2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #include <linux/module.h>
84 #include <linux/kernel.h>
85 #include <linux/signal.h>
86 #include <linux/sched.h>
87 #include <linux/errno.h>
88 #include <linux/string.h>
89 #include <linux/stat.h>
90 #include <linux/dcache.h>
91 #include <linux/namei.h>
92 #include <linux/socket.h>
94 #include <linux/fcntl.h>
95 #include <linux/termios.h>
96 #include <linux/sockios.h>
97 #include <linux/net.h>
100 #include <linux/slab.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <net/net_namespace.h>
105 #include <net/sock.h>
106 #include <net/tcp_states.h>
107 #include <net/af_unix.h>
108 #include <linux/proc_fs.h>
109 #include <linux/seq_file.h>
111 #include <linux/init.h>
112 #include <linux/poll.h>
113 #include <linux/rtnetlink.h>
114 #include <linux/mount.h>
115 #include <net/checksum.h>
116 #include <linux/security.h>
118 static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119 static DEFINE_SPINLOCK(unix_table_lock);
120 static atomic_long_t unix_nr_socks;
122 #define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
124 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
126 #ifdef CONFIG_SECURITY_NETWORK
127 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
129 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
132 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
134 scm->secid = *UNIXSID(skb);
137 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
140 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
142 #endif /* CONFIG_SECURITY_NETWORK */
145 * SMP locking strategy:
146 * hash table is protected with spinlock unix_table_lock
147 * each socket state is protected by separate spin lock.
150 static inline unsigned unix_hash_fold(__wsum n)
152 unsigned hash = (__force unsigned)n;
155 return hash&(UNIX_HASH_SIZE-1);
158 #define unix_peer(sk) (unix_sk(sk)->peer)
160 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
162 return unix_peer(osk) == sk;
165 static inline int unix_may_send(struct sock *sk, struct sock *osk)
167 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
170 static inline int unix_recvq_full(struct sock const *sk)
172 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
175 static struct sock *unix_peer_get(struct sock *s)
183 unix_state_unlock(s);
187 static inline void unix_release_addr(struct unix_address *addr)
189 if (atomic_dec_and_test(&addr->refcnt))
194 * Check unix socket name:
195 * - should be not zero length.
196 * - if started by not zero, should be NULL terminated (FS object)
197 * - if started by zero, it is abstract name.
200 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
202 if (len <= sizeof(short) || len > sizeof(*sunaddr))
204 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
206 if (sunaddr->sun_path[0]) {
208 * This may look like an off by one error but it is a bit more
209 * subtle. 108 is the longest valid AF_UNIX path for a binding.
210 * sun_path[108] doesn't as such exist. However in kernel space
211 * we are guaranteed that it is a valid memory location in our
212 * kernel address buffer.
214 ((char *)sunaddr)[len] = 0;
215 len = strlen(sunaddr->sun_path)+1+sizeof(short);
219 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
223 static void __unix_remove_socket(struct sock *sk)
225 sk_del_node_init(sk);
228 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
230 WARN_ON(!sk_unhashed(sk));
231 sk_add_node(sk, list);
234 static inline void unix_remove_socket(struct sock *sk)
236 spin_lock(&unix_table_lock);
237 __unix_remove_socket(sk);
238 spin_unlock(&unix_table_lock);
241 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
243 spin_lock(&unix_table_lock);
244 __unix_insert_socket(list, sk);
245 spin_unlock(&unix_table_lock);
248 static struct sock *__unix_find_socket_byname(struct net *net,
249 struct sockaddr_un *sunname,
250 int len, int type, unsigned hash)
253 struct hlist_node *node;
255 sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
256 struct unix_sock *u = unix_sk(s);
258 if (!net_eq(sock_net(s), net))
261 if (u->addr->len == len &&
262 !memcmp(u->addr->name, sunname, len))
270 static inline struct sock *unix_find_socket_byname(struct net *net,
271 struct sockaddr_un *sunname,
277 spin_lock(&unix_table_lock);
278 s = __unix_find_socket_byname(net, sunname, len, type, hash);
281 spin_unlock(&unix_table_lock);
285 static struct sock *unix_find_socket_byinode(struct inode *i)
288 struct hlist_node *node;
290 spin_lock(&unix_table_lock);
292 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
293 struct dentry *dentry = unix_sk(s)->dentry;
295 if (dentry && dentry->d_inode == i) {
302 spin_unlock(&unix_table_lock);
306 static inline int unix_writable(struct sock *sk)
308 return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
311 static void unix_write_space(struct sock *sk)
313 struct socket_wq *wq;
316 if (unix_writable(sk)) {
317 wq = rcu_dereference(sk->sk_wq);
318 if (wq_has_sleeper(wq))
319 wake_up_interruptible_sync_poll(&wq->wait,
320 POLLOUT | POLLWRNORM | POLLWRBAND);
321 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
326 /* When dgram socket disconnects (or changes its peer), we clear its receive
327 * queue of packets arrived from previous peer. First, it allows to do
328 * flow control based only on wmem_alloc; second, sk connected to peer
329 * may receive messages only from that peer. */
330 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
332 if (!skb_queue_empty(&sk->sk_receive_queue)) {
333 skb_queue_purge(&sk->sk_receive_queue);
334 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
336 /* If one link of bidirectional dgram pipe is disconnected,
337 * we signal error. Messages are lost. Do not make this,
338 * when peer was not connected to us.
340 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
341 other->sk_err = ECONNRESET;
342 other->sk_error_report(other);
347 static void unix_sock_destructor(struct sock *sk)
349 struct unix_sock *u = unix_sk(sk);
351 skb_queue_purge(&sk->sk_receive_queue);
353 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
354 WARN_ON(!sk_unhashed(sk));
355 WARN_ON(sk->sk_socket);
356 if (!sock_flag(sk, SOCK_DEAD)) {
357 printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
362 unix_release_addr(u->addr);
364 atomic_long_dec(&unix_nr_socks);
366 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
368 #ifdef UNIX_REFCNT_DEBUG
369 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
370 atomic_long_read(&unix_nr_socks));
374 static void unix_release_sock(struct sock *sk, int embrion)
376 struct unix_sock *u = unix_sk(sk);
377 struct dentry *dentry;
378 struct vfsmount *mnt;
383 unix_remove_socket(sk);
388 sk->sk_shutdown = SHUTDOWN_MASK;
393 state = sk->sk_state;
394 sk->sk_state = TCP_CLOSE;
395 unix_state_unlock(sk);
397 wake_up_interruptible_all(&u->peer_wait);
399 skpair = unix_peer(sk);
401 if (skpair != NULL) {
402 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
403 unix_state_lock(skpair);
405 skpair->sk_shutdown = SHUTDOWN_MASK;
406 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
407 skpair->sk_err = ECONNRESET;
408 unix_state_unlock(skpair);
409 skpair->sk_state_change(skpair);
410 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
412 sock_put(skpair); /* It may now die */
413 unix_peer(sk) = NULL;
416 /* Try to flush out this socket. Throw out buffers at least */
418 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
419 if (state == TCP_LISTEN)
420 unix_release_sock(skb->sk, 1);
421 /* passed fds are erased in the kfree_skb hook */
432 /* ---- Socket is dead now and most probably destroyed ---- */
435 * Fixme: BSD difference: In BSD all sockets connected to use get
436 * ECONNRESET and we die on the spot. In Linux we behave
437 * like files and pipes do and wait for the last
440 * Can't we simply set sock->err?
442 * What the above comment does talk about? --ANK(980817)
445 if (unix_tot_inflight)
446 unix_gc(); /* Garbage collect fds */
449 static void init_peercred(struct sock *sk)
451 put_pid(sk->sk_peer_pid);
452 if (sk->sk_peer_cred)
453 put_cred(sk->sk_peer_cred);
454 sk->sk_peer_pid = get_pid(task_tgid(current));
455 sk->sk_peer_cred = get_current_cred();
458 static void copy_peercred(struct sock *sk, struct sock *peersk)
460 put_pid(sk->sk_peer_pid);
461 if (sk->sk_peer_cred)
462 put_cred(sk->sk_peer_cred);
463 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
464 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
467 static int unix_listen(struct socket *sock, int backlog)
470 struct sock *sk = sock->sk;
471 struct unix_sock *u = unix_sk(sk);
472 struct pid *old_pid = NULL;
473 const struct cred *old_cred = NULL;
476 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
477 goto out; /* Only stream/seqpacket sockets accept */
480 goto out; /* No listens on an unbound socket */
482 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
484 if (backlog > sk->sk_max_ack_backlog)
485 wake_up_interruptible_all(&u->peer_wait);
486 sk->sk_max_ack_backlog = backlog;
487 sk->sk_state = TCP_LISTEN;
488 /* set credentials so connect can copy them */
493 unix_state_unlock(sk);
501 static int unix_release(struct socket *);
502 static int unix_bind(struct socket *, struct sockaddr *, int);
503 static int unix_stream_connect(struct socket *, struct sockaddr *,
504 int addr_len, int flags);
505 static int unix_socketpair(struct socket *, struct socket *);
506 static int unix_accept(struct socket *, struct socket *, int);
507 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
508 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
509 static unsigned int unix_dgram_poll(struct file *, struct socket *,
511 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
512 static int unix_shutdown(struct socket *, int);
513 static int unix_stream_sendmsg(struct kiocb *, struct socket *,
514 struct msghdr *, size_t);
515 static int unix_stream_recvmsg(struct kiocb *, struct socket *,
516 struct msghdr *, size_t, int);
517 static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
518 struct msghdr *, size_t);
519 static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
520 struct msghdr *, size_t, int);
521 static int unix_dgram_connect(struct socket *, struct sockaddr *,
523 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
524 struct msghdr *, size_t);
525 static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
526 struct msghdr *, size_t, int);
528 static const struct proto_ops unix_stream_ops = {
530 .owner = THIS_MODULE,
531 .release = unix_release,
533 .connect = unix_stream_connect,
534 .socketpair = unix_socketpair,
535 .accept = unix_accept,
536 .getname = unix_getname,
539 .listen = unix_listen,
540 .shutdown = unix_shutdown,
541 .setsockopt = sock_no_setsockopt,
542 .getsockopt = sock_no_getsockopt,
543 .sendmsg = unix_stream_sendmsg,
544 .recvmsg = unix_stream_recvmsg,
545 .mmap = sock_no_mmap,
546 .sendpage = sock_no_sendpage,
549 static const struct proto_ops unix_dgram_ops = {
551 .owner = THIS_MODULE,
552 .release = unix_release,
554 .connect = unix_dgram_connect,
555 .socketpair = unix_socketpair,
556 .accept = sock_no_accept,
557 .getname = unix_getname,
558 .poll = unix_dgram_poll,
560 .listen = sock_no_listen,
561 .shutdown = unix_shutdown,
562 .setsockopt = sock_no_setsockopt,
563 .getsockopt = sock_no_getsockopt,
564 .sendmsg = unix_dgram_sendmsg,
565 .recvmsg = unix_dgram_recvmsg,
566 .mmap = sock_no_mmap,
567 .sendpage = sock_no_sendpage,
570 static const struct proto_ops unix_seqpacket_ops = {
572 .owner = THIS_MODULE,
573 .release = unix_release,
575 .connect = unix_stream_connect,
576 .socketpair = unix_socketpair,
577 .accept = unix_accept,
578 .getname = unix_getname,
579 .poll = unix_dgram_poll,
581 .listen = unix_listen,
582 .shutdown = unix_shutdown,
583 .setsockopt = sock_no_setsockopt,
584 .getsockopt = sock_no_getsockopt,
585 .sendmsg = unix_seqpacket_sendmsg,
586 .recvmsg = unix_seqpacket_recvmsg,
587 .mmap = sock_no_mmap,
588 .sendpage = sock_no_sendpage,
591 static struct proto unix_proto = {
593 .owner = THIS_MODULE,
594 .obj_size = sizeof(struct unix_sock),
598 * AF_UNIX sockets do not interact with hardware, hence they
599 * dont trigger interrupts - so it's safe for them to have
600 * bh-unsafe locking for their sk_receive_queue.lock. Split off
601 * this special lock-class by reinitializing the spinlock key:
603 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
605 static struct sock *unix_create1(struct net *net, struct socket *sock)
607 struct sock *sk = NULL;
610 atomic_long_inc(&unix_nr_socks);
611 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
614 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
618 sock_init_data(sock, sk);
619 lockdep_set_class(&sk->sk_receive_queue.lock,
620 &af_unix_sk_receive_queue_lock_key);
622 sk->sk_write_space = unix_write_space;
623 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
624 sk->sk_destruct = unix_sock_destructor;
628 spin_lock_init(&u->lock);
629 atomic_long_set(&u->inflight, 0);
630 INIT_LIST_HEAD(&u->link);
631 mutex_init(&u->readlock); /* single task reading lock */
632 init_waitqueue_head(&u->peer_wait);
633 unix_insert_socket(unix_sockets_unbound, sk);
636 atomic_long_dec(&unix_nr_socks);
639 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
645 static int unix_create(struct net *net, struct socket *sock, int protocol,
648 if (protocol && protocol != PF_UNIX)
649 return -EPROTONOSUPPORT;
651 sock->state = SS_UNCONNECTED;
653 switch (sock->type) {
655 sock->ops = &unix_stream_ops;
658 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
662 sock->type = SOCK_DGRAM;
664 sock->ops = &unix_dgram_ops;
667 sock->ops = &unix_seqpacket_ops;
670 return -ESOCKTNOSUPPORT;
673 return unix_create1(net, sock) ? 0 : -ENOMEM;
676 static int unix_release(struct socket *sock)
678 struct sock *sk = sock->sk;
683 unix_release_sock(sk, 0);
689 static int unix_autobind(struct socket *sock)
691 struct sock *sk = sock->sk;
692 struct net *net = sock_net(sk);
693 struct unix_sock *u = unix_sk(sk);
694 static u32 ordernum = 1;
695 struct unix_address *addr;
697 unsigned int retries = 0;
699 mutex_lock(&u->readlock);
706 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
710 addr->name->sun_family = AF_UNIX;
711 atomic_set(&addr->refcnt, 1);
714 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
715 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
717 spin_lock(&unix_table_lock);
718 ordernum = (ordernum+1)&0xFFFFF;
720 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
722 spin_unlock(&unix_table_lock);
724 * __unix_find_socket_byname() may take long time if many names
725 * are already in use.
728 /* Give up if all names seems to be in use. */
729 if (retries++ == 0xFFFFF) {
736 addr->hash ^= sk->sk_type;
738 __unix_remove_socket(sk);
740 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
741 spin_unlock(&unix_table_lock);
744 out: mutex_unlock(&u->readlock);
748 static struct sock *unix_find_other(struct net *net,
749 struct sockaddr_un *sunname, int len,
750 int type, unsigned hash, int *error)
756 if (sunname->sun_path[0]) {
758 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
761 inode = path.dentry->d_inode;
762 err = inode_permission(inode, MAY_WRITE);
767 if (!S_ISSOCK(inode->i_mode))
769 u = unix_find_socket_byinode(inode);
773 if (u->sk_type == type)
774 touch_atime(path.mnt, path.dentry);
779 if (u->sk_type != type) {
785 u = unix_find_socket_byname(net, sunname, len, type, hash);
787 struct dentry *dentry;
788 dentry = unix_sk(u)->dentry;
790 touch_atime(unix_sk(u)->mnt, dentry);
804 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
806 struct sock *sk = sock->sk;
807 struct net *net = sock_net(sk);
808 struct unix_sock *u = unix_sk(sk);
809 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
810 char *sun_path = sunaddr->sun_path;
811 struct dentry *dentry = NULL;
815 struct unix_address *addr;
816 struct hlist_head *list;
819 if (sunaddr->sun_family != AF_UNIX)
822 if (addr_len == sizeof(short)) {
823 err = unix_autobind(sock);
827 err = unix_mkname(sunaddr, addr_len, &hash);
832 mutex_lock(&u->readlock);
839 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
843 memcpy(addr->name, sunaddr, addr_len);
844 addr->len = addr_len;
845 addr->hash = hash ^ sk->sk_type;
846 atomic_set(&addr->refcnt, 1);
852 * Get the parent directory, calculate the hash for last
855 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
856 err = PTR_ERR(dentry);
858 goto out_mknod_parent;
861 * All right, let's create it.
864 (SOCK_INODE(sock)->i_mode & ~current_umask());
865 err = mnt_want_write(path.mnt);
868 err = security_path_mknod(&path, dentry, mode, 0);
870 goto out_mknod_drop_write;
871 err = vfs_mknod(path.dentry->d_inode, dentry, mode, 0);
872 out_mknod_drop_write:
873 mnt_drop_write(path.mnt);
876 mutex_unlock(&path.dentry->d_inode->i_mutex);
878 path.dentry = dentry;
880 addr->hash = UNIX_HASH_SIZE;
883 spin_lock(&unix_table_lock);
887 if (__unix_find_socket_byname(net, sunaddr, addr_len,
888 sk->sk_type, hash)) {
889 unix_release_addr(addr);
893 list = &unix_socket_table[addr->hash];
895 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
896 u->dentry = path.dentry;
901 __unix_remove_socket(sk);
903 __unix_insert_socket(list, sk);
906 spin_unlock(&unix_table_lock);
908 mutex_unlock(&u->readlock);
914 mutex_unlock(&path.dentry->d_inode->i_mutex);
919 unix_release_addr(addr);
923 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
925 if (unlikely(sk1 == sk2) || !sk2) {
926 unix_state_lock(sk1);
930 unix_state_lock(sk1);
931 unix_state_lock_nested(sk2);
933 unix_state_lock(sk2);
934 unix_state_lock_nested(sk1);
938 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
940 if (unlikely(sk1 == sk2) || !sk2) {
941 unix_state_unlock(sk1);
944 unix_state_unlock(sk1);
945 unix_state_unlock(sk2);
948 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
951 struct sock *sk = sock->sk;
952 struct net *net = sock_net(sk);
953 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
958 if (addr->sa_family != AF_UNSPEC) {
959 err = unix_mkname(sunaddr, alen, &hash);
964 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
965 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
969 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
973 unix_state_double_lock(sk, other);
975 /* Apparently VFS overslept socket death. Retry. */
976 if (sock_flag(other, SOCK_DEAD)) {
977 unix_state_double_unlock(sk, other);
983 if (!unix_may_send(sk, other))
986 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
992 * 1003.1g breaking connected state with AF_UNSPEC
995 unix_state_double_lock(sk, other);
999 * If it was connected, reconnect.
1001 if (unix_peer(sk)) {
1002 struct sock *old_peer = unix_peer(sk);
1003 unix_peer(sk) = other;
1004 unix_state_double_unlock(sk, other);
1006 if (other != old_peer)
1007 unix_dgram_disconnected(sk, old_peer);
1010 unix_peer(sk) = other;
1011 unix_state_double_unlock(sk, other);
1016 unix_state_double_unlock(sk, other);
1022 static long unix_wait_for_peer(struct sock *other, long timeo)
1024 struct unix_sock *u = unix_sk(other);
1028 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1030 sched = !sock_flag(other, SOCK_DEAD) &&
1031 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1032 unix_recvq_full(other);
1034 unix_state_unlock(other);
1037 timeo = schedule_timeout(timeo);
1039 finish_wait(&u->peer_wait, &wait);
1043 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1044 int addr_len, int flags)
1046 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1047 struct sock *sk = sock->sk;
1048 struct net *net = sock_net(sk);
1049 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1050 struct sock *newsk = NULL;
1051 struct sock *other = NULL;
1052 struct sk_buff *skb = NULL;
1058 err = unix_mkname(sunaddr, addr_len, &hash);
1063 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1064 (err = unix_autobind(sock)) != 0)
1067 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1069 /* First of all allocate resources.
1070 If we will make it after state is locked,
1071 we will have to recheck all again in any case.
1076 /* create new sock for complete connection */
1077 newsk = unix_create1(sock_net(sk), NULL);
1081 /* Allocate skb for sending to listening sock */
1082 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1087 /* Find listening sock. */
1088 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1092 /* Latch state of peer */
1093 unix_state_lock(other);
1095 /* Apparently VFS overslept socket death. Retry. */
1096 if (sock_flag(other, SOCK_DEAD)) {
1097 unix_state_unlock(other);
1102 err = -ECONNREFUSED;
1103 if (other->sk_state != TCP_LISTEN)
1105 if (other->sk_shutdown & RCV_SHUTDOWN)
1108 if (unix_recvq_full(other)) {
1113 timeo = unix_wait_for_peer(other, timeo);
1115 err = sock_intr_errno(timeo);
1116 if (signal_pending(current))
1124 It is tricky place. We need to grab our state lock and cannot
1125 drop lock on peer. It is dangerous because deadlock is
1126 possible. Connect to self case and simultaneous
1127 attempt to connect are eliminated by checking socket
1128 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1129 check this before attempt to grab lock.
1131 Well, and we have to recheck the state after socket locked.
1137 /* This is ok... continue with connect */
1139 case TCP_ESTABLISHED:
1140 /* Socket is already connected */
1148 unix_state_lock_nested(sk);
1150 if (sk->sk_state != st) {
1151 unix_state_unlock(sk);
1152 unix_state_unlock(other);
1157 err = security_unix_stream_connect(sk, other, newsk);
1159 unix_state_unlock(sk);
1163 /* The way is open! Fastly set all the necessary fields... */
1166 unix_peer(newsk) = sk;
1167 newsk->sk_state = TCP_ESTABLISHED;
1168 newsk->sk_type = sk->sk_type;
1169 init_peercred(newsk);
1170 newu = unix_sk(newsk);
1171 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1172 otheru = unix_sk(other);
1174 /* copy address information from listening to new sock*/
1176 atomic_inc(&otheru->addr->refcnt);
1177 newu->addr = otheru->addr;
1179 if (otheru->dentry) {
1180 newu->dentry = dget(otheru->dentry);
1181 newu->mnt = mntget(otheru->mnt);
1184 /* Set credentials */
1185 copy_peercred(sk, other);
1187 sock->state = SS_CONNECTED;
1188 sk->sk_state = TCP_ESTABLISHED;
1191 smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1192 unix_peer(sk) = newsk;
1194 unix_state_unlock(sk);
1196 /* take ten and and send info to listening sock */
1197 spin_lock(&other->sk_receive_queue.lock);
1198 __skb_queue_tail(&other->sk_receive_queue, skb);
1199 spin_unlock(&other->sk_receive_queue.lock);
1200 unix_state_unlock(other);
1201 other->sk_data_ready(other, 0);
1207 unix_state_unlock(other);
1212 unix_release_sock(newsk, 0);
1218 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1220 struct sock *ska = socka->sk, *skb = sockb->sk;
1222 /* Join our sockets back to back */
1225 unix_peer(ska) = skb;
1226 unix_peer(skb) = ska;
1230 if (ska->sk_type != SOCK_DGRAM) {
1231 ska->sk_state = TCP_ESTABLISHED;
1232 skb->sk_state = TCP_ESTABLISHED;
1233 socka->state = SS_CONNECTED;
1234 sockb->state = SS_CONNECTED;
1239 static void unix_sock_inherit_flags(const struct socket *old,
1242 if (test_bit(SOCK_PASSCRED, &old->flags))
1243 set_bit(SOCK_PASSCRED, &new->flags);
1244 if (test_bit(SOCK_PASSSEC, &old->flags))
1245 set_bit(SOCK_PASSSEC, &new->flags);
1248 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1250 struct sock *sk = sock->sk;
1252 struct sk_buff *skb;
1256 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1260 if (sk->sk_state != TCP_LISTEN)
1263 /* If socket state is TCP_LISTEN it cannot change (for now...),
1264 * so that no locks are necessary.
1267 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1269 /* This means receive shutdown. */
1276 skb_free_datagram(sk, skb);
1277 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1279 /* attach accepted sock to socket */
1280 unix_state_lock(tsk);
1281 newsock->state = SS_CONNECTED;
1282 unix_sock_inherit_flags(sock, newsock);
1283 sock_graft(tsk, newsock);
1284 unix_state_unlock(tsk);
1292 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1294 struct sock *sk = sock->sk;
1295 struct unix_sock *u;
1296 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1300 sk = unix_peer_get(sk);
1311 unix_state_lock(sk);
1313 sunaddr->sun_family = AF_UNIX;
1314 sunaddr->sun_path[0] = 0;
1315 *uaddr_len = sizeof(short);
1317 struct unix_address *addr = u->addr;
1319 *uaddr_len = addr->len;
1320 memcpy(sunaddr, addr->name, *uaddr_len);
1322 unix_state_unlock(sk);
1328 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1332 scm->fp = UNIXCB(skb).fp;
1333 UNIXCB(skb).fp = NULL;
1335 for (i = scm->fp->count-1; i >= 0; i--)
1336 unix_notinflight(scm->fp->fp[i]);
1339 static void unix_destruct_scm(struct sk_buff *skb)
1341 struct scm_cookie scm;
1342 memset(&scm, 0, sizeof(scm));
1343 scm.pid = UNIXCB(skb).pid;
1344 scm.cred = UNIXCB(skb).cred;
1346 unix_detach_fds(&scm, skb);
1348 /* Alas, it calls VFS */
1349 /* So fscking what? fput() had been SMP-safe since the last Summer */
1354 #define MAX_RECURSION_LEVEL 4
1356 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1359 unsigned char max_level = 0;
1360 int unix_sock_count = 0;
1362 for (i = scm->fp->count - 1; i >= 0; i--) {
1363 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1367 max_level = max(max_level,
1368 unix_sk(sk)->recursion_level);
1371 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1372 return -ETOOMANYREFS;
1375 * Need to duplicate file references for the sake of garbage
1376 * collection. Otherwise a socket in the fps might become a
1377 * candidate for GC while the skb is not yet queued.
1379 UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1380 if (!UNIXCB(skb).fp)
1383 if (unix_sock_count) {
1384 for (i = scm->fp->count - 1; i >= 0; i--)
1385 unix_inflight(scm->fp->fp[i]);
1390 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1394 UNIXCB(skb).pid = get_pid(scm->pid);
1396 UNIXCB(skb).cred = get_cred(scm->cred);
1397 UNIXCB(skb).fp = NULL;
1398 if (scm->fp && send_fds)
1399 err = unix_attach_fds(scm, skb);
1401 skb->destructor = unix_destruct_scm;
1406 * Some apps rely on write() giving SCM_CREDENTIALS
1407 * We include credentials if source or destination socket
1408 * asserted SOCK_PASSCRED.
1410 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1411 const struct sock *other)
1413 if (UNIXCB(skb).cred)
1415 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1416 !other->sk_socket ||
1417 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1418 UNIXCB(skb).pid = get_pid(task_tgid(current));
1419 UNIXCB(skb).cred = get_current_cred();
1424 * Send AF_UNIX data.
1427 static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1428 struct msghdr *msg, size_t len)
1430 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1431 struct sock *sk = sock->sk;
1432 struct net *net = sock_net(sk);
1433 struct unix_sock *u = unix_sk(sk);
1434 struct sockaddr_un *sunaddr = msg->msg_name;
1435 struct sock *other = NULL;
1436 int namelen = 0; /* fake GCC */
1439 struct sk_buff *skb;
1441 struct scm_cookie tmp_scm;
1444 if (NULL == siocb->scm)
1445 siocb->scm = &tmp_scm;
1447 err = scm_send(sock, msg, siocb->scm, false);
1452 if (msg->msg_flags&MSG_OOB)
1455 if (msg->msg_namelen) {
1456 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1463 other = unix_peer_get(sk);
1468 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1469 && (err = unix_autobind(sock)) != 0)
1473 if (len > sk->sk_sndbuf - 32)
1476 skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
1480 err = unix_scm_to_skb(siocb->scm, skb, true);
1483 max_level = err + 1;
1484 unix_get_secdata(siocb->scm, skb);
1486 skb_reset_transport_header(skb);
1487 err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
1491 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1496 if (sunaddr == NULL)
1499 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1505 if (sk_filter(other, skb) < 0) {
1506 /* Toss the packet but do not return any error to the sender */
1511 unix_state_lock(other);
1513 if (!unix_may_send(sk, other))
1516 if (sock_flag(other, SOCK_DEAD)) {
1518 * Check with 1003.1g - what should
1521 unix_state_unlock(other);
1525 unix_state_lock(sk);
1526 if (unix_peer(sk) == other) {
1527 unix_peer(sk) = NULL;
1528 unix_state_unlock(sk);
1530 unix_dgram_disconnected(sk, other);
1532 err = -ECONNREFUSED;
1534 unix_state_unlock(sk);
1544 if (other->sk_shutdown & RCV_SHUTDOWN)
1547 if (sk->sk_type != SOCK_SEQPACKET) {
1548 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1553 if (unix_peer(other) != sk && unix_recvq_full(other)) {
1559 timeo = unix_wait_for_peer(other, timeo);
1561 err = sock_intr_errno(timeo);
1562 if (signal_pending(current))
1568 if (sock_flag(other, SOCK_RCVTSTAMP))
1569 __net_timestamp(skb);
1570 maybe_add_creds(skb, sock, other);
1571 skb_queue_tail(&other->sk_receive_queue, skb);
1572 if (max_level > unix_sk(other)->recursion_level)
1573 unix_sk(other)->recursion_level = max_level;
1574 unix_state_unlock(other);
1575 other->sk_data_ready(other, len);
1577 scm_destroy(siocb->scm);
1581 unix_state_unlock(other);
1587 scm_destroy(siocb->scm);
1592 static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1593 struct msghdr *msg, size_t len)
1595 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1596 struct sock *sk = sock->sk;
1597 struct sock *other = NULL;
1599 struct sk_buff *skb;
1601 struct scm_cookie tmp_scm;
1602 bool fds_sent = false;
1605 if (NULL == siocb->scm)
1606 siocb->scm = &tmp_scm;
1608 err = scm_send(sock, msg, siocb->scm, false);
1613 if (msg->msg_flags&MSG_OOB)
1616 if (msg->msg_namelen) {
1617 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1621 other = unix_peer(sk);
1626 if (sk->sk_shutdown & SEND_SHUTDOWN)
1629 while (sent < len) {
1631 * Optimisation for the fact that under 0.01% of X
1632 * messages typically need breaking up.
1637 /* Keep two messages in the pipe so it schedules better */
1638 if (size > ((sk->sk_sndbuf >> 1) - 64))
1639 size = (sk->sk_sndbuf >> 1) - 64;
1641 if (size > SKB_MAX_ALLOC)
1642 size = SKB_MAX_ALLOC;
1648 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1655 * If you pass two values to the sock_alloc_send_skb
1656 * it tries to grab the large buffer with GFP_NOFS
1657 * (which can fail easily), and if it fails grab the
1658 * fallback size buffer which is under a page and will
1661 size = min_t(int, size, skb_tailroom(skb));
1664 /* Only send the fds in the first buffer */
1665 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1670 max_level = err + 1;
1673 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1679 unix_state_lock(other);
1681 if (sock_flag(other, SOCK_DEAD) ||
1682 (other->sk_shutdown & RCV_SHUTDOWN))
1685 maybe_add_creds(skb, sock, other);
1686 skb_queue_tail(&other->sk_receive_queue, skb);
1687 if (max_level > unix_sk(other)->recursion_level)
1688 unix_sk(other)->recursion_level = max_level;
1689 unix_state_unlock(other);
1690 other->sk_data_ready(other, size);
1694 scm_destroy(siocb->scm);
1700 unix_state_unlock(other);
1703 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1704 send_sig(SIGPIPE, current, 0);
1707 scm_destroy(siocb->scm);
1709 return sent ? : err;
1712 static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1713 struct msghdr *msg, size_t len)
1716 struct sock *sk = sock->sk;
1718 err = sock_error(sk);
1722 if (sk->sk_state != TCP_ESTABLISHED)
1725 if (msg->msg_namelen)
1726 msg->msg_namelen = 0;
1728 return unix_dgram_sendmsg(kiocb, sock, msg, len);
1731 static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1732 struct msghdr *msg, size_t size,
1735 struct sock *sk = sock->sk;
1737 if (sk->sk_state != TCP_ESTABLISHED)
1740 return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1743 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1745 struct unix_sock *u = unix_sk(sk);
1748 msg->msg_namelen = u->addr->len;
1749 memcpy(msg->msg_name, u->addr->name, u->addr->len);
1753 static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1754 struct msghdr *msg, size_t size,
1757 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1758 struct scm_cookie tmp_scm;
1759 struct sock *sk = sock->sk;
1760 struct unix_sock *u = unix_sk(sk);
1761 int noblock = flags & MSG_DONTWAIT;
1762 struct sk_buff *skb;
1769 err = mutex_lock_interruptible(&u->readlock);
1771 err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1775 skb = skb_recv_datagram(sk, flags, noblock, &err);
1777 unix_state_lock(sk);
1778 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1779 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1780 (sk->sk_shutdown & RCV_SHUTDOWN))
1782 unix_state_unlock(sk);
1786 wake_up_interruptible_sync_poll(&u->peer_wait,
1787 POLLOUT | POLLWRNORM | POLLWRBAND);
1790 unix_copy_addr(msg, skb->sk);
1792 if (size > skb->len)
1794 else if (size < skb->len)
1795 msg->msg_flags |= MSG_TRUNC;
1797 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1801 if (sock_flag(sk, SOCK_RCVTSTAMP))
1802 __sock_recv_timestamp(msg, sk, skb);
1805 siocb->scm = &tmp_scm;
1806 memset(&tmp_scm, 0, sizeof(tmp_scm));
1808 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1809 unix_set_secdata(siocb->scm, skb);
1811 if (!(flags & MSG_PEEK)) {
1813 unix_detach_fds(siocb->scm, skb);
1815 /* It is questionable: on PEEK we could:
1816 - do not return fds - good, but too simple 8)
1817 - return fds, and do not return them on read (old strategy,
1819 - clone fds (I chose it for now, it is the most universal
1822 POSIX 1003.1g does not actually define this clearly
1823 at all. POSIX 1003.1g doesn't define a lot of things
1828 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1832 scm_recv(sock, msg, siocb->scm, flags);
1835 skb_free_datagram(sk, skb);
1837 mutex_unlock(&u->readlock);
1843 * Sleep until data has arrive. But check for races..
1846 static long unix_stream_data_wait(struct sock *sk, long timeo)
1850 unix_state_lock(sk);
1853 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1855 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1857 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1858 signal_pending(current) ||
1862 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1863 unix_state_unlock(sk);
1864 timeo = schedule_timeout(timeo);
1865 unix_state_lock(sk);
1866 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1869 finish_wait(sk_sleep(sk), &wait);
1870 unix_state_unlock(sk);
1876 static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1877 struct msghdr *msg, size_t size,
1880 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1881 struct scm_cookie tmp_scm;
1882 struct sock *sk = sock->sk;
1883 struct unix_sock *u = unix_sk(sk);
1884 struct sockaddr_un *sunaddr = msg->msg_name;
1886 int check_creds = 0;
1892 if (sk->sk_state != TCP_ESTABLISHED)
1899 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1900 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1902 /* Lock the socket to prevent queue disordering
1903 * while sleeps in memcpy_tomsg
1907 siocb->scm = &tmp_scm;
1908 memset(&tmp_scm, 0, sizeof(tmp_scm));
1911 err = mutex_lock_interruptible(&u->readlock);
1913 err = sock_intr_errno(timeo);
1919 struct sk_buff *skb;
1921 unix_state_lock(sk);
1922 skb = skb_peek(&sk->sk_receive_queue);
1924 unix_sk(sk)->recursion_level = 0;
1925 if (copied >= target)
1929 * POSIX 1003.1g mandates this order.
1932 err = sock_error(sk);
1935 if (sk->sk_shutdown & RCV_SHUTDOWN)
1938 unix_state_unlock(sk);
1942 mutex_unlock(&u->readlock);
1944 timeo = unix_stream_data_wait(sk, timeo);
1946 if (signal_pending(current)
1947 || mutex_lock_interruptible(&u->readlock)) {
1948 err = sock_intr_errno(timeo);
1954 unix_state_unlock(sk);
1957 unix_state_unlock(sk);
1960 /* Never glue messages from different writers */
1961 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1962 (UNIXCB(skb).cred != siocb->scm->cred))
1964 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
1965 /* Copy credentials */
1966 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1970 /* Copy address just once */
1972 unix_copy_addr(msg, skb->sk);
1976 chunk = min_t(unsigned int, skb->len, size);
1977 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1985 /* Mark read part of skb as used */
1986 if (!(flags & MSG_PEEK)) {
1987 skb_pull(skb, chunk);
1990 unix_detach_fds(siocb->scm, skb);
1995 skb_unlink(skb, &sk->sk_receive_queue);
2001 /* It is questionable, see note in unix_dgram_recvmsg.
2004 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
2010 mutex_unlock(&u->readlock);
2011 scm_recv(sock, msg, siocb->scm, flags);
2013 return copied ? : err;
2016 static int unix_shutdown(struct socket *sock, int mode)
2018 struct sock *sk = sock->sk;
2021 mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
2026 unix_state_lock(sk);
2027 sk->sk_shutdown |= mode;
2028 other = unix_peer(sk);
2031 unix_state_unlock(sk);
2032 sk->sk_state_change(sk);
2035 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2039 if (mode&RCV_SHUTDOWN)
2040 peer_mode |= SEND_SHUTDOWN;
2041 if (mode&SEND_SHUTDOWN)
2042 peer_mode |= RCV_SHUTDOWN;
2043 unix_state_lock(other);
2044 other->sk_shutdown |= peer_mode;
2045 unix_state_unlock(other);
2046 other->sk_state_change(other);
2047 if (peer_mode == SHUTDOWN_MASK)
2048 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2049 else if (peer_mode & RCV_SHUTDOWN)
2050 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2058 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2060 struct sock *sk = sock->sk;
2066 amount = sk_wmem_alloc_get(sk);
2067 err = put_user(amount, (int __user *)arg);
2071 struct sk_buff *skb;
2073 if (sk->sk_state == TCP_LISTEN) {
2078 spin_lock(&sk->sk_receive_queue.lock);
2079 if (sk->sk_type == SOCK_STREAM ||
2080 sk->sk_type == SOCK_SEQPACKET) {
2081 skb_queue_walk(&sk->sk_receive_queue, skb)
2084 skb = skb_peek(&sk->sk_receive_queue);
2088 spin_unlock(&sk->sk_receive_queue.lock);
2089 err = put_user(amount, (int __user *)arg);
2100 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2102 struct sock *sk = sock->sk;
2105 sock_poll_wait(file, sk_sleep(sk), wait);
2108 /* exceptional events? */
2111 if (sk->sk_shutdown == SHUTDOWN_MASK)
2113 if (sk->sk_shutdown & RCV_SHUTDOWN)
2114 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2117 if (!skb_queue_empty(&sk->sk_receive_queue))
2118 mask |= POLLIN | POLLRDNORM;
2120 /* Connection-based need to check for termination and startup */
2121 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2122 sk->sk_state == TCP_CLOSE)
2126 * we set writable also when the other side has shut down the
2127 * connection. This prevents stuck sockets.
2129 if (unix_writable(sk))
2130 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2135 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2138 struct sock *sk = sock->sk, *other;
2139 unsigned int mask, writable;
2141 sock_poll_wait(file, sk_sleep(sk), wait);
2144 /* exceptional events? */
2145 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2147 if (sk->sk_shutdown & RCV_SHUTDOWN)
2148 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2149 if (sk->sk_shutdown == SHUTDOWN_MASK)
2153 if (!skb_queue_empty(&sk->sk_receive_queue))
2154 mask |= POLLIN | POLLRDNORM;
2156 /* Connection-based need to check for termination and startup */
2157 if (sk->sk_type == SOCK_SEQPACKET) {
2158 if (sk->sk_state == TCP_CLOSE)
2160 /* connection hasn't started yet? */
2161 if (sk->sk_state == TCP_SYN_SENT)
2165 /* No write status requested, avoid expensive OUT tests. */
2166 if (wait && !(wait->key & (POLLWRBAND | POLLWRNORM | POLLOUT)))
2169 writable = unix_writable(sk);
2170 other = unix_peer_get(sk);
2172 if (unix_peer(other) != sk) {
2173 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2174 if (unix_recvq_full(other))
2181 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2183 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2188 #ifdef CONFIG_PROC_FS
2189 static struct sock *first_unix_socket(int *i)
2191 for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
2192 if (!hlist_empty(&unix_socket_table[*i]))
2193 return __sk_head(&unix_socket_table[*i]);
2198 static struct sock *next_unix_socket(int *i, struct sock *s)
2200 struct sock *next = sk_next(s);
2201 /* More in this chain? */
2204 /* Look for next non-empty chain. */
2205 for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
2206 if (!hlist_empty(&unix_socket_table[*i]))
2207 return __sk_head(&unix_socket_table[*i]);
2212 struct unix_iter_state {
2213 struct seq_net_private p;
2217 static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos)
2219 struct unix_iter_state *iter = seq->private;
2223 for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
2224 if (sock_net(s) != seq_file_net(seq))
2233 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2234 __acquires(unix_table_lock)
2236 spin_lock(&unix_table_lock);
2237 return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2240 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2242 struct unix_iter_state *iter = seq->private;
2243 struct sock *sk = v;
2246 if (v == SEQ_START_TOKEN)
2247 sk = first_unix_socket(&iter->i);
2249 sk = next_unix_socket(&iter->i, sk);
2250 while (sk && (sock_net(sk) != seq_file_net(seq)))
2251 sk = next_unix_socket(&iter->i, sk);
2255 static void unix_seq_stop(struct seq_file *seq, void *v)
2256 __releases(unix_table_lock)
2258 spin_unlock(&unix_table_lock);
2261 static int unix_seq_show(struct seq_file *seq, void *v)
2264 if (v == SEQ_START_TOKEN)
2265 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2269 struct unix_sock *u = unix_sk(s);
2272 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2274 atomic_read(&s->sk_refcnt),
2276 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2279 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2280 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2288 len = u->addr->len - sizeof(short);
2289 if (!UNIX_ABSTRACT(s))
2295 for ( ; i < len; i++)
2296 seq_putc(seq, u->addr->name->sun_path[i]);
2298 unix_state_unlock(s);
2299 seq_putc(seq, '\n');
2305 static const struct seq_operations unix_seq_ops = {
2306 .start = unix_seq_start,
2307 .next = unix_seq_next,
2308 .stop = unix_seq_stop,
2309 .show = unix_seq_show,
2312 static int unix_seq_open(struct inode *inode, struct file *file)
2314 return seq_open_net(inode, file, &unix_seq_ops,
2315 sizeof(struct unix_iter_state));
2318 static const struct file_operations unix_seq_fops = {
2319 .owner = THIS_MODULE,
2320 .open = unix_seq_open,
2322 .llseek = seq_lseek,
2323 .release = seq_release_net,
2328 static const struct net_proto_family unix_family_ops = {
2330 .create = unix_create,
2331 .owner = THIS_MODULE,
2335 static int __net_init unix_net_init(struct net *net)
2337 int error = -ENOMEM;
2339 net->unx.sysctl_max_dgram_qlen = 10;
2340 if (unix_sysctl_register(net))
2343 #ifdef CONFIG_PROC_FS
2344 if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2345 unix_sysctl_unregister(net);
2354 static void __net_exit unix_net_exit(struct net *net)
2356 unix_sysctl_unregister(net);
2357 proc_net_remove(net, "unix");
2360 static struct pernet_operations unix_net_ops = {
2361 .init = unix_net_init,
2362 .exit = unix_net_exit,
2365 static int __init af_unix_init(void)
2368 struct sk_buff *dummy_skb;
2370 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2372 rc = proto_register(&unix_proto, 1);
2374 printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2379 sock_register(&unix_family_ops);
2380 register_pernet_subsys(&unix_net_ops);
2385 static void __exit af_unix_exit(void)
2387 sock_unregister(PF_UNIX);
2388 proto_unregister(&unix_proto);
2389 unregister_pernet_subsys(&unix_net_ops);
2392 /* Earlier than device_initcall() so that other drivers invoking
2393 request_module() don't end up in a loop when modprobe tries
2394 to use a UNIX socket. But later than subsys_initcall() because
2395 we depend on stuff initialised there */
2396 fs_initcall(af_unix_init);
2397 module_exit(af_unix_exit);
2399 MODULE_LICENSE("GPL");
2400 MODULE_ALIAS_NETPROTO(PF_UNIX);