2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #include <linux/module.h>
84 #include <linux/kernel.h>
85 #include <linux/signal.h>
86 #include <linux/sched.h>
87 #include <linux/errno.h>
88 #include <linux/string.h>
89 #include <linux/stat.h>
90 #include <linux/dcache.h>
91 #include <linux/namei.h>
92 #include <linux/socket.h>
94 #include <linux/fcntl.h>
95 #include <linux/termios.h>
96 #include <linux/sockios.h>
97 #include <linux/net.h>
100 #include <linux/slab.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <net/net_namespace.h>
105 #include <net/sock.h>
106 #include <net/tcp_states.h>
107 #include <net/af_unix.h>
108 #include <linux/proc_fs.h>
109 #include <linux/seq_file.h>
111 #include <linux/init.h>
112 #include <linux/poll.h>
113 #include <linux/rtnetlink.h>
114 #include <linux/mount.h>
115 #include <net/checksum.h>
116 #include <linux/security.h>
118 static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119 static DEFINE_SPINLOCK(unix_table_lock);
120 static atomic_long_t unix_nr_socks;
122 #define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
124 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
126 #ifdef CONFIG_SECURITY_NETWORK
127 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
129 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
132 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
134 scm->secid = *UNIXSID(skb);
137 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
140 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
142 #endif /* CONFIG_SECURITY_NETWORK */
145 * SMP locking strategy:
146 * hash table is protected with spinlock unix_table_lock
147 * each socket state is protected by separate spin lock.
150 static inline unsigned unix_hash_fold(__wsum n)
152 unsigned hash = (__force unsigned)n;
155 return hash&(UNIX_HASH_SIZE-1);
158 #define unix_peer(sk) (unix_sk(sk)->peer)
160 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
162 return unix_peer(osk) == sk;
165 static inline int unix_may_send(struct sock *sk, struct sock *osk)
167 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
170 static inline int unix_recvq_full(struct sock const *sk)
172 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
175 static struct sock *unix_peer_get(struct sock *s)
183 unix_state_unlock(s);
187 static inline void unix_release_addr(struct unix_address *addr)
189 if (atomic_dec_and_test(&addr->refcnt))
194 * Check unix socket name:
195 * - should be not zero length.
196 * - if started by not zero, should be NULL terminated (FS object)
197 * - if started by zero, it is abstract name.
200 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
202 if (len <= sizeof(short) || len > sizeof(*sunaddr))
204 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
206 if (sunaddr->sun_path[0]) {
208 * This may look like an off by one error but it is a bit more
209 * subtle. 108 is the longest valid AF_UNIX path for a binding.
210 * sun_path[108] doesn't as such exist. However in kernel space
211 * we are guaranteed that it is a valid memory location in our
212 * kernel address buffer.
214 ((char *)sunaddr)[len] = 0;
215 len = strlen(sunaddr->sun_path)+1+sizeof(short);
219 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
223 static void __unix_remove_socket(struct sock *sk)
225 sk_del_node_init(sk);
228 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
230 WARN_ON(!sk_unhashed(sk));
231 sk_add_node(sk, list);
234 static inline void unix_remove_socket(struct sock *sk)
236 spin_lock(&unix_table_lock);
237 __unix_remove_socket(sk);
238 spin_unlock(&unix_table_lock);
241 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
243 spin_lock(&unix_table_lock);
244 __unix_insert_socket(list, sk);
245 spin_unlock(&unix_table_lock);
248 static struct sock *__unix_find_socket_byname(struct net *net,
249 struct sockaddr_un *sunname,
250 int len, int type, unsigned hash)
253 struct hlist_node *node;
255 sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
256 struct unix_sock *u = unix_sk(s);
258 if (!net_eq(sock_net(s), net))
261 if (u->addr->len == len &&
262 !memcmp(u->addr->name, sunname, len))
270 static inline struct sock *unix_find_socket_byname(struct net *net,
271 struct sockaddr_un *sunname,
277 spin_lock(&unix_table_lock);
278 s = __unix_find_socket_byname(net, sunname, len, type, hash);
281 spin_unlock(&unix_table_lock);
285 static struct sock *unix_find_socket_byinode(struct inode *i)
288 struct hlist_node *node;
290 spin_lock(&unix_table_lock);
292 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
293 struct dentry *dentry = unix_sk(s)->dentry;
295 if (dentry && dentry->d_inode == i) {
302 spin_unlock(&unix_table_lock);
306 static inline int unix_writable(struct sock *sk)
308 return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
311 static void unix_write_space(struct sock *sk)
313 struct socket_wq *wq;
316 if (unix_writable(sk)) {
317 wq = rcu_dereference(sk->sk_wq);
318 if (wq_has_sleeper(wq))
319 wake_up_interruptible_sync_poll(&wq->wait,
320 POLLOUT | POLLWRNORM | POLLWRBAND);
321 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
326 /* When dgram socket disconnects (or changes its peer), we clear its receive
327 * queue of packets arrived from previous peer. First, it allows to do
328 * flow control based only on wmem_alloc; second, sk connected to peer
329 * may receive messages only from that peer. */
330 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
332 if (!skb_queue_empty(&sk->sk_receive_queue)) {
333 skb_queue_purge(&sk->sk_receive_queue);
334 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
336 /* If one link of bidirectional dgram pipe is disconnected,
337 * we signal error. Messages are lost. Do not make this,
338 * when peer was not connected to us.
340 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
341 other->sk_err = ECONNRESET;
342 other->sk_error_report(other);
347 static void unix_sock_destructor(struct sock *sk)
349 struct unix_sock *u = unix_sk(sk);
351 skb_queue_purge(&sk->sk_receive_queue);
353 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
354 WARN_ON(!sk_unhashed(sk));
355 WARN_ON(sk->sk_socket);
356 if (!sock_flag(sk, SOCK_DEAD)) {
357 printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
362 unix_release_addr(u->addr);
364 atomic_long_dec(&unix_nr_socks);
366 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
368 #ifdef UNIX_REFCNT_DEBUG
369 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
370 atomic_long_read(&unix_nr_socks));
374 static void unix_release_sock(struct sock *sk, int embrion)
376 struct unix_sock *u = unix_sk(sk);
377 struct dentry *dentry;
378 struct vfsmount *mnt;
383 unix_remove_socket(sk);
388 sk->sk_shutdown = SHUTDOWN_MASK;
393 state = sk->sk_state;
394 sk->sk_state = TCP_CLOSE;
395 unix_state_unlock(sk);
397 wake_up_interruptible_all(&u->peer_wait);
399 skpair = unix_peer(sk);
401 if (skpair != NULL) {
402 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
403 unix_state_lock(skpair);
405 skpair->sk_shutdown = SHUTDOWN_MASK;
406 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
407 skpair->sk_err = ECONNRESET;
408 unix_state_unlock(skpair);
409 skpair->sk_state_change(skpair);
410 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
412 sock_put(skpair); /* It may now die */
413 unix_peer(sk) = NULL;
416 /* Try to flush out this socket. Throw out buffers at least */
418 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
419 if (state == TCP_LISTEN)
420 unix_release_sock(skb->sk, 1);
421 /* passed fds are erased in the kfree_skb hook */
432 /* ---- Socket is dead now and most probably destroyed ---- */
435 * Fixme: BSD difference: In BSD all sockets connected to use get
436 * ECONNRESET and we die on the spot. In Linux we behave
437 * like files and pipes do and wait for the last
440 * Can't we simply set sock->err?
442 * What the above comment does talk about? --ANK(980817)
445 if (unix_tot_inflight)
446 unix_gc(); /* Garbage collect fds */
449 static void init_peercred(struct sock *sk)
451 put_pid(sk->sk_peer_pid);
452 if (sk->sk_peer_cred)
453 put_cred(sk->sk_peer_cred);
454 sk->sk_peer_pid = get_pid(task_tgid(current));
455 sk->sk_peer_cred = get_current_cred();
458 static void copy_peercred(struct sock *sk, struct sock *peersk)
460 put_pid(sk->sk_peer_pid);
461 if (sk->sk_peer_cred)
462 put_cred(sk->sk_peer_cred);
463 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
464 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
467 static int unix_listen(struct socket *sock, int backlog)
470 struct sock *sk = sock->sk;
471 struct unix_sock *u = unix_sk(sk);
472 struct pid *old_pid = NULL;
473 const struct cred *old_cred = NULL;
476 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
477 goto out; /* Only stream/seqpacket sockets accept */
480 goto out; /* No listens on an unbound socket */
482 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
484 if (backlog > sk->sk_max_ack_backlog)
485 wake_up_interruptible_all(&u->peer_wait);
486 sk->sk_max_ack_backlog = backlog;
487 sk->sk_state = TCP_LISTEN;
488 /* set credentials so connect can copy them */
493 unix_state_unlock(sk);
501 static int unix_release(struct socket *);
502 static int unix_bind(struct socket *, struct sockaddr *, int);
503 static int unix_stream_connect(struct socket *, struct sockaddr *,
504 int addr_len, int flags);
505 static int unix_socketpair(struct socket *, struct socket *);
506 static int unix_accept(struct socket *, struct socket *, int);
507 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
508 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
509 static unsigned int unix_dgram_poll(struct file *, struct socket *,
511 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
512 static int unix_shutdown(struct socket *, int);
513 static int unix_stream_sendmsg(struct kiocb *, struct socket *,
514 struct msghdr *, size_t);
515 static int unix_stream_recvmsg(struct kiocb *, struct socket *,
516 struct msghdr *, size_t, int);
517 static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
518 struct msghdr *, size_t);
519 static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
520 struct msghdr *, size_t, int);
521 static int unix_dgram_connect(struct socket *, struct sockaddr *,
523 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
524 struct msghdr *, size_t);
525 static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
526 struct msghdr *, size_t, int);
528 static const struct proto_ops unix_stream_ops = {
530 .owner = THIS_MODULE,
531 .release = unix_release,
533 .connect = unix_stream_connect,
534 .socketpair = unix_socketpair,
535 .accept = unix_accept,
536 .getname = unix_getname,
539 .listen = unix_listen,
540 .shutdown = unix_shutdown,
541 .setsockopt = sock_no_setsockopt,
542 .getsockopt = sock_no_getsockopt,
543 .sendmsg = unix_stream_sendmsg,
544 .recvmsg = unix_stream_recvmsg,
545 .mmap = sock_no_mmap,
546 .sendpage = sock_no_sendpage,
549 static const struct proto_ops unix_dgram_ops = {
551 .owner = THIS_MODULE,
552 .release = unix_release,
554 .connect = unix_dgram_connect,
555 .socketpair = unix_socketpair,
556 .accept = sock_no_accept,
557 .getname = unix_getname,
558 .poll = unix_dgram_poll,
560 .listen = sock_no_listen,
561 .shutdown = unix_shutdown,
562 .setsockopt = sock_no_setsockopt,
563 .getsockopt = sock_no_getsockopt,
564 .sendmsg = unix_dgram_sendmsg,
565 .recvmsg = unix_dgram_recvmsg,
566 .mmap = sock_no_mmap,
567 .sendpage = sock_no_sendpage,
570 static const struct proto_ops unix_seqpacket_ops = {
572 .owner = THIS_MODULE,
573 .release = unix_release,
575 .connect = unix_stream_connect,
576 .socketpair = unix_socketpair,
577 .accept = unix_accept,
578 .getname = unix_getname,
579 .poll = unix_dgram_poll,
581 .listen = unix_listen,
582 .shutdown = unix_shutdown,
583 .setsockopt = sock_no_setsockopt,
584 .getsockopt = sock_no_getsockopt,
585 .sendmsg = unix_seqpacket_sendmsg,
586 .recvmsg = unix_seqpacket_recvmsg,
587 .mmap = sock_no_mmap,
588 .sendpage = sock_no_sendpage,
591 static struct proto unix_proto = {
593 .owner = THIS_MODULE,
594 .obj_size = sizeof(struct unix_sock),
598 * AF_UNIX sockets do not interact with hardware, hence they
599 * dont trigger interrupts - so it's safe for them to have
600 * bh-unsafe locking for their sk_receive_queue.lock. Split off
601 * this special lock-class by reinitializing the spinlock key:
603 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
605 static struct sock *unix_create1(struct net *net, struct socket *sock)
607 struct sock *sk = NULL;
610 atomic_long_inc(&unix_nr_socks);
611 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
614 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
618 sock_init_data(sock, sk);
619 lockdep_set_class(&sk->sk_receive_queue.lock,
620 &af_unix_sk_receive_queue_lock_key);
622 sk->sk_write_space = unix_write_space;
623 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
624 sk->sk_destruct = unix_sock_destructor;
628 spin_lock_init(&u->lock);
629 atomic_long_set(&u->inflight, 0);
630 INIT_LIST_HEAD(&u->link);
631 mutex_init(&u->readlock); /* single task reading lock */
632 init_waitqueue_head(&u->peer_wait);
633 unix_insert_socket(unix_sockets_unbound, sk);
636 atomic_long_dec(&unix_nr_socks);
639 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
645 static int unix_create(struct net *net, struct socket *sock, int protocol,
648 if (protocol && protocol != PF_UNIX)
649 return -EPROTONOSUPPORT;
651 sock->state = SS_UNCONNECTED;
653 switch (sock->type) {
655 sock->ops = &unix_stream_ops;
658 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
662 sock->type = SOCK_DGRAM;
664 sock->ops = &unix_dgram_ops;
667 sock->ops = &unix_seqpacket_ops;
670 return -ESOCKTNOSUPPORT;
673 return unix_create1(net, sock) ? 0 : -ENOMEM;
676 static int unix_release(struct socket *sock)
678 struct sock *sk = sock->sk;
683 unix_release_sock(sk, 0);
689 static int unix_autobind(struct socket *sock)
691 struct sock *sk = sock->sk;
692 struct net *net = sock_net(sk);
693 struct unix_sock *u = unix_sk(sk);
694 static u32 ordernum = 1;
695 struct unix_address *addr;
697 unsigned int retries = 0;
699 mutex_lock(&u->readlock);
706 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
710 addr->name->sun_family = AF_UNIX;
711 atomic_set(&addr->refcnt, 1);
714 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
715 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
717 spin_lock(&unix_table_lock);
718 ordernum = (ordernum+1)&0xFFFFF;
720 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
722 spin_unlock(&unix_table_lock);
724 * __unix_find_socket_byname() may take long time if many names
725 * are already in use.
728 /* Give up if all names seems to be in use. */
729 if (retries++ == 0xFFFFF) {
736 addr->hash ^= sk->sk_type;
738 __unix_remove_socket(sk);
740 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
741 spin_unlock(&unix_table_lock);
744 out: mutex_unlock(&u->readlock);
748 static struct sock *unix_find_other(struct net *net,
749 struct sockaddr_un *sunname, int len,
750 int type, unsigned hash, int *error)
756 if (sunname->sun_path[0]) {
758 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
761 inode = path.dentry->d_inode;
762 err = inode_permission(inode, MAY_WRITE);
767 if (!S_ISSOCK(inode->i_mode))
769 u = unix_find_socket_byinode(inode);
773 if (u->sk_type == type)
774 touch_atime(path.mnt, path.dentry);
779 if (u->sk_type != type) {
785 u = unix_find_socket_byname(net, sunname, len, type, hash);
787 struct dentry *dentry;
788 dentry = unix_sk(u)->dentry;
790 touch_atime(unix_sk(u)->mnt, dentry);
804 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
806 struct sock *sk = sock->sk;
807 struct net *net = sock_net(sk);
808 struct unix_sock *u = unix_sk(sk);
809 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
810 char *sun_path = sunaddr->sun_path;
811 struct dentry *dentry = NULL;
815 struct unix_address *addr;
816 struct hlist_head *list;
819 if (sunaddr->sun_family != AF_UNIX)
822 if (addr_len == sizeof(short)) {
823 err = unix_autobind(sock);
827 err = unix_mkname(sunaddr, addr_len, &hash);
832 mutex_lock(&u->readlock);
839 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
843 memcpy(addr->name, sunaddr, addr_len);
844 addr->len = addr_len;
845 addr->hash = hash ^ sk->sk_type;
846 atomic_set(&addr->refcnt, 1);
852 * Get the parent directory, calculate the hash for last
855 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
856 err = PTR_ERR(dentry);
858 goto out_mknod_parent;
861 * All right, let's create it.
864 (SOCK_INODE(sock)->i_mode & ~current_umask());
865 err = mnt_want_write(path.mnt);
868 err = security_path_mknod(&path, dentry, mode, 0);
870 goto out_mknod_drop_write;
871 err = vfs_mknod(path.dentry->d_inode, dentry, mode, 0);
872 out_mknod_drop_write:
873 mnt_drop_write(path.mnt);
876 mutex_unlock(&path.dentry->d_inode->i_mutex);
878 path.dentry = dentry;
880 addr->hash = UNIX_HASH_SIZE;
883 spin_lock(&unix_table_lock);
887 if (__unix_find_socket_byname(net, sunaddr, addr_len,
888 sk->sk_type, hash)) {
889 unix_release_addr(addr);
893 list = &unix_socket_table[addr->hash];
895 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
896 u->dentry = path.dentry;
901 __unix_remove_socket(sk);
903 __unix_insert_socket(list, sk);
906 spin_unlock(&unix_table_lock);
908 mutex_unlock(&u->readlock);
914 mutex_unlock(&path.dentry->d_inode->i_mutex);
919 unix_release_addr(addr);
923 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
925 if (unlikely(sk1 == sk2) || !sk2) {
926 unix_state_lock(sk1);
930 unix_state_lock(sk1);
931 unix_state_lock_nested(sk2);
933 unix_state_lock(sk2);
934 unix_state_lock_nested(sk1);
938 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
940 if (unlikely(sk1 == sk2) || !sk2) {
941 unix_state_unlock(sk1);
944 unix_state_unlock(sk1);
945 unix_state_unlock(sk2);
948 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
951 struct sock *sk = sock->sk;
952 struct net *net = sock_net(sk);
953 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
958 if (addr->sa_family != AF_UNSPEC) {
959 err = unix_mkname(sunaddr, alen, &hash);
964 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
965 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
969 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
973 unix_state_double_lock(sk, other);
975 /* Apparently VFS overslept socket death. Retry. */
976 if (sock_flag(other, SOCK_DEAD)) {
977 unix_state_double_unlock(sk, other);
983 if (!unix_may_send(sk, other))
986 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
992 * 1003.1g breaking connected state with AF_UNSPEC
995 unix_state_double_lock(sk, other);
999 * If it was connected, reconnect.
1001 if (unix_peer(sk)) {
1002 struct sock *old_peer = unix_peer(sk);
1003 unix_peer(sk) = other;
1004 unix_state_double_unlock(sk, other);
1006 if (other != old_peer)
1007 unix_dgram_disconnected(sk, old_peer);
1010 unix_peer(sk) = other;
1011 unix_state_double_unlock(sk, other);
1016 unix_state_double_unlock(sk, other);
1022 static long unix_wait_for_peer(struct sock *other, long timeo)
1024 struct unix_sock *u = unix_sk(other);
1028 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1030 sched = !sock_flag(other, SOCK_DEAD) &&
1031 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1032 unix_recvq_full(other);
1034 unix_state_unlock(other);
1037 timeo = schedule_timeout(timeo);
1039 finish_wait(&u->peer_wait, &wait);
1043 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1044 int addr_len, int flags)
1046 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1047 struct sock *sk = sock->sk;
1048 struct net *net = sock_net(sk);
1049 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1050 struct sock *newsk = NULL;
1051 struct sock *other = NULL;
1052 struct sk_buff *skb = NULL;
1058 err = unix_mkname(sunaddr, addr_len, &hash);
1063 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1064 (err = unix_autobind(sock)) != 0)
1067 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1069 /* First of all allocate resources.
1070 If we will make it after state is locked,
1071 we will have to recheck all again in any case.
1076 /* create new sock for complete connection */
1077 newsk = unix_create1(sock_net(sk), NULL);
1081 /* Allocate skb for sending to listening sock */
1082 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1087 /* Find listening sock. */
1088 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1092 /* Latch state of peer */
1093 unix_state_lock(other);
1095 /* Apparently VFS overslept socket death. Retry. */
1096 if (sock_flag(other, SOCK_DEAD)) {
1097 unix_state_unlock(other);
1102 err = -ECONNREFUSED;
1103 if (other->sk_state != TCP_LISTEN)
1105 if (other->sk_shutdown & RCV_SHUTDOWN)
1108 if (unix_recvq_full(other)) {
1113 timeo = unix_wait_for_peer(other, timeo);
1115 err = sock_intr_errno(timeo);
1116 if (signal_pending(current))
1124 It is tricky place. We need to grab our state lock and cannot
1125 drop lock on peer. It is dangerous because deadlock is
1126 possible. Connect to self case and simultaneous
1127 attempt to connect are eliminated by checking socket
1128 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1129 check this before attempt to grab lock.
1131 Well, and we have to recheck the state after socket locked.
1137 /* This is ok... continue with connect */
1139 case TCP_ESTABLISHED:
1140 /* Socket is already connected */
1148 unix_state_lock_nested(sk);
1150 if (sk->sk_state != st) {
1151 unix_state_unlock(sk);
1152 unix_state_unlock(other);
1157 err = security_unix_stream_connect(sk, other, newsk);
1159 unix_state_unlock(sk);
1163 /* The way is open! Fastly set all the necessary fields... */
1166 unix_peer(newsk) = sk;
1167 newsk->sk_state = TCP_ESTABLISHED;
1168 newsk->sk_type = sk->sk_type;
1169 init_peercred(newsk);
1170 newu = unix_sk(newsk);
1171 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1172 otheru = unix_sk(other);
1174 /* copy address information from listening to new sock*/
1176 atomic_inc(&otheru->addr->refcnt);
1177 newu->addr = otheru->addr;
1179 if (otheru->dentry) {
1180 newu->dentry = dget(otheru->dentry);
1181 newu->mnt = mntget(otheru->mnt);
1184 /* Set credentials */
1185 copy_peercred(sk, other);
1187 sock->state = SS_CONNECTED;
1188 sk->sk_state = TCP_ESTABLISHED;
1191 smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1192 unix_peer(sk) = newsk;
1194 unix_state_unlock(sk);
1196 /* take ten and and send info to listening sock */
1197 spin_lock(&other->sk_receive_queue.lock);
1198 __skb_queue_tail(&other->sk_receive_queue, skb);
1199 spin_unlock(&other->sk_receive_queue.lock);
1200 unix_state_unlock(other);
1201 other->sk_data_ready(other, 0);
1207 unix_state_unlock(other);
1212 unix_release_sock(newsk, 0);
1218 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1220 struct sock *ska = socka->sk, *skb = sockb->sk;
1222 /* Join our sockets back to back */
1225 unix_peer(ska) = skb;
1226 unix_peer(skb) = ska;
1230 if (ska->sk_type != SOCK_DGRAM) {
1231 ska->sk_state = TCP_ESTABLISHED;
1232 skb->sk_state = TCP_ESTABLISHED;
1233 socka->state = SS_CONNECTED;
1234 sockb->state = SS_CONNECTED;
1239 static void unix_sock_inherit_flags(const struct socket *old,
1242 if (test_bit(SOCK_PASSCRED, &old->flags))
1243 set_bit(SOCK_PASSCRED, &new->flags);
1244 if (test_bit(SOCK_PASSSEC, &old->flags))
1245 set_bit(SOCK_PASSSEC, &new->flags);
1248 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1250 struct sock *sk = sock->sk;
1252 struct sk_buff *skb;
1256 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1260 if (sk->sk_state != TCP_LISTEN)
1263 /* If socket state is TCP_LISTEN it cannot change (for now...),
1264 * so that no locks are necessary.
1267 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1269 /* This means receive shutdown. */
1276 skb_free_datagram(sk, skb);
1277 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1279 /* attach accepted sock to socket */
1280 unix_state_lock(tsk);
1281 newsock->state = SS_CONNECTED;
1282 unix_sock_inherit_flags(sock, newsock);
1283 sock_graft(tsk, newsock);
1284 unix_state_unlock(tsk);
1292 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1294 struct sock *sk = sock->sk;
1295 struct unix_sock *u;
1296 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1300 sk = unix_peer_get(sk);
1311 unix_state_lock(sk);
1313 sunaddr->sun_family = AF_UNIX;
1314 sunaddr->sun_path[0] = 0;
1315 *uaddr_len = sizeof(short);
1317 struct unix_address *addr = u->addr;
1319 *uaddr_len = addr->len;
1320 memcpy(sunaddr, addr->name, *uaddr_len);
1322 unix_state_unlock(sk);
1328 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1332 scm->fp = UNIXCB(skb).fp;
1333 UNIXCB(skb).fp = NULL;
1335 for (i = scm->fp->count-1; i >= 0; i--)
1336 unix_notinflight(scm->fp->fp[i]);
1339 static void unix_destruct_scm(struct sk_buff *skb)
1341 struct scm_cookie scm;
1342 memset(&scm, 0, sizeof(scm));
1343 scm.pid = UNIXCB(skb).pid;
1344 scm.cred = UNIXCB(skb).cred;
1346 unix_detach_fds(&scm, skb);
1348 /* Alas, it calls VFS */
1349 /* So fscking what? fput() had been SMP-safe since the last Summer */
1354 #define MAX_RECURSION_LEVEL 4
1356 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1359 unsigned char max_level = 0;
1360 int unix_sock_count = 0;
1362 for (i = scm->fp->count - 1; i >= 0; i--) {
1363 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1367 max_level = max(max_level,
1368 unix_sk(sk)->recursion_level);
1371 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1372 return -ETOOMANYREFS;
1375 * Need to duplicate file references for the sake of garbage
1376 * collection. Otherwise a socket in the fps might become a
1377 * candidate for GC while the skb is not yet queued.
1379 UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1380 if (!UNIXCB(skb).fp)
1383 if (unix_sock_count) {
1384 for (i = scm->fp->count - 1; i >= 0; i--)
1385 unix_inflight(scm->fp->fp[i]);
1390 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1394 UNIXCB(skb).pid = get_pid(scm->pid);
1396 UNIXCB(skb).cred = get_cred(scm->cred);
1397 UNIXCB(skb).fp = NULL;
1398 if (scm->fp && send_fds)
1399 err = unix_attach_fds(scm, skb);
1401 skb->destructor = unix_destruct_scm;
1406 * Some apps rely on write() giving SCM_CREDENTIALS
1407 * We include credentials if source or destination socket
1408 * asserted SOCK_PASSCRED.
1410 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1411 const struct sock *other)
1413 if (UNIXCB(skb).cred)
1415 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1416 !other->sk_socket ||
1417 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1418 UNIXCB(skb).pid = get_pid(task_tgid(current));
1419 UNIXCB(skb).cred = get_current_cred();
1424 * Send AF_UNIX data.
1427 static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1428 struct msghdr *msg, size_t len)
1430 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1431 struct sock *sk = sock->sk;
1432 struct net *net = sock_net(sk);
1433 struct unix_sock *u = unix_sk(sk);
1434 struct sockaddr_un *sunaddr = msg->msg_name;
1435 struct sock *other = NULL;
1436 int namelen = 0; /* fake GCC */
1439 struct sk_buff *skb;
1441 struct scm_cookie tmp_scm;
1444 if (NULL == siocb->scm)
1445 siocb->scm = &tmp_scm;
1447 err = scm_send(sock, msg, siocb->scm, false);
1452 if (msg->msg_flags&MSG_OOB)
1455 if (msg->msg_namelen) {
1456 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1463 other = unix_peer_get(sk);
1468 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1469 && (err = unix_autobind(sock)) != 0)
1473 if (len > sk->sk_sndbuf - 32)
1476 skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
1480 err = unix_scm_to_skb(siocb->scm, skb, true);
1483 max_level = err + 1;
1484 unix_get_secdata(siocb->scm, skb);
1486 skb_reset_transport_header(skb);
1487 err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
1491 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1496 if (sunaddr == NULL)
1499 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1505 if (sk_filter(other, skb) < 0) {
1506 /* Toss the packet but do not return any error to the sender */
1511 unix_state_lock(other);
1513 if (!unix_may_send(sk, other))
1516 if (sock_flag(other, SOCK_DEAD)) {
1518 * Check with 1003.1g - what should
1521 unix_state_unlock(other);
1525 unix_state_lock(sk);
1526 if (unix_peer(sk) == other) {
1527 unix_peer(sk) = NULL;
1528 unix_state_unlock(sk);
1530 unix_dgram_disconnected(sk, other);
1532 err = -ECONNREFUSED;
1534 unix_state_unlock(sk);
1544 if (other->sk_shutdown & RCV_SHUTDOWN)
1547 if (sk->sk_type != SOCK_SEQPACKET) {
1548 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1553 if (unix_peer(other) != sk && unix_recvq_full(other)) {
1559 timeo = unix_wait_for_peer(other, timeo);
1561 err = sock_intr_errno(timeo);
1562 if (signal_pending(current))
1568 if (sock_flag(other, SOCK_RCVTSTAMP))
1569 __net_timestamp(skb);
1570 maybe_add_creds(skb, sock, other);
1571 skb_queue_tail(&other->sk_receive_queue, skb);
1572 if (max_level > unix_sk(other)->recursion_level)
1573 unix_sk(other)->recursion_level = max_level;
1574 unix_state_unlock(other);
1575 other->sk_data_ready(other, len);
1577 scm_destroy(siocb->scm);
1581 unix_state_unlock(other);
1587 scm_destroy(siocb->scm);
1592 static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1593 struct msghdr *msg, size_t len)
1595 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1596 struct sock *sk = sock->sk;
1597 struct sock *other = NULL;
1599 struct sk_buff *skb;
1601 struct scm_cookie tmp_scm;
1602 bool fds_sent = false;
1605 if (NULL == siocb->scm)
1606 siocb->scm = &tmp_scm;
1608 err = scm_send(sock, msg, siocb->scm, false);
1613 if (msg->msg_flags&MSG_OOB)
1616 if (msg->msg_namelen) {
1617 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1621 other = unix_peer(sk);
1626 if (sk->sk_shutdown & SEND_SHUTDOWN)
1629 while (sent < len) {
1631 * Optimisation for the fact that under 0.01% of X
1632 * messages typically need breaking up.
1637 /* Keep two messages in the pipe so it schedules better */
1638 if (size > ((sk->sk_sndbuf >> 1) - 64))
1639 size = (sk->sk_sndbuf >> 1) - 64;
1641 if (size > SKB_MAX_ALLOC)
1642 size = SKB_MAX_ALLOC;
1648 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1655 * If you pass two values to the sock_alloc_send_skb
1656 * it tries to grab the large buffer with GFP_NOFS
1657 * (which can fail easily), and if it fails grab the
1658 * fallback size buffer which is under a page and will
1661 size = min_t(int, size, skb_tailroom(skb));
1664 /* Only send the fds in the first buffer */
1665 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1670 max_level = err + 1;
1673 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1679 unix_state_lock(other);
1681 if (sock_flag(other, SOCK_DEAD) ||
1682 (other->sk_shutdown & RCV_SHUTDOWN))
1685 maybe_add_creds(skb, sock, other);
1686 skb_queue_tail(&other->sk_receive_queue, skb);
1687 if (max_level > unix_sk(other)->recursion_level)
1688 unix_sk(other)->recursion_level = max_level;
1689 unix_state_unlock(other);
1690 other->sk_data_ready(other, size);
1694 scm_destroy(siocb->scm);
1700 unix_state_unlock(other);
1703 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1704 send_sig(SIGPIPE, current, 0);
1707 scm_destroy(siocb->scm);
1709 return sent ? : err;
1712 static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1713 struct msghdr *msg, size_t len)
1716 struct sock *sk = sock->sk;
1718 err = sock_error(sk);
1722 if (sk->sk_state != TCP_ESTABLISHED)
1725 if (msg->msg_namelen)
1726 msg->msg_namelen = 0;
1728 return unix_dgram_sendmsg(kiocb, sock, msg, len);
1731 static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1732 struct msghdr *msg, size_t size,
1735 struct sock *sk = sock->sk;
1737 if (sk->sk_state != TCP_ESTABLISHED)
1740 return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1743 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1745 struct unix_sock *u = unix_sk(sk);
1747 msg->msg_namelen = 0;
1749 msg->msg_namelen = u->addr->len;
1750 memcpy(msg->msg_name, u->addr->name, u->addr->len);
1754 static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1755 struct msghdr *msg, size_t size,
1758 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1759 struct scm_cookie tmp_scm;
1760 struct sock *sk = sock->sk;
1761 struct unix_sock *u = unix_sk(sk);
1762 int noblock = flags & MSG_DONTWAIT;
1763 struct sk_buff *skb;
1770 msg->msg_namelen = 0;
1772 err = mutex_lock_interruptible(&u->readlock);
1774 err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1778 skb = skb_recv_datagram(sk, flags, noblock, &err);
1780 unix_state_lock(sk);
1781 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1782 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1783 (sk->sk_shutdown & RCV_SHUTDOWN))
1785 unix_state_unlock(sk);
1789 wake_up_interruptible_sync_poll(&u->peer_wait,
1790 POLLOUT | POLLWRNORM | POLLWRBAND);
1793 unix_copy_addr(msg, skb->sk);
1795 if (size > skb->len)
1797 else if (size < skb->len)
1798 msg->msg_flags |= MSG_TRUNC;
1800 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1804 if (sock_flag(sk, SOCK_RCVTSTAMP))
1805 __sock_recv_timestamp(msg, sk, skb);
1808 siocb->scm = &tmp_scm;
1809 memset(&tmp_scm, 0, sizeof(tmp_scm));
1811 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1812 unix_set_secdata(siocb->scm, skb);
1814 if (!(flags & MSG_PEEK)) {
1816 unix_detach_fds(siocb->scm, skb);
1818 /* It is questionable: on PEEK we could:
1819 - do not return fds - good, but too simple 8)
1820 - return fds, and do not return them on read (old strategy,
1822 - clone fds (I chose it for now, it is the most universal
1825 POSIX 1003.1g does not actually define this clearly
1826 at all. POSIX 1003.1g doesn't define a lot of things
1831 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1835 scm_recv(sock, msg, siocb->scm, flags);
1838 skb_free_datagram(sk, skb);
1840 mutex_unlock(&u->readlock);
1846 * Sleep until data has arrive. But check for races..
1849 static long unix_stream_data_wait(struct sock *sk, long timeo)
1853 unix_state_lock(sk);
1856 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1858 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1860 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1861 signal_pending(current) ||
1865 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1866 unix_state_unlock(sk);
1867 timeo = schedule_timeout(timeo);
1868 unix_state_lock(sk);
1869 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1872 finish_wait(sk_sleep(sk), &wait);
1873 unix_state_unlock(sk);
1879 static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1880 struct msghdr *msg, size_t size,
1883 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1884 struct scm_cookie tmp_scm;
1885 struct sock *sk = sock->sk;
1886 struct unix_sock *u = unix_sk(sk);
1887 struct sockaddr_un *sunaddr = msg->msg_name;
1889 int check_creds = 0;
1895 if (sk->sk_state != TCP_ESTABLISHED)
1902 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1903 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1905 msg->msg_namelen = 0;
1907 /* Lock the socket to prevent queue disordering
1908 * while sleeps in memcpy_tomsg
1912 siocb->scm = &tmp_scm;
1913 memset(&tmp_scm, 0, sizeof(tmp_scm));
1916 err = mutex_lock_interruptible(&u->readlock);
1918 err = sock_intr_errno(timeo);
1924 struct sk_buff *skb;
1926 unix_state_lock(sk);
1927 skb = skb_peek(&sk->sk_receive_queue);
1929 unix_sk(sk)->recursion_level = 0;
1930 if (copied >= target)
1934 * POSIX 1003.1g mandates this order.
1937 err = sock_error(sk);
1940 if (sk->sk_shutdown & RCV_SHUTDOWN)
1943 unix_state_unlock(sk);
1947 mutex_unlock(&u->readlock);
1949 timeo = unix_stream_data_wait(sk, timeo);
1951 if (signal_pending(current)
1952 || mutex_lock_interruptible(&u->readlock)) {
1953 err = sock_intr_errno(timeo);
1959 unix_state_unlock(sk);
1962 unix_state_unlock(sk);
1965 /* Never glue messages from different writers */
1966 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1967 (UNIXCB(skb).cred != siocb->scm->cred))
1969 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
1970 /* Copy credentials */
1971 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1975 /* Copy address just once */
1977 unix_copy_addr(msg, skb->sk);
1981 chunk = min_t(unsigned int, skb->len, size);
1982 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1990 /* Mark read part of skb as used */
1991 if (!(flags & MSG_PEEK)) {
1992 skb_pull(skb, chunk);
1995 unix_detach_fds(siocb->scm, skb);
2000 skb_unlink(skb, &sk->sk_receive_queue);
2006 /* It is questionable, see note in unix_dgram_recvmsg.
2009 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
2015 mutex_unlock(&u->readlock);
2016 scm_recv(sock, msg, siocb->scm, flags);
2018 return copied ? : err;
2021 static int unix_shutdown(struct socket *sock, int mode)
2023 struct sock *sk = sock->sk;
2026 mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
2031 unix_state_lock(sk);
2032 sk->sk_shutdown |= mode;
2033 other = unix_peer(sk);
2036 unix_state_unlock(sk);
2037 sk->sk_state_change(sk);
2040 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2044 if (mode&RCV_SHUTDOWN)
2045 peer_mode |= SEND_SHUTDOWN;
2046 if (mode&SEND_SHUTDOWN)
2047 peer_mode |= RCV_SHUTDOWN;
2048 unix_state_lock(other);
2049 other->sk_shutdown |= peer_mode;
2050 unix_state_unlock(other);
2051 other->sk_state_change(other);
2052 if (peer_mode == SHUTDOWN_MASK)
2053 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2054 else if (peer_mode & RCV_SHUTDOWN)
2055 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2063 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2065 struct sock *sk = sock->sk;
2071 amount = sk_wmem_alloc_get(sk);
2072 err = put_user(amount, (int __user *)arg);
2076 struct sk_buff *skb;
2078 if (sk->sk_state == TCP_LISTEN) {
2083 spin_lock(&sk->sk_receive_queue.lock);
2084 if (sk->sk_type == SOCK_STREAM ||
2085 sk->sk_type == SOCK_SEQPACKET) {
2086 skb_queue_walk(&sk->sk_receive_queue, skb)
2089 skb = skb_peek(&sk->sk_receive_queue);
2093 spin_unlock(&sk->sk_receive_queue.lock);
2094 err = put_user(amount, (int __user *)arg);
2105 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2107 struct sock *sk = sock->sk;
2110 sock_poll_wait(file, sk_sleep(sk), wait);
2113 /* exceptional events? */
2116 if (sk->sk_shutdown == SHUTDOWN_MASK)
2118 if (sk->sk_shutdown & RCV_SHUTDOWN)
2119 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2122 if (!skb_queue_empty(&sk->sk_receive_queue))
2123 mask |= POLLIN | POLLRDNORM;
2125 /* Connection-based need to check for termination and startup */
2126 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2127 sk->sk_state == TCP_CLOSE)
2131 * we set writable also when the other side has shut down the
2132 * connection. This prevents stuck sockets.
2134 if (unix_writable(sk))
2135 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2140 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2143 struct sock *sk = sock->sk, *other;
2144 unsigned int mask, writable;
2146 sock_poll_wait(file, sk_sleep(sk), wait);
2149 /* exceptional events? */
2150 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2152 if (sk->sk_shutdown & RCV_SHUTDOWN)
2153 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2154 if (sk->sk_shutdown == SHUTDOWN_MASK)
2158 if (!skb_queue_empty(&sk->sk_receive_queue))
2159 mask |= POLLIN | POLLRDNORM;
2161 /* Connection-based need to check for termination and startup */
2162 if (sk->sk_type == SOCK_SEQPACKET) {
2163 if (sk->sk_state == TCP_CLOSE)
2165 /* connection hasn't started yet? */
2166 if (sk->sk_state == TCP_SYN_SENT)
2170 /* No write status requested, avoid expensive OUT tests. */
2171 if (wait && !(wait->key & (POLLWRBAND | POLLWRNORM | POLLOUT)))
2174 writable = unix_writable(sk);
2175 other = unix_peer_get(sk);
2177 if (unix_peer(other) != sk) {
2178 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2179 if (unix_recvq_full(other))
2186 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2188 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2193 #ifdef CONFIG_PROC_FS
2194 static struct sock *first_unix_socket(int *i)
2196 for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
2197 if (!hlist_empty(&unix_socket_table[*i]))
2198 return __sk_head(&unix_socket_table[*i]);
2203 static struct sock *next_unix_socket(int *i, struct sock *s)
2205 struct sock *next = sk_next(s);
2206 /* More in this chain? */
2209 /* Look for next non-empty chain. */
2210 for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
2211 if (!hlist_empty(&unix_socket_table[*i]))
2212 return __sk_head(&unix_socket_table[*i]);
2217 struct unix_iter_state {
2218 struct seq_net_private p;
2222 static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos)
2224 struct unix_iter_state *iter = seq->private;
2228 for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
2229 if (sock_net(s) != seq_file_net(seq))
2238 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2239 __acquires(unix_table_lock)
2241 spin_lock(&unix_table_lock);
2242 return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2245 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2247 struct unix_iter_state *iter = seq->private;
2248 struct sock *sk = v;
2251 if (v == SEQ_START_TOKEN)
2252 sk = first_unix_socket(&iter->i);
2254 sk = next_unix_socket(&iter->i, sk);
2255 while (sk && (sock_net(sk) != seq_file_net(seq)))
2256 sk = next_unix_socket(&iter->i, sk);
2260 static void unix_seq_stop(struct seq_file *seq, void *v)
2261 __releases(unix_table_lock)
2263 spin_unlock(&unix_table_lock);
2266 static int unix_seq_show(struct seq_file *seq, void *v)
2269 if (v == SEQ_START_TOKEN)
2270 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2274 struct unix_sock *u = unix_sk(s);
2277 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2279 atomic_read(&s->sk_refcnt),
2281 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2284 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2285 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2293 len = u->addr->len - sizeof(short);
2294 if (!UNIX_ABSTRACT(s))
2300 for ( ; i < len; i++)
2301 seq_putc(seq, u->addr->name->sun_path[i]);
2303 unix_state_unlock(s);
2304 seq_putc(seq, '\n');
2310 static const struct seq_operations unix_seq_ops = {
2311 .start = unix_seq_start,
2312 .next = unix_seq_next,
2313 .stop = unix_seq_stop,
2314 .show = unix_seq_show,
2317 static int unix_seq_open(struct inode *inode, struct file *file)
2319 return seq_open_net(inode, file, &unix_seq_ops,
2320 sizeof(struct unix_iter_state));
2323 static const struct file_operations unix_seq_fops = {
2324 .owner = THIS_MODULE,
2325 .open = unix_seq_open,
2327 .llseek = seq_lseek,
2328 .release = seq_release_net,
2333 static const struct net_proto_family unix_family_ops = {
2335 .create = unix_create,
2336 .owner = THIS_MODULE,
2340 static int __net_init unix_net_init(struct net *net)
2342 int error = -ENOMEM;
2344 net->unx.sysctl_max_dgram_qlen = 10;
2345 if (unix_sysctl_register(net))
2348 #ifdef CONFIG_PROC_FS
2349 if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2350 unix_sysctl_unregister(net);
2359 static void __net_exit unix_net_exit(struct net *net)
2361 unix_sysctl_unregister(net);
2362 proc_net_remove(net, "unix");
2365 static struct pernet_operations unix_net_ops = {
2366 .init = unix_net_init,
2367 .exit = unix_net_exit,
2370 static int __init af_unix_init(void)
2373 struct sk_buff *dummy_skb;
2375 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2377 rc = proto_register(&unix_proto, 1);
2379 printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2384 sock_register(&unix_family_ops);
2385 register_pernet_subsys(&unix_net_ops);
2390 static void __exit af_unix_exit(void)
2392 sock_unregister(PF_UNIX);
2393 proto_unregister(&unix_proto);
2394 unregister_pernet_subsys(&unix_net_ops);
2397 /* Earlier than device_initcall() so that other drivers invoking
2398 request_module() don't end up in a loop when modprobe tries
2399 to use a UNIX socket. But later than subsys_initcall() because
2400 we depend on stuff initialised there */
2401 fs_initcall(af_unix_init);
2402 module_exit(af_unix_exit);
2404 MODULE_LICENSE("GPL");
2405 MODULE_ALIAS_NETPROTO(PF_UNIX);