2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #include <linux/module.h>
84 #include <linux/kernel.h>
85 #include <linux/signal.h>
86 #include <linux/sched.h>
87 #include <linux/errno.h>
88 #include <linux/string.h>
89 #include <linux/stat.h>
90 #include <linux/dcache.h>
91 #include <linux/namei.h>
92 #include <linux/socket.h>
94 #include <linux/fcntl.h>
95 #include <linux/termios.h>
96 #include <linux/sockios.h>
97 #include <linux/net.h>
100 #include <linux/slab.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <net/net_namespace.h>
105 #include <net/sock.h>
106 #include <net/tcp_states.h>
107 #include <net/af_unix.h>
108 #include <linux/proc_fs.h>
109 #include <linux/seq_file.h>
111 #include <linux/init.h>
112 #include <linux/poll.h>
113 #include <linux/rtnetlink.h>
114 #include <linux/mount.h>
115 #include <net/checksum.h>
116 #include <linux/security.h>
118 static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119 static DEFINE_SPINLOCK(unix_table_lock);
120 static atomic_long_t unix_nr_socks;
122 #define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
124 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
126 #ifdef CONFIG_SECURITY_NETWORK
127 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
129 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
132 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
134 scm->secid = *UNIXSID(skb);
137 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
140 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
142 #endif /* CONFIG_SECURITY_NETWORK */
145 * SMP locking strategy:
146 * hash table is protected with spinlock unix_table_lock
147 * each socket state is protected by separate spin lock.
150 static inline unsigned unix_hash_fold(__wsum n)
152 unsigned int hash = (__force unsigned int)csum_fold(n);
155 return hash&(UNIX_HASH_SIZE-1);
158 #define unix_peer(sk) (unix_sk(sk)->peer)
160 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
162 return unix_peer(osk) == sk;
165 static inline int unix_may_send(struct sock *sk, struct sock *osk)
167 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
170 static inline int unix_recvq_full(struct sock const *sk)
172 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
175 static struct sock *unix_peer_get(struct sock *s)
183 unix_state_unlock(s);
187 static inline void unix_release_addr(struct unix_address *addr)
189 if (atomic_dec_and_test(&addr->refcnt))
194 * Check unix socket name:
195 * - should be not zero length.
196 * - if started by not zero, should be NULL terminated (FS object)
197 * - if started by zero, it is abstract name.
200 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
202 if (len <= sizeof(short) || len > sizeof(*sunaddr))
204 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
206 if (sunaddr->sun_path[0]) {
208 * This may look like an off by one error but it is a bit more
209 * subtle. 108 is the longest valid AF_UNIX path for a binding.
210 * sun_path[108] doesn't as such exist. However in kernel space
211 * we are guaranteed that it is a valid memory location in our
212 * kernel address buffer.
214 ((char *)sunaddr)[len] = 0;
215 len = strlen(sunaddr->sun_path)+1+sizeof(short);
219 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
223 static void __unix_remove_socket(struct sock *sk)
225 sk_del_node_init(sk);
228 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
230 WARN_ON(!sk_unhashed(sk));
231 sk_add_node(sk, list);
234 static inline void unix_remove_socket(struct sock *sk)
236 spin_lock(&unix_table_lock);
237 __unix_remove_socket(sk);
238 spin_unlock(&unix_table_lock);
241 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
243 spin_lock(&unix_table_lock);
244 __unix_insert_socket(list, sk);
245 spin_unlock(&unix_table_lock);
248 static struct sock *__unix_find_socket_byname(struct net *net,
249 struct sockaddr_un *sunname,
250 int len, int type, unsigned hash)
253 struct hlist_node *node;
255 sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
256 struct unix_sock *u = unix_sk(s);
258 if (!net_eq(sock_net(s), net))
261 if (u->addr->len == len &&
262 !memcmp(u->addr->name, sunname, len))
270 static inline struct sock *unix_find_socket_byname(struct net *net,
271 struct sockaddr_un *sunname,
277 spin_lock(&unix_table_lock);
278 s = __unix_find_socket_byname(net, sunname, len, type, hash);
281 spin_unlock(&unix_table_lock);
285 static struct sock *unix_find_socket_byinode(struct inode *i)
288 struct hlist_node *node;
290 spin_lock(&unix_table_lock);
292 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
293 struct dentry *dentry = unix_sk(s)->dentry;
295 if (dentry && dentry->d_inode == i) {
302 spin_unlock(&unix_table_lock);
306 static inline int unix_writable(struct sock *sk)
308 return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
311 static void unix_write_space(struct sock *sk)
313 struct socket_wq *wq;
316 if (unix_writable(sk)) {
317 wq = rcu_dereference(sk->sk_wq);
318 if (wq_has_sleeper(wq))
319 wake_up_interruptible_sync_poll(&wq->wait,
320 POLLOUT | POLLWRNORM | POLLWRBAND);
321 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
326 /* When dgram socket disconnects (or changes its peer), we clear its receive
327 * queue of packets arrived from previous peer. First, it allows to do
328 * flow control based only on wmem_alloc; second, sk connected to peer
329 * may receive messages only from that peer. */
330 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
332 if (!skb_queue_empty(&sk->sk_receive_queue)) {
333 skb_queue_purge(&sk->sk_receive_queue);
334 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
336 /* If one link of bidirectional dgram pipe is disconnected,
337 * we signal error. Messages are lost. Do not make this,
338 * when peer was not connected to us.
340 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
341 other->sk_err = ECONNRESET;
342 other->sk_error_report(other);
347 static void unix_sock_destructor(struct sock *sk)
349 struct unix_sock *u = unix_sk(sk);
351 skb_queue_purge(&sk->sk_receive_queue);
353 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
354 WARN_ON(!sk_unhashed(sk));
355 WARN_ON(sk->sk_socket);
356 if (!sock_flag(sk, SOCK_DEAD)) {
357 printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
362 unix_release_addr(u->addr);
364 atomic_long_dec(&unix_nr_socks);
366 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
368 #ifdef UNIX_REFCNT_DEBUG
369 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
370 atomic_long_read(&unix_nr_socks));
374 static void unix_release_sock(struct sock *sk, int embrion)
376 struct unix_sock *u = unix_sk(sk);
377 struct dentry *dentry;
378 struct vfsmount *mnt;
383 unix_remove_socket(sk);
388 sk->sk_shutdown = SHUTDOWN_MASK;
393 state = sk->sk_state;
394 sk->sk_state = TCP_CLOSE;
395 unix_state_unlock(sk);
397 wake_up_interruptible_all(&u->peer_wait);
399 skpair = unix_peer(sk);
401 if (skpair != NULL) {
402 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
403 unix_state_lock(skpair);
405 skpair->sk_shutdown = SHUTDOWN_MASK;
406 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
407 skpair->sk_err = ECONNRESET;
408 unix_state_unlock(skpair);
409 skpair->sk_state_change(skpair);
410 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
412 sock_put(skpair); /* It may now die */
413 unix_peer(sk) = NULL;
416 /* Try to flush out this socket. Throw out buffers at least */
418 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
419 if (state == TCP_LISTEN)
420 unix_release_sock(skb->sk, 1);
421 /* passed fds are erased in the kfree_skb hook */
432 /* ---- Socket is dead now and most probably destroyed ---- */
435 * Fixme: BSD difference: In BSD all sockets connected to use get
436 * ECONNRESET and we die on the spot. In Linux we behave
437 * like files and pipes do and wait for the last
440 * Can't we simply set sock->err?
442 * What the above comment does talk about? --ANK(980817)
445 if (unix_tot_inflight)
446 unix_gc(); /* Garbage collect fds */
449 static void init_peercred(struct sock *sk)
451 put_pid(sk->sk_peer_pid);
452 if (sk->sk_peer_cred)
453 put_cred(sk->sk_peer_cred);
454 sk->sk_peer_pid = get_pid(task_tgid(current));
455 sk->sk_peer_cred = get_current_cred();
458 static void copy_peercred(struct sock *sk, struct sock *peersk)
460 put_pid(sk->sk_peer_pid);
461 if (sk->sk_peer_cred)
462 put_cred(sk->sk_peer_cred);
463 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
464 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
467 static int unix_listen(struct socket *sock, int backlog)
470 struct sock *sk = sock->sk;
471 struct unix_sock *u = unix_sk(sk);
472 struct pid *old_pid = NULL;
473 const struct cred *old_cred = NULL;
476 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
477 goto out; /* Only stream/seqpacket sockets accept */
480 goto out; /* No listens on an unbound socket */
482 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
484 if (backlog > sk->sk_max_ack_backlog)
485 wake_up_interruptible_all(&u->peer_wait);
486 sk->sk_max_ack_backlog = backlog;
487 sk->sk_state = TCP_LISTEN;
488 /* set credentials so connect can copy them */
493 unix_state_unlock(sk);
501 static int unix_release(struct socket *);
502 static int unix_bind(struct socket *, struct sockaddr *, int);
503 static int unix_stream_connect(struct socket *, struct sockaddr *,
504 int addr_len, int flags);
505 static int unix_socketpair(struct socket *, struct socket *);
506 static int unix_accept(struct socket *, struct socket *, int);
507 static int unix_getname(struct socket *, struct sockaddr *, int *, int);
508 static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
509 static unsigned int unix_dgram_poll(struct file *, struct socket *,
511 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
512 static int unix_shutdown(struct socket *, int);
513 static int unix_stream_sendmsg(struct kiocb *, struct socket *,
514 struct msghdr *, size_t);
515 static int unix_stream_recvmsg(struct kiocb *, struct socket *,
516 struct msghdr *, size_t, int);
517 static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
518 struct msghdr *, size_t);
519 static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
520 struct msghdr *, size_t, int);
521 static int unix_dgram_connect(struct socket *, struct sockaddr *,
523 static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
524 struct msghdr *, size_t);
525 static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
526 struct msghdr *, size_t, int);
528 static const struct proto_ops unix_stream_ops = {
530 .owner = THIS_MODULE,
531 .release = unix_release,
533 .connect = unix_stream_connect,
534 .socketpair = unix_socketpair,
535 .accept = unix_accept,
536 .getname = unix_getname,
539 .listen = unix_listen,
540 .shutdown = unix_shutdown,
541 .setsockopt = sock_no_setsockopt,
542 .getsockopt = sock_no_getsockopt,
543 .sendmsg = unix_stream_sendmsg,
544 .recvmsg = unix_stream_recvmsg,
545 .mmap = sock_no_mmap,
546 .sendpage = sock_no_sendpage,
549 static const struct proto_ops unix_dgram_ops = {
551 .owner = THIS_MODULE,
552 .release = unix_release,
554 .connect = unix_dgram_connect,
555 .socketpair = unix_socketpair,
556 .accept = sock_no_accept,
557 .getname = unix_getname,
558 .poll = unix_dgram_poll,
560 .listen = sock_no_listen,
561 .shutdown = unix_shutdown,
562 .setsockopt = sock_no_setsockopt,
563 .getsockopt = sock_no_getsockopt,
564 .sendmsg = unix_dgram_sendmsg,
565 .recvmsg = unix_dgram_recvmsg,
566 .mmap = sock_no_mmap,
567 .sendpage = sock_no_sendpage,
570 static const struct proto_ops unix_seqpacket_ops = {
572 .owner = THIS_MODULE,
573 .release = unix_release,
575 .connect = unix_stream_connect,
576 .socketpair = unix_socketpair,
577 .accept = unix_accept,
578 .getname = unix_getname,
579 .poll = unix_dgram_poll,
581 .listen = unix_listen,
582 .shutdown = unix_shutdown,
583 .setsockopt = sock_no_setsockopt,
584 .getsockopt = sock_no_getsockopt,
585 .sendmsg = unix_seqpacket_sendmsg,
586 .recvmsg = unix_seqpacket_recvmsg,
587 .mmap = sock_no_mmap,
588 .sendpage = sock_no_sendpage,
591 static struct proto unix_proto = {
593 .owner = THIS_MODULE,
594 .obj_size = sizeof(struct unix_sock),
598 * AF_UNIX sockets do not interact with hardware, hence they
599 * dont trigger interrupts - so it's safe for them to have
600 * bh-unsafe locking for their sk_receive_queue.lock. Split off
601 * this special lock-class by reinitializing the spinlock key:
603 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
605 static struct sock *unix_create1(struct net *net, struct socket *sock)
607 struct sock *sk = NULL;
610 atomic_long_inc(&unix_nr_socks);
611 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
614 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
618 sock_init_data(sock, sk);
619 lockdep_set_class(&sk->sk_receive_queue.lock,
620 &af_unix_sk_receive_queue_lock_key);
622 sk->sk_write_space = unix_write_space;
623 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
624 sk->sk_destruct = unix_sock_destructor;
628 spin_lock_init(&u->lock);
629 atomic_long_set(&u->inflight, 0);
630 INIT_LIST_HEAD(&u->link);
631 mutex_init(&u->readlock); /* single task reading lock */
632 init_waitqueue_head(&u->peer_wait);
633 unix_insert_socket(unix_sockets_unbound, sk);
636 atomic_long_dec(&unix_nr_socks);
639 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
645 static int unix_create(struct net *net, struct socket *sock, int protocol,
648 if (protocol && protocol != PF_UNIX)
649 return -EPROTONOSUPPORT;
651 sock->state = SS_UNCONNECTED;
653 switch (sock->type) {
655 sock->ops = &unix_stream_ops;
658 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
662 sock->type = SOCK_DGRAM;
664 sock->ops = &unix_dgram_ops;
667 sock->ops = &unix_seqpacket_ops;
670 return -ESOCKTNOSUPPORT;
673 return unix_create1(net, sock) ? 0 : -ENOMEM;
676 static int unix_release(struct socket *sock)
678 struct sock *sk = sock->sk;
683 unix_release_sock(sk, 0);
689 static int unix_autobind(struct socket *sock)
691 struct sock *sk = sock->sk;
692 struct net *net = sock_net(sk);
693 struct unix_sock *u = unix_sk(sk);
694 static u32 ordernum = 1;
695 struct unix_address *addr;
697 unsigned int retries = 0;
699 err = mutex_lock_interruptible(&u->readlock);
708 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
712 addr->name->sun_family = AF_UNIX;
713 atomic_set(&addr->refcnt, 1);
716 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
717 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
719 spin_lock(&unix_table_lock);
720 ordernum = (ordernum+1)&0xFFFFF;
722 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
724 spin_unlock(&unix_table_lock);
726 * __unix_find_socket_byname() may take long time if many names
727 * are already in use.
730 /* Give up if all names seems to be in use. */
731 if (retries++ == 0xFFFFF) {
738 addr->hash ^= sk->sk_type;
740 __unix_remove_socket(sk);
742 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
743 spin_unlock(&unix_table_lock);
746 out: mutex_unlock(&u->readlock);
750 static struct sock *unix_find_other(struct net *net,
751 struct sockaddr_un *sunname, int len,
752 int type, unsigned hash, int *error)
758 if (sunname->sun_path[0]) {
760 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
763 inode = path.dentry->d_inode;
764 err = inode_permission(inode, MAY_WRITE);
769 if (!S_ISSOCK(inode->i_mode))
771 u = unix_find_socket_byinode(inode);
775 if (u->sk_type == type)
776 touch_atime(path.mnt, path.dentry);
781 if (u->sk_type != type) {
787 u = unix_find_socket_byname(net, sunname, len, type, hash);
789 struct dentry *dentry;
790 dentry = unix_sk(u)->dentry;
792 touch_atime(unix_sk(u)->mnt, dentry);
806 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
808 struct sock *sk = sock->sk;
809 struct net *net = sock_net(sk);
810 struct unix_sock *u = unix_sk(sk);
811 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
812 char *sun_path = sunaddr->sun_path;
813 struct dentry *dentry = NULL;
817 struct unix_address *addr;
818 struct hlist_head *list;
821 if (sunaddr->sun_family != AF_UNIX)
824 if (addr_len == sizeof(short)) {
825 err = unix_autobind(sock);
829 err = unix_mkname(sunaddr, addr_len, &hash);
834 err = mutex_lock_interruptible(&u->readlock);
843 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
847 memcpy(addr->name, sunaddr, addr_len);
848 addr->len = addr_len;
849 addr->hash = hash ^ sk->sk_type;
850 atomic_set(&addr->refcnt, 1);
856 * Get the parent directory, calculate the hash for last
859 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
860 err = PTR_ERR(dentry);
862 goto out_mknod_parent;
865 * All right, let's create it.
868 (SOCK_INODE(sock)->i_mode & ~current_umask());
869 err = mnt_want_write(path.mnt);
872 err = security_path_mknod(&path, dentry, mode, 0);
874 goto out_mknod_drop_write;
875 err = vfs_mknod(path.dentry->d_inode, dentry, mode, 0);
876 out_mknod_drop_write:
877 mnt_drop_write(path.mnt);
880 mutex_unlock(&path.dentry->d_inode->i_mutex);
882 path.dentry = dentry;
884 addr->hash = UNIX_HASH_SIZE;
887 spin_lock(&unix_table_lock);
891 if (__unix_find_socket_byname(net, sunaddr, addr_len,
892 sk->sk_type, hash)) {
893 unix_release_addr(addr);
897 list = &unix_socket_table[addr->hash];
899 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
900 u->dentry = path.dentry;
905 __unix_remove_socket(sk);
907 __unix_insert_socket(list, sk);
910 spin_unlock(&unix_table_lock);
912 mutex_unlock(&u->readlock);
918 mutex_unlock(&path.dentry->d_inode->i_mutex);
923 unix_release_addr(addr);
927 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
929 if (unlikely(sk1 == sk2) || !sk2) {
930 unix_state_lock(sk1);
934 unix_state_lock(sk1);
935 unix_state_lock_nested(sk2);
937 unix_state_lock(sk2);
938 unix_state_lock_nested(sk1);
942 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
944 if (unlikely(sk1 == sk2) || !sk2) {
945 unix_state_unlock(sk1);
948 unix_state_unlock(sk1);
949 unix_state_unlock(sk2);
952 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
955 struct sock *sk = sock->sk;
956 struct net *net = sock_net(sk);
957 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
962 if (addr->sa_family != AF_UNSPEC) {
963 err = unix_mkname(sunaddr, alen, &hash);
968 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
969 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
973 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
977 unix_state_double_lock(sk, other);
979 /* Apparently VFS overslept socket death. Retry. */
980 if (sock_flag(other, SOCK_DEAD)) {
981 unix_state_double_unlock(sk, other);
987 if (!unix_may_send(sk, other))
990 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
996 * 1003.1g breaking connected state with AF_UNSPEC
999 unix_state_double_lock(sk, other);
1003 * If it was connected, reconnect.
1005 if (unix_peer(sk)) {
1006 struct sock *old_peer = unix_peer(sk);
1007 unix_peer(sk) = other;
1008 unix_state_double_unlock(sk, other);
1010 if (other != old_peer)
1011 unix_dgram_disconnected(sk, old_peer);
1014 unix_peer(sk) = other;
1015 unix_state_double_unlock(sk, other);
1020 unix_state_double_unlock(sk, other);
1026 static long unix_wait_for_peer(struct sock *other, long timeo)
1028 struct unix_sock *u = unix_sk(other);
1032 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1034 sched = !sock_flag(other, SOCK_DEAD) &&
1035 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1036 unix_recvq_full(other);
1038 unix_state_unlock(other);
1041 timeo = schedule_timeout(timeo);
1043 finish_wait(&u->peer_wait, &wait);
1047 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1048 int addr_len, int flags)
1050 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1051 struct sock *sk = sock->sk;
1052 struct net *net = sock_net(sk);
1053 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1054 struct sock *newsk = NULL;
1055 struct sock *other = NULL;
1056 struct sk_buff *skb = NULL;
1062 err = unix_mkname(sunaddr, addr_len, &hash);
1067 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1068 (err = unix_autobind(sock)) != 0)
1071 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1073 /* First of all allocate resources.
1074 If we will make it after state is locked,
1075 we will have to recheck all again in any case.
1080 /* create new sock for complete connection */
1081 newsk = unix_create1(sock_net(sk), NULL);
1085 /* Allocate skb for sending to listening sock */
1086 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1091 /* Find listening sock. */
1092 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1096 /* Latch state of peer */
1097 unix_state_lock(other);
1099 /* Apparently VFS overslept socket death. Retry. */
1100 if (sock_flag(other, SOCK_DEAD)) {
1101 unix_state_unlock(other);
1106 err = -ECONNREFUSED;
1107 if (other->sk_state != TCP_LISTEN)
1109 if (other->sk_shutdown & RCV_SHUTDOWN)
1112 if (unix_recvq_full(other)) {
1117 timeo = unix_wait_for_peer(other, timeo);
1119 err = sock_intr_errno(timeo);
1120 if (signal_pending(current))
1128 It is tricky place. We need to grab our state lock and cannot
1129 drop lock on peer. It is dangerous because deadlock is
1130 possible. Connect to self case and simultaneous
1131 attempt to connect are eliminated by checking socket
1132 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1133 check this before attempt to grab lock.
1135 Well, and we have to recheck the state after socket locked.
1141 /* This is ok... continue with connect */
1143 case TCP_ESTABLISHED:
1144 /* Socket is already connected */
1152 unix_state_lock_nested(sk);
1154 if (sk->sk_state != st) {
1155 unix_state_unlock(sk);
1156 unix_state_unlock(other);
1161 err = security_unix_stream_connect(sk, other, newsk);
1163 unix_state_unlock(sk);
1167 /* The way is open! Fastly set all the necessary fields... */
1170 unix_peer(newsk) = sk;
1171 newsk->sk_state = TCP_ESTABLISHED;
1172 newsk->sk_type = sk->sk_type;
1173 init_peercred(newsk);
1174 newu = unix_sk(newsk);
1175 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1176 otheru = unix_sk(other);
1178 /* copy address information from listening to new sock*/
1180 atomic_inc(&otheru->addr->refcnt);
1181 newu->addr = otheru->addr;
1183 if (otheru->dentry) {
1184 newu->dentry = dget(otheru->dentry);
1185 newu->mnt = mntget(otheru->mnt);
1188 /* Set credentials */
1189 copy_peercred(sk, other);
1191 sock->state = SS_CONNECTED;
1192 sk->sk_state = TCP_ESTABLISHED;
1195 smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1196 unix_peer(sk) = newsk;
1198 unix_state_unlock(sk);
1200 /* take ten and and send info to listening sock */
1201 spin_lock(&other->sk_receive_queue.lock);
1202 __skb_queue_tail(&other->sk_receive_queue, skb);
1203 spin_unlock(&other->sk_receive_queue.lock);
1204 unix_state_unlock(other);
1205 other->sk_data_ready(other, 0);
1211 unix_state_unlock(other);
1216 unix_release_sock(newsk, 0);
1222 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1224 struct sock *ska = socka->sk, *skb = sockb->sk;
1226 /* Join our sockets back to back */
1229 unix_peer(ska) = skb;
1230 unix_peer(skb) = ska;
1234 if (ska->sk_type != SOCK_DGRAM) {
1235 ska->sk_state = TCP_ESTABLISHED;
1236 skb->sk_state = TCP_ESTABLISHED;
1237 socka->state = SS_CONNECTED;
1238 sockb->state = SS_CONNECTED;
1243 static void unix_sock_inherit_flags(const struct socket *old,
1246 if (test_bit(SOCK_PASSCRED, &old->flags))
1247 set_bit(SOCK_PASSCRED, &new->flags);
1248 if (test_bit(SOCK_PASSSEC, &old->flags))
1249 set_bit(SOCK_PASSSEC, &new->flags);
1252 static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1254 struct sock *sk = sock->sk;
1256 struct sk_buff *skb;
1260 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1264 if (sk->sk_state != TCP_LISTEN)
1267 /* If socket state is TCP_LISTEN it cannot change (for now...),
1268 * so that no locks are necessary.
1271 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1273 /* This means receive shutdown. */
1280 skb_free_datagram(sk, skb);
1281 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1283 /* attach accepted sock to socket */
1284 unix_state_lock(tsk);
1285 newsock->state = SS_CONNECTED;
1286 unix_sock_inherit_flags(sock, newsock);
1287 sock_graft(tsk, newsock);
1288 unix_state_unlock(tsk);
1296 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1298 struct sock *sk = sock->sk;
1299 struct unix_sock *u;
1300 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1304 sk = unix_peer_get(sk);
1315 unix_state_lock(sk);
1317 sunaddr->sun_family = AF_UNIX;
1318 sunaddr->sun_path[0] = 0;
1319 *uaddr_len = sizeof(short);
1321 struct unix_address *addr = u->addr;
1323 *uaddr_len = addr->len;
1324 memcpy(sunaddr, addr->name, *uaddr_len);
1326 unix_state_unlock(sk);
1332 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1336 scm->fp = UNIXCB(skb).fp;
1337 UNIXCB(skb).fp = NULL;
1339 for (i = scm->fp->count-1; i >= 0; i--)
1340 unix_notinflight(scm->fp->fp[i]);
1343 static void unix_destruct_scm(struct sk_buff *skb)
1345 struct scm_cookie scm;
1346 memset(&scm, 0, sizeof(scm));
1347 scm.pid = UNIXCB(skb).pid;
1348 scm.cred = UNIXCB(skb).cred;
1350 unix_detach_fds(&scm, skb);
1352 /* Alas, it calls VFS */
1353 /* So fscking what? fput() had been SMP-safe since the last Summer */
1358 #define MAX_RECURSION_LEVEL 4
1360 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1363 unsigned char max_level = 0;
1364 int unix_sock_count = 0;
1366 for (i = scm->fp->count - 1; i >= 0; i--) {
1367 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1371 max_level = max(max_level,
1372 unix_sk(sk)->recursion_level);
1375 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1376 return -ETOOMANYREFS;
1379 * Need to duplicate file references for the sake of garbage
1380 * collection. Otherwise a socket in the fps might become a
1381 * candidate for GC while the skb is not yet queued.
1383 UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1384 if (!UNIXCB(skb).fp)
1387 if (unix_sock_count) {
1388 for (i = scm->fp->count - 1; i >= 0; i--)
1389 unix_inflight(scm->fp->fp[i]);
1394 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1398 UNIXCB(skb).pid = get_pid(scm->pid);
1400 UNIXCB(skb).cred = get_cred(scm->cred);
1401 UNIXCB(skb).fp = NULL;
1402 if (scm->fp && send_fds)
1403 err = unix_attach_fds(scm, skb);
1405 skb->destructor = unix_destruct_scm;
1410 * Some apps rely on write() giving SCM_CREDENTIALS
1411 * We include credentials if source or destination socket
1412 * asserted SOCK_PASSCRED.
1414 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1415 const struct sock *other)
1417 if (UNIXCB(skb).cred)
1419 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1420 !other->sk_socket ||
1421 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1422 UNIXCB(skb).pid = get_pid(task_tgid(current));
1423 UNIXCB(skb).cred = get_current_cred();
1428 * Send AF_UNIX data.
1431 static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1432 struct msghdr *msg, size_t len)
1434 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1435 struct sock *sk = sock->sk;
1436 struct net *net = sock_net(sk);
1437 struct unix_sock *u = unix_sk(sk);
1438 struct sockaddr_un *sunaddr = msg->msg_name;
1439 struct sock *other = NULL;
1440 int namelen = 0; /* fake GCC */
1443 struct sk_buff *skb;
1445 struct scm_cookie tmp_scm;
1448 if (NULL == siocb->scm)
1449 siocb->scm = &tmp_scm;
1451 err = scm_send(sock, msg, siocb->scm, false);
1456 if (msg->msg_flags&MSG_OOB)
1459 if (msg->msg_namelen) {
1460 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1467 other = unix_peer_get(sk);
1472 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1473 && (err = unix_autobind(sock)) != 0)
1477 if (len > sk->sk_sndbuf - 32)
1480 skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
1484 err = unix_scm_to_skb(siocb->scm, skb, true);
1487 max_level = err + 1;
1488 unix_get_secdata(siocb->scm, skb);
1490 skb_reset_transport_header(skb);
1491 err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
1495 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1500 if (sunaddr == NULL)
1503 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1509 if (sk_filter(other, skb) < 0) {
1510 /* Toss the packet but do not return any error to the sender */
1515 unix_state_lock(other);
1517 if (!unix_may_send(sk, other))
1520 if (sock_flag(other, SOCK_DEAD)) {
1522 * Check with 1003.1g - what should
1525 unix_state_unlock(other);
1529 unix_state_lock(sk);
1530 if (unix_peer(sk) == other) {
1531 unix_peer(sk) = NULL;
1532 unix_state_unlock(sk);
1534 unix_dgram_disconnected(sk, other);
1536 err = -ECONNREFUSED;
1538 unix_state_unlock(sk);
1548 if (other->sk_shutdown & RCV_SHUTDOWN)
1551 if (sk->sk_type != SOCK_SEQPACKET) {
1552 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1557 if (unix_peer(other) != sk && unix_recvq_full(other)) {
1563 timeo = unix_wait_for_peer(other, timeo);
1565 err = sock_intr_errno(timeo);
1566 if (signal_pending(current))
1572 if (sock_flag(other, SOCK_RCVTSTAMP))
1573 __net_timestamp(skb);
1574 maybe_add_creds(skb, sock, other);
1575 skb_queue_tail(&other->sk_receive_queue, skb);
1576 if (max_level > unix_sk(other)->recursion_level)
1577 unix_sk(other)->recursion_level = max_level;
1578 unix_state_unlock(other);
1579 other->sk_data_ready(other, len);
1581 scm_destroy(siocb->scm);
1585 unix_state_unlock(other);
1591 scm_destroy(siocb->scm);
1596 static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1597 struct msghdr *msg, size_t len)
1599 struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1600 struct sock *sk = sock->sk;
1601 struct sock *other = NULL;
1603 struct sk_buff *skb;
1605 struct scm_cookie tmp_scm;
1606 bool fds_sent = false;
1609 if (NULL == siocb->scm)
1610 siocb->scm = &tmp_scm;
1612 err = scm_send(sock, msg, siocb->scm, false);
1617 if (msg->msg_flags&MSG_OOB)
1620 if (msg->msg_namelen) {
1621 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1625 other = unix_peer(sk);
1630 if (sk->sk_shutdown & SEND_SHUTDOWN)
1633 while (sent < len) {
1635 * Optimisation for the fact that under 0.01% of X
1636 * messages typically need breaking up.
1641 /* Keep two messages in the pipe so it schedules better */
1642 if (size > ((sk->sk_sndbuf >> 1) - 64))
1643 size = (sk->sk_sndbuf >> 1) - 64;
1645 if (size > SKB_MAX_ALLOC)
1646 size = SKB_MAX_ALLOC;
1652 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1659 * If you pass two values to the sock_alloc_send_skb
1660 * it tries to grab the large buffer with GFP_NOFS
1661 * (which can fail easily), and if it fails grab the
1662 * fallback size buffer which is under a page and will
1665 size = min_t(int, size, skb_tailroom(skb));
1668 /* Only send the fds in the first buffer */
1669 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1674 max_level = err + 1;
1677 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1683 unix_state_lock(other);
1685 if (sock_flag(other, SOCK_DEAD) ||
1686 (other->sk_shutdown & RCV_SHUTDOWN))
1689 maybe_add_creds(skb, sock, other);
1690 skb_queue_tail(&other->sk_receive_queue, skb);
1691 if (max_level > unix_sk(other)->recursion_level)
1692 unix_sk(other)->recursion_level = max_level;
1693 unix_state_unlock(other);
1694 other->sk_data_ready(other, size);
1698 scm_destroy(siocb->scm);
1704 unix_state_unlock(other);
1707 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1708 send_sig(SIGPIPE, current, 0);
1711 scm_destroy(siocb->scm);
1713 return sent ? : err;
1716 static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1717 struct msghdr *msg, size_t len)
1720 struct sock *sk = sock->sk;
1722 err = sock_error(sk);
1726 if (sk->sk_state != TCP_ESTABLISHED)
1729 if (msg->msg_namelen)
1730 msg->msg_namelen = 0;
1732 return unix_dgram_sendmsg(kiocb, sock, msg, len);
1735 static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1736 struct msghdr *msg, size_t size,
1739 struct sock *sk = sock->sk;
1741 if (sk->sk_state != TCP_ESTABLISHED)
1744 return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1747 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1749 struct unix_sock *u = unix_sk(sk);
1752 msg->msg_namelen = u->addr->len;
1753 memcpy(msg->msg_name, u->addr->name, u->addr->len);
1757 static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1758 struct msghdr *msg, size_t size,
1761 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1762 struct scm_cookie tmp_scm;
1763 struct sock *sk = sock->sk;
1764 struct unix_sock *u = unix_sk(sk);
1765 int noblock = flags & MSG_DONTWAIT;
1766 struct sk_buff *skb;
1773 err = mutex_lock_interruptible(&u->readlock);
1774 if (unlikely(err)) {
1775 /* recvmsg() in non blocking mode is supposed to return -EAGAIN
1776 * sk_rcvtimeo is not honored by mutex_lock_interruptible()
1778 err = noblock ? -EAGAIN : -ERESTARTSYS;
1782 skb = skb_recv_datagram(sk, flags, noblock, &err);
1784 unix_state_lock(sk);
1785 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1786 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1787 (sk->sk_shutdown & RCV_SHUTDOWN))
1789 unix_state_unlock(sk);
1793 wake_up_interruptible_sync_poll(&u->peer_wait,
1794 POLLOUT | POLLWRNORM | POLLWRBAND);
1797 unix_copy_addr(msg, skb->sk);
1799 if (size > skb->len)
1801 else if (size < skb->len)
1802 msg->msg_flags |= MSG_TRUNC;
1804 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1808 if (sock_flag(sk, SOCK_RCVTSTAMP))
1809 __sock_recv_timestamp(msg, sk, skb);
1812 siocb->scm = &tmp_scm;
1813 memset(&tmp_scm, 0, sizeof(tmp_scm));
1815 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1816 unix_set_secdata(siocb->scm, skb);
1818 if (!(flags & MSG_PEEK)) {
1820 unix_detach_fds(siocb->scm, skb);
1822 /* It is questionable: on PEEK we could:
1823 - do not return fds - good, but too simple 8)
1824 - return fds, and do not return them on read (old strategy,
1826 - clone fds (I chose it for now, it is the most universal
1829 POSIX 1003.1g does not actually define this clearly
1830 at all. POSIX 1003.1g doesn't define a lot of things
1835 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1839 scm_recv(sock, msg, siocb->scm, flags);
1842 skb_free_datagram(sk, skb);
1844 mutex_unlock(&u->readlock);
1850 * Sleep until data has arrive. But check for races..
1853 static long unix_stream_data_wait(struct sock *sk, long timeo)
1857 unix_state_lock(sk);
1860 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1862 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1864 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1865 signal_pending(current) ||
1869 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1870 unix_state_unlock(sk);
1871 timeo = schedule_timeout(timeo);
1872 unix_state_lock(sk);
1874 if (sock_flag(sk, SOCK_DEAD))
1877 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1880 finish_wait(sk_sleep(sk), &wait);
1881 unix_state_unlock(sk);
1887 static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1888 struct msghdr *msg, size_t size,
1891 struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1892 struct scm_cookie tmp_scm;
1893 struct sock *sk = sock->sk;
1894 struct unix_sock *u = unix_sk(sk);
1895 struct sockaddr_un *sunaddr = msg->msg_name;
1897 int noblock = flags & MSG_DONTWAIT;
1898 int check_creds = 0;
1904 if (sk->sk_state != TCP_ESTABLISHED)
1911 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1912 timeo = sock_rcvtimeo(sk, noblock);
1914 /* Lock the socket to prevent queue disordering
1915 * while sleeps in memcpy_tomsg
1919 siocb->scm = &tmp_scm;
1920 memset(&tmp_scm, 0, sizeof(tmp_scm));
1923 err = mutex_lock_interruptible(&u->readlock);
1924 if (unlikely(err)) {
1925 /* recvmsg() in non blocking mode is supposed to return -EAGAIN
1926 * sk_rcvtimeo is not honored by mutex_lock_interruptible()
1928 err = noblock ? -EAGAIN : -ERESTARTSYS;
1934 struct sk_buff *skb;
1936 unix_state_lock(sk);
1937 if (sock_flag(sk, SOCK_DEAD)) {
1941 skb = skb_peek(&sk->sk_receive_queue);
1943 unix_sk(sk)->recursion_level = 0;
1944 if (copied >= target)
1948 * POSIX 1003.1g mandates this order.
1951 err = sock_error(sk);
1954 if (sk->sk_shutdown & RCV_SHUTDOWN)
1957 unix_state_unlock(sk);
1961 mutex_unlock(&u->readlock);
1963 timeo = unix_stream_data_wait(sk, timeo);
1965 if (signal_pending(current)
1966 || mutex_lock_interruptible(&u->readlock)) {
1967 err = sock_intr_errno(timeo);
1973 unix_state_unlock(sk);
1976 unix_state_unlock(sk);
1979 /* Never glue messages from different writers */
1980 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1981 (UNIXCB(skb).cred != siocb->scm->cred))
1983 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
1984 /* Copy credentials */
1985 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1989 /* Copy address just once */
1991 unix_copy_addr(msg, skb->sk);
1995 chunk = min_t(unsigned int, skb->len, size);
1996 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
2004 /* Mark read part of skb as used */
2005 if (!(flags & MSG_PEEK)) {
2006 skb_pull(skb, chunk);
2009 unix_detach_fds(siocb->scm, skb);
2014 skb_unlink(skb, &sk->sk_receive_queue);
2020 /* It is questionable, see note in unix_dgram_recvmsg.
2023 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
2029 mutex_unlock(&u->readlock);
2030 scm_recv(sock, msg, siocb->scm, flags);
2032 return copied ? : err;
2035 static int unix_shutdown(struct socket *sock, int mode)
2037 struct sock *sk = sock->sk;
2040 mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
2045 unix_state_lock(sk);
2046 sk->sk_shutdown |= mode;
2047 other = unix_peer(sk);
2050 unix_state_unlock(sk);
2051 sk->sk_state_change(sk);
2054 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2058 if (mode&RCV_SHUTDOWN)
2059 peer_mode |= SEND_SHUTDOWN;
2060 if (mode&SEND_SHUTDOWN)
2061 peer_mode |= RCV_SHUTDOWN;
2062 unix_state_lock(other);
2063 other->sk_shutdown |= peer_mode;
2064 unix_state_unlock(other);
2065 other->sk_state_change(other);
2066 if (peer_mode == SHUTDOWN_MASK)
2067 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2068 else if (peer_mode & RCV_SHUTDOWN)
2069 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2077 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2079 struct sock *sk = sock->sk;
2085 amount = sk_wmem_alloc_get(sk);
2086 err = put_user(amount, (int __user *)arg);
2090 struct sk_buff *skb;
2092 if (sk->sk_state == TCP_LISTEN) {
2097 spin_lock(&sk->sk_receive_queue.lock);
2098 if (sk->sk_type == SOCK_STREAM ||
2099 sk->sk_type == SOCK_SEQPACKET) {
2100 skb_queue_walk(&sk->sk_receive_queue, skb)
2103 skb = skb_peek(&sk->sk_receive_queue);
2107 spin_unlock(&sk->sk_receive_queue.lock);
2108 err = put_user(amount, (int __user *)arg);
2119 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2121 struct sock *sk = sock->sk;
2124 sock_poll_wait(file, sk_sleep(sk), wait);
2127 /* exceptional events? */
2130 if (sk->sk_shutdown == SHUTDOWN_MASK)
2132 if (sk->sk_shutdown & RCV_SHUTDOWN)
2133 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2136 if (!skb_queue_empty(&sk->sk_receive_queue))
2137 mask |= POLLIN | POLLRDNORM;
2139 /* Connection-based need to check for termination and startup */
2140 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2141 sk->sk_state == TCP_CLOSE)
2145 * we set writable also when the other side has shut down the
2146 * connection. This prevents stuck sockets.
2148 if (unix_writable(sk))
2149 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2154 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2157 struct sock *sk = sock->sk, *other;
2158 unsigned int mask, writable;
2160 sock_poll_wait(file, sk_sleep(sk), wait);
2163 /* exceptional events? */
2164 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2166 if (sk->sk_shutdown & RCV_SHUTDOWN)
2167 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2168 if (sk->sk_shutdown == SHUTDOWN_MASK)
2172 if (!skb_queue_empty(&sk->sk_receive_queue))
2173 mask |= POLLIN | POLLRDNORM;
2175 /* Connection-based need to check for termination and startup */
2176 if (sk->sk_type == SOCK_SEQPACKET) {
2177 if (sk->sk_state == TCP_CLOSE)
2179 /* connection hasn't started yet? */
2180 if (sk->sk_state == TCP_SYN_SENT)
2184 /* No write status requested, avoid expensive OUT tests. */
2185 if (wait && !(wait->key & (POLLWRBAND | POLLWRNORM | POLLOUT)))
2188 writable = unix_writable(sk);
2189 other = unix_peer_get(sk);
2191 if (unix_peer(other) != sk) {
2192 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2193 if (unix_recvq_full(other))
2200 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2202 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2207 #ifdef CONFIG_PROC_FS
2208 static struct sock *first_unix_socket(int *i)
2210 for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
2211 if (!hlist_empty(&unix_socket_table[*i]))
2212 return __sk_head(&unix_socket_table[*i]);
2217 static struct sock *next_unix_socket(int *i, struct sock *s)
2219 struct sock *next = sk_next(s);
2220 /* More in this chain? */
2223 /* Look for next non-empty chain. */
2224 for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
2225 if (!hlist_empty(&unix_socket_table[*i]))
2226 return __sk_head(&unix_socket_table[*i]);
2231 struct unix_iter_state {
2232 struct seq_net_private p;
2236 static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos)
2238 struct unix_iter_state *iter = seq->private;
2242 for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
2243 if (sock_net(s) != seq_file_net(seq))
2252 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2253 __acquires(unix_table_lock)
2255 spin_lock(&unix_table_lock);
2256 return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2259 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2261 struct unix_iter_state *iter = seq->private;
2262 struct sock *sk = v;
2265 if (v == SEQ_START_TOKEN)
2266 sk = first_unix_socket(&iter->i);
2268 sk = next_unix_socket(&iter->i, sk);
2269 while (sk && (sock_net(sk) != seq_file_net(seq)))
2270 sk = next_unix_socket(&iter->i, sk);
2274 static void unix_seq_stop(struct seq_file *seq, void *v)
2275 __releases(unix_table_lock)
2277 spin_unlock(&unix_table_lock);
2280 static int unix_seq_show(struct seq_file *seq, void *v)
2283 if (v == SEQ_START_TOKEN)
2284 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2288 struct unix_sock *u = unix_sk(s);
2291 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2293 atomic_read(&s->sk_refcnt),
2295 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2298 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2299 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2307 len = u->addr->len - sizeof(short);
2308 if (!UNIX_ABSTRACT(s))
2314 for ( ; i < len; i++)
2315 seq_putc(seq, u->addr->name->sun_path[i]);
2317 unix_state_unlock(s);
2318 seq_putc(seq, '\n');
2324 static const struct seq_operations unix_seq_ops = {
2325 .start = unix_seq_start,
2326 .next = unix_seq_next,
2327 .stop = unix_seq_stop,
2328 .show = unix_seq_show,
2331 static int unix_seq_open(struct inode *inode, struct file *file)
2333 return seq_open_net(inode, file, &unix_seq_ops,
2334 sizeof(struct unix_iter_state));
2337 static const struct file_operations unix_seq_fops = {
2338 .owner = THIS_MODULE,
2339 .open = unix_seq_open,
2341 .llseek = seq_lseek,
2342 .release = seq_release_net,
2347 static const struct net_proto_family unix_family_ops = {
2349 .create = unix_create,
2350 .owner = THIS_MODULE,
2354 static int __net_init unix_net_init(struct net *net)
2356 int error = -ENOMEM;
2358 net->unx.sysctl_max_dgram_qlen = 10;
2359 if (unix_sysctl_register(net))
2362 #ifdef CONFIG_PROC_FS
2363 if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2364 unix_sysctl_unregister(net);
2373 static void __net_exit unix_net_exit(struct net *net)
2375 unix_sysctl_unregister(net);
2376 proc_net_remove(net, "unix");
2379 static struct pernet_operations unix_net_ops = {
2380 .init = unix_net_init,
2381 .exit = unix_net_exit,
2384 static int __init af_unix_init(void)
2387 struct sk_buff *dummy_skb;
2389 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2391 rc = proto_register(&unix_proto, 1);
2393 printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2398 sock_register(&unix_family_ops);
2399 register_pernet_subsys(&unix_net_ops);
2404 static void __exit af_unix_exit(void)
2406 sock_unregister(PF_UNIX);
2407 proto_unregister(&unix_proto);
2408 unregister_pernet_subsys(&unix_net_ops);
2411 /* Earlier than device_initcall() so that other drivers invoking
2412 request_module() don't end up in a loop when modprobe tries
2413 to use a UNIX socket. But later than subsys_initcall() because
2414 we depend on stuff initialised there */
2415 fs_initcall(af_unix_init);
2416 module_exit(af_unix_exit);
2418 MODULE_LICENSE("GPL");
2419 MODULE_ALIAS_NETPROTO(PF_UNIX);
git.openpandora.org / pandora-kernel.git / blob