) {
2276  sk = sk_next(sk);
2277  if (!sk)
2278  goto next_bucket;
2279  if (sock_net(sk) == seq_file_net(seq))
2280  return sk;
2281  }
2282 
2283  do {
2284  sk = unix_from_bucket(seq, pos);
2285  if (sk)
2286  return sk;
2287 
2288 next_bucket:
2289  bucket = get_bucket(*pos) + 1;
2290  *pos = set_bucket_offset(bucket, 1);
2291  } while (bucket < ARRAY_SIZE(unix_socket_table));
2292 
2293  return NULL;
2294 }
2295 
2296 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2297  __acquires(unix_table_lock)
2298 {
2299  spin_lock(&unix_table_lock);
2300 
2301  if (!*pos)
2302  return SEQ_START_TOKEN;
2303 
2304  if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
2305  return NULL;
2306 
2307  return unix_next_socket(seq, NULL, pos);
2308 }
2309 
2310 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2311 {
2312  ++*pos;
2313  return unix_next_socket(seq, v, pos);
2314 }
2315 
2316 static void unix_seq_stop(struct seq_file *seq, void *v)
2317  __releases(unix_table_lock)
2318 {
2319  spin_unlock(&unix_table_lock);
2320 }
2321 
2322 static int unix_seq_show(struct seq_file *seq, void *v)
2323 {
2324 
2325  if (v == SEQ_START_TOKEN)
2326  seq_puts(seq, "Num RefCount Protocol Flags Type St "
2327  "Inode Path\n");
2328  else {
2329  struct sock *s = v;
2330  struct unix_sock *u = unix_sk(s);
2331  unix_state_lock(s);
2332 
2333  seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2334  s,
2335  atomic_read(&s->sk_refcnt),
2336  0,
2337  s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2338  s->sk_type,
2339  s->sk_socket ?
2340  (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2341  (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2342  sock_i_ino(s));
2343 
2344  if (u->addr) {
2345  int i, len;
2346  seq_putc(seq, ' ');
2347 
2348  i = 0;
2349  len = u->addr->len - sizeof(short);
2350  if (!UNIX_ABSTRACT(s))
2351  len--;
2352  else {
2353  seq_putc(seq, '@');
2354  i++;
2355  }
2356  for ( ; i < len; i++)
2357  seq_putc(seq, u->addr->name->sun_path[i]);
2358  }
2359  unix_state_unlock(s);
2360  seq_putc(seq, '\n');
2361  }
2362 
2363  return 0;
2364 }
2365 
2366 static const struct seq_operations unix_seq_ops = {
2367  .start = unix_seq_start,
2368  .next = unix_seq_next,
2369  .stop = unix_seq_stop,
2370  .show = unix_seq_show,
2371 };
2372 
2373 static int unix_seq_open(struct inode *inode, struct file *file)
2374 {
2375  return seq_open_net(inode, file, &unix_seq_ops,
2376  sizeof(struct seq_net_private));
2377 }
2378 
2379 static const struct file_operations unix_seq_fops = {
2380  .owner = THIS_MODULE,
2381  .open = unix_seq_open,
2382  .read = seq_read,
2383  .llseek = seq_lseek,
2384  .release = seq_release_net,
2385 };
2386 
2387 #endif
2388 
2389 static const struct net_proto_family unix_family_ops = {
2390  .family = PF_UNIX,
2391  .create = unix_create,
2392  .owner = THIS_MODULE,
2393 };
2394 
2395 
2396 static int __net_init unix_net_init(struct net *net)
2397 {
2398  int error = -ENOMEM;
2399 
2400  net->unx.sysctl_max_dgram_qlen = 10;
2401  if (unix_sysctl_register(net))
2402  goto out;
2403 
2404 #ifdef CONFIG_PROC_FS
2405  if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2406  unix_sysctl_unregister(net);
2407  goto out;
2408  }
2409 #endif
2410  error = 0;
2411 out:
2412  return error;
2413 }
2414 
2415 static void __net_exit unix_net_exit(struct net *net)
2416 {
2417  unix_sysctl_unregister(net);
2418  proc_net_remove(net, "unix");
2419 }
2420 
2421 static struct pernet_operations unix_net_ops = {
2422  .init = unix_net_init,
2423  .exit = unix_net_exit,
2424 };
2425 
2426 static int __init af_unix_init(void)
2427 {
2428  int rc = -1;
2429  struct sk_buff *dummy_skb;
2430 
2431  BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2432 
2433  rc = proto_register(&unix_proto, 1);
2434  if (rc != 0) {
2435  printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2436  __func__);
2437  goto out;
2438  }
2439 
2440  sock_register(&unix_family_ops);
2441  register_pernet_subsys(&unix_net_ops);
2442 out:
2443  return rc;
2444 }
2445 
2446 static void __exit af_unix_exit(void)
2447 {
2448  sock_unregister(PF_UNIX);
2449  proto_unregister(&unix_proto);
2450  unregister_pernet_subsys(&unix_net_ops);
2451 }
2452 
2453 /* Earlier than device_initcall() so that other drivers invoking
2454  request_module() don't end up in a loop when modprobe tries
2455  to use a UNIX socket. But later than subsys_initcall() because
2456  we depend on stuff initialised there */
2457 fs_initcall(af_unix_init);
2458 module_exit(af_unix_exit);
2459 
2460 MODULE_LICENSE("GPL");
2461 MODULE_ALIAS_NETPROTO(PF_UNIX);
Generated on Thu Jan 10 2013 15:02:25 for Linux Kernel by   doxygen 1.8.2