2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #include <linux/module.h>
84 #include <linux/kernel.h>
85 #include <linux/signal.h>
86 #include <linux/sched.h>
87 #include <linux/errno.h>
88 #include <linux/string.h>
89 #include <linux/stat.h>
90 #include <linux/dcache.h>
91 #include <linux/namei.h>
92 #include <linux/socket.h>
94 #include <linux/fcntl.h>
95 #include <linux/termios.h>
96 #include <linux/sockios.h>
97 #include <linux/net.h>
100 #include <linux/slab.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <net/net_namespace.h>
105 #include <net/sock.h>
106 #include <net/tcp_states.h>
107 #include <net/af_unix.h>
108 #include <linux/proc_fs.h>
109 #include <linux/seq_file.h>
111 #include <linux/init.h>
112 #include <linux/poll.h>
113 #include <linux/rtnetlink.h>
114 #include <linux/mount.h>
115 #include <net/checksum.h>
116 #include <linux/security.h>
118 struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119 EXPORT_SYMBOL_GPL(unix_socket_table);
120 DEFINE_SPINLOCK(unix_table_lock);
121 EXPORT_SYMBOL_GPL(unix_table_lock);
122 static atomic_long_t unix_nr_socks;
124 #define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
126 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
128 #ifdef CONFIG_SECURITY_NETWORK
129 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
131 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
134 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
136 scm->secid = *UNIXSID(skb);
139 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
142 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
144 #endif /* CONFIG_SECURITY_NETWORK */
147 * SMP locking strategy:
148 * hash table is protected with spinlock unix_table_lock
149 * each socket state is protected by separate spin lock.
152 static inline unsigned unix_hash_fold(__wsum n)
154 unsigned hash = (__force unsigned)n;
157 return hash&(UNIX_HASH_SIZE-1);
160 #define unix_peer(sk) (unix_sk(sk)->peer)
162 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
164 return unix_peer(osk) == sk;
167 static inline int unix_may_send(struct sock *sk, struct sock *osk)
169 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
172 static inline int unix_recvq_full(struct sock const *sk)
174 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
177 struct sock *unix_peer_get(struct sock *s)
185 unix_state_unlock(s);
188 EXPORT_SYMBOL_GPL(unix_peer_get);
190 static inline void unix_release_addr(struct unix_address *addr)
192 if (atomic_dec_and_test(&addr->refcnt))
197 * Check unix socket name:
198 * - should be not zero length.
199 * - if started by not zero, should be NULL terminated (FS object)
200 * - if started by zero, it is abstract name.
203 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
205 if (len <= sizeof(short) || len > sizeof(*sunaddr))
207 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
209 if (sunaddr->sun_path[0]) {
211 * This may look like an off by one error but it is a bit more
212 * subtle. 108 is the longest valid AF_UNIX path for a binding.
213 * sun_path[108] doesn't as such exist. However in kernel space
214 * we are guaranteed that it is a valid memory location in our
215 * kernel address buffer.
217 ((char *)sunaddr)[len] = 0;
218 len = strlen(sunaddr->sun_path)+1+sizeof(short);
222 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
226 static void __unix_remove_socket(struct sock *sk)
228 sk_del_node_init(sk);
231 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
233 WARN_ON(!sk_unhashed(sk));
234 sk_add_node(sk, list);
237 static inline void unix_remove_socket(struct sock *sk)
239 spin_lock(&unix_table_lock);
240 __unix_remove_socket(sk);
241 spin_unlock(&unix_table_lock);
244 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
246 spin_lock(&unix_table_lock);
247 __unix_insert_socket(list, sk);
248 spin_unlock(&unix_table_lock);
251 static struct sock *__unix_find_socket_byname(struct net *net,
252 struct sockaddr_un *sunname,
253 int len, int type, unsigned hash)
256 struct hlist_node *node;
258 sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
259 struct unix_sock *u = unix_sk(s);
261 if (!net_eq(sock_net(s), net))
264 if (u->addr->len == len &&
265 !memcmp(u->addr->name, sunname, len))
273 static inline struct sock *unix_find_socket_byname(struct net *net,
274 struct sockaddr_un *sunname,
280 spin_lock(&unix_table_lock);
281 s = __unix_find_socket_byname(net, sunname, len, type, hash);
284 spin_unlock(&unix_table_lock);
288 static struct sock *unix_find_socket_byinode(struct inode *i)
291 struct hlist_node *node;
293 spin_lock(&unix_table_lock);
295 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
296 struct dentry *dentry = unix_sk(s)->path.dentry;
298 if (dentry && dentry->d_inode == i) {
305 spin_unlock(&unix_table_lock);
309 static inline int unix_writable(struct sock *sk)
311 return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
314 static void unix_write_space(struct sock *sk)
316 struct socket_wq *wq;
319 if (unix_writable(sk)) {
320 wq = rcu_dereference(sk->sk_wq);
321 if (wq_has_sleeper(wq))
322 wake_up_interruptible_sync_poll(&wq->wait,
323 POLLOUT | POLLWRNORM | POLLWRBAND);
324 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
329 /* When dgram socket disconnects (or changes its peer), we clear its receive
330 * queue of packets arrived from previous peer. First, it allows to do
331 * flow control based only on wmem_alloc; second, sk connected to peer
332 * may receive messages only from that peer. */
333 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
335 if (!skb_queue_empty(&sk->sk_receive_queue)) {
336 skb_queue_purge(&sk->sk_receive_queue);
337 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
339 /* If one link of bidirectional dgram pipe is disconnected,
340 * we signal error. Messages are lost. Do not make this,
341 * when peer was not connected to us.
343 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
344 other->sk_err = ECONNRESET;
345 other->sk_error_report(other);
350 static void unix_sock_destructor(struct sock *sk)
352 struct unix_sock *u = unix_sk(sk);
354 skb_queue_purge(&sk->sk_receive_queue);
356 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
357 WARN_ON(!sk_unhashed(sk));
358 WARN_ON(sk->sk_socket);
359 if (!sock_flag(sk, SOCK_DEAD)) {
360 printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
365 unix_release_addr(u->addr);
367 atomic_long_dec(&unix_nr_socks);
369 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
371 #ifdef UNIX_REFCNT_DEBUG
372 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
373 atomic_long_read(&unix_nr_socks));
377 static int unix_release_sock(struct sock *sk, int embrion)
379 struct unix_sock *u = unix_sk(sk);
385 unix_remove_socket(sk);
390 sk->sk_shutdown = SHUTDOWN_MASK;
392 u->path.dentry = NULL;
394 state = sk->sk_state;
395 sk->sk_state = TCP_CLOSE;
396 unix_state_unlock(sk);
398 wake_up_interruptible_all(&u->peer_wait);
400 skpair = unix_peer(sk);
402 if (skpair != NULL) {
403 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
404 unix_state_lock(skpair);
406 skpair->sk_shutdown = SHUTDOWN_MASK;
407 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
408 skpair->sk_err = ECONNRESET;
409 unix_state_unlock(skpair);
410 skpair->sk_state_change(skpair);
411 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
413 sock_put(skpair); /* It may now die */
414 unix_peer(sk) = NULL;
417 /* Try to flush out this socket. Throw out buffers at least */
419 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
420 if (state == TCP_LISTEN)
421 unix_release_sock(skb->sk, 1);
422 /* passed fds are erased in the kfree_skb hook */
431 /* ---- Socket is dead now and most probably destroyed ---- */
434 * Fixme: BSD difference: In BSD all sockets connected to use get
435 * ECONNRESET and we die on the spot. In Linux we behave
436 * like files and pipes do and wait for the last
439 * Can't we simply set sock->err?
441 * What the above comment does talk about? --ANK(980817)
444 if (unix_tot_inflight)
445 unix_gc(); /* Garbage collect fds */
450 static void init_peercred(struct sock *sk)
452 put_pid(sk->sk_peer_pid);
453 if (sk->sk_peer_cred)
454 put_cred(sk->sk_peer_cred);
455 sk->sk_peer_pid = get_pid(task_tgid(current));
456 sk->sk_peer_cred = get_current_cred();
459 static void copy_peercred(struct sock *sk, struct sock *peersk)
461 put_pid(sk->sk_peer_pid);
462 if (sk->sk_peer_cred)
463 put_cred(sk->sk_peer_cred);
464 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
465 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
468 static int unix_listen(struct socket *sock, int backlog)
471 struct sock *sk = sock->sk;
472 struct unix_sock *u = unix_sk(sk);
473 struct pid *old_pid = NULL;
474 const struct cred *old_cred = NULL;
477 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
478 goto out; /* Only stream/seqpacket sockets accept */
481 goto out; /* No listens on an unbound socket */
483 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
485 if (backlog > sk->sk_max_ack_backlog)
486 wake_up_interruptible_all(&u->peer_wait);
487 sk->sk_max_ack_backlog = backlog;
488 sk->sk_state = TCP_LISTEN;
489 /* set credentials so connect can copy them */
494 unix_state_unlock(sk);
502 static int unix_release(struct socket *);
503 static int unix_bind(struct socket *, struct sockaddr *, int);
504 static int unix_stream_connect(struct socket *, struct sockaddr *,
505 int addr_len, int flags);
506 static int unix_socketpair(struct socket *, struct socket *);
507 static int unix_accept(struct socket *, struct socket *, int);
508 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
509 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
510 static unsigned int unix_dgram_poll(struct file *, struct socket *,
512 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
513 static int unix_shutdown(struct socket *, int);
514 static int unix_stream_sendmsg(struct kiocb *, struct socket *,
515 struct msghdr *, size_t);
516 static int unix_stream_recvmsg(struct kiocb *, struct socket *,
517 struct msghdr *, size_t, int);
518 static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
519 struct msghdr *, size_t);
520 static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
521 struct msghdr *, size_t, int);
522 static int unix_dgram_connect(struct socket *, struct sockaddr *,
524 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
525 struct msghdr *, size_t);
526 static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
527 struct msghdr *, size_t, int);
529 static const struct proto_ops unix_stream_ops = {
531 .owner = THIS_MODULE,
532 .release = unix_release,
534 .connect = unix_stream_connect,
535 .socketpair = unix_socketpair,
536 .accept = unix_accept,
537 .getname = unix_getname,
540 .listen = unix_listen,
541 .shutdown = unix_shutdown,
542 .setsockopt = sock_no_setsockopt,
543 .getsockopt = sock_no_getsockopt,
544 .sendmsg = unix_stream_sendmsg,
545 .recvmsg = unix_stream_recvmsg,
546 .mmap = sock_no_mmap,
547 .sendpage = sock_no_sendpage,
550 static const struct proto_ops unix_dgram_ops = {
552 .owner = THIS_MODULE,
553 .release = unix_release,
555 .connect = unix_dgram_connect,
556 .socketpair = unix_socketpair,
557 .accept = sock_no_accept,
558 .getname = unix_getname,
559 .poll = unix_dgram_poll,
561 .listen = sock_no_listen,
562 .shutdown = unix_shutdown,
563 .setsockopt = sock_no_setsockopt,
564 .getsockopt = sock_no_getsockopt,
565 .sendmsg = unix_dgram_sendmsg,
566 .recvmsg = unix_dgram_recvmsg,
567 .mmap = sock_no_mmap,
568 .sendpage = sock_no_sendpage,
571 static const struct proto_ops unix_seqpacket_ops = {
573 .owner = THIS_MODULE,
574 .release = unix_release,
576 .connect = unix_stream_connect,
577 .socketpair = unix_socketpair,
578 .accept = unix_accept,
579 .getname = unix_getname,
580 .poll = unix_dgram_poll,
582 .listen = unix_listen,
583 .shutdown = unix_shutdown,
584 .setsockopt = sock_no_setsockopt,
585 .getsockopt = sock_no_getsockopt,
586 .sendmsg = unix_seqpacket_sendmsg,
587 .recvmsg = unix_seqpacket_recvmsg,
588 .mmap = sock_no_mmap,
589 .sendpage = sock_no_sendpage,
592 static struct proto unix_proto = {
594 .owner = THIS_MODULE,
595 .obj_size = sizeof(struct unix_sock),
599 * AF_UNIX sockets do not interact with hardware, hence they
600 * dont trigger interrupts - so it's safe for them to have
601 * bh-unsafe locking for their sk_receive_queue.lock. Split off
602 * this special lock-class by reinitializing the spinlock key:
604 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
606 static struct sock *unix_create1(struct net *net, struct socket *sock)
608 struct sock *sk = NULL;
611 atomic_long_inc(&unix_nr_socks);
612 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
615 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
619 sock_init_data(sock, sk);
620 lockdep_set_class(&sk->sk_receive_queue.lock,
621 &af_unix_sk_receive_queue_lock_key);
623 sk->sk_write_space = unix_write_space;
624 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
625 sk->sk_destruct = unix_sock_destructor;
627 u->path.dentry = NULL;
629 spin_lock_init(&u->lock);
630 atomic_long_set(&u->inflight, 0);
631 INIT_LIST_HEAD(&u->link);
632 mutex_init(&u->readlock); /* single task reading lock */
633 init_waitqueue_head(&u->peer_wait);
634 unix_insert_socket(unix_sockets_unbound, sk);
637 atomic_long_dec(&unix_nr_socks);
640 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
646 static int unix_create(struct net *net, struct socket *sock, int protocol,
649 if (protocol && protocol != PF_UNIX)
650 return -EPROTONOSUPPORT;
652 sock->state = SS_UNCONNECTED;
654 switch (sock->type) {
656 sock->ops = &unix_stream_ops;
659 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
663 sock->type = SOCK_DGRAM;
665 sock->ops = &unix_dgram_ops;
668 sock->ops = &unix_seqpacket_ops;
671 return -ESOCKTNOSUPPORT;
674 return unix_create1(net, sock) ? 0 : -ENOMEM;
677 static int unix_release(struct socket *sock)
679 struct sock *sk = sock->sk;
686 return unix_release_sock(sk, 0);
689 static int unix_autobind(struct socket *sock)
691 struct sock *sk = sock->sk;
692 struct net *net = sock_net(sk);
693 struct unix_sock *u = unix_sk(sk);
694 static u32 ordernum = 1;
695 struct unix_address *addr;
697 unsigned int retries = 0;
699 mutex_lock(&u->readlock);
706 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
710 addr->name->sun_family = AF_UNIX;
711 atomic_set(&addr->refcnt, 1);
714 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
715 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
717 spin_lock(&unix_table_lock);
718 ordernum = (ordernum+1)&0xFFFFF;
720 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
722 spin_unlock(&unix_table_lock);
724 * __unix_find_socket_byname() may take long time if many names
725 * are already in use.
728 /* Give up if all names seems to be in use. */
729 if (retries++ == 0xFFFFF) {
736 addr->hash ^= sk->sk_type;
738 __unix_remove_socket(sk);
740 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
741 spin_unlock(&unix_table_lock);
744 out: mutex_unlock(&u->readlock);
748 static struct sock *unix_find_other(struct net *net,
749 struct sockaddr_un *sunname, int len,
750 int type, unsigned hash, int *error)
756 if (sunname->sun_path[0]) {
758 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
761 inode = path.dentry->d_inode;
762 err = inode_permission(inode, MAY_WRITE);
767 if (!S_ISSOCK(inode->i_mode))
769 u = unix_find_socket_byinode(inode);
773 if (u->sk_type == type)
779 if (u->sk_type != type) {
785 u = unix_find_socket_byname(net, sunname, len, type, hash);
787 struct dentry *dentry;
788 dentry = unix_sk(u)->path.dentry;
790 touch_atime(&unix_sk(u)->path);
804 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
806 struct sock *sk = sock->sk;
807 struct net *net = sock_net(sk);
808 struct unix_sock *u = unix_sk(sk);
809 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
810 char *sun_path = sunaddr->sun_path;
811 struct dentry *dentry = NULL;
815 struct unix_address *addr;
816 struct hlist_head *list;
819 if (sunaddr->sun_family != AF_UNIX)
822 if (addr_len == sizeof(short)) {
823 err = unix_autobind(sock);
827 err = unix_mkname(sunaddr, addr_len, &hash);
832 mutex_lock(&u->readlock);
839 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
843 memcpy(addr->name, sunaddr, addr_len);
844 addr->len = addr_len;
845 addr->hash = hash ^ sk->sk_type;
846 atomic_set(&addr->refcnt, 1);
852 * Get the parent directory, calculate the hash for last
855 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
856 err = PTR_ERR(dentry);
858 goto out_mknod_parent;
861 * All right, let's create it.
864 (SOCK_INODE(sock)->i_mode & ~current_umask());
865 err = mnt_want_write(path.mnt);
868 err = security_path_mknod(&path, dentry, mode, 0);
870 goto out_mknod_drop_write;
871 err = vfs_mknod(path.dentry->d_inode, dentry, mode, 0);
872 out_mknod_drop_write:
873 mnt_drop_write(path.mnt);
876 mutex_unlock(&path.dentry->d_inode->i_mutex);
878 path.dentry = dentry;
880 addr->hash = UNIX_HASH_SIZE;
883 spin_lock(&unix_table_lock);
887 if (__unix_find_socket_byname(net, sunaddr, addr_len,
888 sk->sk_type, hash)) {
889 unix_release_addr(addr);
893 list = &unix_socket_table[addr->hash];
895 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
900 __unix_remove_socket(sk);
902 __unix_insert_socket(list, sk);
905 spin_unlock(&unix_table_lock);
907 mutex_unlock(&u->readlock);
913 mutex_unlock(&path.dentry->d_inode->i_mutex);
918 unix_release_addr(addr);
922 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
924 if (unlikely(sk1 == sk2) || !sk2) {
925 unix_state_lock(sk1);
929 unix_state_lock(sk1);
930 unix_state_lock_nested(sk2);
932 unix_state_lock(sk2);
933 unix_state_lock_nested(sk1);
937 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
939 if (unlikely(sk1 == sk2) || !sk2) {
940 unix_state_unlock(sk1);
943 unix_state_unlock(sk1);
944 unix_state_unlock(sk2);
947 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
950 struct sock *sk = sock->sk;
951 struct net *net = sock_net(sk);
952 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
957 if (addr->sa_family != AF_UNSPEC) {
958 err = unix_mkname(sunaddr, alen, &hash);
963 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
964 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
968 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
972 unix_state_double_lock(sk, other);
974 /* Apparently VFS overslept socket death. Retry. */
975 if (sock_flag(other, SOCK_DEAD)) {
976 unix_state_double_unlock(sk, other);
982 if (!unix_may_send(sk, other))
985 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
991 * 1003.1g breaking connected state with AF_UNSPEC
994 unix_state_double_lock(sk, other);
998 * If it was connected, reconnect.
1000 if (unix_peer(sk)) {
1001 struct sock *old_peer = unix_peer(sk);
1002 unix_peer(sk) = other;
1003 unix_state_double_unlock(sk, other);
1005 if (other != old_peer)
1006 unix_dgram_disconnected(sk, old_peer);
1009 unix_peer(sk) = other;
1010 unix_state_double_unlock(sk, other);
1015 unix_state_double_unlock(sk, other);
1021 static long unix_wait_for_peer(struct sock *other, long timeo)
1023 struct unix_sock *u = unix_sk(other);
1027 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1029 sched = !sock_flag(other, SOCK_DEAD) &&
1030 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1031 unix_recvq_full(other);
1033 unix_state_unlock(other);
1036 timeo = schedule_timeout(timeo);
1038 finish_wait(&u->peer_wait, &wait);
1042 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1043 int addr_len, int flags)
1045 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1046 struct sock *sk = sock->sk;
1047 struct net *net = sock_net(sk);
1048 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1049 struct sock *newsk = NULL;
1050 struct sock *other = NULL;
1051 struct sk_buff *skb = NULL;
1057 err = unix_mkname(sunaddr, addr_len, &hash);
1062 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1063 (err = unix_autobind(sock)) != 0)
1066 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1068 /* First of all allocate resources.
1069 If we will make it after state is locked,
1070 we will have to recheck all again in any case.
1075 /* create new sock for complete connection */
1076 newsk = unix_create1(sock_net(sk), NULL);
1080 /* Allocate skb for sending to listening sock */
1081 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1086 /* Find listening sock. */
1087 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1091 /* Latch state of peer */
1092 unix_state_lock(other);
1094 /* Apparently VFS overslept socket death. Retry. */
1095 if (sock_flag(other, SOCK_DEAD)) {
1096 unix_state_unlock(other);
1101 err = -ECONNREFUSED;
1102 if (other->sk_state != TCP_LISTEN)
1104 if (other->sk_shutdown & RCV_SHUTDOWN)
1107 if (unix_recvq_full(other)) {
1112 timeo = unix_wait_for_peer(other, timeo);
1114 err = sock_intr_errno(timeo);
1115 if (signal_pending(current))
1123 It is tricky place. We need to grab our state lock and cannot
1124 drop lock on peer. It is dangerous because deadlock is
1125 possible. Connect to self case and simultaneous
1126 attempt to connect are eliminated by checking socket
1127 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1128 check this before attempt to grab lock.
1130 Well, and we have to recheck the state after socket locked.
1136 /* This is ok... continue with connect */
1138 case TCP_ESTABLISHED:
1139 /* Socket is already connected */
1147 unix_state_lock_nested(sk);
1149 if (sk->sk_state != st) {
1150 unix_state_unlock(sk);
1151 unix_state_unlock(other);
1156 err = security_unix_stream_connect(sk, other, newsk);
1158 unix_state_unlock(sk);
1162 /* The way is open! Fastly set all the necessary fields... */
1165 unix_peer(newsk) = sk;
1166 newsk->sk_state = TCP_ESTABLISHED;
1167 newsk->sk_type = sk->sk_type;
1168 init_peercred(newsk);
1169 newu = unix_sk(newsk);
1170 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1171 otheru = unix_sk(other);
1173 /* copy address information from listening to new sock*/
1175 atomic_inc(&otheru->addr->refcnt);
1176 newu->addr = otheru->addr;
1178 if (otheru->path.dentry) {
1179 path_get(&otheru->path);
1180 newu->path = otheru->path;
1183 /* Set credentials */
1184 copy_peercred(sk, other);
1186 sock->state = SS_CONNECTED;
1187 sk->sk_state = TCP_ESTABLISHED;
1190 smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1191 unix_peer(sk) = newsk;
1193 unix_state_unlock(sk);
1195 /* take ten and and send info to listening sock */
1196 spin_lock(&other->sk_receive_queue.lock);
1197 __skb_queue_tail(&other->sk_receive_queue, skb);
1198 spin_unlock(&other->sk_receive_queue.lock);
1199 unix_state_unlock(other);
1200 other->sk_data_ready(other, 0);
1206 unix_state_unlock(other);
1211 unix_release_sock(newsk, 0);
1217 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1219 struct sock *ska = socka->sk, *skb = sockb->sk;
1221 /* Join our sockets back to back */
1224 unix_peer(ska) = skb;
1225 unix_peer(skb) = ska;
1229 if (ska->sk_type != SOCK_DGRAM) {
1230 ska->sk_state = TCP_ESTABLISHED;
1231 skb->sk_state = TCP_ESTABLISHED;
1232 socka->state = SS_CONNECTED;
1233 sockb->state = SS_CONNECTED;
1238 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1240 struct sock *sk = sock->sk;
1242 struct sk_buff *skb;
1246 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1250 if (sk->sk_state != TCP_LISTEN)
1253 /* If socket state is TCP_LISTEN it cannot change (for now...),
1254 * so that no locks are necessary.
1257 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1259 /* This means receive shutdown. */
1266 skb_free_datagram(sk, skb);
1267 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1269 /* attach accepted sock to socket */
1270 unix_state_lock(tsk);
1271 newsock->state = SS_CONNECTED;
1272 sock_graft(tsk, newsock);
1273 unix_state_unlock(tsk);
1281 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1283 struct sock *sk = sock->sk;
1284 struct unix_sock *u;
1285 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1289 sk = unix_peer_get(sk);
1300 unix_state_lock(sk);
1302 sunaddr->sun_family = AF_UNIX;
1303 sunaddr->sun_path[0] = 0;
1304 *uaddr_len = sizeof(short);
1306 struct unix_address *addr = u->addr;
1308 *uaddr_len = addr->len;
1309 memcpy(sunaddr, addr->name, *uaddr_len);
1311 unix_state_unlock(sk);
1317 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1321 scm->fp = UNIXCB(skb).fp;
1322 UNIXCB(skb).fp = NULL;
1324 for (i = scm->fp->count-1; i >= 0; i--)
1325 unix_notinflight(scm->fp->fp[i]);
1328 static void unix_destruct_scm(struct sk_buff *skb)
1330 struct scm_cookie scm;
1331 memset(&scm, 0, sizeof(scm));
1332 scm.pid = UNIXCB(skb).pid;
1333 scm.cred = UNIXCB(skb).cred;
1335 unix_detach_fds(&scm, skb);
1337 /* Alas, it calls VFS */
1338 /* So fscking what? fput() had been SMP-safe since the last Summer */
1343 #define MAX_RECURSION_LEVEL 4
1345 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1348 unsigned char max_level = 0;
1349 int unix_sock_count = 0;
1351 for (i = scm->fp->count - 1; i >= 0; i--) {
1352 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1356 max_level = max(max_level,
1357 unix_sk(sk)->recursion_level);
1360 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1361 return -ETOOMANYREFS;
1364 * Need to duplicate file references for the sake of garbage
1365 * collection. Otherwise a socket in the fps might become a
1366 * candidate for GC while the skb is not yet queued.
1368 UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1369 if (!UNIXCB(skb).fp)
1372 if (unix_sock_count) {
1373 for (i = scm->fp->count - 1; i >= 0; i--)
1374 unix_inflight(scm->fp->fp[i]);
1379 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1383 UNIXCB(skb).pid = get_pid(scm->pid);
1385 UNIXCB(skb).cred = get_cred(scm->cred);
1386 UNIXCB(skb).fp = NULL;
1387 if (scm->fp && send_fds)
1388 err = unix_attach_fds(scm, skb);
1390 skb->destructor = unix_destruct_scm;
1395 * Some apps rely on write() giving SCM_CREDENTIALS
1396 * We include credentials if source or destination socket
1397 * asserted SOCK_PASSCRED.
1399 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1400 const struct sock *other)
1402 if (UNIXCB(skb).cred)
1404 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1405 !other->sk_socket ||
1406 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1407 UNIXCB(skb).pid = get_pid(task_tgid(current));
1408 UNIXCB(skb).cred = get_current_cred();
1413 * Send AF_UNIX data.
1416 static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1417 struct msghdr *msg, size_t len)
1419 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1420 struct sock *sk = sock->sk;
1421 struct net *net = sock_net(sk);
1422 struct unix_sock *u = unix_sk(sk);
1423 struct sockaddr_un *sunaddr = msg->msg_name;
1424 struct sock *other = NULL;
1425 int namelen = 0; /* fake GCC */
1428 struct sk_buff *skb;
1430 struct scm_cookie tmp_scm;
1433 if (NULL == siocb->scm)
1434 siocb->scm = &tmp_scm;
1436 err = scm_send(sock, msg, siocb->scm);
1441 if (msg->msg_flags&MSG_OOB)
1444 if (msg->msg_namelen) {
1445 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1452 other = unix_peer_get(sk);
1457 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1458 && (err = unix_autobind(sock)) != 0)
1462 if (len > sk->sk_sndbuf - 32)
1465 skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
1469 err = unix_scm_to_skb(siocb->scm, skb, true);
1472 max_level = err + 1;
1473 unix_get_secdata(siocb->scm, skb);
1475 skb_reset_transport_header(skb);
1476 err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
1480 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1485 if (sunaddr == NULL)
1488 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1494 if (sk_filter(other, skb) < 0) {
1495 /* Toss the packet but do not return any error to the sender */
1500 unix_state_lock(other);
1502 if (!unix_may_send(sk, other))
1505 if (sock_flag(other, SOCK_DEAD)) {
1507 * Check with 1003.1g - what should
1510 unix_state_unlock(other);
1514 unix_state_lock(sk);
1515 if (unix_peer(sk) == other) {
1516 unix_peer(sk) = NULL;
1517 unix_state_unlock(sk);
1519 unix_dgram_disconnected(sk, other);
1521 err = -ECONNREFUSED;
1523 unix_state_unlock(sk);
1533 if (other->sk_shutdown & RCV_SHUTDOWN)
1536 if (sk->sk_type != SOCK_SEQPACKET) {
1537 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1542 if (unix_peer(other) != sk && unix_recvq_full(other)) {
1548 timeo = unix_wait_for_peer(other, timeo);
1550 err = sock_intr_errno(timeo);
1551 if (signal_pending(current))
1557 if (sock_flag(other, SOCK_RCVTSTAMP))
1558 __net_timestamp(skb);
1559 maybe_add_creds(skb, sock, other);
1560 skb_queue_tail(&other->sk_receive_queue, skb);
1561 if (max_level > unix_sk(other)->recursion_level)
1562 unix_sk(other)->recursion_level = max_level;
1563 unix_state_unlock(other);
1564 other->sk_data_ready(other, len);
1566 scm_destroy(siocb->scm);
1570 unix_state_unlock(other);
1576 scm_destroy(siocb->scm);
1581 static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1582 struct msghdr *msg, size_t len)
1584 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1585 struct sock *sk = sock->sk;
1586 struct sock *other = NULL;
1588 struct sk_buff *skb;
1590 struct scm_cookie tmp_scm;
1591 bool fds_sent = false;
1594 if (NULL == siocb->scm)
1595 siocb->scm = &tmp_scm;
1597 err = scm_send(sock, msg, siocb->scm);
1602 if (msg->msg_flags&MSG_OOB)
1605 if (msg->msg_namelen) {
1606 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1610 other = unix_peer(sk);
1615 if (sk->sk_shutdown & SEND_SHUTDOWN)
1618 while (sent < len) {
1620 * Optimisation for the fact that under 0.01% of X
1621 * messages typically need breaking up.
1626 /* Keep two messages in the pipe so it schedules better */
1627 if (size > ((sk->sk_sndbuf >> 1) - 64))
1628 size = (sk->sk_sndbuf >> 1) - 64;
1630 if (size > SKB_MAX_ALLOC)
1631 size = SKB_MAX_ALLOC;
1637 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1644 * If you pass two values to the sock_alloc_send_skb
1645 * it tries to grab the large buffer with GFP_NOFS
1646 * (which can fail easily), and if it fails grab the
1647 * fallback size buffer which is under a page and will
1650 size = min_t(int, size, skb_tailroom(skb));
1653 /* Only send the fds in the first buffer */
1654 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1659 max_level = err + 1;
1662 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1668 unix_state_lock(other);
1670 if (sock_flag(other, SOCK_DEAD) ||
1671 (other->sk_shutdown & RCV_SHUTDOWN))
1674 maybe_add_creds(skb, sock, other);
1675 skb_queue_tail(&other->sk_receive_queue, skb);
1676 if (max_level > unix_sk(other)->recursion_level)
1677 unix_sk(other)->recursion_level = max_level;
1678 unix_state_unlock(other);
1679 other->sk_data_ready(other, size);
1683 scm_destroy(siocb->scm);
1689 unix_state_unlock(other);
1692 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1693 send_sig(SIGPIPE, current, 0);
1696 scm_destroy(siocb->scm);
1698 return sent ? : err;
1701 static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1702 struct msghdr *msg, size_t len)
1705 struct sock *sk = sock->sk;
1707 err = sock_error(sk);
1711 if (sk->sk_state != TCP_ESTABLISHED)
1714 if (msg->msg_namelen)
1715 msg->msg_namelen = 0;
1717 return unix_dgram_sendmsg(kiocb, sock, msg, len);
1720 static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1721 struct msghdr *msg, size_t size,
1724 struct sock *sk = sock->sk;
1726 if (sk->sk_state != TCP_ESTABLISHED)
1729 return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1732 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1734 struct unix_sock *u = unix_sk(sk);
1736 msg->msg_namelen = 0;
1738 msg->msg_namelen = u->addr->len;
1739 memcpy(msg->msg_name, u->addr->name, u->addr->len);
1743 static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1744 struct msghdr *msg, size_t size,
1747 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1748 struct scm_cookie tmp_scm;
1749 struct sock *sk = sock->sk;
1750 struct unix_sock *u = unix_sk(sk);
1751 int noblock = flags & MSG_DONTWAIT;
1752 struct sk_buff *skb;
1759 msg->msg_namelen = 0;
1761 err = mutex_lock_interruptible(&u->readlock);
1763 err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1767 skb = skb_recv_datagram(sk, flags, noblock, &err);
1769 unix_state_lock(sk);
1770 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1771 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1772 (sk->sk_shutdown & RCV_SHUTDOWN))
1774 unix_state_unlock(sk);
1778 wake_up_interruptible_sync_poll(&u->peer_wait,
1779 POLLOUT | POLLWRNORM | POLLWRBAND);
1782 unix_copy_addr(msg, skb->sk);
1784 if (size > skb->len)
1786 else if (size < skb->len)
1787 msg->msg_flags |= MSG_TRUNC;
1789 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1793 if (sock_flag(sk, SOCK_RCVTSTAMP))
1794 __sock_recv_timestamp(msg, sk, skb);
1797 siocb->scm = &tmp_scm;
1798 memset(&tmp_scm, 0, sizeof(tmp_scm));
1800 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1801 unix_set_secdata(siocb->scm, skb);
1803 if (!(flags & MSG_PEEK)) {
1805 unix_detach_fds(siocb->scm, skb);
1807 /* It is questionable: on PEEK we could:
1808 - do not return fds - good, but too simple 8)
1809 - return fds, and do not return them on read (old strategy,
1811 - clone fds (I chose it for now, it is the most universal
1814 POSIX 1003.1g does not actually define this clearly
1815 at all. POSIX 1003.1g doesn't define a lot of things
1820 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1824 scm_recv(sock, msg, siocb->scm, flags);
1827 skb_free_datagram(sk, skb);
1829 mutex_unlock(&u->readlock);
1835 * Sleep until data has arrive. But check for races..
1838 static long unix_stream_data_wait(struct sock *sk, long timeo)
1842 unix_state_lock(sk);
1845 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1847 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1849 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1850 signal_pending(current) ||
1854 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1855 unix_state_unlock(sk);
1856 timeo = schedule_timeout(timeo);
1857 unix_state_lock(sk);
1858 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1861 finish_wait(sk_sleep(sk), &wait);
1862 unix_state_unlock(sk);
1868 static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1869 struct msghdr *msg, size_t size,
1872 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1873 struct scm_cookie tmp_scm;
1874 struct sock *sk = sock->sk;
1875 struct unix_sock *u = unix_sk(sk);
1876 struct sockaddr_un *sunaddr = msg->msg_name;
1878 int check_creds = 0;
1884 if (sk->sk_state != TCP_ESTABLISHED)
1891 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1892 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1894 msg->msg_namelen = 0;
1896 /* Lock the socket to prevent queue disordering
1897 * while sleeps in memcpy_tomsg
1901 siocb->scm = &tmp_scm;
1902 memset(&tmp_scm, 0, sizeof(tmp_scm));
1905 err = mutex_lock_interruptible(&u->readlock);
1907 err = sock_intr_errno(timeo);
1913 struct sk_buff *skb;
1915 unix_state_lock(sk);
1916 skb = skb_peek(&sk->sk_receive_queue);
1918 unix_sk(sk)->recursion_level = 0;
1919 if (copied >= target)
1923 * POSIX 1003.1g mandates this order.
1926 err = sock_error(sk);
1929 if (sk->sk_shutdown & RCV_SHUTDOWN)
1932 unix_state_unlock(sk);
1936 mutex_unlock(&u->readlock);
1938 timeo = unix_stream_data_wait(sk, timeo);
1940 if (signal_pending(current)
1941 || mutex_lock_interruptible(&u->readlock)) {
1942 err = sock_intr_errno(timeo);
1948 unix_state_unlock(sk);
1951 unix_state_unlock(sk);
1954 /* Never glue messages from different writers */
1955 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1956 (UNIXCB(skb).cred != siocb->scm->cred))
1959 /* Copy credentials */
1960 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1964 /* Copy address just once */
1966 unix_copy_addr(msg, skb->sk);
1970 chunk = min_t(unsigned int, skb->len, size);
1971 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1979 /* Mark read part of skb as used */
1980 if (!(flags & MSG_PEEK)) {
1981 skb_pull(skb, chunk);
1984 unix_detach_fds(siocb->scm, skb);
1989 skb_unlink(skb, &sk->sk_receive_queue);
1995 /* It is questionable, see note in unix_dgram_recvmsg.
1998 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
2004 mutex_unlock(&u->readlock);
2005 scm_recv(sock, msg, siocb->scm, flags);
2007 return copied ? : err;
2010 static int unix_shutdown(struct socket *sock, int mode)
2012 struct sock *sk = sock->sk;
2015 mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
2020 unix_state_lock(sk);
2021 sk->sk_shutdown |= mode;
2022 other = unix_peer(sk);
2025 unix_state_unlock(sk);
2026 sk->sk_state_change(sk);
2029 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2033 if (mode&RCV_SHUTDOWN)
2034 peer_mode |= SEND_SHUTDOWN;
2035 if (mode&SEND_SHUTDOWN)
2036 peer_mode |= RCV_SHUTDOWN;
2037 unix_state_lock(other);
2038 other->sk_shutdown |= peer_mode;
2039 unix_state_unlock(other);
2040 other->sk_state_change(other);
2041 if (peer_mode == SHUTDOWN_MASK)
2042 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2043 else if (peer_mode & RCV_SHUTDOWN)
2044 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2052 long unix_inq_len(struct sock *sk)
2054 struct sk_buff *skb;
2057 if (sk->sk_state == TCP_LISTEN)
2060 spin_lock(&sk->sk_receive_queue.lock);
2061 if (sk->sk_type == SOCK_STREAM ||
2062 sk->sk_type == SOCK_SEQPACKET) {
2063 skb_queue_walk(&sk->sk_receive_queue, skb)
2066 skb = skb_peek(&sk->sk_receive_queue);
2070 spin_unlock(&sk->sk_receive_queue.lock);
2074 EXPORT_SYMBOL_GPL(unix_inq_len);
2076 long unix_outq_len(struct sock *sk)
2078 return sk_wmem_alloc_get(sk);
2080 EXPORT_SYMBOL_GPL(unix_outq_len);
2082 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2084 struct sock *sk = sock->sk;
2090 amount = unix_outq_len(sk);
2091 err = put_user(amount, (int __user *)arg);
2094 amount = unix_inq_len(sk);
2098 err = put_user(amount, (int __user *)arg);
2107 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2109 struct sock *sk = sock->sk;
2112 sock_poll_wait(file, sk_sleep(sk), wait);
2115 /* exceptional events? */
2118 if (sk->sk_shutdown == SHUTDOWN_MASK)
2120 if (sk->sk_shutdown & RCV_SHUTDOWN)
2121 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2124 if (!skb_queue_empty(&sk->sk_receive_queue))
2125 mask |= POLLIN | POLLRDNORM;
2127 /* Connection-based need to check for termination and startup */
2128 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2129 sk->sk_state == TCP_CLOSE)
2133 * we set writable also when the other side has shut down the
2134 * connection. This prevents stuck sockets.
2136 if (unix_writable(sk))
2137 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2142 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2145 struct sock *sk = sock->sk, *other;
2146 unsigned int mask, writable;
2148 sock_poll_wait(file, sk_sleep(sk), wait);
2151 /* exceptional events? */
2152 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2154 if (sk->sk_shutdown & RCV_SHUTDOWN)
2155 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2156 if (sk->sk_shutdown == SHUTDOWN_MASK)
2160 if (!skb_queue_empty(&sk->sk_receive_queue))
2161 mask |= POLLIN | POLLRDNORM;
2163 /* Connection-based need to check for termination and startup */
2164 if (sk->sk_type == SOCK_SEQPACKET) {
2165 if (sk->sk_state == TCP_CLOSE)
2167 /* connection hasn't started yet? */
2168 if (sk->sk_state == TCP_SYN_SENT)
2172 /* No write status requested, avoid expensive OUT tests. */
2173 if (wait && !(wait->key & (POLLWRBAND | POLLWRNORM | POLLOUT)))
2176 writable = unix_writable(sk);
2177 other = unix_peer_get(sk);
2179 if (unix_peer(other) != sk) {
2180 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2181 if (unix_recvq_full(other))
2188 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2190 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2195 #ifdef CONFIG_PROC_FS
2196 static struct sock *first_unix_socket(int *i)
2198 for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
2199 if (!hlist_empty(&unix_socket_table[*i]))
2200 return __sk_head(&unix_socket_table[*i]);
2205 static struct sock *next_unix_socket(int *i, struct sock *s)
2207 struct sock *next = sk_next(s);
2208 /* More in this chain? */
2211 /* Look for next non-empty chain. */
2212 for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
2213 if (!hlist_empty(&unix_socket_table[*i]))
2214 return __sk_head(&unix_socket_table[*i]);
2219 struct unix_iter_state {
2220 struct seq_net_private p;
2224 static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos)
2226 struct unix_iter_state *iter = seq->private;
2230 for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
2231 if (sock_net(s) != seq_file_net(seq))
2240 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2241 __acquires(unix_table_lock)
2243 spin_lock(&unix_table_lock);
2244 return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2247 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2249 struct unix_iter_state *iter = seq->private;
2250 struct sock *sk = v;
2253 if (v == SEQ_START_TOKEN)
2254 sk = first_unix_socket(&iter->i);
2256 sk = next_unix_socket(&iter->i, sk);
2257 while (sk && (sock_net(sk) != seq_file_net(seq)))
2258 sk = next_unix_socket(&iter->i, sk);
2262 static void unix_seq_stop(struct seq_file *seq, void *v)
2263 __releases(unix_table_lock)
2265 spin_unlock(&unix_table_lock);
2268 static int unix_seq_show(struct seq_file *seq, void *v)
2271 if (v == SEQ_START_TOKEN)
2272 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2276 struct unix_sock *u = unix_sk(s);
2279 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2281 atomic_read(&s->sk_refcnt),
2283 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2286 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2287 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2295 len = u->addr->len - sizeof(short);
2296 if (!UNIX_ABSTRACT(s))
2302 for ( ; i < len; i++)
2303 seq_putc(seq, u->addr->name->sun_path[i]);
2305 unix_state_unlock(s);
2306 seq_putc(seq, '\n');
2312 static const struct seq_operations unix_seq_ops = {
2313 .start = unix_seq_start,
2314 .next = unix_seq_next,
2315 .stop = unix_seq_stop,
2316 .show = unix_seq_show,
2319 static int unix_seq_open(struct inode *inode, struct file *file)
2321 return seq_open_net(inode, file, &unix_seq_ops,
2322 sizeof(struct unix_iter_state));
2325 static const struct file_operations unix_seq_fops = {
2326 .owner = THIS_MODULE,
2327 .open = unix_seq_open,
2329 .llseek = seq_lseek,
2330 .release = seq_release_net,
2335 static const struct net_proto_family unix_family_ops = {
2337 .create = unix_create,
2338 .owner = THIS_MODULE,
2342 static int __net_init unix_net_init(struct net *net)
2344 int error = -ENOMEM;
2346 net->unx.sysctl_max_dgram_qlen = 10;
2347 if (unix_sysctl_register(net))
2350 #ifdef CONFIG_PROC_FS
2351 if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2352 unix_sysctl_unregister(net);
2361 static void __net_exit unix_net_exit(struct net *net)
2363 unix_sysctl_unregister(net);
2364 proc_net_remove(net, "unix");
2367 static struct pernet_operations unix_net_ops = {
2368 .init = unix_net_init,
2369 .exit = unix_net_exit,
2372 static int __init af_unix_init(void)
2375 struct sk_buff *dummy_skb;
2377 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2379 rc = proto_register(&unix_proto, 1);
2381 printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2386 sock_register(&unix_family_ops);
2387 register_pernet_subsys(&unix_net_ops);
2392 static void __exit af_unix_exit(void)
2394 sock_unregister(PF_UNIX);
2395 proto_unregister(&unix_proto);
2396 unregister_pernet_subsys(&unix_net_ops);
2399 /* Earlier than device_initcall() so that other drivers invoking
2400 request_module() don't end up in a loop when modprobe tries
2401 to use a UNIX socket. But later than subsys_initcall() because
2402 we depend on stuff initialised there */
2403 fs_initcall(af_unix_init);
2404 module_exit(af_unix_exit);
2406 MODULE_LICENSE("GPL");
2407 MODULE_ALIAS_NETPROTO(PF_UNIX);
projects / linux-block.git / blob