Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
1da177e4 LT |
2 | /* |
3 | * NET4: Implementation of BSD Unix domain sockets. | |
4 | * | |
113aa838 | 5 | * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk> |
1da177e4 | 6 | * |
1da177e4 LT |
7 | * Fixes: |
8 | * Linus Torvalds : Assorted bug cures. | |
9 | * Niibe Yutaka : async I/O support. | |
10 | * Carsten Paeth : PF_UNIX check, address fixes. | |
11 | * Alan Cox : Limit size of allocated blocks. | |
12 | * Alan Cox : Fixed the stupid socketpair bug. | |
13 | * Alan Cox : BSD compatibility fine tuning. | |
14 | * Alan Cox : Fixed a bug in connect when interrupted. | |
15 | * Alan Cox : Sorted out a proper draft version of | |
16 | * file descriptor passing hacked up from | |
17 | * Mike Shaver's work. | |
18 | * Marty Leisner : Fixes to fd passing | |
19 | * Nick Nevin : recvmsg bugfix. | |
20 | * Alan Cox : Started proper garbage collector | |
21 | * Heiko EiBfeldt : Missing verify_area check | |
22 | * Alan Cox : Started POSIXisms | |
23 | * Andreas Schwab : Replace inode by dentry for proper | |
24 | * reference counting | |
25 | * Kirk Petersen : Made this a module | |
26 | * Christoph Rohland : Elegant non-blocking accept/connect algorithm. | |
27 | * Lots of bug fixes. | |
28 | * Alexey Kuznetosv : Repaired (I hope) bugs introduces | |
29 | * by above two patches. | |
30 | * Andrea Arcangeli : If possible we block in connect(2) | |
31 | * if the max backlog of the listen socket | |
32 | * is been reached. This won't break | |
33 | * old apps and it will avoid huge amount | |
34 | * of socks hashed (this for unix_gc() | |
35 | * performances reasons). | |
36 | * Security fix that limits the max | |
37 | * number of socks to 2*max_files and | |
38 | * the number of skb queueable in the | |
39 | * dgram receiver. | |
40 | * Artur Skawina : Hash function optimizations | |
41 | * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8) | |
42 | * Malcolm Beattie : Set peercred for socketpair | |
43 | * Michal Ostrowski : Module initialization cleanup. | |
44 | * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT, | |
45 | * the core infrastructure is doing that | |
46 | * for all net proto families now (2.5.69+) | |
47 | * | |
1da177e4 LT |
48 | * Known differences from reference BSD that was tested: |
49 | * | |
50 | * [TO FIX] | |
51 | * ECONNREFUSED is not returned from one end of a connected() socket to the | |
52 | * other the moment one end closes. | |
53 | * fstat() doesn't return st_dev=0, and give the blksize as high water mark | |
54 | * and a fake inode identifier (nor the BSD first socket fstat twice bug). | |
55 | * [NOT TO FIX] | |
56 | * accept() returns a path name even if the connecting socket has closed | |
57 | * in the meantime (BSD loses the path and gives up). | |
58 | * accept() returns 0 length path for an unbound connector. BSD returns 16 | |
59 | * and a null first byte in the path (but not for gethost/peername - BSD bug ??) | |
60 | * socketpair(...SOCK_RAW..) doesn't panic the kernel. | |
61 | * BSD af_unix apparently has connect forgetting to block properly. | |
62 | * (need to check this with the POSIX spec in detail) | |
63 | * | |
64 | * Differences from 2.0.0-11-... (ANK) | |
65 | * Bug fixes and improvements. | |
66 | * - client shutdown killed server socket. | |
67 | * - removed all useless cli/sti pairs. | |
68 | * | |
69 | * Semantic changes/extensions. | |
70 | * - generic control message passing. | |
71 | * - SCM_CREDENTIALS control message. | |
72 | * - "Abstract" (not FS based) socket bindings. | |
73 | * Abstract names are sequences of bytes (not zero terminated) | |
74 | * started by 0, so that this name space does not intersect | |
75 | * with BSD names. | |
76 | */ | |
77 | ||
5cc208be | 78 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
79 | ||
1da177e4 | 80 | #include <linux/module.h> |
1da177e4 | 81 | #include <linux/kernel.h> |
1da177e4 | 82 | #include <linux/signal.h> |
3f07c014 | 83 | #include <linux/sched/signal.h> |
1da177e4 LT |
84 | #include <linux/errno.h> |
85 | #include <linux/string.h> | |
86 | #include <linux/stat.h> | |
87 | #include <linux/dcache.h> | |
88 | #include <linux/namei.h> | |
89 | #include <linux/socket.h> | |
90 | #include <linux/un.h> | |
91 | #include <linux/fcntl.h> | |
b6459415 | 92 | #include <linux/filter.h> |
1da177e4 LT |
93 | #include <linux/termios.h> |
94 | #include <linux/sockios.h> | |
95 | #include <linux/net.h> | |
96 | #include <linux/in.h> | |
97 | #include <linux/fs.h> | |
98 | #include <linux/slab.h> | |
7c0f6ba6 | 99 | #include <linux/uaccess.h> |
1da177e4 LT |
100 | #include <linux/skbuff.h> |
101 | #include <linux/netdevice.h> | |
457c4cbc | 102 | #include <net/net_namespace.h> |
1da177e4 | 103 | #include <net/sock.h> |
c752f073 | 104 | #include <net/tcp_states.h> |
1da177e4 LT |
105 | #include <net/af_unix.h> |
106 | #include <linux/proc_fs.h> | |
107 | #include <linux/seq_file.h> | |
108 | #include <net/scm.h> | |
109 | #include <linux/init.h> | |
110 | #include <linux/poll.h> | |
1da177e4 LT |
111 | #include <linux/rtnetlink.h> |
112 | #include <linux/mount.h> | |
113 | #include <net/checksum.h> | |
114 | #include <linux/security.h> | |
509f15b9 | 115 | #include <linux/splice.h> |
2b15af6f | 116 | #include <linux/freezer.h> |
ba94f308 | 117 | #include <linux/file.h> |
2c860a43 | 118 | #include <linux/btf_ids.h> |
1da177e4 | 119 | |
f4e65870 JA |
120 | #include "scm.h" |
121 | ||
518de9b3 | 122 | static atomic_long_t unix_nr_socks; |
51bae889 KI |
123 | static struct hlist_head bsd_socket_buckets[UNIX_HASH_SIZE / 2]; |
124 | static spinlock_t bsd_socket_locks[UNIX_HASH_SIZE / 2]; | |
1da177e4 | 125 | |
f452be49 | 126 | /* SMP locking strategy: |
2f7ca90a KI |
127 | * hash table is protected with spinlock. |
128 | * each socket state is protected by separate spinlock. | |
f452be49 | 129 | */ |
1da177e4 | 130 | |
f452be49 | 131 | static unsigned int unix_unbound_hash(struct sock *sk) |
7123aaa3 | 132 | { |
f452be49 | 133 | unsigned long hash = (unsigned long)sk; |
7123aaa3 ED |
134 | |
135 | hash ^= hash >> 16; | |
136 | hash ^= hash >> 8; | |
f452be49 KI |
137 | hash ^= sk->sk_type; |
138 | ||
cf21b355 | 139 | return hash & UNIX_HASH_MOD; |
f452be49 KI |
140 | } |
141 | ||
142 | static unsigned int unix_bsd_hash(struct inode *i) | |
143 | { | |
f302d180 | 144 | return i->i_ino & UNIX_HASH_MOD; |
f452be49 KI |
145 | } |
146 | ||
147 | static unsigned int unix_abstract_hash(struct sockaddr_un *sunaddr, | |
148 | int addr_len, int type) | |
149 | { | |
150 | __wsum csum = csum_partial(sunaddr, addr_len, 0); | |
151 | unsigned int hash; | |
152 | ||
153 | hash = (__force unsigned int)csum_fold(csum); | |
154 | hash ^= hash >> 8; | |
155 | hash ^= type; | |
156 | ||
cf21b355 | 157 | return UNIX_HASH_MOD + 1 + (hash & UNIX_HASH_MOD); |
7123aaa3 ED |
158 | } |
159 | ||
79b05bea KI |
160 | static void unix_table_double_lock(struct net *net, |
161 | unsigned int hash1, unsigned int hash2) | |
afd20b92 | 162 | { |
cf21b355 KI |
163 | if (hash1 == hash2) { |
164 | spin_lock(&net->unx.table.locks[hash1]); | |
165 | return; | |
166 | } | |
167 | ||
afd20b92 KI |
168 | if (hash1 > hash2) |
169 | swap(hash1, hash2); | |
170 | ||
79b05bea KI |
171 | spin_lock(&net->unx.table.locks[hash1]); |
172 | spin_lock_nested(&net->unx.table.locks[hash2], SINGLE_DEPTH_NESTING); | |
afd20b92 KI |
173 | } |
174 | ||
79b05bea KI |
175 | static void unix_table_double_unlock(struct net *net, |
176 | unsigned int hash1, unsigned int hash2) | |
afd20b92 | 177 | { |
cf21b355 KI |
178 | if (hash1 == hash2) { |
179 | spin_unlock(&net->unx.table.locks[hash1]); | |
180 | return; | |
181 | } | |
182 | ||
79b05bea KI |
183 | spin_unlock(&net->unx.table.locks[hash1]); |
184 | spin_unlock(&net->unx.table.locks[hash2]); | |
afd20b92 KI |
185 | } |
186 | ||
877ce7c1 | 187 | #ifdef CONFIG_SECURITY_NETWORK |
dc49c1f9 | 188 | static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb) |
877ce7c1 | 189 | { |
37a9a8df | 190 | UNIXCB(skb).secid = scm->secid; |
877ce7c1 CZ |
191 | } |
192 | ||
193 | static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) | |
194 | { | |
37a9a8df SS |
195 | scm->secid = UNIXCB(skb).secid; |
196 | } | |
197 | ||
198 | static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb) | |
199 | { | |
200 | return (scm->secid == UNIXCB(skb).secid); | |
877ce7c1 CZ |
201 | } |
202 | #else | |
dc49c1f9 | 203 | static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb) |
877ce7c1 CZ |
204 | { } |
205 | ||
206 | static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) | |
207 | { } | |
37a9a8df SS |
208 | |
209 | static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb) | |
210 | { | |
211 | return true; | |
212 | } | |
877ce7c1 CZ |
213 | #endif /* CONFIG_SECURITY_NETWORK */ |
214 | ||
1da177e4 LT |
215 | #define unix_peer(sk) (unix_sk(sk)->peer) |
216 | ||
217 | static inline int unix_our_peer(struct sock *sk, struct sock *osk) | |
218 | { | |
219 | return unix_peer(osk) == sk; | |
220 | } | |
221 | ||
222 | static inline int unix_may_send(struct sock *sk, struct sock *osk) | |
223 | { | |
6eba6a37 | 224 | return unix_peer(osk) == NULL || unix_our_peer(sk, osk); |
1da177e4 LT |
225 | } |
226 | ||
86b18aaa | 227 | static inline int unix_recvq_full(const struct sock *sk) |
3c73419c RW |
228 | { |
229 | return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog; | |
230 | } | |
231 | ||
86b18aaa QC |
232 | static inline int unix_recvq_full_lockless(const struct sock *sk) |
233 | { | |
234 | return skb_queue_len_lockless(&sk->sk_receive_queue) > | |
235 | READ_ONCE(sk->sk_max_ack_backlog); | |
236 | } | |
237 | ||
fa7ff56f | 238 | struct sock *unix_peer_get(struct sock *s) |
1da177e4 LT |
239 | { |
240 | struct sock *peer; | |
241 | ||
1c92b4e5 | 242 | unix_state_lock(s); |
1da177e4 LT |
243 | peer = unix_peer(s); |
244 | if (peer) | |
245 | sock_hold(peer); | |
1c92b4e5 | 246 | unix_state_unlock(s); |
1da177e4 LT |
247 | return peer; |
248 | } | |
fa7ff56f | 249 | EXPORT_SYMBOL_GPL(unix_peer_get); |
1da177e4 | 250 | |
12f21c49 KI |
251 | static struct unix_address *unix_create_addr(struct sockaddr_un *sunaddr, |
252 | int addr_len) | |
253 | { | |
254 | struct unix_address *addr; | |
255 | ||
256 | addr = kmalloc(sizeof(*addr) + addr_len, GFP_KERNEL); | |
257 | if (!addr) | |
258 | return NULL; | |
259 | ||
260 | refcount_set(&addr->refcnt, 1); | |
261 | addr->len = addr_len; | |
262 | memcpy(addr->name, sunaddr, addr_len); | |
263 | ||
264 | return addr; | |
265 | } | |
266 | ||
1da177e4 LT |
267 | static inline void unix_release_addr(struct unix_address *addr) |
268 | { | |
8c9814b9 | 269 | if (refcount_dec_and_test(&addr->refcnt)) |
1da177e4 LT |
270 | kfree(addr); |
271 | } | |
272 | ||
273 | /* | |
274 | * Check unix socket name: | |
275 | * - should be not zero length. | |
276 | * - if started by not zero, should be NULL terminated (FS object) | |
277 | * - if started by zero, it is abstract name. | |
278 | */ | |
ac7bfa62 | 279 | |
b8a58aa6 KI |
280 | static int unix_validate_addr(struct sockaddr_un *sunaddr, int addr_len) |
281 | { | |
282 | if (addr_len <= offsetof(struct sockaddr_un, sun_path) || | |
283 | addr_len > sizeof(*sunaddr)) | |
284 | return -EINVAL; | |
285 | ||
286 | if (sunaddr->sun_family != AF_UNIX) | |
287 | return -EINVAL; | |
288 | ||
289 | return 0; | |
290 | } | |
291 | ||
d2d8c9fd KI |
292 | static void unix_mkname_bsd(struct sockaddr_un *sunaddr, int addr_len) |
293 | { | |
294 | /* This may look like an off by one error but it is a bit more | |
295 | * subtle. 108 is the longest valid AF_UNIX path for a binding. | |
296 | * sun_path[108] doesn't as such exist. However in kernel space | |
297 | * we are guaranteed that it is a valid memory location in our | |
298 | * kernel address buffer because syscall functions always pass | |
299 | * a pointer of struct sockaddr_storage which has a bigger buffer | |
300 | * than 108. | |
301 | */ | |
302 | ((char *)sunaddr)[addr_len] = 0; | |
303 | } | |
304 | ||
1da177e4 LT |
305 | static void __unix_remove_socket(struct sock *sk) |
306 | { | |
307 | sk_del_node_init(sk); | |
308 | } | |
309 | ||
cf2f225e | 310 | static void __unix_insert_socket(struct net *net, struct sock *sk) |
1da177e4 | 311 | { |
dd29c67d | 312 | DEBUG_NET_WARN_ON_ONCE(!sk_unhashed(sk)); |
cf2f225e | 313 | sk_add_node(sk, &net->unx.table.buckets[sk->sk_hash]); |
1da177e4 LT |
314 | } |
315 | ||
cf2f225e KI |
316 | static void __unix_set_addr_hash(struct net *net, struct sock *sk, |
317 | struct unix_address *addr, unsigned int hash) | |
185ab886 AV |
318 | { |
319 | __unix_remove_socket(sk); | |
320 | smp_store_release(&unix_sk(sk)->addr, addr); | |
e6b4b873 KI |
321 | |
322 | sk->sk_hash = hash; | |
cf2f225e | 323 | __unix_insert_socket(net, sk); |
185ab886 AV |
324 | } |
325 | ||
79b05bea | 326 | static void unix_remove_socket(struct net *net, struct sock *sk) |
1da177e4 | 327 | { |
79b05bea | 328 | spin_lock(&net->unx.table.locks[sk->sk_hash]); |
1da177e4 | 329 | __unix_remove_socket(sk); |
79b05bea | 330 | spin_unlock(&net->unx.table.locks[sk->sk_hash]); |
1da177e4 LT |
331 | } |
332 | ||
79b05bea | 333 | static void unix_insert_unbound_socket(struct net *net, struct sock *sk) |
1da177e4 | 334 | { |
79b05bea | 335 | spin_lock(&net->unx.table.locks[sk->sk_hash]); |
cf2f225e | 336 | __unix_insert_socket(net, sk); |
79b05bea | 337 | spin_unlock(&net->unx.table.locks[sk->sk_hash]); |
1da177e4 LT |
338 | } |
339 | ||
51bae889 KI |
340 | static void unix_insert_bsd_socket(struct sock *sk) |
341 | { | |
342 | spin_lock(&bsd_socket_locks[sk->sk_hash]); | |
343 | sk_add_bind_node(sk, &bsd_socket_buckets[sk->sk_hash]); | |
344 | spin_unlock(&bsd_socket_locks[sk->sk_hash]); | |
345 | } | |
346 | ||
347 | static void unix_remove_bsd_socket(struct sock *sk) | |
348 | { | |
349 | if (!hlist_unhashed(&sk->sk_bind_node)) { | |
350 | spin_lock(&bsd_socket_locks[sk->sk_hash]); | |
351 | __sk_del_bind_node(sk); | |
352 | spin_unlock(&bsd_socket_locks[sk->sk_hash]); | |
353 | ||
354 | sk_node_init(&sk->sk_bind_node); | |
355 | } | |
356 | } | |
357 | ||
097e66c5 DL |
358 | static struct sock *__unix_find_socket_byname(struct net *net, |
359 | struct sockaddr_un *sunname, | |
be752283 | 360 | int len, unsigned int hash) |
1da177e4 LT |
361 | { |
362 | struct sock *s; | |
1da177e4 | 363 | |
cf2f225e | 364 | sk_for_each(s, &net->unx.table.buckets[hash]) { |
1da177e4 LT |
365 | struct unix_sock *u = unix_sk(s); |
366 | ||
367 | if (u->addr->len == len && | |
368 | !memcmp(u->addr->name, sunname, len)) | |
262ce0af | 369 | return s; |
1da177e4 | 370 | } |
262ce0af | 371 | return NULL; |
1da177e4 LT |
372 | } |
373 | ||
097e66c5 DL |
374 | static inline struct sock *unix_find_socket_byname(struct net *net, |
375 | struct sockaddr_un *sunname, | |
be752283 | 376 | int len, unsigned int hash) |
1da177e4 LT |
377 | { |
378 | struct sock *s; | |
379 | ||
79b05bea | 380 | spin_lock(&net->unx.table.locks[hash]); |
be752283 | 381 | s = __unix_find_socket_byname(net, sunname, len, hash); |
1da177e4 LT |
382 | if (s) |
383 | sock_hold(s); | |
79b05bea | 384 | spin_unlock(&net->unx.table.locks[hash]); |
1da177e4 LT |
385 | return s; |
386 | } | |
387 | ||
51bae889 | 388 | static struct sock *unix_find_socket_byinode(struct inode *i) |
1da177e4 | 389 | { |
f452be49 | 390 | unsigned int hash = unix_bsd_hash(i); |
1da177e4 | 391 | struct sock *s; |
1da177e4 | 392 | |
51bae889 KI |
393 | spin_lock(&bsd_socket_locks[hash]); |
394 | sk_for_each_bound(s, &bsd_socket_buckets[hash]) { | |
40ffe67d | 395 | struct dentry *dentry = unix_sk(s)->path.dentry; |
1da177e4 | 396 | |
beef5121 | 397 | if (dentry && d_backing_inode(dentry) == i) { |
1da177e4 | 398 | sock_hold(s); |
51bae889 | 399 | spin_unlock(&bsd_socket_locks[hash]); |
afd20b92 | 400 | return s; |
1da177e4 LT |
401 | } |
402 | } | |
51bae889 | 403 | spin_unlock(&bsd_socket_locks[hash]); |
afd20b92 | 404 | return NULL; |
1da177e4 LT |
405 | } |
406 | ||
7d267278 RW |
407 | /* Support code for asymmetrically connected dgram sockets |
408 | * | |
409 | * If a datagram socket is connected to a socket not itself connected | |
410 | * to the first socket (eg, /dev/log), clients may only enqueue more | |
411 | * messages if the present receive queue of the server socket is not | |
412 | * "too large". This means there's a second writeability condition | |
413 | * poll and sendmsg need to test. The dgram recv code will do a wake | |
414 | * up on the peer_wait wait queue of a socket upon reception of a | |
415 | * datagram which needs to be propagated to sleeping would-be writers | |
416 | * since these might not have sent anything so far. This can't be | |
417 | * accomplished via poll_wait because the lifetime of the server | |
418 | * socket might be less than that of its clients if these break their | |
419 | * association with it or if the server socket is closed while clients | |
420 | * are still connected to it and there's no way to inform "a polling | |
421 | * implementation" that it should let go of a certain wait queue | |
422 | * | |
ac6424b9 | 423 | * In order to propagate a wake up, a wait_queue_entry_t of the client |
7d267278 RW |
424 | * socket is enqueued on the peer_wait queue of the server socket |
425 | * whose wake function does a wake_up on the ordinary client socket | |
426 | * wait queue. This connection is established whenever a write (or | |
427 | * poll for write) hit the flow control condition and broken when the | |
428 | * association to the server socket is dissolved or after a wake up | |
429 | * was relayed. | |
430 | */ | |
431 | ||
ac6424b9 | 432 | static int unix_dgram_peer_wake_relay(wait_queue_entry_t *q, unsigned mode, int flags, |
7d267278 RW |
433 | void *key) |
434 | { | |
435 | struct unix_sock *u; | |
436 | wait_queue_head_t *u_sleep; | |
437 | ||
438 | u = container_of(q, struct unix_sock, peer_wake); | |
439 | ||
440 | __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait, | |
441 | q); | |
442 | u->peer_wake.private = NULL; | |
443 | ||
444 | /* relaying can only happen while the wq still exists */ | |
445 | u_sleep = sk_sleep(&u->sk); | |
446 | if (u_sleep) | |
3ad6f93e | 447 | wake_up_interruptible_poll(u_sleep, key_to_poll(key)); |
7d267278 RW |
448 | |
449 | return 0; | |
450 | } | |
451 | ||
452 | static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other) | |
453 | { | |
454 | struct unix_sock *u, *u_other; | |
455 | int rc; | |
456 | ||
457 | u = unix_sk(sk); | |
458 | u_other = unix_sk(other); | |
459 | rc = 0; | |
460 | spin_lock(&u_other->peer_wait.lock); | |
461 | ||
462 | if (!u->peer_wake.private) { | |
463 | u->peer_wake.private = other; | |
464 | __add_wait_queue(&u_other->peer_wait, &u->peer_wake); | |
465 | ||
466 | rc = 1; | |
467 | } | |
468 | ||
469 | spin_unlock(&u_other->peer_wait.lock); | |
470 | return rc; | |
471 | } | |
472 | ||
473 | static void unix_dgram_peer_wake_disconnect(struct sock *sk, | |
474 | struct sock *other) | |
475 | { | |
476 | struct unix_sock *u, *u_other; | |
477 | ||
478 | u = unix_sk(sk); | |
479 | u_other = unix_sk(other); | |
480 | spin_lock(&u_other->peer_wait.lock); | |
481 | ||
482 | if (u->peer_wake.private == other) { | |
483 | __remove_wait_queue(&u_other->peer_wait, &u->peer_wake); | |
484 | u->peer_wake.private = NULL; | |
485 | } | |
486 | ||
487 | spin_unlock(&u_other->peer_wait.lock); | |
488 | } | |
489 | ||
490 | static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk, | |
491 | struct sock *other) | |
492 | { | |
493 | unix_dgram_peer_wake_disconnect(sk, other); | |
494 | wake_up_interruptible_poll(sk_sleep(sk), | |
a9a08845 LT |
495 | EPOLLOUT | |
496 | EPOLLWRNORM | | |
497 | EPOLLWRBAND); | |
7d267278 RW |
498 | } |
499 | ||
500 | /* preconditions: | |
501 | * - unix_peer(sk) == other | |
502 | * - association is stable | |
503 | */ | |
504 | static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other) | |
505 | { | |
506 | int connected; | |
507 | ||
508 | connected = unix_dgram_peer_wake_connect(sk, other); | |
509 | ||
51f7e951 JB |
510 | /* If other is SOCK_DEAD, we want to make sure we signal |
511 | * POLLOUT, such that a subsequent write() can get a | |
512 | * -ECONNREFUSED. Otherwise, if we haven't queued any skbs | |
513 | * to other and its full, we will hang waiting for POLLOUT. | |
514 | */ | |
662a8094 | 515 | if (unix_recvq_full_lockless(other) && !sock_flag(other, SOCK_DEAD)) |
7d267278 RW |
516 | return 1; |
517 | ||
518 | if (connected) | |
519 | unix_dgram_peer_wake_disconnect(sk, other); | |
520 | ||
521 | return 0; | |
522 | } | |
523 | ||
1586a587 | 524 | static int unix_writable(const struct sock *sk) |
1da177e4 | 525 | { |
1586a587 | 526 | return sk->sk_state != TCP_LISTEN && |
14afee4b | 527 | (refcount_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf; |
1da177e4 LT |
528 | } |
529 | ||
530 | static void unix_write_space(struct sock *sk) | |
531 | { | |
43815482 ED |
532 | struct socket_wq *wq; |
533 | ||
534 | rcu_read_lock(); | |
1da177e4 | 535 | if (unix_writable(sk)) { |
43815482 | 536 | wq = rcu_dereference(sk->sk_wq); |
1ce0bf50 | 537 | if (skwq_has_sleeper(wq)) |
67426b75 | 538 | wake_up_interruptible_sync_poll(&wq->wait, |
a9a08845 | 539 | EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND); |
8d8ad9d7 | 540 | sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); |
1da177e4 | 541 | } |
43815482 | 542 | rcu_read_unlock(); |
1da177e4 LT |
543 | } |
544 | ||
545 | /* When dgram socket disconnects (or changes its peer), we clear its receive | |
546 | * queue of packets arrived from previous peer. First, it allows to do | |
547 | * flow control based only on wmem_alloc; second, sk connected to peer | |
548 | * may receive messages only from that peer. */ | |
549 | static void unix_dgram_disconnected(struct sock *sk, struct sock *other) | |
550 | { | |
b03efcfb | 551 | if (!skb_queue_empty(&sk->sk_receive_queue)) { |
1da177e4 LT |
552 | skb_queue_purge(&sk->sk_receive_queue); |
553 | wake_up_interruptible_all(&unix_sk(sk)->peer_wait); | |
554 | ||
555 | /* If one link of bidirectional dgram pipe is disconnected, | |
556 | * we signal error. Messages are lost. Do not make this, | |
557 | * when peer was not connected to us. | |
558 | */ | |
559 | if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) { | |
cc04410a | 560 | WRITE_ONCE(other->sk_err, ECONNRESET); |
e3ae2365 | 561 | sk_error_report(other); |
1da177e4 LT |
562 | } |
563 | } | |
dc56ad70 | 564 | other->sk_state = TCP_CLOSE; |
1da177e4 LT |
565 | } |
566 | ||
567 | static void unix_sock_destructor(struct sock *sk) | |
568 | { | |
569 | struct unix_sock *u = unix_sk(sk); | |
570 | ||
571 | skb_queue_purge(&sk->sk_receive_queue); | |
572 | ||
dd29c67d ED |
573 | DEBUG_NET_WARN_ON_ONCE(refcount_read(&sk->sk_wmem_alloc)); |
574 | DEBUG_NET_WARN_ON_ONCE(!sk_unhashed(sk)); | |
575 | DEBUG_NET_WARN_ON_ONCE(sk->sk_socket); | |
1da177e4 | 576 | if (!sock_flag(sk, SOCK_DEAD)) { |
5cc208be | 577 | pr_info("Attempt to release alive unix socket: %p\n", sk); |
1da177e4 LT |
578 | return; |
579 | } | |
580 | ||
581 | if (u->addr) | |
582 | unix_release_addr(u->addr); | |
583 | ||
518de9b3 | 584 | atomic_long_dec(&unix_nr_socks); |
a8076d8d | 585 | sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); |
1da177e4 | 586 | #ifdef UNIX_REFCNT_DEBUG |
5cc208be | 587 | pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk, |
518de9b3 | 588 | atomic_long_read(&unix_nr_socks)); |
1da177e4 LT |
589 | #endif |
590 | } | |
591 | ||
ded34e0f | 592 | static void unix_release_sock(struct sock *sk, int embrion) |
1da177e4 LT |
593 | { |
594 | struct unix_sock *u = unix_sk(sk); | |
1da177e4 LT |
595 | struct sock *skpair; |
596 | struct sk_buff *skb; | |
79b05bea | 597 | struct path path; |
1da177e4 LT |
598 | int state; |
599 | ||
79b05bea | 600 | unix_remove_socket(sock_net(sk), sk); |
51bae889 | 601 | unix_remove_bsd_socket(sk); |
1da177e4 LT |
602 | |
603 | /* Clear state */ | |
1c92b4e5 | 604 | unix_state_lock(sk); |
1da177e4 | 605 | sock_orphan(sk); |
e1d09c2c | 606 | WRITE_ONCE(sk->sk_shutdown, SHUTDOWN_MASK); |
40ffe67d AV |
607 | path = u->path; |
608 | u->path.dentry = NULL; | |
609 | u->path.mnt = NULL; | |
1da177e4 LT |
610 | state = sk->sk_state; |
611 | sk->sk_state = TCP_CLOSE; | |
a494bd64 ED |
612 | |
613 | skpair = unix_peer(sk); | |
614 | unix_peer(sk) = NULL; | |
615 | ||
1c92b4e5 | 616 | unix_state_unlock(sk); |
1da177e4 | 617 | |
7a62ed61 KI |
618 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
619 | if (u->oob_skb) { | |
620 | kfree_skb(u->oob_skb); | |
621 | u->oob_skb = NULL; | |
622 | } | |
623 | #endif | |
624 | ||
1da177e4 LT |
625 | wake_up_interruptible_all(&u->peer_wait); |
626 | ||
e27dfcea | 627 | if (skpair != NULL) { |
1da177e4 | 628 | if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) { |
1c92b4e5 | 629 | unix_state_lock(skpair); |
1da177e4 | 630 | /* No more writes */ |
e1d09c2c | 631 | WRITE_ONCE(skpair->sk_shutdown, SHUTDOWN_MASK); |
1da177e4 | 632 | if (!skb_queue_empty(&sk->sk_receive_queue) || embrion) |
cc04410a | 633 | WRITE_ONCE(skpair->sk_err, ECONNRESET); |
1c92b4e5 | 634 | unix_state_unlock(skpair); |
1da177e4 | 635 | skpair->sk_state_change(skpair); |
8d8ad9d7 | 636 | sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP); |
1da177e4 | 637 | } |
7d267278 RW |
638 | |
639 | unix_dgram_peer_wake_disconnect(sk, skpair); | |
1da177e4 | 640 | sock_put(skpair); /* It may now die */ |
1da177e4 LT |
641 | } |
642 | ||
643 | /* Try to flush out this socket. Throw out buffers at least */ | |
644 | ||
645 | while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) { | |
e27dfcea | 646 | if (state == TCP_LISTEN) |
1da177e4 LT |
647 | unix_release_sock(skb->sk, 1); |
648 | /* passed fds are erased in the kfree_skb hook */ | |
73ed5d25 | 649 | UNIXCB(skb).consumed = skb->len; |
1da177e4 LT |
650 | kfree_skb(skb); |
651 | } | |
652 | ||
40ffe67d AV |
653 | if (path.dentry) |
654 | path_put(&path); | |
1da177e4 LT |
655 | |
656 | sock_put(sk); | |
657 | ||
658 | /* ---- Socket is dead now and most probably destroyed ---- */ | |
659 | ||
660 | /* | |
e04dae84 | 661 | * Fixme: BSD difference: In BSD all sockets connected to us get |
1da177e4 LT |
662 | * ECONNRESET and we die on the spot. In Linux we behave |
663 | * like files and pipes do and wait for the last | |
664 | * dereference. | |
665 | * | |
666 | * Can't we simply set sock->err? | |
667 | * | |
668 | * What the above comment does talk about? --ANK(980817) | |
669 | */ | |
670 | ||
9305cfa4 | 671 | if (unix_tot_inflight) |
ac7bfa62 | 672 | unix_gc(); /* Garbage collect fds */ |
1da177e4 LT |
673 | } |
674 | ||
109f6e39 EB |
675 | static void init_peercred(struct sock *sk) |
676 | { | |
35306eb2 ED |
677 | const struct cred *old_cred; |
678 | struct pid *old_pid; | |
679 | ||
680 | spin_lock(&sk->sk_peer_lock); | |
681 | old_pid = sk->sk_peer_pid; | |
682 | old_cred = sk->sk_peer_cred; | |
109f6e39 EB |
683 | sk->sk_peer_pid = get_pid(task_tgid(current)); |
684 | sk->sk_peer_cred = get_current_cred(); | |
35306eb2 ED |
685 | spin_unlock(&sk->sk_peer_lock); |
686 | ||
687 | put_pid(old_pid); | |
688 | put_cred(old_cred); | |
109f6e39 EB |
689 | } |
690 | ||
691 | static void copy_peercred(struct sock *sk, struct sock *peersk) | |
692 | { | |
35306eb2 ED |
693 | const struct cred *old_cred; |
694 | struct pid *old_pid; | |
695 | ||
696 | if (sk < peersk) { | |
697 | spin_lock(&sk->sk_peer_lock); | |
698 | spin_lock_nested(&peersk->sk_peer_lock, SINGLE_DEPTH_NESTING); | |
699 | } else { | |
700 | spin_lock(&peersk->sk_peer_lock); | |
701 | spin_lock_nested(&sk->sk_peer_lock, SINGLE_DEPTH_NESTING); | |
702 | } | |
703 | old_pid = sk->sk_peer_pid; | |
704 | old_cred = sk->sk_peer_cred; | |
109f6e39 EB |
705 | sk->sk_peer_pid = get_pid(peersk->sk_peer_pid); |
706 | sk->sk_peer_cred = get_cred(peersk->sk_peer_cred); | |
35306eb2 ED |
707 | |
708 | spin_unlock(&sk->sk_peer_lock); | |
709 | spin_unlock(&peersk->sk_peer_lock); | |
710 | ||
711 | put_pid(old_pid); | |
712 | put_cred(old_cred); | |
109f6e39 EB |
713 | } |
714 | ||
1da177e4 LT |
715 | static int unix_listen(struct socket *sock, int backlog) |
716 | { | |
717 | int err; | |
718 | struct sock *sk = sock->sk; | |
719 | struct unix_sock *u = unix_sk(sk); | |
720 | ||
721 | err = -EOPNOTSUPP; | |
6eba6a37 ED |
722 | if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET) |
723 | goto out; /* Only stream/seqpacket sockets accept */ | |
1da177e4 LT |
724 | err = -EINVAL; |
725 | if (!u->addr) | |
6eba6a37 | 726 | goto out; /* No listens on an unbound socket */ |
1c92b4e5 | 727 | unix_state_lock(sk); |
1da177e4 LT |
728 | if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN) |
729 | goto out_unlock; | |
730 | if (backlog > sk->sk_max_ack_backlog) | |
731 | wake_up_interruptible_all(&u->peer_wait); | |
732 | sk->sk_max_ack_backlog = backlog; | |
733 | sk->sk_state = TCP_LISTEN; | |
734 | /* set credentials so connect can copy them */ | |
109f6e39 | 735 | init_peercred(sk); |
1da177e4 LT |
736 | err = 0; |
737 | ||
738 | out_unlock: | |
1c92b4e5 | 739 | unix_state_unlock(sk); |
1da177e4 LT |
740 | out: |
741 | return err; | |
742 | } | |
743 | ||
744 | static int unix_release(struct socket *); | |
745 | static int unix_bind(struct socket *, struct sockaddr *, int); | |
746 | static int unix_stream_connect(struct socket *, struct sockaddr *, | |
747 | int addr_len, int flags); | |
748 | static int unix_socketpair(struct socket *, struct socket *); | |
cdfbabfb | 749 | static int unix_accept(struct socket *, struct socket *, int, bool); |
9b2c45d4 | 750 | static int unix_getname(struct socket *, struct sockaddr *, int); |
a11e1d43 LT |
751 | static __poll_t unix_poll(struct file *, struct socket *, poll_table *); |
752 | static __poll_t unix_dgram_poll(struct file *, struct socket *, | |
753 | poll_table *); | |
1da177e4 | 754 | static int unix_ioctl(struct socket *, unsigned int, unsigned long); |
5f6beb9e AB |
755 | #ifdef CONFIG_COMPAT |
756 | static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg); | |
757 | #endif | |
1da177e4 | 758 | static int unix_shutdown(struct socket *, int); |
1b784140 YX |
759 | static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t); |
760 | static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int); | |
869e7c62 HFS |
761 | static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset, |
762 | size_t size, int flags); | |
2b514574 HFS |
763 | static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos, |
764 | struct pipe_inode_info *, size_t size, | |
765 | unsigned int flags); | |
1b784140 YX |
766 | static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t); |
767 | static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int); | |
965b57b4 CW |
768 | static int unix_read_skb(struct sock *sk, skb_read_actor_t recv_actor); |
769 | static int unix_stream_read_skb(struct sock *sk, skb_read_actor_t recv_actor); | |
1da177e4 LT |
770 | static int unix_dgram_connect(struct socket *, struct sockaddr *, |
771 | int, int); | |
1b784140 YX |
772 | static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t); |
773 | static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t, | |
774 | int); | |
1da177e4 | 775 | |
12663bfc | 776 | static int unix_set_peek_off(struct sock *sk, int val) |
f55bb7f9 PE |
777 | { |
778 | struct unix_sock *u = unix_sk(sk); | |
779 | ||
6e1ce3c3 | 780 | if (mutex_lock_interruptible(&u->iolock)) |
12663bfc SL |
781 | return -EINTR; |
782 | ||
f55bb7f9 | 783 | sk->sk_peek_off = val; |
6e1ce3c3 | 784 | mutex_unlock(&u->iolock); |
12663bfc SL |
785 | |
786 | return 0; | |
f55bb7f9 PE |
787 | } |
788 | ||
5c05a164 | 789 | #ifdef CONFIG_PROC_FS |
de437089 KT |
790 | static int unix_count_nr_fds(struct sock *sk) |
791 | { | |
792 | struct sk_buff *skb; | |
793 | struct unix_sock *u; | |
794 | int nr_fds = 0; | |
795 | ||
796 | spin_lock(&sk->sk_receive_queue.lock); | |
797 | skb = skb_peek(&sk->sk_receive_queue); | |
798 | while (skb) { | |
799 | u = unix_sk(skb->sk); | |
800 | nr_fds += atomic_read(&u->scm_stat.nr_fds); | |
801 | skb = skb_peek_next(skb, &sk->sk_receive_queue); | |
802 | } | |
803 | spin_unlock(&sk->sk_receive_queue.lock); | |
804 | ||
805 | return nr_fds; | |
806 | } | |
807 | ||
3c32da19 KT |
808 | static void unix_show_fdinfo(struct seq_file *m, struct socket *sock) |
809 | { | |
810 | struct sock *sk = sock->sk; | |
b27401a3 | 811 | unsigned char s_state; |
3c32da19 | 812 | struct unix_sock *u; |
b27401a3 | 813 | int nr_fds = 0; |
3c32da19 KT |
814 | |
815 | if (sk) { | |
b27401a3 | 816 | s_state = READ_ONCE(sk->sk_state); |
de437089 | 817 | u = unix_sk(sk); |
de437089 | 818 | |
b27401a3 KT |
819 | /* SOCK_STREAM and SOCK_SEQPACKET sockets never change their |
820 | * sk_state after switching to TCP_ESTABLISHED or TCP_LISTEN. | |
821 | * SOCK_DGRAM is ordinary. So, no lock is needed. | |
822 | */ | |
823 | if (sock->type == SOCK_DGRAM || s_state == TCP_ESTABLISHED) | |
de437089 | 824 | nr_fds = atomic_read(&u->scm_stat.nr_fds); |
b27401a3 | 825 | else if (s_state == TCP_LISTEN) |
de437089 | 826 | nr_fds = unix_count_nr_fds(sk); |
b27401a3 | 827 | |
de437089 | 828 | seq_printf(m, "scm_fds: %u\n", nr_fds); |
3c32da19 KT |
829 | } |
830 | } | |
3a12500e TK |
831 | #else |
832 | #define unix_show_fdinfo NULL | |
833 | #endif | |
f55bb7f9 | 834 | |
90ddc4f0 | 835 | static const struct proto_ops unix_stream_ops = { |
1da177e4 LT |
836 | .family = PF_UNIX, |
837 | .owner = THIS_MODULE, | |
838 | .release = unix_release, | |
839 | .bind = unix_bind, | |
840 | .connect = unix_stream_connect, | |
841 | .socketpair = unix_socketpair, | |
842 | .accept = unix_accept, | |
843 | .getname = unix_getname, | |
a11e1d43 | 844 | .poll = unix_poll, |
1da177e4 | 845 | .ioctl = unix_ioctl, |
5f6beb9e AB |
846 | #ifdef CONFIG_COMPAT |
847 | .compat_ioctl = unix_compat_ioctl, | |
848 | #endif | |
1da177e4 LT |
849 | .listen = unix_listen, |
850 | .shutdown = unix_shutdown, | |
1da177e4 LT |
851 | .sendmsg = unix_stream_sendmsg, |
852 | .recvmsg = unix_stream_recvmsg, | |
965b57b4 | 853 | .read_skb = unix_stream_read_skb, |
1da177e4 | 854 | .mmap = sock_no_mmap, |
869e7c62 | 855 | .sendpage = unix_stream_sendpage, |
2b514574 | 856 | .splice_read = unix_stream_splice_read, |
fc0d7536 | 857 | .set_peek_off = unix_set_peek_off, |
3c32da19 | 858 | .show_fdinfo = unix_show_fdinfo, |
1da177e4 LT |
859 | }; |
860 | ||
90ddc4f0 | 861 | static const struct proto_ops unix_dgram_ops = { |
1da177e4 LT |
862 | .family = PF_UNIX, |
863 | .owner = THIS_MODULE, | |
864 | .release = unix_release, | |
865 | .bind = unix_bind, | |
866 | .connect = unix_dgram_connect, | |
867 | .socketpair = unix_socketpair, | |
868 | .accept = sock_no_accept, | |
869 | .getname = unix_getname, | |
a11e1d43 | 870 | .poll = unix_dgram_poll, |
1da177e4 | 871 | .ioctl = unix_ioctl, |
5f6beb9e AB |
872 | #ifdef CONFIG_COMPAT |
873 | .compat_ioctl = unix_compat_ioctl, | |
874 | #endif | |
1da177e4 LT |
875 | .listen = sock_no_listen, |
876 | .shutdown = unix_shutdown, | |
1da177e4 | 877 | .sendmsg = unix_dgram_sendmsg, |
965b57b4 | 878 | .read_skb = unix_read_skb, |
1da177e4 LT |
879 | .recvmsg = unix_dgram_recvmsg, |
880 | .mmap = sock_no_mmap, | |
881 | .sendpage = sock_no_sendpage, | |
f55bb7f9 | 882 | .set_peek_off = unix_set_peek_off, |
3c32da19 | 883 | .show_fdinfo = unix_show_fdinfo, |
1da177e4 LT |
884 | }; |
885 | ||
90ddc4f0 | 886 | static const struct proto_ops unix_seqpacket_ops = { |
1da177e4 LT |
887 | .family = PF_UNIX, |
888 | .owner = THIS_MODULE, | |
889 | .release = unix_release, | |
890 | .bind = unix_bind, | |
891 | .connect = unix_stream_connect, | |
892 | .socketpair = unix_socketpair, | |
893 | .accept = unix_accept, | |
894 | .getname = unix_getname, | |
a11e1d43 | 895 | .poll = unix_dgram_poll, |
1da177e4 | 896 | .ioctl = unix_ioctl, |
5f6beb9e AB |
897 | #ifdef CONFIG_COMPAT |
898 | .compat_ioctl = unix_compat_ioctl, | |
899 | #endif | |
1da177e4 LT |
900 | .listen = unix_listen, |
901 | .shutdown = unix_shutdown, | |
1da177e4 | 902 | .sendmsg = unix_seqpacket_sendmsg, |
a05d2ad1 | 903 | .recvmsg = unix_seqpacket_recvmsg, |
1da177e4 LT |
904 | .mmap = sock_no_mmap, |
905 | .sendpage = sock_no_sendpage, | |
f55bb7f9 | 906 | .set_peek_off = unix_set_peek_off, |
3c32da19 | 907 | .show_fdinfo = unix_show_fdinfo, |
1da177e4 LT |
908 | }; |
909 | ||
c7272e15 CW |
910 | static void unix_close(struct sock *sk, long timeout) |
911 | { | |
912 | /* Nothing to do here, unix socket does not need a ->close(). | |
913 | * This is merely for sockmap. | |
914 | */ | |
915 | } | |
916 | ||
94531cfc JW |
917 | static void unix_unhash(struct sock *sk) |
918 | { | |
919 | /* Nothing to do here, unix socket does not need a ->unhash(). | |
920 | * This is merely for sockmap. | |
921 | */ | |
922 | } | |
923 | ||
924 | struct proto unix_dgram_proto = { | |
0edf0824 | 925 | .name = "UNIX", |
248969ae | 926 | .owner = THIS_MODULE, |
248969ae | 927 | .obj_size = sizeof(struct unix_sock), |
c7272e15 | 928 | .close = unix_close, |
c6382918 | 929 | #ifdef CONFIG_BPF_SYSCALL |
94531cfc | 930 | .psock_update_sk_prot = unix_dgram_bpf_update_proto, |
c6382918 | 931 | #endif |
1da177e4 LT |
932 | }; |
933 | ||
94531cfc JW |
934 | struct proto unix_stream_proto = { |
935 | .name = "UNIX-STREAM", | |
248969ae | 936 | .owner = THIS_MODULE, |
248969ae | 937 | .obj_size = sizeof(struct unix_sock), |
c7272e15 | 938 | .close = unix_close, |
94531cfc | 939 | .unhash = unix_unhash, |
c6382918 | 940 | #ifdef CONFIG_BPF_SYSCALL |
94531cfc | 941 | .psock_update_sk_prot = unix_stream_bpf_update_proto, |
c6382918 | 942 | #endif |
1da177e4 LT |
943 | }; |
944 | ||
94531cfc | 945 | static struct sock *unix_create1(struct net *net, struct socket *sock, int kern, int type) |
1da177e4 | 946 | { |
1da177e4 | 947 | struct unix_sock *u; |
f4bd73b5 KI |
948 | struct sock *sk; |
949 | int err; | |
1da177e4 | 950 | |
518de9b3 | 951 | atomic_long_inc(&unix_nr_socks); |
f4bd73b5 KI |
952 | if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files()) { |
953 | err = -ENFILE; | |
954 | goto err; | |
955 | } | |
1da177e4 | 956 | |
94531cfc JW |
957 | if (type == SOCK_STREAM) |
958 | sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_stream_proto, kern); | |
959 | else /*dgram and seqpacket */ | |
960 | sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_dgram_proto, kern); | |
961 | ||
f4bd73b5 KI |
962 | if (!sk) { |
963 | err = -ENOMEM; | |
964 | goto err; | |
965 | } | |
1da177e4 | 966 | |
6eba6a37 | 967 | sock_init_data(sock, sk); |
1da177e4 | 968 | |
e6b4b873 | 969 | sk->sk_hash = unix_unbound_hash(sk); |
3aa9799e | 970 | sk->sk_allocation = GFP_KERNEL_ACCOUNT; |
1da177e4 | 971 | sk->sk_write_space = unix_write_space; |
a0a53c8b | 972 | sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen; |
1da177e4 LT |
973 | sk->sk_destruct = unix_sock_destructor; |
974 | u = unix_sk(sk); | |
40ffe67d AV |
975 | u->path.dentry = NULL; |
976 | u->path.mnt = NULL; | |
fd19f329 | 977 | spin_lock_init(&u->lock); |
516e0cc5 | 978 | atomic_long_set(&u->inflight, 0); |
1fd05ba5 | 979 | INIT_LIST_HEAD(&u->link); |
6e1ce3c3 LT |
980 | mutex_init(&u->iolock); /* single task reading lock */ |
981 | mutex_init(&u->bindlock); /* single task binding lock */ | |
1da177e4 | 982 | init_waitqueue_head(&u->peer_wait); |
7d267278 | 983 | init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay); |
3c32da19 | 984 | memset(&u->scm_stat, 0, sizeof(struct scm_stat)); |
79b05bea | 985 | unix_insert_unbound_socket(net, sk); |
f4bd73b5 | 986 | |
340c3d33 | 987 | sock_prot_inuse_add(net, sk->sk_prot, 1); |
f4bd73b5 | 988 | |
1da177e4 | 989 | return sk; |
f4bd73b5 KI |
990 | |
991 | err: | |
992 | atomic_long_dec(&unix_nr_socks); | |
993 | return ERR_PTR(err); | |
1da177e4 LT |
994 | } |
995 | ||
3f378b68 EP |
996 | static int unix_create(struct net *net, struct socket *sock, int protocol, |
997 | int kern) | |
1da177e4 | 998 | { |
f4bd73b5 KI |
999 | struct sock *sk; |
1000 | ||
1da177e4 LT |
1001 | if (protocol && protocol != PF_UNIX) |
1002 | return -EPROTONOSUPPORT; | |
1003 | ||
1004 | sock->state = SS_UNCONNECTED; | |
1005 | ||
1006 | switch (sock->type) { | |
1007 | case SOCK_STREAM: | |
1008 | sock->ops = &unix_stream_ops; | |
1009 | break; | |
1010 | /* | |
1011 | * Believe it or not BSD has AF_UNIX, SOCK_RAW though | |
1012 | * nothing uses it. | |
1013 | */ | |
1014 | case SOCK_RAW: | |
e27dfcea | 1015 | sock->type = SOCK_DGRAM; |
df561f66 | 1016 | fallthrough; |
1da177e4 LT |
1017 | case SOCK_DGRAM: |
1018 | sock->ops = &unix_dgram_ops; | |
1019 | break; | |
1020 | case SOCK_SEQPACKET: | |
1021 | sock->ops = &unix_seqpacket_ops; | |
1022 | break; | |
1023 | default: | |
1024 | return -ESOCKTNOSUPPORT; | |
1025 | } | |
1026 | ||
f4bd73b5 KI |
1027 | sk = unix_create1(net, sock, kern, sock->type); |
1028 | if (IS_ERR(sk)) | |
1029 | return PTR_ERR(sk); | |
1030 | ||
1031 | return 0; | |
1da177e4 LT |
1032 | } |
1033 | ||
1034 | static int unix_release(struct socket *sock) | |
1035 | { | |
1036 | struct sock *sk = sock->sk; | |
1037 | ||
1038 | if (!sk) | |
1039 | return 0; | |
1040 | ||
c7272e15 | 1041 | sk->sk_prot->close(sk, 0); |
ded34e0f | 1042 | unix_release_sock(sk, 0); |
1da177e4 LT |
1043 | sock->sk = NULL; |
1044 | ||
ded34e0f | 1045 | return 0; |
1da177e4 LT |
1046 | } |
1047 | ||
51bae889 KI |
1048 | static struct sock *unix_find_bsd(struct sockaddr_un *sunaddr, int addr_len, |
1049 | int type) | |
fa39ef0e KI |
1050 | { |
1051 | struct inode *inode; | |
1052 | struct path path; | |
1053 | struct sock *sk; | |
1054 | int err; | |
1055 | ||
d2d8c9fd | 1056 | unix_mkname_bsd(sunaddr, addr_len); |
fa39ef0e KI |
1057 | err = kern_path(sunaddr->sun_path, LOOKUP_FOLLOW, &path); |
1058 | if (err) | |
1059 | goto fail; | |
1060 | ||
1061 | err = path_permission(&path, MAY_WRITE); | |
1062 | if (err) | |
1063 | goto path_put; | |
1064 | ||
1065 | err = -ECONNREFUSED; | |
1066 | inode = d_backing_inode(path.dentry); | |
1067 | if (!S_ISSOCK(inode->i_mode)) | |
1068 | goto path_put; | |
1069 | ||
51bae889 | 1070 | sk = unix_find_socket_byinode(inode); |
fa39ef0e KI |
1071 | if (!sk) |
1072 | goto path_put; | |
1073 | ||
1074 | err = -EPROTOTYPE; | |
1075 | if (sk->sk_type == type) | |
1076 | touch_atime(&path); | |
1077 | else | |
1078 | goto sock_put; | |
1079 | ||
1080 | path_put(&path); | |
1081 | ||
1082 | return sk; | |
1083 | ||
1084 | sock_put: | |
1085 | sock_put(sk); | |
1086 | path_put: | |
1087 | path_put(&path); | |
1088 | fail: | |
aed26f55 | 1089 | return ERR_PTR(err); |
fa39ef0e KI |
1090 | } |
1091 | ||
1092 | static struct sock *unix_find_abstract(struct net *net, | |
1093 | struct sockaddr_un *sunaddr, | |
d2d8c9fd | 1094 | int addr_len, int type) |
fa39ef0e | 1095 | { |
f452be49 | 1096 | unsigned int hash = unix_abstract_hash(sunaddr, addr_len, type); |
fa39ef0e KI |
1097 | struct dentry *dentry; |
1098 | struct sock *sk; | |
1099 | ||
f452be49 | 1100 | sk = unix_find_socket_byname(net, sunaddr, addr_len, hash); |
aed26f55 KI |
1101 | if (!sk) |
1102 | return ERR_PTR(-ECONNREFUSED); | |
fa39ef0e KI |
1103 | |
1104 | dentry = unix_sk(sk)->path.dentry; | |
1105 | if (dentry) | |
1106 | touch_atime(&unix_sk(sk)->path); | |
1107 | ||
1108 | return sk; | |
1109 | } | |
1110 | ||
1111 | static struct sock *unix_find_other(struct net *net, | |
1112 | struct sockaddr_un *sunaddr, | |
d2d8c9fd | 1113 | int addr_len, int type) |
fa39ef0e KI |
1114 | { |
1115 | struct sock *sk; | |
1116 | ||
1117 | if (sunaddr->sun_path[0]) | |
51bae889 | 1118 | sk = unix_find_bsd(sunaddr, addr_len, type); |
fa39ef0e | 1119 | else |
d2d8c9fd | 1120 | sk = unix_find_abstract(net, sunaddr, addr_len, type); |
fa39ef0e KI |
1121 | |
1122 | return sk; | |
1123 | } | |
1124 | ||
f7ed31f4 | 1125 | static int unix_autobind(struct sock *sk) |
1da177e4 | 1126 | { |
afd20b92 | 1127 | unsigned int new_hash, old_hash = sk->sk_hash; |
1da177e4 | 1128 | struct unix_sock *u = unix_sk(sk); |
79b05bea | 1129 | struct net *net = sock_net(sk); |
6eba6a37 | 1130 | struct unix_address *addr; |
9acbc584 | 1131 | u32 lastnum, ordernum; |
f7ed31f4 | 1132 | int err; |
1da177e4 | 1133 | |
6e1ce3c3 | 1134 | err = mutex_lock_interruptible(&u->bindlock); |
37ab4fa7 SL |
1135 | if (err) |
1136 | return err; | |
1da177e4 | 1137 | |
1da177e4 LT |
1138 | if (u->addr) |
1139 | goto out; | |
1140 | ||
1141 | err = -ENOMEM; | |
755662ce KI |
1142 | addr = kzalloc(sizeof(*addr) + |
1143 | offsetof(struct sockaddr_un, sun_path) + 16, GFP_KERNEL); | |
1da177e4 LT |
1144 | if (!addr) |
1145 | goto out; | |
1146 | ||
9acbc584 | 1147 | addr->len = offsetof(struct sockaddr_un, sun_path) + 6; |
1da177e4 | 1148 | addr->name->sun_family = AF_UNIX; |
8c9814b9 | 1149 | refcount_set(&addr->refcnt, 1); |
1da177e4 | 1150 | |
a251c17a | 1151 | ordernum = get_random_u32(); |
9acbc584 | 1152 | lastnum = ordernum & 0xFFFFF; |
1da177e4 | 1153 | retry: |
9acbc584 KI |
1154 | ordernum = (ordernum + 1) & 0xFFFFF; |
1155 | sprintf(addr->name->sun_path + 1, "%05x", ordernum); | |
1da177e4 | 1156 | |
e6b4b873 | 1157 | new_hash = unix_abstract_hash(addr->name, addr->len, sk->sk_type); |
79b05bea | 1158 | unix_table_double_lock(net, old_hash, new_hash); |
1da177e4 | 1159 | |
79b05bea KI |
1160 | if (__unix_find_socket_byname(net, addr->name, addr->len, new_hash)) { |
1161 | unix_table_double_unlock(net, old_hash, new_hash); | |
afd20b92 | 1162 | |
9acbc584 | 1163 | /* __unix_find_socket_byname() may take long time if many names |
8df73ff9 TH |
1164 | * are already in use. |
1165 | */ | |
1166 | cond_resched(); | |
9acbc584 KI |
1167 | |
1168 | if (ordernum == lastnum) { | |
1169 | /* Give up if all names seems to be in use. */ | |
8df73ff9 | 1170 | err = -ENOSPC; |
9acbc584 | 1171 | unix_release_addr(addr); |
8df73ff9 TH |
1172 | goto out; |
1173 | } | |
9acbc584 | 1174 | |
1da177e4 LT |
1175 | goto retry; |
1176 | } | |
1da177e4 | 1177 | |
cf2f225e | 1178 | __unix_set_addr_hash(net, sk, addr, new_hash); |
79b05bea | 1179 | unix_table_double_unlock(net, old_hash, new_hash); |
1da177e4 LT |
1180 | err = 0; |
1181 | ||
6e1ce3c3 | 1182 | out: mutex_unlock(&u->bindlock); |
1da177e4 LT |
1183 | return err; |
1184 | } | |
1185 | ||
12f21c49 KI |
1186 | static int unix_bind_bsd(struct sock *sk, struct sockaddr_un *sunaddr, |
1187 | int addr_len) | |
faf02010 | 1188 | { |
71e6be6f AV |
1189 | umode_t mode = S_IFSOCK | |
1190 | (SOCK_INODE(sk->sk_socket)->i_mode & ~current_umask()); | |
afd20b92 | 1191 | unsigned int new_hash, old_hash = sk->sk_hash; |
12f21c49 | 1192 | struct unix_sock *u = unix_sk(sk); |
79b05bea | 1193 | struct net *net = sock_net(sk); |
abf08576 | 1194 | struct mnt_idmap *idmap; |
12f21c49 | 1195 | struct unix_address *addr; |
38f7bd94 | 1196 | struct dentry *dentry; |
12f21c49 | 1197 | struct path parent; |
71e6be6f AV |
1198 | int err; |
1199 | ||
12f21c49 KI |
1200 | unix_mkname_bsd(sunaddr, addr_len); |
1201 | addr_len = strlen(sunaddr->sun_path) + | |
1202 | offsetof(struct sockaddr_un, sun_path) + 1; | |
1203 | ||
1204 | addr = unix_create_addr(sunaddr, addr_len); | |
1205 | if (!addr) | |
1206 | return -ENOMEM; | |
1207 | ||
38f7bd94 LT |
1208 | /* |
1209 | * Get the parent directory, calculate the hash for last | |
1210 | * component. | |
1211 | */ | |
71e6be6f | 1212 | dentry = kern_path_create(AT_FDCWD, addr->name->sun_path, &parent, 0); |
12f21c49 KI |
1213 | if (IS_ERR(dentry)) { |
1214 | err = PTR_ERR(dentry); | |
1215 | goto out; | |
1216 | } | |
faf02010 | 1217 | |
38f7bd94 LT |
1218 | /* |
1219 | * All right, let's create it. | |
1220 | */ | |
abf08576 | 1221 | idmap = mnt_idmap(parent.mnt); |
71e6be6f | 1222 | err = security_path_mknod(&parent, dentry, mode, 0); |
56c1731b | 1223 | if (!err) |
abf08576 | 1224 | err = vfs_mknod(idmap, d_inode(parent.dentry), dentry, mode, 0); |
c0c3b8d3 | 1225 | if (err) |
12f21c49 | 1226 | goto out_path; |
fa42d910 | 1227 | err = mutex_lock_interruptible(&u->bindlock); |
c0c3b8d3 AV |
1228 | if (err) |
1229 | goto out_unlink; | |
1230 | if (u->addr) | |
1231 | goto out_unlock; | |
fa42d910 | 1232 | |
e6b4b873 | 1233 | new_hash = unix_bsd_hash(d_backing_inode(dentry)); |
79b05bea | 1234 | unix_table_double_lock(net, old_hash, new_hash); |
56c1731b AV |
1235 | u->path.mnt = mntget(parent.mnt); |
1236 | u->path.dentry = dget(dentry); | |
cf2f225e | 1237 | __unix_set_addr_hash(net, sk, addr, new_hash); |
79b05bea | 1238 | unix_table_double_unlock(net, old_hash, new_hash); |
51bae889 | 1239 | unix_insert_bsd_socket(sk); |
fa42d910 | 1240 | mutex_unlock(&u->bindlock); |
56c1731b | 1241 | done_path_create(&parent, dentry); |
fa42d910 | 1242 | return 0; |
c0c3b8d3 AV |
1243 | |
1244 | out_unlock: | |
1245 | mutex_unlock(&u->bindlock); | |
1246 | err = -EINVAL; | |
1247 | out_unlink: | |
1248 | /* failed after successful mknod? unlink what we'd created... */ | |
abf08576 | 1249 | vfs_unlink(idmap, d_inode(parent.dentry), dentry, NULL); |
12f21c49 | 1250 | out_path: |
c0c3b8d3 | 1251 | done_path_create(&parent, dentry); |
12f21c49 KI |
1252 | out: |
1253 | unix_release_addr(addr); | |
1254 | return err == -EEXIST ? -EADDRINUSE : err; | |
fa42d910 AV |
1255 | } |
1256 | ||
12f21c49 KI |
1257 | static int unix_bind_abstract(struct sock *sk, struct sockaddr_un *sunaddr, |
1258 | int addr_len) | |
fa42d910 | 1259 | { |
afd20b92 | 1260 | unsigned int new_hash, old_hash = sk->sk_hash; |
fa42d910 | 1261 | struct unix_sock *u = unix_sk(sk); |
79b05bea | 1262 | struct net *net = sock_net(sk); |
12f21c49 | 1263 | struct unix_address *addr; |
fa42d910 AV |
1264 | int err; |
1265 | ||
12f21c49 KI |
1266 | addr = unix_create_addr(sunaddr, addr_len); |
1267 | if (!addr) | |
1268 | return -ENOMEM; | |
1269 | ||
fa42d910 AV |
1270 | err = mutex_lock_interruptible(&u->bindlock); |
1271 | if (err) | |
12f21c49 | 1272 | goto out; |
fa42d910 AV |
1273 | |
1274 | if (u->addr) { | |
12f21c49 KI |
1275 | err = -EINVAL; |
1276 | goto out_mutex; | |
fa42d910 AV |
1277 | } |
1278 | ||
e6b4b873 | 1279 | new_hash = unix_abstract_hash(addr->name, addr->len, sk->sk_type); |
79b05bea | 1280 | unix_table_double_lock(net, old_hash, new_hash); |
12f21c49 | 1281 | |
79b05bea | 1282 | if (__unix_find_socket_byname(net, addr->name, addr->len, new_hash)) |
12f21c49 KI |
1283 | goto out_spin; |
1284 | ||
cf2f225e | 1285 | __unix_set_addr_hash(net, sk, addr, new_hash); |
79b05bea | 1286 | unix_table_double_unlock(net, old_hash, new_hash); |
fa42d910 AV |
1287 | mutex_unlock(&u->bindlock); |
1288 | return 0; | |
12f21c49 KI |
1289 | |
1290 | out_spin: | |
79b05bea | 1291 | unix_table_double_unlock(net, old_hash, new_hash); |
12f21c49 KI |
1292 | err = -EADDRINUSE; |
1293 | out_mutex: | |
1294 | mutex_unlock(&u->bindlock); | |
1295 | out: | |
1296 | unix_release_addr(addr); | |
1297 | return err; | |
fa42d910 AV |
1298 | } |
1299 | ||
1da177e4 LT |
1300 | static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) |
1301 | { | |
e27dfcea | 1302 | struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr; |
5c32a3ed | 1303 | struct sock *sk = sock->sk; |
5c32a3ed | 1304 | int err; |
1da177e4 | 1305 | |
b8a58aa6 KI |
1306 | if (addr_len == offsetof(struct sockaddr_un, sun_path) && |
1307 | sunaddr->sun_family == AF_UNIX) | |
f7ed31f4 | 1308 | return unix_autobind(sk); |
1da177e4 | 1309 | |
b8a58aa6 KI |
1310 | err = unix_validate_addr(sunaddr, addr_len); |
1311 | if (err) | |
1312 | return err; | |
1313 | ||
12f21c49 KI |
1314 | if (sunaddr->sun_path[0]) |
1315 | err = unix_bind_bsd(sk, sunaddr, addr_len); | |
fa42d910 | 1316 | else |
12f21c49 KI |
1317 | err = unix_bind_abstract(sk, sunaddr, addr_len); |
1318 | ||
1319 | return err; | |
1da177e4 LT |
1320 | } |
1321 | ||
278a3de5 DM |
1322 | static void unix_state_double_lock(struct sock *sk1, struct sock *sk2) |
1323 | { | |
1324 | if (unlikely(sk1 == sk2) || !sk2) { | |
1325 | unix_state_lock(sk1); | |
1326 | return; | |
1327 | } | |
1328 | if (sk1 < sk2) { | |
1329 | unix_state_lock(sk1); | |
1330 | unix_state_lock_nested(sk2); | |
1331 | } else { | |
1332 | unix_state_lock(sk2); | |
1333 | unix_state_lock_nested(sk1); | |
1334 | } | |
1335 | } | |
1336 | ||
1337 | static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2) | |
1338 | { | |
1339 | if (unlikely(sk1 == sk2) || !sk2) { | |
1340 | unix_state_unlock(sk1); | |
1341 | return; | |
1342 | } | |
1343 | unix_state_unlock(sk1); | |
1344 | unix_state_unlock(sk2); | |
1345 | } | |
1346 | ||
1da177e4 LT |
1347 | static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr, |
1348 | int alen, int flags) | |
1349 | { | |
e27dfcea | 1350 | struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr; |
340c3d33 | 1351 | struct sock *sk = sock->sk; |
1da177e4 | 1352 | struct sock *other; |
1da177e4 LT |
1353 | int err; |
1354 | ||
defbcf2d MJ |
1355 | err = -EINVAL; |
1356 | if (alen < offsetofend(struct sockaddr, sa_family)) | |
1357 | goto out; | |
1358 | ||
1da177e4 | 1359 | if (addr->sa_family != AF_UNSPEC) { |
b8a58aa6 KI |
1360 | err = unix_validate_addr(sunaddr, alen); |
1361 | if (err) | |
1362 | goto out; | |
1363 | ||
1da177e4 | 1364 | if (test_bit(SOCK_PASSCRED, &sock->flags) && |
f7ed31f4 KI |
1365 | !unix_sk(sk)->addr) { |
1366 | err = unix_autobind(sk); | |
1367 | if (err) | |
1368 | goto out; | |
1369 | } | |
1da177e4 | 1370 | |
278a3de5 | 1371 | restart: |
340c3d33 | 1372 | other = unix_find_other(sock_net(sk), sunaddr, alen, sock->type); |
aed26f55 KI |
1373 | if (IS_ERR(other)) { |
1374 | err = PTR_ERR(other); | |
1da177e4 | 1375 | goto out; |
aed26f55 | 1376 | } |
1da177e4 | 1377 | |
278a3de5 DM |
1378 | unix_state_double_lock(sk, other); |
1379 | ||
1380 | /* Apparently VFS overslept socket death. Retry. */ | |
1381 | if (sock_flag(other, SOCK_DEAD)) { | |
1382 | unix_state_double_unlock(sk, other); | |
1383 | sock_put(other); | |
1384 | goto restart; | |
1385 | } | |
1da177e4 LT |
1386 | |
1387 | err = -EPERM; | |
1388 | if (!unix_may_send(sk, other)) | |
1389 | goto out_unlock; | |
1390 | ||
1391 | err = security_unix_may_send(sk->sk_socket, other->sk_socket); | |
1392 | if (err) | |
1393 | goto out_unlock; | |
1394 | ||
dc56ad70 | 1395 | sk->sk_state = other->sk_state = TCP_ESTABLISHED; |
1da177e4 LT |
1396 | } else { |
1397 | /* | |
1398 | * 1003.1g breaking connected state with AF_UNSPEC | |
1399 | */ | |
1400 | other = NULL; | |
278a3de5 | 1401 | unix_state_double_lock(sk, other); |
1da177e4 LT |
1402 | } |
1403 | ||
1404 | /* | |
1405 | * If it was connected, reconnect. | |
1406 | */ | |
1407 | if (unix_peer(sk)) { | |
1408 | struct sock *old_peer = unix_peer(sk); | |
dc56ad70 | 1409 | |
e27dfcea | 1410 | unix_peer(sk) = other; |
dc56ad70 ED |
1411 | if (!other) |
1412 | sk->sk_state = TCP_CLOSE; | |
7d267278 RW |
1413 | unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer); |
1414 | ||
278a3de5 | 1415 | unix_state_double_unlock(sk, other); |
1da177e4 LT |
1416 | |
1417 | if (other != old_peer) | |
1418 | unix_dgram_disconnected(sk, old_peer); | |
1419 | sock_put(old_peer); | |
1420 | } else { | |
e27dfcea | 1421 | unix_peer(sk) = other; |
278a3de5 | 1422 | unix_state_double_unlock(sk, other); |
1da177e4 | 1423 | } |
83301b53 | 1424 | |
ac7bfa62 | 1425 | return 0; |
1da177e4 LT |
1426 | |
1427 | out_unlock: | |
278a3de5 | 1428 | unix_state_double_unlock(sk, other); |
1da177e4 LT |
1429 | sock_put(other); |
1430 | out: | |
1431 | return err; | |
1432 | } | |
1433 | ||
1434 | static long unix_wait_for_peer(struct sock *other, long timeo) | |
48851e9e | 1435 | __releases(&unix_sk(other)->lock) |
1da177e4 LT |
1436 | { |
1437 | struct unix_sock *u = unix_sk(other); | |
1438 | int sched; | |
1439 | DEFINE_WAIT(wait); | |
1440 | ||
1441 | prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE); | |
1442 | ||
1443 | sched = !sock_flag(other, SOCK_DEAD) && | |
1444 | !(other->sk_shutdown & RCV_SHUTDOWN) && | |
679ed006 | 1445 | unix_recvq_full_lockless(other); |
1da177e4 | 1446 | |
1c92b4e5 | 1447 | unix_state_unlock(other); |
1da177e4 LT |
1448 | |
1449 | if (sched) | |
1450 | timeo = schedule_timeout(timeo); | |
1451 | ||
1452 | finish_wait(&u->peer_wait, &wait); | |
1453 | return timeo; | |
1454 | } | |
1455 | ||
1456 | static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr, | |
1457 | int addr_len, int flags) | |
1458 | { | |
e27dfcea | 1459 | struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr; |
340c3d33 | 1460 | struct sock *sk = sock->sk, *newsk = NULL, *other = NULL; |
1da177e4 | 1461 | struct unix_sock *u = unix_sk(sk), *newu, *otheru; |
340c3d33 | 1462 | struct net *net = sock_net(sk); |
1da177e4 | 1463 | struct sk_buff *skb = NULL; |
1da177e4 | 1464 | long timeo; |
340c3d33 KI |
1465 | int err; |
1466 | int st; | |
1da177e4 | 1467 | |
b8a58aa6 KI |
1468 | err = unix_validate_addr(sunaddr, addr_len); |
1469 | if (err) | |
1470 | goto out; | |
1471 | ||
f7ed31f4 KI |
1472 | if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr) { |
1473 | err = unix_autobind(sk); | |
1474 | if (err) | |
1475 | goto out; | |
1476 | } | |
1da177e4 LT |
1477 | |
1478 | timeo = sock_sndtimeo(sk, flags & O_NONBLOCK); | |
1479 | ||
1480 | /* First of all allocate resources. | |
1481 | If we will make it after state is locked, | |
1482 | we will have to recheck all again in any case. | |
1483 | */ | |
1484 | ||
1da177e4 | 1485 | /* create new sock for complete connection */ |
340c3d33 | 1486 | newsk = unix_create1(net, NULL, 0, sock->type); |
f4bd73b5 KI |
1487 | if (IS_ERR(newsk)) { |
1488 | err = PTR_ERR(newsk); | |
1489 | newsk = NULL; | |
1da177e4 | 1490 | goto out; |
f4bd73b5 KI |
1491 | } |
1492 | ||
1493 | err = -ENOMEM; | |
1da177e4 LT |
1494 | |
1495 | /* Allocate skb for sending to listening sock */ | |
1496 | skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL); | |
1497 | if (skb == NULL) | |
1498 | goto out; | |
1499 | ||
1500 | restart: | |
1501 | /* Find listening sock. */ | |
d2d8c9fd | 1502 | other = unix_find_other(net, sunaddr, addr_len, sk->sk_type); |
aed26f55 KI |
1503 | if (IS_ERR(other)) { |
1504 | err = PTR_ERR(other); | |
1505 | other = NULL; | |
1da177e4 | 1506 | goto out; |
aed26f55 | 1507 | } |
1da177e4 LT |
1508 | |
1509 | /* Latch state of peer */ | |
1c92b4e5 | 1510 | unix_state_lock(other); |
1da177e4 LT |
1511 | |
1512 | /* Apparently VFS overslept socket death. Retry. */ | |
1513 | if (sock_flag(other, SOCK_DEAD)) { | |
1c92b4e5 | 1514 | unix_state_unlock(other); |
1da177e4 LT |
1515 | sock_put(other); |
1516 | goto restart; | |
1517 | } | |
1518 | ||
1519 | err = -ECONNREFUSED; | |
1520 | if (other->sk_state != TCP_LISTEN) | |
1521 | goto out_unlock; | |
77238f2b TS |
1522 | if (other->sk_shutdown & RCV_SHUTDOWN) |
1523 | goto out_unlock; | |
1da177e4 | 1524 | |
3c73419c | 1525 | if (unix_recvq_full(other)) { |
1da177e4 LT |
1526 | err = -EAGAIN; |
1527 | if (!timeo) | |
1528 | goto out_unlock; | |
1529 | ||
1530 | timeo = unix_wait_for_peer(other, timeo); | |
1531 | ||
1532 | err = sock_intr_errno(timeo); | |
1533 | if (signal_pending(current)) | |
1534 | goto out; | |
1535 | sock_put(other); | |
1536 | goto restart; | |
ac7bfa62 | 1537 | } |
1da177e4 LT |
1538 | |
1539 | /* Latch our state. | |
1540 | ||
e5537bfc | 1541 | It is tricky place. We need to grab our state lock and cannot |
1da177e4 LT |
1542 | drop lock on peer. It is dangerous because deadlock is |
1543 | possible. Connect to self case and simultaneous | |
1544 | attempt to connect are eliminated by checking socket | |
1545 | state. other is TCP_LISTEN, if sk is TCP_LISTEN we | |
1546 | check this before attempt to grab lock. | |
1547 | ||
1548 | Well, and we have to recheck the state after socket locked. | |
1549 | */ | |
1550 | st = sk->sk_state; | |
1551 | ||
1552 | switch (st) { | |
1553 | case TCP_CLOSE: | |
1554 | /* This is ok... continue with connect */ | |
1555 | break; | |
1556 | case TCP_ESTABLISHED: | |
1557 | /* Socket is already connected */ | |
1558 | err = -EISCONN; | |
1559 | goto out_unlock; | |
1560 | default: | |
1561 | err = -EINVAL; | |
1562 | goto out_unlock; | |
1563 | } | |
1564 | ||
1c92b4e5 | 1565 | unix_state_lock_nested(sk); |
1da177e4 LT |
1566 | |
1567 | if (sk->sk_state != st) { | |
1c92b4e5 DM |
1568 | unix_state_unlock(sk); |
1569 | unix_state_unlock(other); | |
1da177e4 LT |
1570 | sock_put(other); |
1571 | goto restart; | |
1572 | } | |
1573 | ||
3610cda5 | 1574 | err = security_unix_stream_connect(sk, other, newsk); |
1da177e4 | 1575 | if (err) { |
1c92b4e5 | 1576 | unix_state_unlock(sk); |
1da177e4 LT |
1577 | goto out_unlock; |
1578 | } | |
1579 | ||
1580 | /* The way is open! Fastly set all the necessary fields... */ | |
1581 | ||
1582 | sock_hold(sk); | |
1583 | unix_peer(newsk) = sk; | |
1584 | newsk->sk_state = TCP_ESTABLISHED; | |
1585 | newsk->sk_type = sk->sk_type; | |
109f6e39 | 1586 | init_peercred(newsk); |
1da177e4 | 1587 | newu = unix_sk(newsk); |
eaefd110 | 1588 | RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq); |
1da177e4 LT |
1589 | otheru = unix_sk(other); |
1590 | ||
ae3b5641 AV |
1591 | /* copy address information from listening to new sock |
1592 | * | |
1593 | * The contents of *(otheru->addr) and otheru->path | |
1594 | * are seen fully set up here, since we have found | |
2f7ca90a KI |
1595 | * otheru in hash under its lock. Insertion into the |
1596 | * hash chain we'd found it in had been done in an | |
1597 | * earlier critical area protected by the chain's lock, | |
ae3b5641 AV |
1598 | * the same one where we'd set *(otheru->addr) contents, |
1599 | * as well as otheru->path and otheru->addr itself. | |
1600 | * | |
1601 | * Using smp_store_release() here to set newu->addr | |
1602 | * is enough to make those stores, as well as stores | |
1603 | * to newu->path visible to anyone who gets newu->addr | |
1604 | * by smp_load_acquire(). IOW, the same warranties | |
1605 | * as for unix_sock instances bound in unix_bind() or | |
1606 | * in unix_autobind(). | |
1607 | */ | |
40ffe67d AV |
1608 | if (otheru->path.dentry) { |
1609 | path_get(&otheru->path); | |
1610 | newu->path = otheru->path; | |
1da177e4 | 1611 | } |
ae3b5641 AV |
1612 | refcount_inc(&otheru->addr->refcnt); |
1613 | smp_store_release(&newu->addr, otheru->addr); | |
1da177e4 LT |
1614 | |
1615 | /* Set credentials */ | |
109f6e39 | 1616 | copy_peercred(sk, other); |
1da177e4 | 1617 | |
1da177e4 LT |
1618 | sock->state = SS_CONNECTED; |
1619 | sk->sk_state = TCP_ESTABLISHED; | |
830a1e5c BL |
1620 | sock_hold(newsk); |
1621 | ||
4e857c58 | 1622 | smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */ |
830a1e5c | 1623 | unix_peer(sk) = newsk; |
1da177e4 | 1624 | |
1c92b4e5 | 1625 | unix_state_unlock(sk); |
1da177e4 | 1626 | |
4e03d073 | 1627 | /* take ten and send info to listening sock */ |
1da177e4 LT |
1628 | spin_lock(&other->sk_receive_queue.lock); |
1629 | __skb_queue_tail(&other->sk_receive_queue, skb); | |
1da177e4 | 1630 | spin_unlock(&other->sk_receive_queue.lock); |
1c92b4e5 | 1631 | unix_state_unlock(other); |
676d2369 | 1632 | other->sk_data_ready(other); |
1da177e4 LT |
1633 | sock_put(other); |
1634 | return 0; | |
1635 | ||
1636 | out_unlock: | |
1637 | if (other) | |
1c92b4e5 | 1638 | unix_state_unlock(other); |
1da177e4 LT |
1639 | |
1640 | out: | |
40d44446 | 1641 | kfree_skb(skb); |
1da177e4 LT |
1642 | if (newsk) |
1643 | unix_release_sock(newsk, 0); | |
1644 | if (other) | |
1645 | sock_put(other); | |
1646 | return err; | |
1647 | } | |
1648 | ||
1649 | static int unix_socketpair(struct socket *socka, struct socket *sockb) | |
1650 | { | |
e27dfcea | 1651 | struct sock *ska = socka->sk, *skb = sockb->sk; |
1da177e4 LT |
1652 | |
1653 | /* Join our sockets back to back */ | |
1654 | sock_hold(ska); | |
1655 | sock_hold(skb); | |
e27dfcea JK |
1656 | unix_peer(ska) = skb; |
1657 | unix_peer(skb) = ska; | |
109f6e39 EB |
1658 | init_peercred(ska); |
1659 | init_peercred(skb); | |
1da177e4 | 1660 | |
83301b53 CW |
1661 | ska->sk_state = TCP_ESTABLISHED; |
1662 | skb->sk_state = TCP_ESTABLISHED; | |
1663 | socka->state = SS_CONNECTED; | |
1664 | sockb->state = SS_CONNECTED; | |
1da177e4 LT |
1665 | return 0; |
1666 | } | |
1667 | ||
90c6bd34 DB |
1668 | static void unix_sock_inherit_flags(const struct socket *old, |
1669 | struct socket *new) | |
1670 | { | |
1671 | if (test_bit(SOCK_PASSCRED, &old->flags)) | |
1672 | set_bit(SOCK_PASSCRED, &new->flags); | |
1673 | if (test_bit(SOCK_PASSSEC, &old->flags)) | |
1674 | set_bit(SOCK_PASSSEC, &new->flags); | |
1675 | } | |
1676 | ||
cdfbabfb DH |
1677 | static int unix_accept(struct socket *sock, struct socket *newsock, int flags, |
1678 | bool kern) | |
1da177e4 LT |
1679 | { |
1680 | struct sock *sk = sock->sk; | |
1681 | struct sock *tsk; | |
1682 | struct sk_buff *skb; | |
1683 | int err; | |
1684 | ||
1685 | err = -EOPNOTSUPP; | |
6eba6a37 | 1686 | if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET) |
1da177e4 LT |
1687 | goto out; |
1688 | ||
1689 | err = -EINVAL; | |
1690 | if (sk->sk_state != TCP_LISTEN) | |
1691 | goto out; | |
1692 | ||
1693 | /* If socket state is TCP_LISTEN it cannot change (for now...), | |
1694 | * so that no locks are necessary. | |
1695 | */ | |
1696 | ||
f4b41f06 OH |
1697 | skb = skb_recv_datagram(sk, (flags & O_NONBLOCK) ? MSG_DONTWAIT : 0, |
1698 | &err); | |
1da177e4 LT |
1699 | if (!skb) { |
1700 | /* This means receive shutdown. */ | |
1701 | if (err == 0) | |
1702 | err = -EINVAL; | |
1703 | goto out; | |
1704 | } | |
1705 | ||
1706 | tsk = skb->sk; | |
1707 | skb_free_datagram(sk, skb); | |
1708 | wake_up_interruptible(&unix_sk(sk)->peer_wait); | |
1709 | ||
1710 | /* attach accepted sock to socket */ | |
1c92b4e5 | 1711 | unix_state_lock(tsk); |
1da177e4 | 1712 | newsock->state = SS_CONNECTED; |
90c6bd34 | 1713 | unix_sock_inherit_flags(sock, newsock); |
1da177e4 | 1714 | sock_graft(tsk, newsock); |
1c92b4e5 | 1715 | unix_state_unlock(tsk); |
1da177e4 LT |
1716 | return 0; |
1717 | ||
1718 | out: | |
1719 | return err; | |
1720 | } | |
1721 | ||
1722 | ||
9b2c45d4 | 1723 | static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer) |
1da177e4 LT |
1724 | { |
1725 | struct sock *sk = sock->sk; | |
ae3b5641 | 1726 | struct unix_address *addr; |
13cfa97b | 1727 | DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr); |
1da177e4 LT |
1728 | int err = 0; |
1729 | ||
1730 | if (peer) { | |
1731 | sk = unix_peer_get(sk); | |
1732 | ||
1733 | err = -ENOTCONN; | |
1734 | if (!sk) | |
1735 | goto out; | |
1736 | err = 0; | |
1737 | } else { | |
1738 | sock_hold(sk); | |
1739 | } | |
1740 | ||
ae3b5641 AV |
1741 | addr = smp_load_acquire(&unix_sk(sk)->addr); |
1742 | if (!addr) { | |
1da177e4 LT |
1743 | sunaddr->sun_family = AF_UNIX; |
1744 | sunaddr->sun_path[0] = 0; | |
755662ce | 1745 | err = offsetof(struct sockaddr_un, sun_path); |
1da177e4 | 1746 | } else { |
9b2c45d4 DV |
1747 | err = addr->len; |
1748 | memcpy(sunaddr, addr->name, addr->len); | |
1da177e4 | 1749 | } |
1da177e4 LT |
1750 | sock_put(sk); |
1751 | out: | |
1752 | return err; | |
1753 | } | |
1754 | ||
cbcf0112 MS |
1755 | static void unix_peek_fds(struct scm_cookie *scm, struct sk_buff *skb) |
1756 | { | |
1757 | scm->fp = scm_fp_dup(UNIXCB(skb).fp); | |
1758 | ||
1759 | /* | |
1760 | * Garbage collection of unix sockets starts by selecting a set of | |
1761 | * candidate sockets which have reference only from being in flight | |
1762 | * (total_refs == inflight_refs). This condition is checked once during | |
1763 | * the candidate collection phase, and candidates are marked as such, so | |
1764 | * that non-candidates can later be ignored. While inflight_refs is | |
1765 | * protected by unix_gc_lock, total_refs (file count) is not, hence this | |
1766 | * is an instantaneous decision. | |
1767 | * | |
1768 | * Once a candidate, however, the socket must not be reinstalled into a | |
1769 | * file descriptor while the garbage collection is in progress. | |
1770 | * | |
1771 | * If the above conditions are met, then the directed graph of | |
1772 | * candidates (*) does not change while unix_gc_lock is held. | |
1773 | * | |
1774 | * Any operations that changes the file count through file descriptors | |
1775 | * (dup, close, sendmsg) does not change the graph since candidates are | |
1776 | * not installed in fds. | |
1777 | * | |
1778 | * Dequeing a candidate via recvmsg would install it into an fd, but | |
1779 | * that takes unix_gc_lock to decrement the inflight count, so it's | |
1780 | * serialized with garbage collection. | |
1781 | * | |
1782 | * MSG_PEEK is special in that it does not change the inflight count, | |
1783 | * yet does install the socket into an fd. The following lock/unlock | |
1784 | * pair is to ensure serialization with garbage collection. It must be | |
1785 | * done between incrementing the file count and installing the file into | |
1786 | * an fd. | |
1787 | * | |
1788 | * If garbage collection starts after the barrier provided by the | |
1789 | * lock/unlock, then it will see the elevated refcount and not mark this | |
1790 | * as a candidate. If a garbage collection is already in progress | |
1791 | * before the file count was incremented, then the lock/unlock pair will | |
1792 | * ensure that garbage collection is finished before progressing to | |
1793 | * installing the fd. | |
1794 | * | |
1795 | * (*) A -> B where B is on the queue of A or B is on the queue of C | |
1796 | * which is on the queue of listening socket A. | |
1797 | */ | |
1798 | spin_lock(&unix_gc_lock); | |
1799 | spin_unlock(&unix_gc_lock); | |
1800 | } | |
1801 | ||
f78a5fda | 1802 | static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds) |
7361c36c EB |
1803 | { |
1804 | int err = 0; | |
16e57262 | 1805 | |
f78a5fda | 1806 | UNIXCB(skb).pid = get_pid(scm->pid); |
6b0ee8c0 EB |
1807 | UNIXCB(skb).uid = scm->creds.uid; |
1808 | UNIXCB(skb).gid = scm->creds.gid; | |
7361c36c | 1809 | UNIXCB(skb).fp = NULL; |
37a9a8df | 1810 | unix_get_secdata(scm, skb); |
7361c36c EB |
1811 | if (scm->fp && send_fds) |
1812 | err = unix_attach_fds(scm, skb); | |
1813 | ||
1814 | skb->destructor = unix_destruct_scm; | |
1815 | return err; | |
1816 | } | |
1817 | ||
9490f886 HFS |
1818 | static bool unix_passcred_enabled(const struct socket *sock, |
1819 | const struct sock *other) | |
1820 | { | |
1821 | return test_bit(SOCK_PASSCRED, &sock->flags) || | |
1822 | !other->sk_socket || | |
1823 | test_bit(SOCK_PASSCRED, &other->sk_socket->flags); | |
1824 | } | |
1825 | ||
16e57262 ED |
1826 | /* |
1827 | * Some apps rely on write() giving SCM_CREDENTIALS | |
1828 | * We include credentials if source or destination socket | |
1829 | * asserted SOCK_PASSCRED. | |
1830 | */ | |
1831 | static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock, | |
1832 | const struct sock *other) | |
1833 | { | |
6b0ee8c0 | 1834 | if (UNIXCB(skb).pid) |
16e57262 | 1835 | return; |
9490f886 | 1836 | if (unix_passcred_enabled(sock, other)) { |
16e57262 | 1837 | UNIXCB(skb).pid = get_pid(task_tgid(current)); |
6e0895c2 | 1838 | current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid); |
16e57262 ED |
1839 | } |
1840 | } | |
1841 | ||
9490f886 HFS |
1842 | static int maybe_init_creds(struct scm_cookie *scm, |
1843 | struct socket *socket, | |
1844 | const struct sock *other) | |
1845 | { | |
1846 | int err; | |
1847 | struct msghdr msg = { .msg_controllen = 0 }; | |
1848 | ||
1849 | err = scm_send(socket, &msg, scm, false); | |
1850 | if (err) | |
1851 | return err; | |
1852 | ||
1853 | if (unix_passcred_enabled(socket, other)) { | |
1854 | scm->pid = get_pid(task_tgid(current)); | |
1855 | current_uid_gid(&scm->creds.uid, &scm->creds.gid); | |
1856 | } | |
1857 | return err; | |
1858 | } | |
1859 | ||
1860 | static bool unix_skb_scm_eq(struct sk_buff *skb, | |
1861 | struct scm_cookie *scm) | |
1862 | { | |
b146cbf2 KC |
1863 | return UNIXCB(skb).pid == scm->pid && |
1864 | uid_eq(UNIXCB(skb).uid, scm->creds.uid) && | |
1865 | gid_eq(UNIXCB(skb).gid, scm->creds.gid) && | |
9490f886 HFS |
1866 | unix_secdata_eq(scm, skb); |
1867 | } | |
1868 | ||
3c32da19 KT |
1869 | static void scm_stat_add(struct sock *sk, struct sk_buff *skb) |
1870 | { | |
1871 | struct scm_fp_list *fp = UNIXCB(skb).fp; | |
1872 | struct unix_sock *u = unix_sk(sk); | |
1873 | ||
3c32da19 | 1874 | if (unlikely(fp && fp->count)) |
7782040b | 1875 | atomic_add(fp->count, &u->scm_stat.nr_fds); |
3c32da19 KT |
1876 | } |
1877 | ||
1878 | static void scm_stat_del(struct sock *sk, struct sk_buff *skb) | |
1879 | { | |
1880 | struct scm_fp_list *fp = UNIXCB(skb).fp; | |
1881 | struct unix_sock *u = unix_sk(sk); | |
1882 | ||
3c32da19 | 1883 | if (unlikely(fp && fp->count)) |
7782040b | 1884 | atomic_sub(fp->count, &u->scm_stat.nr_fds); |
3c32da19 KT |
1885 | } |
1886 | ||
1da177e4 LT |
1887 | /* |
1888 | * Send AF_UNIX data. | |
1889 | */ | |
1890 | ||
1b784140 YX |
1891 | static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg, |
1892 | size_t len) | |
1da177e4 | 1893 | { |
342dfc30 | 1894 | DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name); |
340c3d33 KI |
1895 | struct sock *sk = sock->sk, *other = NULL; |
1896 | struct unix_sock *u = unix_sk(sk); | |
7cc05662 | 1897 | struct scm_cookie scm; |
340c3d33 | 1898 | struct sk_buff *skb; |
eb6a2481 | 1899 | int data_len = 0; |
7d267278 | 1900 | int sk_locked; |
340c3d33 KI |
1901 | long timeo; |
1902 | int err; | |
1da177e4 | 1903 | |
5f23b734 | 1904 | wait_for_unix_gc(); |
7cc05662 | 1905 | err = scm_send(sock, msg, &scm, false); |
1da177e4 LT |
1906 | if (err < 0) |
1907 | return err; | |
1908 | ||
1909 | err = -EOPNOTSUPP; | |
1910 | if (msg->msg_flags&MSG_OOB) | |
1911 | goto out; | |
1912 | ||
1913 | if (msg->msg_namelen) { | |
b8a58aa6 KI |
1914 | err = unix_validate_addr(sunaddr, msg->msg_namelen); |
1915 | if (err) | |
1916 | goto out; | |
1da177e4 LT |
1917 | } else { |
1918 | sunaddr = NULL; | |
1919 | err = -ENOTCONN; | |
1920 | other = unix_peer_get(sk); | |
1921 | if (!other) | |
1922 | goto out; | |
1923 | } | |
1924 | ||
f7ed31f4 KI |
1925 | if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr) { |
1926 | err = unix_autobind(sk); | |
1927 | if (err) | |
1928 | goto out; | |
1929 | } | |
1da177e4 LT |
1930 | |
1931 | err = -EMSGSIZE; | |
1932 | if (len > sk->sk_sndbuf - 32) | |
1933 | goto out; | |
1934 | ||
31ff6aa5 | 1935 | if (len > SKB_MAX_ALLOC) { |
eb6a2481 ED |
1936 | data_len = min_t(size_t, |
1937 | len - SKB_MAX_ALLOC, | |
1938 | MAX_SKB_FRAGS * PAGE_SIZE); | |
31ff6aa5 KT |
1939 | data_len = PAGE_ALIGN(data_len); |
1940 | ||
1941 | BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE); | |
1942 | } | |
eb6a2481 ED |
1943 | |
1944 | skb = sock_alloc_send_pskb(sk, len - data_len, data_len, | |
28d64271 ED |
1945 | msg->msg_flags & MSG_DONTWAIT, &err, |
1946 | PAGE_ALLOC_COSTLY_ORDER); | |
e27dfcea | 1947 | if (skb == NULL) |
1da177e4 LT |
1948 | goto out; |
1949 | ||
7cc05662 | 1950 | err = unix_scm_to_skb(&scm, skb, true); |
25888e30 | 1951 | if (err < 0) |
7361c36c | 1952 | goto out_free; |
877ce7c1 | 1953 | |
eb6a2481 ED |
1954 | skb_put(skb, len - data_len); |
1955 | skb->data_len = data_len; | |
1956 | skb->len = len; | |
c0371da6 | 1957 | err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len); |
1da177e4 LT |
1958 | if (err) |
1959 | goto out_free; | |
1960 | ||
1961 | timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); | |
1962 | ||
1963 | restart: | |
1964 | if (!other) { | |
1965 | err = -ECONNRESET; | |
1966 | if (sunaddr == NULL) | |
1967 | goto out_free; | |
1968 | ||
340c3d33 | 1969 | other = unix_find_other(sock_net(sk), sunaddr, msg->msg_namelen, |
d2d8c9fd | 1970 | sk->sk_type); |
aed26f55 KI |
1971 | if (IS_ERR(other)) { |
1972 | err = PTR_ERR(other); | |
1973 | other = NULL; | |
1da177e4 | 1974 | goto out_free; |
aed26f55 | 1975 | } |
1da177e4 LT |
1976 | } |
1977 | ||
d6ae3bae AC |
1978 | if (sk_filter(other, skb) < 0) { |
1979 | /* Toss the packet but do not return any error to the sender */ | |
1980 | err = len; | |
1981 | goto out_free; | |
1982 | } | |
1983 | ||
7d267278 | 1984 | sk_locked = 0; |
1c92b4e5 | 1985 | unix_state_lock(other); |
7d267278 | 1986 | restart_locked: |
1da177e4 LT |
1987 | err = -EPERM; |
1988 | if (!unix_may_send(sk, other)) | |
1989 | goto out_unlock; | |
1990 | ||
7d267278 | 1991 | if (unlikely(sock_flag(other, SOCK_DEAD))) { |
1da177e4 LT |
1992 | /* |
1993 | * Check with 1003.1g - what should | |
1994 | * datagram error | |
1995 | */ | |
1c92b4e5 | 1996 | unix_state_unlock(other); |
1da177e4 LT |
1997 | sock_put(other); |
1998 | ||
7d267278 RW |
1999 | if (!sk_locked) |
2000 | unix_state_lock(sk); | |
2001 | ||
1da177e4 | 2002 | err = 0; |
3ff8bff7 KT |
2003 | if (sk->sk_type == SOCK_SEQPACKET) { |
2004 | /* We are here only when racing with unix_release_sock() | |
2005 | * is clearing @other. Never change state to TCP_CLOSE | |
2006 | * unlike SOCK_DGRAM wants. | |
2007 | */ | |
2008 | unix_state_unlock(sk); | |
2009 | err = -EPIPE; | |
2010 | } else if (unix_peer(sk) == other) { | |
e27dfcea | 2011 | unix_peer(sk) = NULL; |
7d267278 RW |
2012 | unix_dgram_peer_wake_disconnect_wakeup(sk, other); |
2013 | ||
3ff8bff7 | 2014 | sk->sk_state = TCP_CLOSE; |
1c92b4e5 | 2015 | unix_state_unlock(sk); |
1da177e4 LT |
2016 | |
2017 | unix_dgram_disconnected(sk, other); | |
2018 | sock_put(other); | |
2019 | err = -ECONNREFUSED; | |
2020 | } else { | |
1c92b4e5 | 2021 | unix_state_unlock(sk); |
1da177e4 LT |
2022 | } |
2023 | ||
2024 | other = NULL; | |
2025 | if (err) | |
2026 | goto out_free; | |
2027 | goto restart; | |
2028 | } | |
2029 | ||
2030 | err = -EPIPE; | |
2031 | if (other->sk_shutdown & RCV_SHUTDOWN) | |
2032 | goto out_unlock; | |
2033 | ||
2034 | if (sk->sk_type != SOCK_SEQPACKET) { | |
2035 | err = security_unix_may_send(sk->sk_socket, other->sk_socket); | |
2036 | if (err) | |
2037 | goto out_unlock; | |
2038 | } | |
2039 | ||
a5527dda RW |
2040 | /* other == sk && unix_peer(other) != sk if |
2041 | * - unix_peer(sk) == NULL, destination address bound to sk | |
2042 | * - unix_peer(sk) == sk by time of get but disconnected before lock | |
2043 | */ | |
2044 | if (other != sk && | |
86b18aaa QC |
2045 | unlikely(unix_peer(other) != sk && |
2046 | unix_recvq_full_lockless(other))) { | |
7d267278 RW |
2047 | if (timeo) { |
2048 | timeo = unix_wait_for_peer(other, timeo); | |
2049 | ||
2050 | err = sock_intr_errno(timeo); | |
2051 | if (signal_pending(current)) | |
2052 | goto out_free; | |
2053 | ||
2054 | goto restart; | |
1da177e4 LT |
2055 | } |
2056 | ||
7d267278 RW |
2057 | if (!sk_locked) { |
2058 | unix_state_unlock(other); | |
2059 | unix_state_double_lock(sk, other); | |
2060 | } | |
1da177e4 | 2061 | |
7d267278 RW |
2062 | if (unix_peer(sk) != other || |
2063 | unix_dgram_peer_wake_me(sk, other)) { | |
2064 | err = -EAGAIN; | |
2065 | sk_locked = 1; | |
2066 | goto out_unlock; | |
2067 | } | |
1da177e4 | 2068 | |
7d267278 RW |
2069 | if (!sk_locked) { |
2070 | sk_locked = 1; | |
2071 | goto restart_locked; | |
2072 | } | |
1da177e4 LT |
2073 | } |
2074 | ||
7d267278 RW |
2075 | if (unlikely(sk_locked)) |
2076 | unix_state_unlock(sk); | |
2077 | ||
3f66116e AC |
2078 | if (sock_flag(other, SOCK_RCVTSTAMP)) |
2079 | __net_timestamp(skb); | |
16e57262 | 2080 | maybe_add_creds(skb, sock, other); |
3c32da19 | 2081 | scm_stat_add(other, skb); |
7782040b | 2082 | skb_queue_tail(&other->sk_receive_queue, skb); |
1c92b4e5 | 2083 | unix_state_unlock(other); |
676d2369 | 2084 | other->sk_data_ready(other); |
1da177e4 | 2085 | sock_put(other); |
7cc05662 | 2086 | scm_destroy(&scm); |
1da177e4 LT |
2087 | return len; |
2088 | ||
2089 | out_unlock: | |
7d267278 RW |
2090 | if (sk_locked) |
2091 | unix_state_unlock(sk); | |
1c92b4e5 | 2092 | unix_state_unlock(other); |
1da177e4 LT |
2093 | out_free: |
2094 | kfree_skb(skb); | |
2095 | out: | |
2096 | if (other) | |
2097 | sock_put(other); | |
7cc05662 | 2098 | scm_destroy(&scm); |
1da177e4 LT |
2099 | return err; |
2100 | } | |
2101 | ||
e370a723 | 2102 | /* We use paged skbs for stream sockets, and limit occupancy to 32768 |
d4e9a408 | 2103 | * bytes, and a minimum of a full page. |
e370a723 ED |
2104 | */ |
2105 | #define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768)) | |
ac7bfa62 | 2106 | |
4edf21aa | 2107 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
2aab4b96 ED |
2108 | static int queue_oob(struct socket *sock, struct msghdr *msg, struct sock *other, |
2109 | struct scm_cookie *scm, bool fds_sent) | |
314001f0 RS |
2110 | { |
2111 | struct unix_sock *ousk = unix_sk(other); | |
2112 | struct sk_buff *skb; | |
2113 | int err = 0; | |
2114 | ||
2115 | skb = sock_alloc_send_skb(sock->sk, 1, msg->msg_flags & MSG_DONTWAIT, &err); | |
2116 | ||
2117 | if (!skb) | |
2118 | return err; | |
2119 | ||
2aab4b96 ED |
2120 | err = unix_scm_to_skb(scm, skb, !fds_sent); |
2121 | if (err < 0) { | |
2122 | kfree_skb(skb); | |
2123 | return err; | |
2124 | } | |
314001f0 | 2125 | skb_put(skb, 1); |
314001f0 RS |
2126 | err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, 1); |
2127 | ||
2128 | if (err) { | |
2129 | kfree_skb(skb); | |
2130 | return err; | |
2131 | } | |
2132 | ||
2133 | unix_state_lock(other); | |
19eed721 RS |
2134 | |
2135 | if (sock_flag(other, SOCK_DEAD) || | |
2136 | (other->sk_shutdown & RCV_SHUTDOWN)) { | |
2137 | unix_state_unlock(other); | |
2138 | kfree_skb(skb); | |
2139 | return -EPIPE; | |
2140 | } | |
2141 | ||
314001f0 RS |
2142 | maybe_add_creds(skb, sock, other); |
2143 | skb_get(skb); | |
2144 | ||
2145 | if (ousk->oob_skb) | |
19eed721 | 2146 | consume_skb(ousk->oob_skb); |
314001f0 | 2147 | |
e82025c6 | 2148 | WRITE_ONCE(ousk->oob_skb, skb); |
314001f0 RS |
2149 | |
2150 | scm_stat_add(other, skb); | |
2151 | skb_queue_tail(&other->sk_receive_queue, skb); | |
2152 | sk_send_sigurg(other); | |
2153 | unix_state_unlock(other); | |
2154 | other->sk_data_ready(other); | |
2155 | ||
2156 | return err; | |
2157 | } | |
2158 | #endif | |
2159 | ||
1b784140 YX |
2160 | static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg, |
2161 | size_t len) | |
1da177e4 | 2162 | { |
1da177e4 LT |
2163 | struct sock *sk = sock->sk; |
2164 | struct sock *other = NULL; | |
6eba6a37 | 2165 | int err, size; |
f78a5fda | 2166 | struct sk_buff *skb; |
e27dfcea | 2167 | int sent = 0; |
7cc05662 | 2168 | struct scm_cookie scm; |
8ba69ba6 | 2169 | bool fds_sent = false; |
e370a723 | 2170 | int data_len; |
1da177e4 | 2171 | |
5f23b734 | 2172 | wait_for_unix_gc(); |
7cc05662 | 2173 | err = scm_send(sock, msg, &scm, false); |
1da177e4 LT |
2174 | if (err < 0) |
2175 | return err; | |
2176 | ||
2177 | err = -EOPNOTSUPP; | |
314001f0 | 2178 | if (msg->msg_flags & MSG_OOB) { |
4edf21aa | 2179 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
314001f0 RS |
2180 | if (len) |
2181 | len--; | |
2182 | else | |
2183 | #endif | |
2184 | goto out_err; | |
2185 | } | |
1da177e4 LT |
2186 | |
2187 | if (msg->msg_namelen) { | |
2188 | err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP; | |
2189 | goto out_err; | |
2190 | } else { | |
1da177e4 | 2191 | err = -ENOTCONN; |
830a1e5c | 2192 | other = unix_peer(sk); |
1da177e4 LT |
2193 | if (!other) |
2194 | goto out_err; | |
2195 | } | |
2196 | ||
2197 | if (sk->sk_shutdown & SEND_SHUTDOWN) | |
2198 | goto pipe_err; | |
2199 | ||
6eba6a37 | 2200 | while (sent < len) { |
e370a723 | 2201 | size = len - sent; |
1da177e4 LT |
2202 | |
2203 | /* Keep two messages in the pipe so it schedules better */ | |
e370a723 | 2204 | size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64); |
1da177e4 | 2205 | |
e370a723 ED |
2206 | /* allow fallback to order-0 allocations */ |
2207 | size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ); | |
ac7bfa62 | 2208 | |
e370a723 | 2209 | data_len = max_t(int, 0, size - SKB_MAX_HEAD(0)); |
1da177e4 | 2210 | |
31ff6aa5 KT |
2211 | data_len = min_t(size_t, size, PAGE_ALIGN(data_len)); |
2212 | ||
e370a723 | 2213 | skb = sock_alloc_send_pskb(sk, size - data_len, data_len, |
28d64271 ED |
2214 | msg->msg_flags & MSG_DONTWAIT, &err, |
2215 | get_order(UNIX_SKB_FRAGS_SZ)); | |
e370a723 | 2216 | if (!skb) |
1da177e4 LT |
2217 | goto out_err; |
2218 | ||
f78a5fda | 2219 | /* Only send the fds in the first buffer */ |
7cc05662 | 2220 | err = unix_scm_to_skb(&scm, skb, !fds_sent); |
25888e30 | 2221 | if (err < 0) { |
7361c36c | 2222 | kfree_skb(skb); |
f78a5fda | 2223 | goto out_err; |
6209344f | 2224 | } |
7361c36c | 2225 | fds_sent = true; |
1da177e4 | 2226 | |
e370a723 ED |
2227 | skb_put(skb, size - data_len); |
2228 | skb->data_len = data_len; | |
2229 | skb->len = size; | |
c0371da6 | 2230 | err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size); |
6eba6a37 | 2231 | if (err) { |
1da177e4 | 2232 | kfree_skb(skb); |
f78a5fda | 2233 | goto out_err; |
1da177e4 LT |
2234 | } |
2235 | ||
1c92b4e5 | 2236 | unix_state_lock(other); |
1da177e4 LT |
2237 | |
2238 | if (sock_flag(other, SOCK_DEAD) || | |
2239 | (other->sk_shutdown & RCV_SHUTDOWN)) | |
2240 | goto pipe_err_free; | |
2241 | ||
16e57262 | 2242 | maybe_add_creds(skb, sock, other); |
3c32da19 | 2243 | scm_stat_add(other, skb); |
7782040b | 2244 | skb_queue_tail(&other->sk_receive_queue, skb); |
1c92b4e5 | 2245 | unix_state_unlock(other); |
676d2369 | 2246 | other->sk_data_ready(other); |
e27dfcea | 2247 | sent += size; |
1da177e4 | 2248 | } |
1da177e4 | 2249 | |
4edf21aa | 2250 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
314001f0 | 2251 | if (msg->msg_flags & MSG_OOB) { |
2aab4b96 | 2252 | err = queue_oob(sock, msg, other, &scm, fds_sent); |
314001f0 RS |
2253 | if (err) |
2254 | goto out_err; | |
2255 | sent++; | |
2256 | } | |
2257 | #endif | |
2258 | ||
7cc05662 | 2259 | scm_destroy(&scm); |
1da177e4 LT |
2260 | |
2261 | return sent; | |
2262 | ||
2263 | pipe_err_free: | |
1c92b4e5 | 2264 | unix_state_unlock(other); |
1da177e4 LT |
2265 | kfree_skb(skb); |
2266 | pipe_err: | |
6eba6a37 ED |
2267 | if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL)) |
2268 | send_sig(SIGPIPE, current, 0); | |
1da177e4 LT |
2269 | err = -EPIPE; |
2270 | out_err: | |
7cc05662 | 2271 | scm_destroy(&scm); |
1da177e4 LT |
2272 | return sent ? : err; |
2273 | } | |
2274 | ||
869e7c62 HFS |
2275 | static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page, |
2276 | int offset, size_t size, int flags) | |
2277 | { | |
9490f886 HFS |
2278 | int err; |
2279 | bool send_sigpipe = false; | |
2280 | bool init_scm = true; | |
2281 | struct scm_cookie scm; | |
869e7c62 HFS |
2282 | struct sock *other, *sk = socket->sk; |
2283 | struct sk_buff *skb, *newskb = NULL, *tail = NULL; | |
2284 | ||
2285 | if (flags & MSG_OOB) | |
2286 | return -EOPNOTSUPP; | |
2287 | ||
2288 | other = unix_peer(sk); | |
2289 | if (!other || sk->sk_state != TCP_ESTABLISHED) | |
2290 | return -ENOTCONN; | |
2291 | ||
2292 | if (false) { | |
2293 | alloc_skb: | |
2294 | unix_state_unlock(other); | |
6e1ce3c3 | 2295 | mutex_unlock(&unix_sk(other)->iolock); |
869e7c62 HFS |
2296 | newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT, |
2297 | &err, 0); | |
2298 | if (!newskb) | |
9490f886 | 2299 | goto err; |
869e7c62 HFS |
2300 | } |
2301 | ||
6e1ce3c3 | 2302 | /* we must acquire iolock as we modify already present |
869e7c62 HFS |
2303 | * skbs in the sk_receive_queue and mess with skb->len |
2304 | */ | |
6e1ce3c3 | 2305 | err = mutex_lock_interruptible(&unix_sk(other)->iolock); |
869e7c62 HFS |
2306 | if (err) { |
2307 | err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS; | |
869e7c62 HFS |
2308 | goto err; |
2309 | } | |
2310 | ||
2311 | if (sk->sk_shutdown & SEND_SHUTDOWN) { | |
2312 | err = -EPIPE; | |
9490f886 | 2313 | send_sigpipe = true; |
869e7c62 HFS |
2314 | goto err_unlock; |
2315 | } | |
2316 | ||
2317 | unix_state_lock(other); | |
2318 | ||
2319 | if (sock_flag(other, SOCK_DEAD) || | |
2320 | other->sk_shutdown & RCV_SHUTDOWN) { | |
2321 | err = -EPIPE; | |
9490f886 | 2322 | send_sigpipe = true; |
869e7c62 HFS |
2323 | goto err_state_unlock; |
2324 | } | |
2325 | ||
9490f886 HFS |
2326 | if (init_scm) { |
2327 | err = maybe_init_creds(&scm, socket, other); | |
2328 | if (err) | |
2329 | goto err_state_unlock; | |
2330 | init_scm = false; | |
2331 | } | |
2332 | ||
869e7c62 HFS |
2333 | skb = skb_peek_tail(&other->sk_receive_queue); |
2334 | if (tail && tail == skb) { | |
2335 | skb = newskb; | |
9490f886 HFS |
2336 | } else if (!skb || !unix_skb_scm_eq(skb, &scm)) { |
2337 | if (newskb) { | |
869e7c62 | 2338 | skb = newskb; |
9490f886 HFS |
2339 | } else { |
2340 | tail = skb; | |
869e7c62 | 2341 | goto alloc_skb; |
9490f886 | 2342 | } |
869e7c62 HFS |
2343 | } else if (newskb) { |
2344 | /* this is fast path, we don't necessarily need to | |
2345 | * call to kfree_skb even though with newskb == NULL | |
2346 | * this - does no harm | |
2347 | */ | |
2348 | consume_skb(newskb); | |
8844f972 | 2349 | newskb = NULL; |
869e7c62 HFS |
2350 | } |
2351 | ||
2352 | if (skb_append_pagefrags(skb, page, offset, size)) { | |
2353 | tail = skb; | |
2354 | goto alloc_skb; | |
2355 | } | |
2356 | ||
2357 | skb->len += size; | |
2358 | skb->data_len += size; | |
2359 | skb->truesize += size; | |
14afee4b | 2360 | refcount_add(size, &sk->sk_wmem_alloc); |
869e7c62 | 2361 | |
a3a116e0 | 2362 | if (newskb) { |
9490f886 HFS |
2363 | err = unix_scm_to_skb(&scm, skb, false); |
2364 | if (err) | |
2365 | goto err_state_unlock; | |
a3a116e0 | 2366 | spin_lock(&other->sk_receive_queue.lock); |
869e7c62 | 2367 | __skb_queue_tail(&other->sk_receive_queue, newskb); |
a3a116e0 HFS |
2368 | spin_unlock(&other->sk_receive_queue.lock); |
2369 | } | |
869e7c62 HFS |
2370 | |
2371 | unix_state_unlock(other); | |
6e1ce3c3 | 2372 | mutex_unlock(&unix_sk(other)->iolock); |
869e7c62 HFS |
2373 | |
2374 | other->sk_data_ready(other); | |
9490f886 | 2375 | scm_destroy(&scm); |
869e7c62 HFS |
2376 | return size; |
2377 | ||
2378 | err_state_unlock: | |
2379 | unix_state_unlock(other); | |
2380 | err_unlock: | |
6e1ce3c3 | 2381 | mutex_unlock(&unix_sk(other)->iolock); |
869e7c62 HFS |
2382 | err: |
2383 | kfree_skb(newskb); | |
2384 | if (send_sigpipe && !(flags & MSG_NOSIGNAL)) | |
2385 | send_sig(SIGPIPE, current, 0); | |
9490f886 HFS |
2386 | if (!init_scm) |
2387 | scm_destroy(&scm); | |
869e7c62 HFS |
2388 | return err; |
2389 | } | |
2390 | ||
1b784140 YX |
2391 | static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg, |
2392 | size_t len) | |
1da177e4 LT |
2393 | { |
2394 | int err; | |
2395 | struct sock *sk = sock->sk; | |
ac7bfa62 | 2396 | |
1da177e4 LT |
2397 | err = sock_error(sk); |
2398 | if (err) | |
2399 | return err; | |
2400 | ||
2401 | if (sk->sk_state != TCP_ESTABLISHED) | |
2402 | return -ENOTCONN; | |
2403 | ||
2404 | if (msg->msg_namelen) | |
2405 | msg->msg_namelen = 0; | |
2406 | ||
1b784140 | 2407 | return unix_dgram_sendmsg(sock, msg, len); |
1da177e4 | 2408 | } |
ac7bfa62 | 2409 | |
1b784140 YX |
2410 | static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg, |
2411 | size_t size, int flags) | |
a05d2ad1 EB |
2412 | { |
2413 | struct sock *sk = sock->sk; | |
2414 | ||
2415 | if (sk->sk_state != TCP_ESTABLISHED) | |
2416 | return -ENOTCONN; | |
2417 | ||
1b784140 | 2418 | return unix_dgram_recvmsg(sock, msg, size, flags); |
a05d2ad1 EB |
2419 | } |
2420 | ||
1da177e4 LT |
2421 | static void unix_copy_addr(struct msghdr *msg, struct sock *sk) |
2422 | { | |
ae3b5641 | 2423 | struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr); |
1da177e4 | 2424 | |
ae3b5641 AV |
2425 | if (addr) { |
2426 | msg->msg_namelen = addr->len; | |
2427 | memcpy(msg->msg_name, addr->name, addr->len); | |
1da177e4 LT |
2428 | } |
2429 | } | |
2430 | ||
9825d866 CW |
2431 | int __unix_dgram_recvmsg(struct sock *sk, struct msghdr *msg, size_t size, |
2432 | int flags) | |
1da177e4 | 2433 | { |
7cc05662 | 2434 | struct scm_cookie scm; |
9825d866 | 2435 | struct socket *sock = sk->sk_socket; |
1da177e4 | 2436 | struct unix_sock *u = unix_sk(sk); |
64874280 RW |
2437 | struct sk_buff *skb, *last; |
2438 | long timeo; | |
fd69c399 | 2439 | int skip; |
1da177e4 LT |
2440 | int err; |
2441 | ||
2442 | err = -EOPNOTSUPP; | |
2443 | if (flags&MSG_OOB) | |
2444 | goto out; | |
2445 | ||
64874280 | 2446 | timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); |
1da177e4 | 2447 | |
64874280 | 2448 | do { |
6e1ce3c3 | 2449 | mutex_lock(&u->iolock); |
f55bb7f9 | 2450 | |
64874280 | 2451 | skip = sk_peek_offset(sk, flags); |
b50b0580 | 2452 | skb = __skb_try_recv_datagram(sk, &sk->sk_receive_queue, flags, |
e427cad6 PA |
2453 | &skip, &err, &last); |
2454 | if (skb) { | |
2455 | if (!(flags & MSG_PEEK)) | |
2456 | scm_stat_del(sk, skb); | |
64874280 | 2457 | break; |
e427cad6 | 2458 | } |
64874280 | 2459 | |
6e1ce3c3 | 2460 | mutex_unlock(&u->iolock); |
64874280 RW |
2461 | |
2462 | if (err != -EAGAIN) | |
2463 | break; | |
2464 | } while (timeo && | |
b50b0580 SD |
2465 | !__skb_wait_for_more_packets(sk, &sk->sk_receive_queue, |
2466 | &err, &timeo, last)); | |
64874280 | 2467 | |
6e1ce3c3 | 2468 | if (!skb) { /* implies iolock unlocked */ |
0a112258 FZ |
2469 | unix_state_lock(sk); |
2470 | /* Signal EOF on disconnected non-blocking SEQPACKET socket. */ | |
2471 | if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && | |
2472 | (sk->sk_shutdown & RCV_SHUTDOWN)) | |
2473 | err = 0; | |
2474 | unix_state_unlock(sk); | |
64874280 | 2475 | goto out; |
0a112258 | 2476 | } |
1da177e4 | 2477 | |
77b75f4d RW |
2478 | if (wq_has_sleeper(&u->peer_wait)) |
2479 | wake_up_interruptible_sync_poll(&u->peer_wait, | |
a9a08845 LT |
2480 | EPOLLOUT | EPOLLWRNORM | |
2481 | EPOLLWRBAND); | |
1da177e4 LT |
2482 | |
2483 | if (msg->msg_name) | |
2484 | unix_copy_addr(msg, skb->sk); | |
2485 | ||
f55bb7f9 PE |
2486 | if (size > skb->len - skip) |
2487 | size = skb->len - skip; | |
2488 | else if (size < skb->len - skip) | |
1da177e4 LT |
2489 | msg->msg_flags |= MSG_TRUNC; |
2490 | ||
51f3d02b | 2491 | err = skb_copy_datagram_msg(skb, skip, msg, size); |
1da177e4 LT |
2492 | if (err) |
2493 | goto out_free; | |
2494 | ||
3f66116e AC |
2495 | if (sock_flag(sk, SOCK_RCVTSTAMP)) |
2496 | __sock_recv_timestamp(msg, sk, skb); | |
2497 | ||
7cc05662 CH |
2498 | memset(&scm, 0, sizeof(scm)); |
2499 | ||
2500 | scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); | |
2501 | unix_set_secdata(&scm, skb); | |
1da177e4 | 2502 | |
6eba6a37 | 2503 | if (!(flags & MSG_PEEK)) { |
1da177e4 | 2504 | if (UNIXCB(skb).fp) |
7cc05662 | 2505 | unix_detach_fds(&scm, skb); |
f55bb7f9 PE |
2506 | |
2507 | sk_peek_offset_bwd(sk, skb->len); | |
6eba6a37 | 2508 | } else { |
1da177e4 LT |
2509 | /* It is questionable: on PEEK we could: |
2510 | - do not return fds - good, but too simple 8) | |
2511 | - return fds, and do not return them on read (old strategy, | |
2512 | apparently wrong) | |
2513 | - clone fds (I chose it for now, it is the most universal | |
2514 | solution) | |
ac7bfa62 YH |
2515 | |
2516 | POSIX 1003.1g does not actually define this clearly | |
2517 | at all. POSIX 1003.1g doesn't define a lot of things | |
2518 | clearly however! | |
2519 | ||
1da177e4 | 2520 | */ |
f55bb7f9 PE |
2521 | |
2522 | sk_peek_offset_fwd(sk, size); | |
2523 | ||
1da177e4 | 2524 | if (UNIXCB(skb).fp) |
cbcf0112 | 2525 | unix_peek_fds(&scm, skb); |
1da177e4 | 2526 | } |
9f6f9af7 | 2527 | err = (flags & MSG_TRUNC) ? skb->len - skip : size; |
1da177e4 | 2528 | |
7cc05662 | 2529 | scm_recv(sock, msg, &scm, flags); |
1da177e4 LT |
2530 | |
2531 | out_free: | |
6eba6a37 | 2532 | skb_free_datagram(sk, skb); |
6e1ce3c3 | 2533 | mutex_unlock(&u->iolock); |
1da177e4 LT |
2534 | out: |
2535 | return err; | |
2536 | } | |
29df44fa | 2537 | |
9825d866 CW |
2538 | static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, |
2539 | int flags) | |
2540 | { | |
2541 | struct sock *sk = sock->sk; | |
2542 | ||
2543 | #ifdef CONFIG_BPF_SYSCALL | |
94531cfc JW |
2544 | const struct proto *prot = READ_ONCE(sk->sk_prot); |
2545 | ||
2546 | if (prot != &unix_dgram_proto) | |
ec095263 | 2547 | return prot->recvmsg(sk, msg, size, flags, NULL); |
9825d866 CW |
2548 | #endif |
2549 | return __unix_dgram_recvmsg(sk, msg, size, flags); | |
2550 | } | |
2551 | ||
965b57b4 | 2552 | static int unix_read_skb(struct sock *sk, skb_read_actor_t recv_actor) |
29df44fa | 2553 | { |
d6e3b27c PY |
2554 | struct unix_sock *u = unix_sk(sk); |
2555 | struct sk_buff *skb; | |
2556 | int err, copied; | |
29df44fa | 2557 | |
d6e3b27c PY |
2558 | mutex_lock(&u->iolock); |
2559 | skb = skb_recv_datagram(sk, MSG_DONTWAIT, &err); | |
2560 | mutex_unlock(&u->iolock); | |
2561 | if (!skb) | |
2562 | return err; | |
29df44fa | 2563 | |
d6e3b27c PY |
2564 | copied = recv_actor(sk, skb); |
2565 | kfree_skb(skb); | |
29df44fa CW |
2566 | |
2567 | return copied; | |
2568 | } | |
1da177e4 LT |
2569 | |
2570 | /* | |
79f632c7 | 2571 | * Sleep until more data has arrived. But check for races.. |
1da177e4 | 2572 | */ |
79f632c7 | 2573 | static long unix_stream_data_wait(struct sock *sk, long timeo, |
06a77b07 WC |
2574 | struct sk_buff *last, unsigned int last_len, |
2575 | bool freezable) | |
1da177e4 | 2576 | { |
f5d39b02 | 2577 | unsigned int state = TASK_INTERRUPTIBLE | freezable * TASK_FREEZABLE; |
2b514574 | 2578 | struct sk_buff *tail; |
1da177e4 LT |
2579 | DEFINE_WAIT(wait); |
2580 | ||
1c92b4e5 | 2581 | unix_state_lock(sk); |
1da177e4 LT |
2582 | |
2583 | for (;;) { | |
f5d39b02 | 2584 | prepare_to_wait(sk_sleep(sk), &wait, state); |
1da177e4 | 2585 | |
2b514574 HFS |
2586 | tail = skb_peek_tail(&sk->sk_receive_queue); |
2587 | if (tail != last || | |
2588 | (tail && tail->len != last_len) || | |
1da177e4 LT |
2589 | sk->sk_err || |
2590 | (sk->sk_shutdown & RCV_SHUTDOWN) || | |
2591 | signal_pending(current) || | |
2592 | !timeo) | |
2593 | break; | |
2594 | ||
9cd3e072 | 2595 | sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); |
1c92b4e5 | 2596 | unix_state_unlock(sk); |
f5d39b02 | 2597 | timeo = schedule_timeout(timeo); |
1c92b4e5 | 2598 | unix_state_lock(sk); |
b48732e4 MS |
2599 | |
2600 | if (sock_flag(sk, SOCK_DEAD)) | |
2601 | break; | |
2602 | ||
9cd3e072 | 2603 | sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); |
1da177e4 LT |
2604 | } |
2605 | ||
aa395145 | 2606 | finish_wait(sk_sleep(sk), &wait); |
1c92b4e5 | 2607 | unix_state_unlock(sk); |
1da177e4 LT |
2608 | return timeo; |
2609 | } | |
2610 | ||
e370a723 ED |
2611 | static unsigned int unix_skb_len(const struct sk_buff *skb) |
2612 | { | |
2613 | return skb->len - UNIXCB(skb).consumed; | |
2614 | } | |
2615 | ||
2b514574 HFS |
2616 | struct unix_stream_read_state { |
2617 | int (*recv_actor)(struct sk_buff *, int, int, | |
2618 | struct unix_stream_read_state *); | |
2619 | struct socket *socket; | |
2620 | struct msghdr *msg; | |
2621 | struct pipe_inode_info *pipe; | |
2622 | size_t size; | |
2623 | int flags; | |
2624 | unsigned int splice_flags; | |
2625 | }; | |
2626 | ||
314001f0 RS |
2627 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
2628 | static int unix_stream_recv_urg(struct unix_stream_read_state *state) | |
2629 | { | |
2630 | struct socket *sock = state->socket; | |
2631 | struct sock *sk = sock->sk; | |
2632 | struct unix_sock *u = unix_sk(sk); | |
2633 | int chunk = 1; | |
876c14ad | 2634 | struct sk_buff *oob_skb; |
314001f0 | 2635 | |
876c14ad RS |
2636 | mutex_lock(&u->iolock); |
2637 | unix_state_lock(sk); | |
2638 | ||
2639 | if (sock_flag(sk, SOCK_URGINLINE) || !u->oob_skb) { | |
2640 | unix_state_unlock(sk); | |
2641 | mutex_unlock(&u->iolock); | |
314001f0 | 2642 | return -EINVAL; |
876c14ad | 2643 | } |
314001f0 | 2644 | |
876c14ad | 2645 | oob_skb = u->oob_skb; |
314001f0 | 2646 | |
e82025c6 KI |
2647 | if (!(state->flags & MSG_PEEK)) |
2648 | WRITE_ONCE(u->oob_skb, NULL); | |
876c14ad RS |
2649 | |
2650 | unix_state_unlock(sk); | |
2651 | ||
2652 | chunk = state->recv_actor(oob_skb, 0, chunk, state); | |
2653 | ||
2654 | if (!(state->flags & MSG_PEEK)) { | |
2655 | UNIXCB(oob_skb).consumed += 1; | |
2656 | kfree_skb(oob_skb); | |
2657 | } | |
2658 | ||
2659 | mutex_unlock(&u->iolock); | |
2660 | ||
2661 | if (chunk < 0) | |
2662 | return -EFAULT; | |
2663 | ||
314001f0 RS |
2664 | state->msg->msg_flags |= MSG_OOB; |
2665 | return 1; | |
2666 | } | |
2667 | ||
2668 | static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk, | |
2669 | int flags, int copied) | |
2670 | { | |
2671 | struct unix_sock *u = unix_sk(sk); | |
2672 | ||
2673 | if (!unix_skb_len(skb) && !(flags & MSG_PEEK)) { | |
2674 | skb_unlink(skb, &sk->sk_receive_queue); | |
2675 | consume_skb(skb); | |
2676 | skb = NULL; | |
2677 | } else { | |
2678 | if (skb == u->oob_skb) { | |
2679 | if (copied) { | |
2680 | skb = NULL; | |
2681 | } else if (sock_flag(sk, SOCK_URGINLINE)) { | |
2682 | if (!(flags & MSG_PEEK)) { | |
e82025c6 | 2683 | WRITE_ONCE(u->oob_skb, NULL); |
314001f0 RS |
2684 | consume_skb(skb); |
2685 | } | |
2686 | } else if (!(flags & MSG_PEEK)) { | |
2687 | skb_unlink(skb, &sk->sk_receive_queue); | |
2688 | consume_skb(skb); | |
2689 | skb = skb_peek(&sk->sk_receive_queue); | |
2690 | } | |
2691 | } | |
2692 | } | |
2693 | return skb; | |
2694 | } | |
2695 | #endif | |
2696 | ||
965b57b4 | 2697 | static int unix_stream_read_skb(struct sock *sk, skb_read_actor_t recv_actor) |
77462de1 JW |
2698 | { |
2699 | if (unlikely(sk->sk_state != TCP_ESTABLISHED)) | |
2700 | return -ENOTCONN; | |
2701 | ||
965b57b4 | 2702 | return unix_read_skb(sk, recv_actor); |
77462de1 JW |
2703 | } |
2704 | ||
06a77b07 WC |
2705 | static int unix_stream_read_generic(struct unix_stream_read_state *state, |
2706 | bool freezable) | |
1da177e4 | 2707 | { |
7cc05662 | 2708 | struct scm_cookie scm; |
2b514574 | 2709 | struct socket *sock = state->socket; |
1da177e4 LT |
2710 | struct sock *sk = sock->sk; |
2711 | struct unix_sock *u = unix_sk(sk); | |
1da177e4 | 2712 | int copied = 0; |
2b514574 | 2713 | int flags = state->flags; |
de144391 | 2714 | int noblock = flags & MSG_DONTWAIT; |
2b514574 | 2715 | bool check_creds = false; |
1da177e4 LT |
2716 | int target; |
2717 | int err = 0; | |
2718 | long timeo; | |
fc0d7536 | 2719 | int skip; |
2b514574 HFS |
2720 | size_t size = state->size; |
2721 | unsigned int last_len; | |
1da177e4 | 2722 | |
1b92ee3d RW |
2723 | if (unlikely(sk->sk_state != TCP_ESTABLISHED)) { |
2724 | err = -EINVAL; | |
1da177e4 | 2725 | goto out; |
1b92ee3d | 2726 | } |
1da177e4 | 2727 | |
1b92ee3d RW |
2728 | if (unlikely(flags & MSG_OOB)) { |
2729 | err = -EOPNOTSUPP; | |
314001f0 | 2730 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
314001f0 | 2731 | err = unix_stream_recv_urg(state); |
314001f0 | 2732 | #endif |
1da177e4 | 2733 | goto out; |
1b92ee3d | 2734 | } |
1da177e4 | 2735 | |
2b514574 | 2736 | target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); |
de144391 | 2737 | timeo = sock_rcvtimeo(sk, noblock); |
1da177e4 | 2738 | |
2b514574 HFS |
2739 | memset(&scm, 0, sizeof(scm)); |
2740 | ||
1da177e4 LT |
2741 | /* Lock the socket to prevent queue disordering |
2742 | * while sleeps in memcpy_tomsg | |
2743 | */ | |
6e1ce3c3 | 2744 | mutex_lock(&u->iolock); |
1da177e4 | 2745 | |
a0917e0b | 2746 | skip = max(sk_peek_offset(sk, flags), 0); |
e9193d60 | 2747 | |
6eba6a37 | 2748 | do { |
1da177e4 | 2749 | int chunk; |
73ed5d25 | 2750 | bool drop_skb; |
79f632c7 | 2751 | struct sk_buff *skb, *last; |
1da177e4 | 2752 | |
18eceb81 | 2753 | redo: |
3c0d2f37 | 2754 | unix_state_lock(sk); |
b48732e4 MS |
2755 | if (sock_flag(sk, SOCK_DEAD)) { |
2756 | err = -ECONNRESET; | |
2757 | goto unlock; | |
2758 | } | |
79f632c7 | 2759 | last = skb = skb_peek(&sk->sk_receive_queue); |
2b514574 | 2760 | last_len = last ? last->len : 0; |
314001f0 RS |
2761 | |
2762 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) | |
2763 | if (skb) { | |
2764 | skb = manage_oob(skb, sk, flags, copied); | |
2765 | if (!skb) { | |
2766 | unix_state_unlock(sk); | |
2767 | if (copied) | |
2768 | break; | |
2769 | goto redo; | |
2770 | } | |
2771 | } | |
2772 | #endif | |
fc0d7536 | 2773 | again: |
6eba6a37 | 2774 | if (skb == NULL) { |
1da177e4 | 2775 | if (copied >= target) |
3c0d2f37 | 2776 | goto unlock; |
1da177e4 LT |
2777 | |
2778 | /* | |
2779 | * POSIX 1003.1g mandates this order. | |
2780 | */ | |
ac7bfa62 | 2781 | |
6eba6a37 ED |
2782 | err = sock_error(sk); |
2783 | if (err) | |
3c0d2f37 | 2784 | goto unlock; |
1da177e4 | 2785 | if (sk->sk_shutdown & RCV_SHUTDOWN) |
3c0d2f37 MS |
2786 | goto unlock; |
2787 | ||
2788 | unix_state_unlock(sk); | |
1b92ee3d RW |
2789 | if (!timeo) { |
2790 | err = -EAGAIN; | |
1da177e4 | 2791 | break; |
1b92ee3d RW |
2792 | } |
2793 | ||
6e1ce3c3 | 2794 | mutex_unlock(&u->iolock); |
1da177e4 | 2795 | |
2b514574 | 2796 | timeo = unix_stream_data_wait(sk, timeo, last, |
06a77b07 | 2797 | last_len, freezable); |
1da177e4 | 2798 | |
3822b5c2 | 2799 | if (signal_pending(current)) { |
1da177e4 | 2800 | err = sock_intr_errno(timeo); |
fa0dc04d | 2801 | scm_destroy(&scm); |
1da177e4 LT |
2802 | goto out; |
2803 | } | |
b3ca9b02 | 2804 | |
6e1ce3c3 | 2805 | mutex_lock(&u->iolock); |
18eceb81 | 2806 | goto redo; |
2b514574 | 2807 | unlock: |
3c0d2f37 MS |
2808 | unix_state_unlock(sk); |
2809 | break; | |
1da177e4 | 2810 | } |
fc0d7536 | 2811 | |
e370a723 ED |
2812 | while (skip >= unix_skb_len(skb)) { |
2813 | skip -= unix_skb_len(skb); | |
79f632c7 | 2814 | last = skb; |
2b514574 | 2815 | last_len = skb->len; |
fc0d7536 | 2816 | skb = skb_peek_next(skb, &sk->sk_receive_queue); |
79f632c7 BP |
2817 | if (!skb) |
2818 | goto again; | |
fc0d7536 PE |
2819 | } |
2820 | ||
3c0d2f37 | 2821 | unix_state_unlock(sk); |
1da177e4 LT |
2822 | |
2823 | if (check_creds) { | |
2824 | /* Never glue messages from different writers */ | |
9490f886 | 2825 | if (!unix_skb_scm_eq(skb, &scm)) |
1da177e4 | 2826 | break; |
0e82e7f6 | 2827 | } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { |
1da177e4 | 2828 | /* Copy credentials */ |
7cc05662 | 2829 | scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); |
37a9a8df | 2830 | unix_set_secdata(&scm, skb); |
2b514574 | 2831 | check_creds = true; |
1da177e4 LT |
2832 | } |
2833 | ||
2834 | /* Copy address just once */ | |
2b514574 HFS |
2835 | if (state->msg && state->msg->msg_name) { |
2836 | DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, | |
2837 | state->msg->msg_name); | |
2838 | unix_copy_addr(state->msg, skb->sk); | |
1da177e4 LT |
2839 | sunaddr = NULL; |
2840 | } | |
2841 | ||
e370a723 | 2842 | chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); |
73ed5d25 | 2843 | skb_get(skb); |
2b514574 | 2844 | chunk = state->recv_actor(skb, skip, chunk, state); |
73ed5d25 HFS |
2845 | drop_skb = !unix_skb_len(skb); |
2846 | /* skb is only safe to use if !drop_skb */ | |
2847 | consume_skb(skb); | |
2b514574 | 2848 | if (chunk < 0) { |
1da177e4 LT |
2849 | if (copied == 0) |
2850 | copied = -EFAULT; | |
2851 | break; | |
2852 | } | |
2853 | copied += chunk; | |
2854 | size -= chunk; | |
2855 | ||
73ed5d25 HFS |
2856 | if (drop_skb) { |
2857 | /* the skb was touched by a concurrent reader; | |
2858 | * we should not expect anything from this skb | |
2859 | * anymore and assume it invalid - we can be | |
2860 | * sure it was dropped from the socket queue | |
2861 | * | |
2862 | * let's report a short read | |
2863 | */ | |
2864 | err = 0; | |
2865 | break; | |
2866 | } | |
2867 | ||
1da177e4 | 2868 | /* Mark read part of skb as used */ |
6eba6a37 | 2869 | if (!(flags & MSG_PEEK)) { |
e370a723 | 2870 | UNIXCB(skb).consumed += chunk; |
1da177e4 | 2871 | |
fc0d7536 PE |
2872 | sk_peek_offset_bwd(sk, chunk); |
2873 | ||
3c32da19 | 2874 | if (UNIXCB(skb).fp) { |
3c32da19 | 2875 | scm_stat_del(sk, skb); |
7cc05662 | 2876 | unix_detach_fds(&scm, skb); |
3c32da19 | 2877 | } |
1da177e4 | 2878 | |
e370a723 | 2879 | if (unix_skb_len(skb)) |
1da177e4 | 2880 | break; |
1da177e4 | 2881 | |
6f01fd6e | 2882 | skb_unlink(skb, &sk->sk_receive_queue); |
70d4bf6d | 2883 | consume_skb(skb); |
1da177e4 | 2884 | |
7cc05662 | 2885 | if (scm.fp) |
1da177e4 | 2886 | break; |
6eba6a37 | 2887 | } else { |
1da177e4 LT |
2888 | /* It is questionable, see note in unix_dgram_recvmsg. |
2889 | */ | |
2890 | if (UNIXCB(skb).fp) | |
cbcf0112 | 2891 | unix_peek_fds(&scm, skb); |
1da177e4 | 2892 | |
e9193d60 | 2893 | sk_peek_offset_fwd(sk, chunk); |
fc0d7536 | 2894 | |
9f389e35 AC |
2895 | if (UNIXCB(skb).fp) |
2896 | break; | |
2897 | ||
e9193d60 | 2898 | skip = 0; |
9f389e35 AC |
2899 | last = skb; |
2900 | last_len = skb->len; | |
2901 | unix_state_lock(sk); | |
2902 | skb = skb_peek_next(skb, &sk->sk_receive_queue); | |
2903 | if (skb) | |
2904 | goto again; | |
2905 | unix_state_unlock(sk); | |
1da177e4 LT |
2906 | break; |
2907 | } | |
2908 | } while (size); | |
2909 | ||
6e1ce3c3 | 2910 | mutex_unlock(&u->iolock); |
2b514574 HFS |
2911 | if (state->msg) |
2912 | scm_recv(sock, state->msg, &scm, flags); | |
2913 | else | |
2914 | scm_destroy(&scm); | |
1da177e4 LT |
2915 | out: |
2916 | return copied ? : err; | |
2917 | } | |
2918 | ||
2b514574 HFS |
2919 | static int unix_stream_read_actor(struct sk_buff *skb, |
2920 | int skip, int chunk, | |
2921 | struct unix_stream_read_state *state) | |
2922 | { | |
2923 | int ret; | |
2924 | ||
2925 | ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip, | |
2926 | state->msg, chunk); | |
2927 | return ret ?: chunk; | |
2928 | } | |
2929 | ||
94531cfc JW |
2930 | int __unix_stream_recvmsg(struct sock *sk, struct msghdr *msg, |
2931 | size_t size, int flags) | |
2932 | { | |
2933 | struct unix_stream_read_state state = { | |
2934 | .recv_actor = unix_stream_read_actor, | |
2935 | .socket = sk->sk_socket, | |
2936 | .msg = msg, | |
2937 | .size = size, | |
2938 | .flags = flags | |
2939 | }; | |
2940 | ||
2941 | return unix_stream_read_generic(&state, true); | |
2942 | } | |
2943 | ||
2b514574 HFS |
2944 | static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg, |
2945 | size_t size, int flags) | |
2946 | { | |
2947 | struct unix_stream_read_state state = { | |
2948 | .recv_actor = unix_stream_read_actor, | |
2949 | .socket = sock, | |
2950 | .msg = msg, | |
2951 | .size = size, | |
2952 | .flags = flags | |
2953 | }; | |
2954 | ||
94531cfc JW |
2955 | #ifdef CONFIG_BPF_SYSCALL |
2956 | struct sock *sk = sock->sk; | |
2957 | const struct proto *prot = READ_ONCE(sk->sk_prot); | |
2958 | ||
2959 | if (prot != &unix_stream_proto) | |
ec095263 | 2960 | return prot->recvmsg(sk, msg, size, flags, NULL); |
94531cfc | 2961 | #endif |
06a77b07 | 2962 | return unix_stream_read_generic(&state, true); |
2b514574 HFS |
2963 | } |
2964 | ||
2b514574 HFS |
2965 | static int unix_stream_splice_actor(struct sk_buff *skb, |
2966 | int skip, int chunk, | |
2967 | struct unix_stream_read_state *state) | |
2968 | { | |
2969 | return skb_splice_bits(skb, state->socket->sk, | |
2970 | UNIXCB(skb).consumed + skip, | |
25869262 | 2971 | state->pipe, chunk, state->splice_flags); |
2b514574 HFS |
2972 | } |
2973 | ||
2974 | static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos, | |
2975 | struct pipe_inode_info *pipe, | |
2976 | size_t size, unsigned int flags) | |
2977 | { | |
2978 | struct unix_stream_read_state state = { | |
2979 | .recv_actor = unix_stream_splice_actor, | |
2980 | .socket = sock, | |
2981 | .pipe = pipe, | |
2982 | .size = size, | |
2983 | .splice_flags = flags, | |
2984 | }; | |
2985 | ||
2986 | if (unlikely(*ppos)) | |
2987 | return -ESPIPE; | |
2988 | ||
2989 | if (sock->file->f_flags & O_NONBLOCK || | |
2990 | flags & SPLICE_F_NONBLOCK) | |
2991 | state.flags = MSG_DONTWAIT; | |
2992 | ||
06a77b07 | 2993 | return unix_stream_read_generic(&state, false); |
2b514574 HFS |
2994 | } |
2995 | ||
1da177e4 LT |
2996 | static int unix_shutdown(struct socket *sock, int mode) |
2997 | { | |
2998 | struct sock *sk = sock->sk; | |
2999 | struct sock *other; | |
3000 | ||
fc61b928 XW |
3001 | if (mode < SHUT_RD || mode > SHUT_RDWR) |
3002 | return -EINVAL; | |
3003 | /* This maps: | |
3004 | * SHUT_RD (0) -> RCV_SHUTDOWN (1) | |
3005 | * SHUT_WR (1) -> SEND_SHUTDOWN (2) | |
3006 | * SHUT_RDWR (2) -> SHUTDOWN_MASK (3) | |
3007 | */ | |
3008 | ++mode; | |
7180a031 AC |
3009 | |
3010 | unix_state_lock(sk); | |
e1d09c2c | 3011 | WRITE_ONCE(sk->sk_shutdown, sk->sk_shutdown | mode); |
7180a031 AC |
3012 | other = unix_peer(sk); |
3013 | if (other) | |
3014 | sock_hold(other); | |
3015 | unix_state_unlock(sk); | |
3016 | sk->sk_state_change(sk); | |
3017 | ||
3018 | if (other && | |
3019 | (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) { | |
3020 | ||
3021 | int peer_mode = 0; | |
94531cfc | 3022 | const struct proto *prot = READ_ONCE(other->sk_prot); |
7180a031 | 3023 | |
d359902d JW |
3024 | if (prot->unhash) |
3025 | prot->unhash(other); | |
7180a031 AC |
3026 | if (mode&RCV_SHUTDOWN) |
3027 | peer_mode |= SEND_SHUTDOWN; | |
3028 | if (mode&SEND_SHUTDOWN) | |
3029 | peer_mode |= RCV_SHUTDOWN; | |
3030 | unix_state_lock(other); | |
e1d09c2c | 3031 | WRITE_ONCE(other->sk_shutdown, other->sk_shutdown | peer_mode); |
7180a031 AC |
3032 | unix_state_unlock(other); |
3033 | other->sk_state_change(other); | |
d0c6416b | 3034 | if (peer_mode == SHUTDOWN_MASK) |
7180a031 | 3035 | sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP); |
d0c6416b | 3036 | else if (peer_mode & RCV_SHUTDOWN) |
7180a031 | 3037 | sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN); |
1da177e4 | 3038 | } |
7180a031 AC |
3039 | if (other) |
3040 | sock_put(other); | |
3041 | ||
1da177e4 LT |
3042 | return 0; |
3043 | } | |
3044 | ||
885ee74d PE |
3045 | long unix_inq_len(struct sock *sk) |
3046 | { | |
3047 | struct sk_buff *skb; | |
3048 | long amount = 0; | |
3049 | ||
3050 | if (sk->sk_state == TCP_LISTEN) | |
3051 | return -EINVAL; | |
3052 | ||
3053 | spin_lock(&sk->sk_receive_queue.lock); | |
3054 | if (sk->sk_type == SOCK_STREAM || | |
3055 | sk->sk_type == SOCK_SEQPACKET) { | |
3056 | skb_queue_walk(&sk->sk_receive_queue, skb) | |
e370a723 | 3057 | amount += unix_skb_len(skb); |
885ee74d PE |
3058 | } else { |
3059 | skb = skb_peek(&sk->sk_receive_queue); | |
3060 | if (skb) | |
3061 | amount = skb->len; | |
3062 | } | |
3063 | spin_unlock(&sk->sk_receive_queue.lock); | |
3064 | ||
3065 | return amount; | |
3066 | } | |
3067 | EXPORT_SYMBOL_GPL(unix_inq_len); | |
3068 | ||
3069 | long unix_outq_len(struct sock *sk) | |
3070 | { | |
3071 | return sk_wmem_alloc_get(sk); | |
3072 | } | |
3073 | EXPORT_SYMBOL_GPL(unix_outq_len); | |
3074 | ||
ba94f308 AV |
3075 | static int unix_open_file(struct sock *sk) |
3076 | { | |
3077 | struct path path; | |
3078 | struct file *f; | |
3079 | int fd; | |
3080 | ||
3081 | if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) | |
3082 | return -EPERM; | |
3083 | ||
ae3b5641 AV |
3084 | if (!smp_load_acquire(&unix_sk(sk)->addr)) |
3085 | return -ENOENT; | |
3086 | ||
ba94f308 | 3087 | path = unix_sk(sk)->path; |
ae3b5641 | 3088 | if (!path.dentry) |
ba94f308 | 3089 | return -ENOENT; |
ba94f308 AV |
3090 | |
3091 | path_get(&path); | |
ba94f308 AV |
3092 | |
3093 | fd = get_unused_fd_flags(O_CLOEXEC); | |
3094 | if (fd < 0) | |
3095 | goto out; | |
3096 | ||
3097 | f = dentry_open(&path, O_PATH, current_cred()); | |
3098 | if (IS_ERR(f)) { | |
3099 | put_unused_fd(fd); | |
3100 | fd = PTR_ERR(f); | |
3101 | goto out; | |
3102 | } | |
3103 | ||
3104 | fd_install(fd, f); | |
3105 | out: | |
3106 | path_put(&path); | |
3107 | ||
3108 | return fd; | |
3109 | } | |
3110 | ||
1da177e4 LT |
3111 | static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) |
3112 | { | |
3113 | struct sock *sk = sock->sk; | |
e27dfcea | 3114 | long amount = 0; |
1da177e4 LT |
3115 | int err; |
3116 | ||
6eba6a37 ED |
3117 | switch (cmd) { |
3118 | case SIOCOUTQ: | |
885ee74d | 3119 | amount = unix_outq_len(sk); |
6eba6a37 ED |
3120 | err = put_user(amount, (int __user *)arg); |
3121 | break; | |
3122 | case SIOCINQ: | |
885ee74d PE |
3123 | amount = unix_inq_len(sk); |
3124 | if (amount < 0) | |
3125 | err = amount; | |
3126 | else | |
1da177e4 | 3127 | err = put_user(amount, (int __user *)arg); |
885ee74d | 3128 | break; |
ba94f308 AV |
3129 | case SIOCUNIXFILE: |
3130 | err = unix_open_file(sk); | |
3131 | break; | |
314001f0 RS |
3132 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
3133 | case SIOCATMARK: | |
3134 | { | |
3135 | struct sk_buff *skb; | |
314001f0 RS |
3136 | int answ = 0; |
3137 | ||
3138 | skb = skb_peek(&sk->sk_receive_queue); | |
e82025c6 | 3139 | if (skb && skb == READ_ONCE(unix_sk(sk)->oob_skb)) |
314001f0 RS |
3140 | answ = 1; |
3141 | err = put_user(answ, (int __user *)arg); | |
3142 | } | |
3143 | break; | |
3144 | #endif | |
6eba6a37 ED |
3145 | default: |
3146 | err = -ENOIOCTLCMD; | |
3147 | break; | |
1da177e4 LT |
3148 | } |
3149 | return err; | |
3150 | } | |
3151 | ||
5f6beb9e AB |
3152 | #ifdef CONFIG_COMPAT |
3153 | static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) | |
3154 | { | |
3155 | return unix_ioctl(sock, cmd, (unsigned long)compat_ptr(arg)); | |
3156 | } | |
3157 | #endif | |
3158 | ||
a11e1d43 | 3159 | static __poll_t unix_poll(struct file *file, struct socket *sock, poll_table *wait) |
1da177e4 LT |
3160 | { |
3161 | struct sock *sk = sock->sk; | |
a11e1d43 | 3162 | __poll_t mask; |
e1d09c2c | 3163 | u8 shutdown; |
a11e1d43 | 3164 | |
89ab066d | 3165 | sock_poll_wait(file, sock, wait); |
a11e1d43 | 3166 | mask = 0; |
e1d09c2c | 3167 | shutdown = READ_ONCE(sk->sk_shutdown); |
1da177e4 LT |
3168 | |
3169 | /* exceptional events? */ | |
cc04410a | 3170 | if (READ_ONCE(sk->sk_err)) |
a9a08845 | 3171 | mask |= EPOLLERR; |
e1d09c2c | 3172 | if (shutdown == SHUTDOWN_MASK) |
a9a08845 | 3173 | mask |= EPOLLHUP; |
e1d09c2c | 3174 | if (shutdown & RCV_SHUTDOWN) |
a9a08845 | 3175 | mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM; |
1da177e4 LT |
3176 | |
3177 | /* readable? */ | |
3ef7cf57 | 3178 | if (!skb_queue_empty_lockless(&sk->sk_receive_queue)) |
a9a08845 | 3179 | mask |= EPOLLIN | EPOLLRDNORM; |
af493388 CW |
3180 | if (sk_is_readable(sk)) |
3181 | mask |= EPOLLIN | EPOLLRDNORM; | |
d9a232d4 KI |
3182 | #if IS_ENABLED(CONFIG_AF_UNIX_OOB) |
3183 | if (READ_ONCE(unix_sk(sk)->oob_skb)) | |
3184 | mask |= EPOLLPRI; | |
3185 | #endif | |
1da177e4 LT |
3186 | |
3187 | /* Connection-based need to check for termination and startup */ | |
6eba6a37 ED |
3188 | if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) && |
3189 | sk->sk_state == TCP_CLOSE) | |
a9a08845 | 3190 | mask |= EPOLLHUP; |
1da177e4 LT |
3191 | |
3192 | /* | |
3193 | * we set writable also when the other side has shut down the | |
3194 | * connection. This prevents stuck sockets. | |
3195 | */ | |
3196 | if (unix_writable(sk)) | |
a9a08845 | 3197 | mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND; |
1da177e4 LT |
3198 | |
3199 | return mask; | |
3200 | } | |
3201 | ||
a11e1d43 LT |
3202 | static __poll_t unix_dgram_poll(struct file *file, struct socket *sock, |
3203 | poll_table *wait) | |
3c73419c | 3204 | { |
ec0d215f | 3205 | struct sock *sk = sock->sk, *other; |
a11e1d43 LT |
3206 | unsigned int writable; |
3207 | __poll_t mask; | |
e1d09c2c | 3208 | u8 shutdown; |
a11e1d43 | 3209 | |
89ab066d | 3210 | sock_poll_wait(file, sock, wait); |
a11e1d43 | 3211 | mask = 0; |
e1d09c2c | 3212 | shutdown = READ_ONCE(sk->sk_shutdown); |
3c73419c RW |
3213 | |
3214 | /* exceptional events? */ | |
cc04410a ED |
3215 | if (READ_ONCE(sk->sk_err) || |
3216 | !skb_queue_empty_lockless(&sk->sk_error_queue)) | |
a9a08845 LT |
3217 | mask |= EPOLLERR | |
3218 | (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0); | |
7d4c04fc | 3219 | |
e1d09c2c | 3220 | if (shutdown & RCV_SHUTDOWN) |
a9a08845 | 3221 | mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM; |
e1d09c2c | 3222 | if (shutdown == SHUTDOWN_MASK) |
a9a08845 | 3223 | mask |= EPOLLHUP; |
3c73419c RW |
3224 | |
3225 | /* readable? */ | |
3ef7cf57 | 3226 | if (!skb_queue_empty_lockless(&sk->sk_receive_queue)) |
a9a08845 | 3227 | mask |= EPOLLIN | EPOLLRDNORM; |
af493388 CW |
3228 | if (sk_is_readable(sk)) |
3229 | mask |= EPOLLIN | EPOLLRDNORM; | |
3c73419c RW |
3230 | |
3231 | /* Connection-based need to check for termination and startup */ | |
3232 | if (sk->sk_type == SOCK_SEQPACKET) { | |
3233 | if (sk->sk_state == TCP_CLOSE) | |
a9a08845 | 3234 | mask |= EPOLLHUP; |
3c73419c RW |
3235 | /* connection hasn't started yet? */ |
3236 | if (sk->sk_state == TCP_SYN_SENT) | |
3237 | return mask; | |
3238 | } | |
3239 | ||
973a34aa | 3240 | /* No write status requested, avoid expensive OUT tests. */ |
a11e1d43 | 3241 | if (!(poll_requested_events(wait) & (EPOLLWRBAND|EPOLLWRNORM|EPOLLOUT))) |
973a34aa ED |
3242 | return mask; |
3243 | ||
ec0d215f | 3244 | writable = unix_writable(sk); |
7d267278 RW |
3245 | if (writable) { |
3246 | unix_state_lock(sk); | |
3247 | ||
3248 | other = unix_peer(sk); | |
3249 | if (other && unix_peer(other) != sk && | |
04f08eb4 | 3250 | unix_recvq_full_lockless(other) && |
7d267278 RW |
3251 | unix_dgram_peer_wake_me(sk, other)) |
3252 | writable = 0; | |
3253 | ||
3254 | unix_state_unlock(sk); | |
ec0d215f RW |
3255 | } |
3256 | ||
3257 | if (writable) | |
a9a08845 | 3258 | mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND; |
3c73419c | 3259 | else |
9cd3e072 | 3260 | sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk); |
3c73419c | 3261 | |
3c73419c RW |
3262 | return mask; |
3263 | } | |
1da177e4 LT |
3264 | |
3265 | #ifdef CONFIG_PROC_FS | |
a53eb3fe | 3266 | |
7123aaa3 ED |
3267 | #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1) |
3268 | ||
3269 | #define get_bucket(x) ((x) >> BUCKET_SPACE) | |
afd20b92 | 3270 | #define get_offset(x) ((x) & ((1UL << BUCKET_SPACE) - 1)) |
7123aaa3 | 3271 | #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o)) |
a53eb3fe | 3272 | |
7123aaa3 | 3273 | static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos) |
1da177e4 | 3274 | { |
7123aaa3 ED |
3275 | unsigned long offset = get_offset(*pos); |
3276 | unsigned long bucket = get_bucket(*pos); | |
7123aaa3 | 3277 | unsigned long count = 0; |
cf2f225e | 3278 | struct sock *sk; |
1da177e4 | 3279 | |
cf2f225e KI |
3280 | for (sk = sk_head(&seq_file_net(seq)->unx.table.buckets[bucket]); |
3281 | sk; sk = sk_next(sk)) { | |
7123aaa3 ED |
3282 | if (++count == offset) |
3283 | break; | |
3284 | } | |
3285 | ||
3286 | return sk; | |
3287 | } | |
3288 | ||
4408d55a | 3289 | static struct sock *unix_get_first(struct seq_file *seq, loff_t *pos) |
7123aaa3 | 3290 | { |
afd20b92 | 3291 | unsigned long bucket = get_bucket(*pos); |
79b05bea | 3292 | struct net *net = seq_file_net(seq); |
4408d55a | 3293 | struct sock *sk; |
7123aaa3 | 3294 | |
f302d180 | 3295 | while (bucket < UNIX_HASH_SIZE) { |
79b05bea | 3296 | spin_lock(&net->unx.table.locks[bucket]); |
4408d55a | 3297 | |
7123aaa3 ED |
3298 | sk = unix_from_bucket(seq, pos); |
3299 | if (sk) | |
3300 | return sk; | |
3301 | ||
79b05bea | 3302 | spin_unlock(&net->unx.table.locks[bucket]); |
4408d55a KI |
3303 | |
3304 | *pos = set_bucket_offset(++bucket, 1); | |
3305 | } | |
7123aaa3 | 3306 | |
1da177e4 LT |
3307 | return NULL; |
3308 | } | |
3309 | ||
4408d55a KI |
3310 | static struct sock *unix_get_next(struct seq_file *seq, struct sock *sk, |
3311 | loff_t *pos) | |
3312 | { | |
3313 | unsigned long bucket = get_bucket(*pos); | |
3314 | ||
cf2f225e KI |
3315 | sk = sk_next(sk); |
3316 | if (sk) | |
3317 | return sk; | |
3318 | ||
4408d55a | 3319 | |
cf2f225e | 3320 | spin_unlock(&seq_file_net(seq)->unx.table.locks[bucket]); |
4408d55a KI |
3321 | |
3322 | *pos = set_bucket_offset(++bucket, 1); | |
3323 | ||
3324 | return unix_get_first(seq, pos); | |
3325 | } | |
3326 | ||
1da177e4 LT |
3327 | static void *unix_seq_start(struct seq_file *seq, loff_t *pos) |
3328 | { | |
7123aaa3 ED |
3329 | if (!*pos) |
3330 | return SEQ_START_TOKEN; | |
3331 | ||
4408d55a | 3332 | return unix_get_first(seq, pos); |
1da177e4 LT |
3333 | } |
3334 | ||
3335 | static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos) | |
3336 | { | |
3337 | ++*pos; | |
4408d55a KI |
3338 | |
3339 | if (v == SEQ_START_TOKEN) | |
3340 | return unix_get_first(seq, pos); | |
3341 | ||
3342 | return unix_get_next(seq, v, pos); | |
1da177e4 LT |
3343 | } |
3344 | ||
3345 | static void unix_seq_stop(struct seq_file *seq, void *v) | |
3346 | { | |
afd20b92 KI |
3347 | struct sock *sk = v; |
3348 | ||
2f7ca90a | 3349 | if (sk) |
79b05bea | 3350 | spin_unlock(&seq_file_net(seq)->unx.table.locks[sk->sk_hash]); |
1da177e4 LT |
3351 | } |
3352 | ||
3353 | static int unix_seq_show(struct seq_file *seq, void *v) | |
3354 | { | |
ac7bfa62 | 3355 | |
b9f3124f | 3356 | if (v == SEQ_START_TOKEN) |
1da177e4 LT |
3357 | seq_puts(seq, "Num RefCount Protocol Flags Type St " |
3358 | "Inode Path\n"); | |
3359 | else { | |
3360 | struct sock *s = v; | |
3361 | struct unix_sock *u = unix_sk(s); | |
1c92b4e5 | 3362 | unix_state_lock(s); |
1da177e4 | 3363 | |
71338aa7 | 3364 | seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", |
1da177e4 | 3365 | s, |
41c6d650 | 3366 | refcount_read(&s->sk_refcnt), |
1da177e4 LT |
3367 | 0, |
3368 | s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0, | |
3369 | s->sk_type, | |
3370 | s->sk_socket ? | |
3371 | (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) : | |
3372 | (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING), | |
3373 | sock_i_ino(s)); | |
3374 | ||
2f7ca90a | 3375 | if (u->addr) { // under a hash table lock here |
1da177e4 LT |
3376 | int i, len; |
3377 | seq_putc(seq, ' '); | |
3378 | ||
3379 | i = 0; | |
755662ce KI |
3380 | len = u->addr->len - |
3381 | offsetof(struct sockaddr_un, sun_path); | |
5ce7ab49 | 3382 | if (u->addr->name->sun_path[0]) { |
1da177e4 | 3383 | len--; |
5ce7ab49 | 3384 | } else { |
1da177e4 LT |
3385 | seq_putc(seq, '@'); |
3386 | i++; | |
3387 | } | |
3388 | for ( ; i < len; i++) | |
e7947ea7 IB |
3389 | seq_putc(seq, u->addr->name->sun_path[i] ?: |
3390 | '@'); | |
1da177e4 | 3391 | } |
1c92b4e5 | 3392 | unix_state_unlock(s); |
1da177e4 LT |
3393 | seq_putc(seq, '\n'); |
3394 | } | |
3395 | ||
3396 | return 0; | |
3397 | } | |
3398 | ||
56b3d975 | 3399 | static const struct seq_operations unix_seq_ops = { |
1da177e4 LT |
3400 | .start = unix_seq_start, |
3401 | .next = unix_seq_next, | |
3402 | .stop = unix_seq_stop, | |
3403 | .show = unix_seq_show, | |
3404 | }; | |
2c860a43 KI |
3405 | |
3406 | #if IS_BUILTIN(CONFIG_UNIX) && defined(CONFIG_BPF_SYSCALL) | |
855d8e77 KI |
3407 | struct bpf_unix_iter_state { |
3408 | struct seq_net_private p; | |
3409 | unsigned int cur_sk; | |
3410 | unsigned int end_sk; | |
3411 | unsigned int max_sk; | |
3412 | struct sock **batch; | |
3413 | bool st_bucket_done; | |
3414 | }; | |
3415 | ||
2c860a43 KI |
3416 | struct bpf_iter__unix { |
3417 | __bpf_md_ptr(struct bpf_iter_meta *, meta); | |
3418 | __bpf_md_ptr(struct unix_sock *, unix_sk); | |
3419 | uid_t uid __aligned(8); | |
3420 | }; | |
3421 | ||
3422 | static int unix_prog_seq_show(struct bpf_prog *prog, struct bpf_iter_meta *meta, | |
3423 | struct unix_sock *unix_sk, uid_t uid) | |
3424 | { | |
3425 | struct bpf_iter__unix ctx; | |
3426 | ||
3427 | meta->seq_num--; /* skip SEQ_START_TOKEN */ | |
3428 | ctx.meta = meta; | |
3429 | ctx.unix_sk = unix_sk; | |
3430 | ctx.uid = uid; | |
3431 | return bpf_iter_run_prog(prog, &ctx); | |
3432 | } | |
3433 | ||
855d8e77 KI |
3434 | static int bpf_iter_unix_hold_batch(struct seq_file *seq, struct sock *start_sk) |
3435 | ||
3436 | { | |
3437 | struct bpf_unix_iter_state *iter = seq->private; | |
3438 | unsigned int expected = 1; | |
3439 | struct sock *sk; | |
3440 | ||
3441 | sock_hold(start_sk); | |
3442 | iter->batch[iter->end_sk++] = start_sk; | |
3443 | ||
3444 | for (sk = sk_next(start_sk); sk; sk = sk_next(sk)) { | |
855d8e77 KI |
3445 | if (iter->end_sk < iter->max_sk) { |
3446 | sock_hold(sk); | |
3447 | iter->batch[iter->end_sk++] = sk; | |
3448 | } | |
3449 | ||
3450 | expected++; | |
3451 | } | |
3452 | ||
cf2f225e | 3453 | spin_unlock(&seq_file_net(seq)->unx.table.locks[start_sk->sk_hash]); |
855d8e77 KI |
3454 | |
3455 | return expected; | |
3456 | } | |
3457 | ||
3458 | static void bpf_iter_unix_put_batch(struct bpf_unix_iter_state *iter) | |
3459 | { | |
3460 | while (iter->cur_sk < iter->end_sk) | |
3461 | sock_put(iter->batch[iter->cur_sk++]); | |
3462 | } | |
3463 | ||
3464 | static int bpf_iter_unix_realloc_batch(struct bpf_unix_iter_state *iter, | |
3465 | unsigned int new_batch_sz) | |
3466 | { | |
3467 | struct sock **new_batch; | |
3468 | ||
3469 | new_batch = kvmalloc(sizeof(*new_batch) * new_batch_sz, | |
3470 | GFP_USER | __GFP_NOWARN); | |
3471 | if (!new_batch) | |
3472 | return -ENOMEM; | |
3473 | ||
3474 | bpf_iter_unix_put_batch(iter); | |
3475 | kvfree(iter->batch); | |
3476 | iter->batch = new_batch; | |
3477 | iter->max_sk = new_batch_sz; | |
3478 | ||
3479 | return 0; | |
3480 | } | |
3481 | ||
3482 | static struct sock *bpf_iter_unix_batch(struct seq_file *seq, | |
3483 | loff_t *pos) | |
3484 | { | |
3485 | struct bpf_unix_iter_state *iter = seq->private; | |
3486 | unsigned int expected; | |
3487 | bool resized = false; | |
3488 | struct sock *sk; | |
3489 | ||
3490 | if (iter->st_bucket_done) | |
3491 | *pos = set_bucket_offset(get_bucket(*pos) + 1, 1); | |
3492 | ||
3493 | again: | |
3494 | /* Get a new batch */ | |
3495 | iter->cur_sk = 0; | |
3496 | iter->end_sk = 0; | |
3497 | ||
3498 | sk = unix_get_first(seq, pos); | |
3499 | if (!sk) | |
3500 | return NULL; /* Done */ | |
3501 | ||
3502 | expected = bpf_iter_unix_hold_batch(seq, sk); | |
3503 | ||
3504 | if (iter->end_sk == expected) { | |
3505 | iter->st_bucket_done = true; | |
3506 | return sk; | |
3507 | } | |
3508 | ||
3509 | if (!resized && !bpf_iter_unix_realloc_batch(iter, expected * 3 / 2)) { | |
3510 | resized = true; | |
3511 | goto again; | |
3512 | } | |
3513 | ||
3514 | return sk; | |
3515 | } | |
3516 | ||
3517 | static void *bpf_iter_unix_seq_start(struct seq_file *seq, loff_t *pos) | |
3518 | { | |
3519 | if (!*pos) | |
3520 | return SEQ_START_TOKEN; | |
3521 | ||
3522 | /* bpf iter does not support lseek, so it always | |
3523 | * continue from where it was stop()-ped. | |
3524 | */ | |
3525 | return bpf_iter_unix_batch(seq, pos); | |
3526 | } | |
3527 | ||
3528 | static void *bpf_iter_unix_seq_next(struct seq_file *seq, void *v, loff_t *pos) | |
3529 | { | |
3530 | struct bpf_unix_iter_state *iter = seq->private; | |
3531 | struct sock *sk; | |
3532 | ||
3533 | /* Whenever seq_next() is called, the iter->cur_sk is | |
3534 | * done with seq_show(), so advance to the next sk in | |
3535 | * the batch. | |
3536 | */ | |
3537 | if (iter->cur_sk < iter->end_sk) | |
3538 | sock_put(iter->batch[iter->cur_sk++]); | |
3539 | ||
3540 | ++*pos; | |
3541 | ||
3542 | if (iter->cur_sk < iter->end_sk) | |
3543 | sk = iter->batch[iter->cur_sk]; | |
3544 | else | |
3545 | sk = bpf_iter_unix_batch(seq, pos); | |
3546 | ||
3547 | return sk; | |
3548 | } | |
3549 | ||
2c860a43 KI |
3550 | static int bpf_iter_unix_seq_show(struct seq_file *seq, void *v) |
3551 | { | |
3552 | struct bpf_iter_meta meta; | |
3553 | struct bpf_prog *prog; | |
3554 | struct sock *sk = v; | |
3555 | uid_t uid; | |
855d8e77 KI |
3556 | bool slow; |
3557 | int ret; | |
2c860a43 KI |
3558 | |
3559 | if (v == SEQ_START_TOKEN) | |
3560 | return 0; | |
3561 | ||
855d8e77 KI |
3562 | slow = lock_sock_fast(sk); |
3563 | ||
3564 | if (unlikely(sk_unhashed(sk))) { | |
3565 | ret = SEQ_SKIP; | |
3566 | goto unlock; | |
3567 | } | |
3568 | ||
2c860a43 KI |
3569 | uid = from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)); |
3570 | meta.seq = seq; | |
3571 | prog = bpf_iter_get_info(&meta, false); | |
855d8e77 KI |
3572 | ret = unix_prog_seq_show(prog, &meta, v, uid); |
3573 | unlock: | |
3574 | unlock_sock_fast(sk, slow); | |
3575 | return ret; | |
2c860a43 KI |
3576 | } |
3577 | ||
3578 | static void bpf_iter_unix_seq_stop(struct seq_file *seq, void *v) | |
3579 | { | |
855d8e77 | 3580 | struct bpf_unix_iter_state *iter = seq->private; |
2c860a43 KI |
3581 | struct bpf_iter_meta meta; |
3582 | struct bpf_prog *prog; | |
3583 | ||
3584 | if (!v) { | |
3585 | meta.seq = seq; | |
3586 | prog = bpf_iter_get_info(&meta, true); | |
3587 | if (prog) | |
3588 | (void)unix_prog_seq_show(prog, &meta, v, 0); | |
3589 | } | |
3590 | ||
855d8e77 KI |
3591 | if (iter->cur_sk < iter->end_sk) |
3592 | bpf_iter_unix_put_batch(iter); | |
2c860a43 KI |
3593 | } |
3594 | ||
3595 | static const struct seq_operations bpf_iter_unix_seq_ops = { | |
855d8e77 KI |
3596 | .start = bpf_iter_unix_seq_start, |
3597 | .next = bpf_iter_unix_seq_next, | |
2c860a43 KI |
3598 | .stop = bpf_iter_unix_seq_stop, |
3599 | .show = bpf_iter_unix_seq_show, | |
3600 | }; | |
3601 | #endif | |
1da177e4 LT |
3602 | #endif |
3603 | ||
ec1b4cf7 | 3604 | static const struct net_proto_family unix_family_ops = { |
1da177e4 LT |
3605 | .family = PF_UNIX, |
3606 | .create = unix_create, | |
3607 | .owner = THIS_MODULE, | |
3608 | }; | |
3609 | ||
097e66c5 | 3610 | |
2c8c1e72 | 3611 | static int __net_init unix_net_init(struct net *net) |
097e66c5 | 3612 | { |
b6e81138 | 3613 | int i; |
097e66c5 | 3614 | |
a0a53c8b | 3615 | net->unx.sysctl_max_dgram_qlen = 10; |
1597fbc0 PE |
3616 | if (unix_sysctl_register(net)) |
3617 | goto out; | |
d392e497 | 3618 | |
097e66c5 | 3619 | #ifdef CONFIG_PROC_FS |
c3506372 | 3620 | if (!proc_create_net("unix", 0, net->proc_net, &unix_seq_ops, |
b6e81138 KI |
3621 | sizeof(struct seq_net_private))) |
3622 | goto err_sysctl; | |
3623 | #endif | |
3624 | ||
3625 | net->unx.table.locks = kvmalloc_array(UNIX_HASH_SIZE, | |
3626 | sizeof(spinlock_t), GFP_KERNEL); | |
3627 | if (!net->unx.table.locks) | |
3628 | goto err_proc; | |
3629 | ||
3630 | net->unx.table.buckets = kvmalloc_array(UNIX_HASH_SIZE, | |
3631 | sizeof(struct hlist_head), | |
3632 | GFP_KERNEL); | |
3633 | if (!net->unx.table.buckets) | |
3634 | goto free_locks; | |
3635 | ||
3636 | for (i = 0; i < UNIX_HASH_SIZE; i++) { | |
3637 | spin_lock_init(&net->unx.table.locks[i]); | |
3638 | INIT_HLIST_HEAD(&net->unx.table.buckets[i]); | |
1597fbc0 | 3639 | } |
b6e81138 KI |
3640 | |
3641 | return 0; | |
3642 | ||
3643 | free_locks: | |
3644 | kvfree(net->unx.table.locks); | |
3645 | err_proc: | |
3646 | #ifdef CONFIG_PROC_FS | |
3647 | remove_proc_entry("unix", net->proc_net); | |
3648 | err_sysctl: | |
097e66c5 | 3649 | #endif |
b6e81138 | 3650 | unix_sysctl_unregister(net); |
097e66c5 | 3651 | out: |
b6e81138 | 3652 | return -ENOMEM; |
097e66c5 DL |
3653 | } |
3654 | ||
2c8c1e72 | 3655 | static void __net_exit unix_net_exit(struct net *net) |
097e66c5 | 3656 | { |
b6e81138 KI |
3657 | kvfree(net->unx.table.buckets); |
3658 | kvfree(net->unx.table.locks); | |
1597fbc0 | 3659 | unix_sysctl_unregister(net); |
ece31ffd | 3660 | remove_proc_entry("unix", net->proc_net); |
097e66c5 DL |
3661 | } |
3662 | ||
3663 | static struct pernet_operations unix_net_ops = { | |
3664 | .init = unix_net_init, | |
3665 | .exit = unix_net_exit, | |
3666 | }; | |
3667 | ||
2c860a43 KI |
3668 | #if IS_BUILTIN(CONFIG_UNIX) && defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS) |
3669 | DEFINE_BPF_ITER_FUNC(unix, struct bpf_iter_meta *meta, | |
3670 | struct unix_sock *unix_sk, uid_t uid) | |
3671 | ||
855d8e77 KI |
3672 | #define INIT_BATCH_SZ 16 |
3673 | ||
3674 | static int bpf_iter_init_unix(void *priv_data, struct bpf_iter_aux_info *aux) | |
3675 | { | |
3676 | struct bpf_unix_iter_state *iter = priv_data; | |
3677 | int err; | |
3678 | ||
3679 | err = bpf_iter_init_seq_net(priv_data, aux); | |
3680 | if (err) | |
3681 | return err; | |
3682 | ||
3683 | err = bpf_iter_unix_realloc_batch(iter, INIT_BATCH_SZ); | |
3684 | if (err) { | |
3685 | bpf_iter_fini_seq_net(priv_data); | |
3686 | return err; | |
3687 | } | |
3688 | ||
3689 | return 0; | |
3690 | } | |
3691 | ||
3692 | static void bpf_iter_fini_unix(void *priv_data) | |
3693 | { | |
3694 | struct bpf_unix_iter_state *iter = priv_data; | |
3695 | ||
3696 | bpf_iter_fini_seq_net(priv_data); | |
3697 | kvfree(iter->batch); | |
3698 | } | |
3699 | ||
2c860a43 KI |
3700 | static const struct bpf_iter_seq_info unix_seq_info = { |
3701 | .seq_ops = &bpf_iter_unix_seq_ops, | |
855d8e77 KI |
3702 | .init_seq_private = bpf_iter_init_unix, |
3703 | .fini_seq_private = bpf_iter_fini_unix, | |
3704 | .seq_priv_size = sizeof(struct bpf_unix_iter_state), | |
2c860a43 KI |
3705 | }; |
3706 | ||
eb7d8f1d KI |
3707 | static const struct bpf_func_proto * |
3708 | bpf_iter_unix_get_func_proto(enum bpf_func_id func_id, | |
3709 | const struct bpf_prog *prog) | |
3710 | { | |
3711 | switch (func_id) { | |
3712 | case BPF_FUNC_setsockopt: | |
3713 | return &bpf_sk_setsockopt_proto; | |
3714 | case BPF_FUNC_getsockopt: | |
3715 | return &bpf_sk_getsockopt_proto; | |
3716 | default: | |
3717 | return NULL; | |
3718 | } | |
3719 | } | |
3720 | ||
2c860a43 KI |
3721 | static struct bpf_iter_reg unix_reg_info = { |
3722 | .target = "unix", | |
3723 | .ctx_arg_info_size = 1, | |
3724 | .ctx_arg_info = { | |
3725 | { offsetof(struct bpf_iter__unix, unix_sk), | |
3726 | PTR_TO_BTF_ID_OR_NULL }, | |
3727 | }, | |
eb7d8f1d | 3728 | .get_func_proto = bpf_iter_unix_get_func_proto, |
2c860a43 KI |
3729 | .seq_info = &unix_seq_info, |
3730 | }; | |
3731 | ||
3732 | static void __init bpf_iter_register(void) | |
3733 | { | |
3734 | unix_reg_info.ctx_arg_info[0].btf_id = btf_sock_ids[BTF_SOCK_TYPE_UNIX]; | |
3735 | if (bpf_iter_reg_target(&unix_reg_info)) | |
3736 | pr_warn("Warning: could not register bpf iterator unix\n"); | |
3737 | } | |
3738 | #endif | |
3739 | ||
1da177e4 LT |
3740 | static int __init af_unix_init(void) |
3741 | { | |
51bae889 | 3742 | int i, rc = -1; |
1da177e4 | 3743 | |
c593642c | 3744 | BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof_field(struct sk_buff, cb)); |
1da177e4 | 3745 | |
51bae889 KI |
3746 | for (i = 0; i < UNIX_HASH_SIZE / 2; i++) { |
3747 | spin_lock_init(&bsd_socket_locks[i]); | |
3748 | INIT_HLIST_HEAD(&bsd_socket_buckets[i]); | |
3749 | } | |
3750 | ||
94531cfc JW |
3751 | rc = proto_register(&unix_dgram_proto, 1); |
3752 | if (rc != 0) { | |
3753 | pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__); | |
3754 | goto out; | |
3755 | } | |
3756 | ||
3757 | rc = proto_register(&unix_stream_proto, 1); | |
ac7bfa62 | 3758 | if (rc != 0) { |
5cc208be | 3759 | pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__); |
73e341e0 | 3760 | proto_unregister(&unix_dgram_proto); |
1da177e4 LT |
3761 | goto out; |
3762 | } | |
3763 | ||
3764 | sock_register(&unix_family_ops); | |
097e66c5 | 3765 | register_pernet_subsys(&unix_net_ops); |
c6382918 | 3766 | unix_bpf_build_proto(); |
2c860a43 KI |
3767 | |
3768 | #if IS_BUILTIN(CONFIG_UNIX) && defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS) | |
3769 | bpf_iter_register(); | |
3770 | #endif | |
3771 | ||
1da177e4 LT |
3772 | out: |
3773 | return rc; | |
3774 | } | |
3775 | ||
3776 | static void __exit af_unix_exit(void) | |
3777 | { | |
3778 | sock_unregister(PF_UNIX); | |
94531cfc JW |
3779 | proto_unregister(&unix_dgram_proto); |
3780 | proto_unregister(&unix_stream_proto); | |
097e66c5 | 3781 | unregister_pernet_subsys(&unix_net_ops); |
1da177e4 LT |
3782 | } |
3783 | ||
3d366960 DW |
3784 | /* Earlier than device_initcall() so that other drivers invoking |
3785 | request_module() don't end up in a loop when modprobe tries | |
3786 | to use a UNIX socket. But later than subsys_initcall() because | |
3787 | we depend on stuff initialised there */ | |
3788 | fs_initcall(af_unix_init); | |
1da177e4 LT |
3789 | module_exit(af_unix_exit); |
3790 | ||
3791 | MODULE_LICENSE("GPL"); | |
3792 | MODULE_ALIAS_NETPROTO(PF_UNIX); |