2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #include <linux/module.h>
84 #include <linux/kernel.h>
85 #include <linux/signal.h>
86 #include <linux/sched.h>
87 #include <linux/errno.h>
88 #include <linux/string.h>
89 #include <linux/stat.h>
90 #include <linux/dcache.h>
91 #include <linux/namei.h>
92 #include <linux/socket.h>
94 #include <linux/fcntl.h>
95 #include <linux/termios.h>
96 #include <linux/sockios.h>
97 #include <linux/net.h>
100 #include <linux/slab.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <net/net_namespace.h>
105 #include <net/sock.h>
106 #include <net/tcp_states.h>
107 #include <net/af_unix.h>
108 #include <linux/proc_fs.h>
109 #include <linux/seq_file.h>
111 #include <linux/init.h>
112 #include <linux/poll.h>
113 #include <linux/rtnetlink.h>
114 #include <linux/mount.h>
115 #include <net/checksum.h>
116 #include <linux/security.h>
118 static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119 static DEFINE_SPINLOCK(unix_table_lock);
120 static atomic_long_t unix_nr_socks;
122 #define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
124 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
126 #ifdef CONFIG_SECURITY_NETWORK
127 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
129 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
132 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
134 scm->secid = *UNIXSID(skb);
137 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
140 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
142 #endif /* CONFIG_SECURITY_NETWORK */
145 * SMP locking strategy:
146 * hash table is protected with spinlock unix_table_lock
147 * each socket state is protected by separate spin lock.
150 static inline unsigned unix_hash_fold(__wsum n)
152 unsigned hash = (__force unsigned)n;
155 return hash&(UNIX_HASH_SIZE-1);
158 #define unix_peer(sk) (unix_sk(sk)->peer)
160 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
162 return unix_peer(osk) == sk;
165 static inline int unix_may_send(struct sock *sk, struct sock *osk)
167 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
170 static inline int unix_recvq_full(struct sock const *sk)
172 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
175 static struct sock *unix_peer_get(struct sock *s)
183 unix_state_unlock(s);
187 static inline void unix_release_addr(struct unix_address *addr)
189 if (atomic_dec_and_test(&addr->refcnt))
194 * Check unix socket name:
195 * - should be not zero length.
196 * - if started by not zero, should be NULL terminated (FS object)
197 * - if started by zero, it is abstract name.
200 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
202 if (len <= sizeof(short) || len > sizeof(*sunaddr))
204 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
206 if (sunaddr->sun_path[0]) {
208 * This may look like an off by one error but it is a bit more
209 * subtle. 108 is the longest valid AF_UNIX path for a binding.
210 * sun_path[108] doesn't as such exist. However in kernel space
211 * we are guaranteed that it is a valid memory location in our
212 * kernel address buffer.
214 ((char *)sunaddr)[len] = 0;
215 len = strlen(sunaddr->sun_path)+1+sizeof(short);
219 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
223 static void __unix_remove_socket(struct sock *sk)
225 sk_del_node_init(sk);
228 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
230 WARN_ON(!sk_unhashed(sk));
231 sk_add_node(sk, list);
234 static inline void unix_remove_socket(struct sock *sk)
236 spin_lock(&unix_table_lock);
237 __unix_remove_socket(sk);
238 spin_unlock(&unix_table_lock);
241 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
243 spin_lock(&unix_table_lock);
244 __unix_insert_socket(list, sk);
245 spin_unlock(&unix_table_lock);
248 static struct sock *__unix_find_socket_byname(struct net *net,
249 struct sockaddr_un *sunname,
250 int len, int type, unsigned hash)
253 struct hlist_node *node;
255 sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
256 struct unix_sock *u = unix_sk(s);
258 if (!net_eq(sock_net(s), net))
261 if (u->addr->len == len &&
262 !memcmp(u->addr->name, sunname, len))
270 static inline struct sock *unix_find_socket_byname(struct net *net,
271 struct sockaddr_un *sunname,
277 spin_lock(&unix_table_lock);
278 s = __unix_find_socket_byname(net, sunname, len, type, hash);
281 spin_unlock(&unix_table_lock);
285 static struct sock *unix_find_socket_byinode(struct inode *i)
288 struct hlist_node *node;
290 spin_lock(&unix_table_lock);
292 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
293 struct dentry *dentry = unix_sk(s)->dentry;
295 if (dentry && dentry->d_inode == i) {
302 spin_unlock(&unix_table_lock);
306 static inline int unix_writable(struct sock *sk)
308 return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
311 static void unix_write_space(struct sock *sk)
313 struct socket_wq *wq;
316 if (unix_writable(sk)) {
317 wq = rcu_dereference(sk->sk_wq);
318 if (wq_has_sleeper(wq))
319 wake_up_interruptible_sync_poll(&wq->wait,
320 POLLOUT | POLLWRNORM | POLLWRBAND);
321 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
326 /* When dgram socket disconnects (or changes its peer), we clear its receive
327 * queue of packets arrived from previous peer. First, it allows to do
328 * flow control based only on wmem_alloc; second, sk connected to peer
329 * may receive messages only from that peer. */
330 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
332 if (!skb_queue_empty(&sk->sk_receive_queue)) {
333 skb_queue_purge(&sk->sk_receive_queue);
334 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
336 /* If one link of bidirectional dgram pipe is disconnected,
337 * we signal error. Messages are lost. Do not make this,
338 * when peer was not connected to us.
340 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
341 other->sk_err = ECONNRESET;
342 other->sk_error_report(other);
347 static void unix_sock_destructor(struct sock *sk)
349 struct unix_sock *u = unix_sk(sk);
351 skb_queue_purge(&sk->sk_receive_queue);
353 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
354 WARN_ON(!sk_unhashed(sk));
355 WARN_ON(sk->sk_socket);
356 if (!sock_flag(sk, SOCK_DEAD)) {
357 printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
362 unix_release_addr(u->addr);
364 atomic_long_dec(&unix_nr_socks);
366 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
368 #ifdef UNIX_REFCNT_DEBUG
369 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
370 atomic_long_read(&unix_nr_socks));
374 static void unix_release_sock(struct sock *sk, int embrion)
376 struct unix_sock *u = unix_sk(sk);
377 struct dentry *dentry;
378 struct vfsmount *mnt;
383 unix_remove_socket(sk);
388 sk->sk_shutdown = SHUTDOWN_MASK;
393 state = sk->sk_state;
394 sk->sk_state = TCP_CLOSE;
395 unix_state_unlock(sk);
397 wake_up_interruptible_all(&u->peer_wait);
399 skpair = unix_peer(sk);
401 if (skpair != NULL) {
402 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
403 unix_state_lock(skpair);
405 skpair->sk_shutdown = SHUTDOWN_MASK;
406 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
407 skpair->sk_err = ECONNRESET;
408 unix_state_unlock(skpair);
409 skpair->sk_state_change(skpair);
410 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
412 sock_put(skpair); /* It may now die */
413 unix_peer(sk) = NULL;
416 /* Try to flush out this socket. Throw out buffers at least */
418 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
419 if (state == TCP_LISTEN)
420 unix_release_sock(skb->sk, 1);
421 /* passed fds are erased in the kfree_skb hook */
432 /* ---- Socket is dead now and most probably destroyed ---- */
435 * Fixme: BSD difference: In BSD all sockets connected to use get
436 * ECONNRESET and we die on the spot. In Linux we behave
437 * like files and pipes do and wait for the last
440 * Can't we simply set sock->err?
442 * What the above comment does talk about? --ANK(980817)
445 if (unix_tot_inflight)
446 unix_gc(); /* Garbage collect fds */
449 static void init_peercred(struct sock *sk)
451 put_pid(sk->sk_peer_pid);
452 if (sk->sk_peer_cred)
453 put_cred(sk->sk_peer_cred);
454 sk->sk_peer_pid = get_pid(task_tgid(current));
455 sk->sk_peer_cred = get_current_cred();
458 static void copy_peercred(struct sock *sk, struct sock *peersk)
460 put_pid(sk->sk_peer_pid);
461 if (sk->sk_peer_cred)
462 put_cred(sk->sk_peer_cred);
463 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
464 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
467 static int unix_listen(struct socket *sock, int backlog)
470 struct sock *sk = sock->sk;
471 struct unix_sock *u = unix_sk(sk);
472 struct pid *old_pid = NULL;
473 const struct cred *old_cred = NULL;
476 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
477 goto out; /* Only stream/seqpacket sockets accept */
480 goto out; /* No listens on an unbound socket */
482 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
484 if (backlog > sk->sk_max_ack_backlog)
485 wake_up_interruptible_all(&u->peer_wait);
486 sk->sk_max_ack_backlog = backlog;
487 sk->sk_state = TCP_LISTEN;
488 /* set credentials so connect can copy them */
493 unix_state_unlock(sk);
501 static int unix_release(struct socket *);
502 static int unix_bind(struct socket *, struct sockaddr *, int);
503 static int unix_stream_connect(struct socket *, struct sockaddr *,
504 int addr_len, int flags);
505 static int unix_socketpair(struct socket *, struct socket *);
506 static int unix_accept(struct socket *, struct socket *, int);
507 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
508 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
509 static unsigned int unix_dgram_poll(struct file *, struct socket *,
511 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
512 static int unix_shutdown(struct socket *, int);
513 static int unix_stream_sendmsg(struct kiocb *, struct socket *,
514 struct msghdr *, size_t);
515 static int unix_stream_recvmsg(struct kiocb *, struct socket *,
516 struct msghdr *, size_t, int);
517 static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
518 struct msghdr *, size_t);
519 static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
520 struct msghdr *, size_t, int);
521 static int unix_dgram_connect(struct socket *, struct sockaddr *,
523 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
524 struct msghdr *, size_t);
525 static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
526 struct msghdr *, size_t, int);
528 static const struct proto_ops unix_stream_ops = {
530 .owner = THIS_MODULE,
531 .release = unix_release,
533 .connect = unix_stream_connect,
534 .socketpair = unix_socketpair,
535 .accept = unix_accept,
536 .getname = unix_getname,
539 .listen = unix_listen,
540 .shutdown = unix_shutdown,
541 .setsockopt = sock_no_setsockopt,
542 .getsockopt = sock_no_getsockopt,
543 .sendmsg = unix_stream_sendmsg,
544 .recvmsg = unix_stream_recvmsg,
545 .mmap = sock_no_mmap,
546 .sendpage = sock_no_sendpage,
549 static const struct proto_ops unix_dgram_ops = {
551 .owner = THIS_MODULE,
552 .release = unix_release,
554 .connect = unix_dgram_connect,
555 .socketpair = unix_socketpair,
556 .accept = sock_no_accept,
557 .getname = unix_getname,
558 .poll = unix_dgram_poll,
560 .listen = sock_no_listen,
561 .shutdown = unix_shutdown,
562 .setsockopt = sock_no_setsockopt,
563 .getsockopt = sock_no_getsockopt,
564 .sendmsg = unix_dgram_sendmsg,
565 .recvmsg = unix_dgram_recvmsg,
566 .mmap = sock_no_mmap,
567 .sendpage = sock_no_sendpage,
570 static const struct proto_ops unix_seqpacket_ops = {
572 .owner = THIS_MODULE,
573 .release = unix_release,
575 .connect = unix_stream_connect,
576 .socketpair = unix_socketpair,
577 .accept = unix_accept,
578 .getname = unix_getname,
579 .poll = unix_dgram_poll,
581 .listen = unix_listen,
582 .shutdown = unix_shutdown,
583 .setsockopt = sock_no_setsockopt,
584 .getsockopt = sock_no_getsockopt,
585 .sendmsg = unix_seqpacket_sendmsg,
586 .recvmsg = unix_seqpacket_recvmsg,
587 .mmap = sock_no_mmap,
588 .sendpage = sock_no_sendpage,
591 static struct proto unix_proto = {
593 .owner = THIS_MODULE,
594 .obj_size = sizeof(struct unix_sock),
598 * AF_UNIX sockets do not interact with hardware, hence they
599 * dont trigger interrupts - so it's safe for them to have
600 * bh-unsafe locking for their sk_receive_queue.lock. Split off
601 * this special lock-class by reinitializing the spinlock key:
603 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
605 static struct sock *unix_create1(struct net *net, struct socket *sock)
607 struct sock *sk = NULL;
610 atomic_long_inc(&unix_nr_socks);
611 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
614 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
618 sock_init_data(sock, sk);
619 lockdep_set_class(&sk->sk_receive_queue.lock,
620 &af_unix_sk_receive_queue_lock_key);
622 sk->sk_write_space = unix_write_space;
623 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
624 sk->sk_destruct = unix_sock_destructor;
628 spin_lock_init(&u->lock);
629 atomic_long_set(&u->inflight, 0);
630 INIT_LIST_HEAD(&u->link);
631 mutex_init(&u->readlock); /* single task reading lock */
632 init_waitqueue_head(&u->peer_wait);
633 unix_insert_socket(unix_sockets_unbound, sk);
636 atomic_long_dec(&unix_nr_socks);
639 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
645 static int unix_create(struct net *net, struct socket *sock, int protocol,
648 if (protocol && protocol != PF_UNIX)
649 return -EPROTONOSUPPORT;
651 sock->state = SS_UNCONNECTED;
653 switch (sock->type) {
655 sock->ops = &unix_stream_ops;
658 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
662 sock->type = SOCK_DGRAM;
664 sock->ops = &unix_dgram_ops;
667 sock->ops = &unix_seqpacket_ops;
670 return -ESOCKTNOSUPPORT;
673 return unix_create1(net, sock) ? 0 : -ENOMEM;
676 static int unix_release(struct socket *sock)
678 struct sock *sk = sock->sk;
683 unix_release_sock(sk, 0);
689 static int unix_autobind(struct socket *sock)
691 struct sock *sk = sock->sk;
692 struct net *net = sock_net(sk);
693 struct unix_sock *u = unix_sk(sk);
694 static u32 ordernum = 1;
695 struct unix_address *addr;
697 unsigned int retries = 0;
699 mutex_lock(&u->readlock);
706 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
710 addr->name->sun_family = AF_UNIX;
711 atomic_set(&addr->refcnt, 1);
714 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
715 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
717 spin_lock(&unix_table_lock);
718 ordernum = (ordernum+1)&0xFFFFF;
720 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
722 spin_unlock(&unix_table_lock);
724 * __unix_find_socket_byname() may take long time if many names
725 * are already in use.
728 /* Give up if all names seems to be in use. */
729 if (retries++ == 0xFFFFF) {
736 addr->hash ^= sk->sk_type;
738 __unix_remove_socket(sk);
740 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
741 spin_unlock(&unix_table_lock);
744 out: mutex_unlock(&u->readlock);
748 static struct sock *unix_find_other(struct net *net,
749 struct sockaddr_un *sunname, int len,
750 int type, unsigned hash, int *error)
756 if (sunname->sun_path[0]) {
758 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
761 inode = path.dentry->d_inode;
762 err = inode_permission(inode, MAY_WRITE);
767 if (!S_ISSOCK(inode->i_mode))
769 u = unix_find_socket_byinode(inode);
773 if (u->sk_type == type)
774 touch_atime(path.mnt, path.dentry);
779 if (u->sk_type != type) {
785 u = unix_find_socket_byname(net, sunname, len, type, hash);
787 struct dentry *dentry;
788 dentry = unix_sk(u)->dentry;
790 touch_atime(unix_sk(u)->mnt, dentry);
804 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
806 struct sock *sk = sock->sk;
807 struct net *net = sock_net(sk);
808 struct unix_sock *u = unix_sk(sk);
809 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
810 char *sun_path = sunaddr->sun_path;
811 struct dentry *dentry = NULL;
815 struct unix_address *addr;
816 struct hlist_head *list;
819 if (sunaddr->sun_family != AF_UNIX)
822 if (addr_len == sizeof(short)) {
823 err = unix_autobind(sock);
827 err = unix_mkname(sunaddr, addr_len, &hash);
832 mutex_lock(&u->readlock);
839 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
843 memcpy(addr->name, sunaddr, addr_len);
844 addr->len = addr_len;
845 addr->hash = hash ^ sk->sk_type;
846 atomic_set(&addr->refcnt, 1);
852 * Get the parent directory, calculate the hash for last
855 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
856 err = PTR_ERR(dentry);
858 goto out_mknod_parent;
861 * All right, let's create it.
864 (SOCK_INODE(sock)->i_mode & ~current_umask());
865 err = mnt_want_write(path.mnt);
868 err = security_path_mknod(&path, dentry, mode, 0);
870 goto out_mknod_drop_write;
871 err = vfs_mknod(path.dentry->d_inode, dentry, mode, 0);
872 out_mknod_drop_write:
873 mnt_drop_write(path.mnt);
876 mutex_unlock(&path.dentry->d_inode->i_mutex);
878 path.dentry = dentry;
880 addr->hash = UNIX_HASH_SIZE;
883 spin_lock(&unix_table_lock);
887 if (__unix_find_socket_byname(net, sunaddr, addr_len,
888 sk->sk_type, hash)) {
889 unix_release_addr(addr);
893 list = &unix_socket_table[addr->hash];
895 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
896 u->dentry = path.dentry;
901 __unix_remove_socket(sk);
903 __unix_insert_socket(list, sk);
906 spin_unlock(&unix_table_lock);
908 mutex_unlock(&u->readlock);
914 mutex_unlock(&path.dentry->d_inode->i_mutex);
919 unix_release_addr(addr);
923 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
925 if (unlikely(sk1 == sk2) || !sk2) {
926 unix_state_lock(sk1);
930 unix_state_lock(sk1);
931 unix_state_lock_nested(sk2);
933 unix_state_lock(sk2);
934 unix_state_lock_nested(sk1);
938 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
940 if (unlikely(sk1 == sk2) || !sk2) {
941 unix_state_unlock(sk1);
944 unix_state_unlock(sk1);
945 unix_state_unlock(sk2);
948 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
951 struct sock *sk = sock->sk;
952 struct net *net = sock_net(sk);
953 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
958 if (addr->sa_family != AF_UNSPEC) {
959 err = unix_mkname(sunaddr, alen, &hash);
964 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
965 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
969 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
973 unix_state_double_lock(sk, other);
975 /* Apparently VFS overslept socket death. Retry. */
976 if (sock_flag(other, SOCK_DEAD)) {
977 unix_state_double_unlock(sk, other);
983 if (!unix_may_send(sk, other))
986 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
992 * 1003.1g breaking connected state with AF_UNSPEC
995 unix_state_double_lock(sk, other);
999 * If it was connected, reconnect.
1001 if (unix_peer(sk)) {
1002 struct sock *old_peer = unix_peer(sk);
1003 unix_peer(sk) = other;
1004 unix_state_double_unlock(sk, other);
1006 if (other != old_peer)
1007 unix_dgram_disconnected(sk, old_peer);
1010 unix_peer(sk) = other;
1011 unix_state_double_unlock(sk, other);
1016 unix_state_double_unlock(sk, other);
1022 static long unix_wait_for_peer(struct sock *other, long timeo)
1024 struct unix_sock *u = unix_sk(other);
1028 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1030 sched = !sock_flag(other, SOCK_DEAD) &&
1031 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1032 unix_recvq_full(other);
1034 unix_state_unlock(other);
1037 timeo = schedule_timeout(timeo);
1039 finish_wait(&u->peer_wait, &wait);
1043 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1044 int addr_len, int flags)
1046 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1047 struct sock *sk = sock->sk;
1048 struct net *net = sock_net(sk);
1049 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1050 struct sock *newsk = NULL;
1051 struct sock *other = NULL;
1052 struct sk_buff *skb = NULL;
1058 err = unix_mkname(sunaddr, addr_len, &hash);
1063 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1064 (err = unix_autobind(sock)) != 0)
1067 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1069 /* First of all allocate resources.
1070 If we will make it after state is locked,
1071 we will have to recheck all again in any case.
1076 /* create new sock for complete connection */
1077 newsk = unix_create1(sock_net(sk), NULL);
1081 /* Allocate skb for sending to listening sock */
1082 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1087 /* Find listening sock. */
1088 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1092 /* Latch state of peer */
1093 unix_state_lock(other);
1095 /* Apparently VFS overslept socket death. Retry. */
1096 if (sock_flag(other, SOCK_DEAD)) {
1097 unix_state_unlock(other);
1102 err = -ECONNREFUSED;
1103 if (other->sk_state != TCP_LISTEN)
1105 if (other->sk_shutdown & RCV_SHUTDOWN)
1108 if (unix_recvq_full(other)) {
1113 timeo = unix_wait_for_peer(other, timeo);
1115 err = sock_intr_errno(timeo);
1116 if (signal_pending(current))
1124 It is tricky place. We need to grab our state lock and cannot
1125 drop lock on peer. It is dangerous because deadlock is
1126 possible. Connect to self case and simultaneous
1127 attempt to connect are eliminated by checking socket
1128 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1129 check this before attempt to grab lock.
1131 Well, and we have to recheck the state after socket locked.
1137 /* This is ok... continue with connect */
1139 case TCP_ESTABLISHED:
1140 /* Socket is already connected */
1148 unix_state_lock_nested(sk);
1150 if (sk->sk_state != st) {
1151 unix_state_unlock(sk);
1152 unix_state_unlock(other);
1157 err = security_unix_stream_connect(sk, other, newsk);
1159 unix_state_unlock(sk);
1163 /* The way is open! Fastly set all the necessary fields... */
1166 unix_peer(newsk) = sk;
1167 newsk->sk_state = TCP_ESTABLISHED;
1168 newsk->sk_type = sk->sk_type;
1169 init_peercred(newsk);
1170 newu = unix_sk(newsk);
1171 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1172 otheru = unix_sk(other);
1174 /* copy address information from listening to new sock*/
1176 atomic_inc(&otheru->addr->refcnt);
1177 newu->addr = otheru->addr;
1179 if (otheru->dentry) {
1180 newu->dentry = dget(otheru->dentry);
1181 newu->mnt = mntget(otheru->mnt);
1184 /* Set credentials */
1185 copy_peercred(sk, other);
1187 sock->state = SS_CONNECTED;
1188 sk->sk_state = TCP_ESTABLISHED;
1191 smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1192 unix_peer(sk) = newsk;
1194 unix_state_unlock(sk);
1196 /* take ten and and send info to listening sock */
1197 spin_lock(&other->sk_receive_queue.lock);
1198 __skb_queue_tail(&other->sk_receive_queue, skb);
1199 spin_unlock(&other->sk_receive_queue.lock);
1200 unix_state_unlock(other);
1201 other->sk_data_ready(other, 0);
1207 unix_state_unlock(other);
1212 unix_release_sock(newsk, 0);
1218 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1220 struct sock *ska = socka->sk, *skb = sockb->sk;
1222 /* Join our sockets back to back */
1225 unix_peer(ska) = skb;
1226 unix_peer(skb) = ska;
1230 if (ska->sk_type != SOCK_DGRAM) {
1231 ska->sk_state = TCP_ESTABLISHED;
1232 skb->sk_state = TCP_ESTABLISHED;
1233 socka->state = SS_CONNECTED;
1234 sockb->state = SS_CONNECTED;
1239 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1241 struct sock *sk = sock->sk;
1243 struct sk_buff *skb;
1247 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1251 if (sk->sk_state != TCP_LISTEN)
1254 /* If socket state is TCP_LISTEN it cannot change (for now...),
1255 * so that no locks are necessary.
1258 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1260 /* This means receive shutdown. */
1267 skb_free_datagram(sk, skb);
1268 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1270 /* attach accepted sock to socket */
1271 unix_state_lock(tsk);
1272 newsock->state = SS_CONNECTED;
1273 sock_graft(tsk, newsock);
1274 unix_state_unlock(tsk);
1282 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1284 struct sock *sk = sock->sk;
1285 struct unix_sock *u;
1286 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1290 sk = unix_peer_get(sk);
1301 unix_state_lock(sk);
1303 sunaddr->sun_family = AF_UNIX;
1304 sunaddr->sun_path[0] = 0;
1305 *uaddr_len = sizeof(short);
1307 struct unix_address *addr = u->addr;
1309 *uaddr_len = addr->len;
1310 memcpy(sunaddr, addr->name, *uaddr_len);
1312 unix_state_unlock(sk);
1318 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1322 scm->fp = UNIXCB(skb).fp;
1323 UNIXCB(skb).fp = NULL;
1325 for (i = scm->fp->count-1; i >= 0; i--)
1326 unix_notinflight(scm->fp->fp[i]);
1329 static void unix_destruct_scm(struct sk_buff *skb)
1331 struct scm_cookie scm;
1332 memset(&scm, 0, sizeof(scm));
1333 scm.pid = UNIXCB(skb).pid;
1334 scm.cred = UNIXCB(skb).cred;
1336 unix_detach_fds(&scm, skb);
1338 /* Alas, it calls VFS */
1339 /* So fscking what? fput() had been SMP-safe since the last Summer */
1344 #define MAX_RECURSION_LEVEL 4
1346 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1349 unsigned char max_level = 0;
1350 int unix_sock_count = 0;
1352 for (i = scm->fp->count - 1; i >= 0; i--) {
1353 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1357 max_level = max(max_level,
1358 unix_sk(sk)->recursion_level);
1361 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1362 return -ETOOMANYREFS;
1365 * Need to duplicate file references for the sake of garbage
1366 * collection. Otherwise a socket in the fps might become a
1367 * candidate for GC while the skb is not yet queued.
1369 UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1370 if (!UNIXCB(skb).fp)
1373 if (unix_sock_count) {
1374 for (i = scm->fp->count - 1; i >= 0; i--)
1375 unix_inflight(scm->fp->fp[i]);
1380 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1384 UNIXCB(skb).pid = get_pid(scm->pid);
1386 UNIXCB(skb).cred = get_cred(scm->cred);
1387 UNIXCB(skb).fp = NULL;
1388 if (scm->fp && send_fds)
1389 err = unix_attach_fds(scm, skb);
1391 skb->destructor = unix_destruct_scm;
1396 * Some apps rely on write() giving SCM_CREDENTIALS
1397 * We include credentials if source or destination socket
1398 * asserted SOCK_PASSCRED.
1400 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1401 const struct sock *other)
1403 if (UNIXCB(skb).cred)
1405 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1406 !other->sk_socket ||
1407 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1408 UNIXCB(skb).pid = get_pid(task_tgid(current));
1409 UNIXCB(skb).cred = get_current_cred();
1414 * Send AF_UNIX data.
1417 static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1418 struct msghdr *msg, size_t len)
1420 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1421 struct sock *sk = sock->sk;
1422 struct net *net = sock_net(sk);
1423 struct unix_sock *u = unix_sk(sk);
1424 struct sockaddr_un *sunaddr = msg->msg_name;
1425 struct sock *other = NULL;
1426 int namelen = 0; /* fake GCC */
1429 struct sk_buff *skb;
1431 struct scm_cookie tmp_scm;
1434 if (NULL == siocb->scm)
1435 siocb->scm = &tmp_scm;
1437 err = scm_send(sock, msg, siocb->scm, false);
1442 if (msg->msg_flags&MSG_OOB)
1445 if (msg->msg_namelen) {
1446 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1453 other = unix_peer_get(sk);
1458 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1459 && (err = unix_autobind(sock)) != 0)
1463 if (len > sk->sk_sndbuf - 32)
1466 skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
1470 err = unix_scm_to_skb(siocb->scm, skb, true);
1473 max_level = err + 1;
1474 unix_get_secdata(siocb->scm, skb);
1476 skb_reset_transport_header(skb);
1477 err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
1481 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1486 if (sunaddr == NULL)
1489 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1495 if (sk_filter(other, skb) < 0) {
1496 /* Toss the packet but do not return any error to the sender */
1501 unix_state_lock(other);
1503 if (!unix_may_send(sk, other))
1506 if (sock_flag(other, SOCK_DEAD)) {
1508 * Check with 1003.1g - what should
1511 unix_state_unlock(other);
1515 unix_state_lock(sk);
1516 if (unix_peer(sk) == other) {
1517 unix_peer(sk) = NULL;
1518 unix_state_unlock(sk);
1520 unix_dgram_disconnected(sk, other);
1522 err = -ECONNREFUSED;
1524 unix_state_unlock(sk);
1534 if (other->sk_shutdown & RCV_SHUTDOWN)
1537 if (sk->sk_type != SOCK_SEQPACKET) {
1538 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1543 if (unix_peer(other) != sk && unix_recvq_full(other)) {
1549 timeo = unix_wait_for_peer(other, timeo);
1551 err = sock_intr_errno(timeo);
1552 if (signal_pending(current))
1558 if (sock_flag(other, SOCK_RCVTSTAMP))
1559 __net_timestamp(skb);
1560 maybe_add_creds(skb, sock, other);
1561 skb_queue_tail(&other->sk_receive_queue, skb);
1562 if (max_level > unix_sk(other)->recursion_level)
1563 unix_sk(other)->recursion_level = max_level;
1564 unix_state_unlock(other);
1565 other->sk_data_ready(other, len);
1567 scm_destroy(siocb->scm);
1571 unix_state_unlock(other);
1577 scm_destroy(siocb->scm);
1582 static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1583 struct msghdr *msg, size_t len)
1585 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1586 struct sock *sk = sock->sk;
1587 struct sock *other = NULL;
1589 struct sk_buff *skb;
1591 struct scm_cookie tmp_scm;
1592 bool fds_sent = false;
1595 if (NULL == siocb->scm)
1596 siocb->scm = &tmp_scm;
1598 err = scm_send(sock, msg, siocb->scm, false);
1603 if (msg->msg_flags&MSG_OOB)
1606 if (msg->msg_namelen) {
1607 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1611 other = unix_peer(sk);
1616 if (sk->sk_shutdown & SEND_SHUTDOWN)
1619 while (sent < len) {
1621 * Optimisation for the fact that under 0.01% of X
1622 * messages typically need breaking up.
1627 /* Keep two messages in the pipe so it schedules better */
1628 if (size > ((sk->sk_sndbuf >> 1) - 64))
1629 size = (sk->sk_sndbuf >> 1) - 64;
1631 if (size > SKB_MAX_ALLOC)
1632 size = SKB_MAX_ALLOC;
1638 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1645 * If you pass two values to the sock_alloc_send_skb
1646 * it tries to grab the large buffer with GFP_NOFS
1647 * (which can fail easily), and if it fails grab the
1648 * fallback size buffer which is under a page and will
1651 size = min_t(int, size, skb_tailroom(skb));
1654 /* Only send the fds in the first buffer */
1655 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1660 max_level = err + 1;
1663 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1669 unix_state_lock(other);
1671 if (sock_flag(other, SOCK_DEAD) ||
1672 (other->sk_shutdown & RCV_SHUTDOWN))
1675 maybe_add_creds(skb, sock, other);
1676 skb_queue_tail(&other->sk_receive_queue, skb);
1677 if (max_level > unix_sk(other)->recursion_level)
1678 unix_sk(other)->recursion_level = max_level;
1679 unix_state_unlock(other);
1680 other->sk_data_ready(other, size);
1684 scm_destroy(siocb->scm);
1690 unix_state_unlock(other);
1693 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1694 send_sig(SIGPIPE, current, 0);
1697 scm_destroy(siocb->scm);
1699 return sent ? : err;
1702 static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1703 struct msghdr *msg, size_t len)
1706 struct sock *sk = sock->sk;
1708 err = sock_error(sk);
1712 if (sk->sk_state != TCP_ESTABLISHED)
1715 if (msg->msg_namelen)
1716 msg->msg_namelen = 0;
1718 return unix_dgram_sendmsg(kiocb, sock, msg, len);
1721 static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1722 struct msghdr *msg, size_t size,
1725 struct sock *sk = sock->sk;
1727 if (sk->sk_state != TCP_ESTABLISHED)
1730 return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1733 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1735 struct unix_sock *u = unix_sk(sk);
1737 msg->msg_namelen = 0;
1739 msg->msg_namelen = u->addr->len;
1740 memcpy(msg->msg_name, u->addr->name, u->addr->len);
1744 static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1745 struct msghdr *msg, size_t size,
1748 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1749 struct scm_cookie tmp_scm;
1750 struct sock *sk = sock->sk;
1751 struct unix_sock *u = unix_sk(sk);
1752 int noblock = flags & MSG_DONTWAIT;
1753 struct sk_buff *skb;
1760 msg->msg_namelen = 0;
1762 err = mutex_lock_interruptible(&u->readlock);
1764 err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1768 skb = skb_recv_datagram(sk, flags, noblock, &err);
1770 unix_state_lock(sk);
1771 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1772 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1773 (sk->sk_shutdown & RCV_SHUTDOWN))
1775 unix_state_unlock(sk);
1779 wake_up_interruptible_sync_poll(&u->peer_wait,
1780 POLLOUT | POLLWRNORM | POLLWRBAND);
1783 unix_copy_addr(msg, skb->sk);
1785 if (size > skb->len)
1787 else if (size < skb->len)
1788 msg->msg_flags |= MSG_TRUNC;
1790 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1794 if (sock_flag(sk, SOCK_RCVTSTAMP))
1795 __sock_recv_timestamp(msg, sk, skb);
1798 siocb->scm = &tmp_scm;
1799 memset(&tmp_scm, 0, sizeof(tmp_scm));
1801 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1802 unix_set_secdata(siocb->scm, skb);
1804 if (!(flags & MSG_PEEK)) {
1806 unix_detach_fds(siocb->scm, skb);
1808 /* It is questionable: on PEEK we could:
1809 - do not return fds - good, but too simple 8)
1810 - return fds, and do not return them on read (old strategy,
1812 - clone fds (I chose it for now, it is the most universal
1815 POSIX 1003.1g does not actually define this clearly
1816 at all. POSIX 1003.1g doesn't define a lot of things
1821 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1825 scm_recv(sock, msg, siocb->scm, flags);
1828 skb_free_datagram(sk, skb);
1830 mutex_unlock(&u->readlock);
1836 * Sleep until data has arrive. But check for races..
1839 static long unix_stream_data_wait(struct sock *sk, long timeo)
1843 unix_state_lock(sk);
1846 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1848 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1850 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1851 signal_pending(current) ||
1855 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1856 unix_state_unlock(sk);
1857 timeo = schedule_timeout(timeo);
1858 unix_state_lock(sk);
1859 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1862 finish_wait(sk_sleep(sk), &wait);
1863 unix_state_unlock(sk);
1869 static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1870 struct msghdr *msg, size_t size,
1873 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1874 struct scm_cookie tmp_scm;
1875 struct sock *sk = sock->sk;
1876 struct unix_sock *u = unix_sk(sk);
1877 struct sockaddr_un *sunaddr = msg->msg_name;
1879 int check_creds = 0;
1885 if (sk->sk_state != TCP_ESTABLISHED)
1892 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1893 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1895 msg->msg_namelen = 0;
1897 /* Lock the socket to prevent queue disordering
1898 * while sleeps in memcpy_tomsg
1902 siocb->scm = &tmp_scm;
1903 memset(&tmp_scm, 0, sizeof(tmp_scm));
1906 err = mutex_lock_interruptible(&u->readlock);
1908 err = sock_intr_errno(timeo);
1914 struct sk_buff *skb;
1916 unix_state_lock(sk);
1917 skb = skb_peek(&sk->sk_receive_queue);
1919 unix_sk(sk)->recursion_level = 0;
1920 if (copied >= target)
1924 * POSIX 1003.1g mandates this order.
1927 err = sock_error(sk);
1930 if (sk->sk_shutdown & RCV_SHUTDOWN)
1933 unix_state_unlock(sk);
1937 mutex_unlock(&u->readlock);
1939 timeo = unix_stream_data_wait(sk, timeo);
1941 if (signal_pending(current)
1942 || mutex_lock_interruptible(&u->readlock)) {
1943 err = sock_intr_errno(timeo);
1949 unix_state_unlock(sk);
1952 unix_state_unlock(sk);
1955 /* Never glue messages from different writers */
1956 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1957 (UNIXCB(skb).cred != siocb->scm->cred))
1959 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
1960 /* Copy credentials */
1961 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1965 /* Copy address just once */
1967 unix_copy_addr(msg, skb->sk);
1971 chunk = min_t(unsigned int, skb->len, size);
1972 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1980 /* Mark read part of skb as used */
1981 if (!(flags & MSG_PEEK)) {
1982 skb_pull(skb, chunk);
1985 unix_detach_fds(siocb->scm, skb);
1990 skb_unlink(skb, &sk->sk_receive_queue);
1996 /* It is questionable, see note in unix_dgram_recvmsg.
1999 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
2005 mutex_unlock(&u->readlock);
2006 scm_recv(sock, msg, siocb->scm, flags);
2008 return copied ? : err;
2011 static int unix_shutdown(struct socket *sock, int mode)
2013 struct sock *sk = sock->sk;
2016 mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
2021 unix_state_lock(sk);
2022 sk->sk_shutdown |= mode;
2023 other = unix_peer(sk);
2026 unix_state_unlock(sk);
2027 sk->sk_state_change(sk);
2030 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2034 if (mode&RCV_SHUTDOWN)
2035 peer_mode |= SEND_SHUTDOWN;
2036 if (mode&SEND_SHUTDOWN)
2037 peer_mode |= RCV_SHUTDOWN;
2038 unix_state_lock(other);
2039 other->sk_shutdown |= peer_mode;
2040 unix_state_unlock(other);
2041 other->sk_state_change(other);
2042 if (peer_mode == SHUTDOWN_MASK)
2043 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2044 else if (peer_mode & RCV_SHUTDOWN)
2045 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2053 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2055 struct sock *sk = sock->sk;
2061 amount = sk_wmem_alloc_get(sk);
2062 err = put_user(amount, (int __user *)arg);
2066 struct sk_buff *skb;
2068 if (sk->sk_state == TCP_LISTEN) {
2073 spin_lock(&sk->sk_receive_queue.lock);
2074 if (sk->sk_type == SOCK_STREAM ||
2075 sk->sk_type == SOCK_SEQPACKET) {
2076 skb_queue_walk(&sk->sk_receive_queue, skb)
2079 skb = skb_peek(&sk->sk_receive_queue);
2083 spin_unlock(&sk->sk_receive_queue.lock);
2084 err = put_user(amount, (int __user *)arg);
2095 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2097 struct sock *sk = sock->sk;
2100 sock_poll_wait(file, sk_sleep(sk), wait);
2103 /* exceptional events? */
2106 if (sk->sk_shutdown == SHUTDOWN_MASK)
2108 if (sk->sk_shutdown & RCV_SHUTDOWN)
2109 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2112 if (!skb_queue_empty(&sk->sk_receive_queue))
2113 mask |= POLLIN | POLLRDNORM;
2115 /* Connection-based need to check for termination and startup */
2116 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2117 sk->sk_state == TCP_CLOSE)
2121 * we set writable also when the other side has shut down the
2122 * connection. This prevents stuck sockets.
2124 if (unix_writable(sk))
2125 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2130 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2133 struct sock *sk = sock->sk, *other;
2134 unsigned int mask, writable;
2136 sock_poll_wait(file, sk_sleep(sk), wait);
2139 /* exceptional events? */
2140 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2142 if (sk->sk_shutdown & RCV_SHUTDOWN)
2143 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2144 if (sk->sk_shutdown == SHUTDOWN_MASK)
2148 if (!skb_queue_empty(&sk->sk_receive_queue))
2149 mask |= POLLIN | POLLRDNORM;
2151 /* Connection-based need to check for termination and startup */
2152 if (sk->sk_type == SOCK_SEQPACKET) {
2153 if (sk->sk_state == TCP_CLOSE)
2155 /* connection hasn't started yet? */
2156 if (sk->sk_state == TCP_SYN_SENT)
2160 /* No write status requested, avoid expensive OUT tests. */
2161 if (wait && !(wait->key & (POLLWRBAND | POLLWRNORM | POLLOUT)))
2164 writable = unix_writable(sk);
2165 other = unix_peer_get(sk);
2167 if (unix_peer(other) != sk) {
2168 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2169 if (unix_recvq_full(other))
2176 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2178 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2183 #ifdef CONFIG_PROC_FS
2184 static struct sock *first_unix_socket(int *i)
2186 for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
2187 if (!hlist_empty(&unix_socket_table[*i]))
2188 return __sk_head(&unix_socket_table[*i]);
2193 static struct sock *next_unix_socket(int *i, struct sock *s)
2195 struct sock *next = sk_next(s);
2196 /* More in this chain? */
2199 /* Look for next non-empty chain. */
2200 for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
2201 if (!hlist_empty(&unix_socket_table[*i]))
2202 return __sk_head(&unix_socket_table[*i]);
2207 struct unix_iter_state {
2208 struct seq_net_private p;
2212 static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos)
2214 struct unix_iter_state *iter = seq->private;
2218 for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
2219 if (sock_net(s) != seq_file_net(seq))
2228 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2229 __acquires(unix_table_lock)
2231 spin_lock(&unix_table_lock);
2232 return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2235 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2237 struct unix_iter_state *iter = seq->private;
2238 struct sock *sk = v;
2241 if (v == SEQ_START_TOKEN)
2242 sk = first_unix_socket(&iter->i);
2244 sk = next_unix_socket(&iter->i, sk);
2245 while (sk && (sock_net(sk) != seq_file_net(seq)))
2246 sk = next_unix_socket(&iter->i, sk);
2250 static void unix_seq_stop(struct seq_file *seq, void *v)
2251 __releases(unix_table_lock)
2253 spin_unlock(&unix_table_lock);
2256 static int unix_seq_show(struct seq_file *seq, void *v)
2259 if (v == SEQ_START_TOKEN)
2260 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2264 struct unix_sock *u = unix_sk(s);
2267 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2269 atomic_read(&s->sk_refcnt),
2271 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2274 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2275 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2283 len = u->addr->len - sizeof(short);
2284 if (!UNIX_ABSTRACT(s))
2290 for ( ; i < len; i++)
2291 seq_putc(seq, u->addr->name->sun_path[i]);
2293 unix_state_unlock(s);
2294 seq_putc(seq, '\n');
2300 static const struct seq_operations unix_seq_ops = {
2301 .start = unix_seq_start,
2302 .next = unix_seq_next,
2303 .stop = unix_seq_stop,
2304 .show = unix_seq_show,
2307 static int unix_seq_open(struct inode *inode, struct file *file)
2309 return seq_open_net(inode, file, &unix_seq_ops,
2310 sizeof(struct unix_iter_state));
2313 static const struct file_operations unix_seq_fops = {
2314 .owner = THIS_MODULE,
2315 .open = unix_seq_open,
2317 .llseek = seq_lseek,
2318 .release = seq_release_net,
2323 static const struct net_proto_family unix_family_ops = {
2325 .create = unix_create,
2326 .owner = THIS_MODULE,
2330 static int __net_init unix_net_init(struct net *net)
2332 int error = -ENOMEM;
2334 net->unx.sysctl_max_dgram_qlen = 10;
2335 if (unix_sysctl_register(net))
2338 #ifdef CONFIG_PROC_FS
2339 if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2340 unix_sysctl_unregister(net);
2349 static void __net_exit unix_net_exit(struct net *net)
2351 unix_sysctl_unregister(net);
2352 proc_net_remove(net, "unix");
2355 static struct pernet_operations unix_net_ops = {
2356 .init = unix_net_init,
2357 .exit = unix_net_exit,
2360 static int __init af_unix_init(void)
2363 struct sk_buff *dummy_skb;
2365 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2367 rc = proto_register(&unix_proto, 1);
2369 printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2374 sock_register(&unix_family_ops);
2375 register_pernet_subsys(&unix_net_ops);
2380 static void __exit af_unix_exit(void)
2382 sock_unregister(PF_UNIX);
2383 proto_unregister(&unix_proto);
2384 unregister_pernet_subsys(&unix_net_ops);
2387 /* Earlier than device_initcall() so that other drivers invoking
2388 request_module() don't end up in a loop when modprobe tries
2389 to use a UNIX socket. But later than subsys_initcall() because
2390 we depend on stuff initialised there */
2391 fs_initcall(af_unix_init);
2392 module_exit(af_unix_exit);
2394 MODULE_LICENSE("GPL");
2395 MODULE_ALIAS_NETPROTO(PF_UNIX);