linux/net/unix/af_unix.c
<<
>>
Prefs 
   1/*
   2 * NET4:        Implementation of BSD Unix domain sockets.
   3 *
   4 * Authors:     Alan Cox, <alan@lxorguk.ukuu.org.uk>
   5 *
   6 *              This program is free software; you can redistribute it and/or
   7 *              modify it under the terms of the GNU General Public License
   8 *              as published by the Free Software Foundation; either version
   9 *              2 of the License, or (at your option) any later version.
  10 *
  11 * Fixes:
  12 *              Linus Torvalds  :       Assorted bug cures.
  13 *              Niibe Yutaka    :       async I/O support.
  14 *              Carsten Paeth   :       PF_UNIX check, address fixes.
  15 *              Alan Cox        :       Limit size of allocated blocks.
  16 *              Alan Cox        :       Fixed the stupid socketpair bug.
  17 *              Alan Cox        :       BSD compatibility fine tuning.
  18 *              Alan Cox        :       Fixed a bug in connect when interrupted.
  19 *              Alan Cox        :       Sorted out a proper draft version of
  20 *                                      file descriptor passing hacked up from
  21 *                                      Mike Shaver's work.
  22 *              Marty Leisner   :       Fixes to fd passing
  23 *              Nick Nevin      :       recvmsg bugfix.
  24 *              Alan Cox        :       Started proper garbage collector
  25 *              Heiko EiBfeldt  :       Missing verify_area check
  26 *              Alan Cox        :       Started POSIXisms
  27 *              Andreas Schwab  :       Replace inode by dentry for proper
  28 *                                      reference counting
  29 *              Kirk Petersen   :       Made this a module
  30 *          Christoph Rohland   :       Elegant non-blocking accept/connect algorithm.
  31 *                                      Lots of bug fixes.
  32 *           Alexey Kuznetosv   :       Repaired (I hope) bugs introduces
  33 *                                      by above two patches.
  34 *           Andrea Arcangeli   :       If possible we block in connect(2)
  35 *                                      if the max backlog of the listen socket
  36 *                                      is been reached. This won't break
  37 *                                      old apps and it will avoid huge amount
  38 *                                      of socks hashed (this for unix_gc()
  39 *                                      performances reasons).
  40 *                                      Security fix that limits the max
  41 *                                      number of socks to 2*max_files and
  42 *                                      the number of skb queueable in the
  43 *                                      dgram receiver.
  44 *              Artur Skawina   :       Hash function optimizations
  45 *           Alexey Kuznetsov   :       Full scale SMP. Lot of bugs are introduced 8)
  46 *            Malcolm Beattie   :       Set peercred for socketpair
  47 *           Michal Ostrowski   :       Module initialization cleanup.
  48 *           Arnaldo C. Melo    :       Remove MOD_{INC,DEC}_USE_COUNT,
  49 *                                      the core infrastructure is doing that
  50 *                                      for all net proto families now (2.5.69+)
  51 *
  52 *
  53 * Known differences from reference BSD that was tested:
  54 *
  55 *      [TO FIX]
  56 *      ECONNREFUSED is not returned from one end of a connected() socket to the
  57 *              other the moment one end closes.
  58 *      fstat() doesn't return st_dev=0, and give the blksize as high water mark
  59 *              and a fake inode identifier (nor the BSD first socket fstat twice bug).
  60 *      [NOT TO FIX]
  61 *      accept() returns a path name even if the connecting socket has closed
  62 *              in the meantime (BSD loses the path and gives up).
  63 *      accept() returns 0 length path for an unbound connector. BSD returns 16
  64 *              and a null first byte in the path (but not for gethost/peername - BSD bug ??)
  65 *      socketpair(...SOCK_RAW..) doesn't panic the kernel.
  66 *      BSD af_unix apparently has connect forgetting to block properly.
  67 *              (need to check this with the POSIX spec in detail)
  68 *
  69 * Differences from 2.0.0-11-... (ANK)
  70 *      Bug fixes and improvements.
  71 *              - client shutdown killed server socket.
  72 *              - removed all useless cli/sti pairs.
  73 *
  74 *      Semantic changes/extensions.
  75 *              - generic control message passing.
  76 *              - SCM_CREDENTIALS control message.
  77 *              - "Abstract" (not FS based) socket bindings.
  78 *                Abstract names are sequences of bytes (not zero terminated)
  79 *                started by 0, so that this name space does not intersect
  80 *                with BSD names.
  81 */
  82
  83#include <linux/module.h>
  84#include <linux/kernel.h>
  85#include <linux/signal.h>
  86#include <linux/sched.h>
  87#include <linux/errno.h>
  88#include <linux/string.h>
  89#include <linux/stat.h>
  90#include <linux/dcache.h>
  91#include <linux/namei.h>
  92#include <linux/socket.h>
  93#include <linux/un.h>
  94#include <linux/fcntl.h>
  95#include <linux/termios.h>
  96#include <linux/sockios.h>
  97#include <linux/net.h>
  98#include <linux/in.h>
  99#include <linux/fs.h>
 100#include <linux/slab.h>
 101#include <asm/uaccess.h>
 102#include <linux/skbuff.h>
 103#include <linux/netdevice.h>
 104#include <net/net_namespace.h>
 105#include <net/sock.h>
 106#include <net/tcp_states.h>
 107#include <net/af_unix.h>
 108#include <linux/proc_fs.h>
 109#include <linux/seq_file.h>
 110#include <net/scm.h>
 111#include <linux/init.h>
 112#include <linux/poll.h>
 113#include <linux/rtnetlink.h>
 114#include <linux/mount.h>
 115#include <net/checksum.h>
 116#include <linux/security.h>
 117
 118static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
 119static DEFINE_SPINLOCK(unix_table_lock);
 120static atomic_long_t unix_nr_socks;
 121
 122#define unix_sockets_unbound    (&unix_socket_table[UNIX_HASH_SIZE])
 123
 124#define UNIX_ABSTRACT(sk)       (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
 125
 126#ifdef CONFIG_SECURITY_NETWORK
 127static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
 128{
 129        memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
 130}
 131
 132static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
 133{
 134        scm->secid = *UNIXSID(skb);
 135}
 136#else
 137static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
 138{ }
 139
 140static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
 141{ }
 142#endif /* CONFIG_SECURITY_NETWORK */
 143
 144/*
 145 *  SMP locking strategy:
 146 *    hash table is protected with spinlock unix_table_lock
 147 *    each socket state is protected by separate spin lock.
 148 */
 149
 150static inline unsigned unix_hash_fold(__wsum n)
 151{
 152        unsigned hash = (__force unsigned)n;
 153        hash ^= hash>>16;
 154        hash ^= hash>>8;
 155        return hash&(UNIX_HASH_SIZE-1);
 156}
 157
 158#define unix_peer(sk) (unix_sk(sk)->peer)
 159
 160static inline int unix_our_peer(struct sock *sk, struct sock *osk)
 161{
 162        return unix_peer(osk) == sk;
 163}
 164
 165static inline int unix_may_send(struct sock *sk, struct sock *osk)
 166{
 167        return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
 168}
 169
 170static inline int unix_recvq_full(struct sock const *sk)
 171{
 172        return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
 173}
 174
 175static struct sock *unix_peer_get(struct sock *s)
 176{
 177        struct sock *peer;
 178
 179        unix_state_lock(s);
 180        peer = unix_peer(s);
 181        if (peer)
 182                sock_hold(peer);
 183        unix_state_unlock(s);
 184        return peer;
 185}
 186
 187static inline void unix_release_addr(struct unix_address *addr)
 188{
 189        if (atomic_dec_and_test(&addr->refcnt))
 190                kfree(addr);
 191}
 192
 193/*
 194 *      Check unix socket name:
 195 *              - should be not zero length.
 196 *              - if started by not zero, should be NULL terminated (FS object)
 197 *              - if started by zero, it is abstract name.
 198 */
 199
 200static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
 201{
 202        if (len <= sizeof(short) || len > sizeof(*sunaddr))
 203                return -EINVAL;
 204        if (!sunaddr || sunaddr->sun_family != AF_UNIX)
 205                return -EINVAL;
 206        if (sunaddr->sun_path[0]) {
 207                /*
 208                 * This may look like an off by one error but it is a bit more
 209                 * subtle. 108 is the longest valid AF_UNIX path for a binding.
 210                 * sun_path[108] doesnt as such exist.  However in kernel space
 211                 * we are guaranteed that it is a valid memory location in our
 212                 * kernel address buffer.
 213                 */
 214                ((char *)sunaddr)[len] = 0;
 215                len = strlen(sunaddr->sun_path)+1+sizeof(short);
 216                return len;
 217        }
 218
 219        *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
 220        return len;
 221}
 222
 223static void __unix_remove_socket(struct sock *sk)
 224{
 225        sk_del_node_init(sk);
 226}
 227
 228static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
 229{
 230        WARN_ON(!sk_unhashed(sk));
 231        sk_add_node(sk, list);
 232}
 233
 234static inline void unix_remove_socket(struct sock *sk)
 235{
 236        spin_lock(&unix_table_lock);
 237        __unix_remove_socket(sk);
 238        spin_unlock(&unix_table_lock);
 239}
 240
 241static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
 242{
 243        spin_lock(&unix_table_lock);
 244        __unix_insert_socket(list, sk);
 245        spin_unlock(&unix_table_lock);
 246}
 247
 248static struct sock *__unix_find_socket_byname(struct net *net,
 249                                              struct sockaddr_un *sunname,
 250                                              int len, int type, unsigned hash)
 251{
 252        struct sock *s;
 253        struct hlist_node *node;
 254
 255        sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
 256                struct unix_sock *u = unix_sk(s);
 257
 258                if (!net_eq(sock_net(s), net))
 259                        continue;
 260
 261                if (u->addr->len == len &&
 262                    !memcmp(u->addr->name, sunname, len))
 263                        goto found;
 264        }
 265        s = NULL;
 266found:
 267        return s;
 268}
 269
 270static inline struct sock *unix_find_socket_byname(struct net *net,
 271                                                   struct sockaddr_un *sunname,
 272                                                   int len, int type,
 273                                                   unsigned hash)
 274{
 275        struct sock *s;
 276
 277        spin_lock(&unix_table_lock);
 278        s = __unix_find_socket_byname(net, sunname, len, type, hash);
 279        if (s)
 280                sock_hold(s);
 281        spin_unlock(&unix_table_lock);
 282        return s;
 283}
 284
 285static struct sock *unix_find_socket_byinode(struct inode *i)
 286{
 287        struct sock *s;
 288        struct hlist_node *node;
 289
 290        spin_lock(&unix_table_lock);
 291        sk_for_each(s, node,
 292                    &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
 293                struct dentry *dentry = unix_sk(s)->dentry;
 294
 295                if (dentry && dentry->d_inode == i) {
 296                        sock_hold(s);
 297                        goto found;
 298                }
 299        }
 300        s = NULL;
 301found:
 302        spin_unlock(&unix_table_lock);
 303        return s;
 304}
 305
 306static inline int unix_writable(struct sock *sk)
 307{
 308        return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
 309}
 310
 311static void unix_write_space(struct sock *sk)
 312{
 313        struct socket_wq *wq;
 314
 315        rcu_read_lock();
 316        if (unix_writable(sk)) {
 317                wq = rcu_dereference(sk->sk_wq);
 318                if (wq_has_sleeper(wq))
 319                        wake_up_interruptible_sync_poll(&wq->wait,
 320                                POLLOUT | POLLWRNORM | POLLWRBAND);
 321                sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
 322        }
 323        rcu_read_unlock();
 324}
 325
 326/* When dgram socket disconnects (or changes its peer), we clear its receive
 327 * queue of packets arrived from previous peer. First, it allows to do
 328 * flow control based only on wmem_alloc; second, sk connected to peer
 329 * may receive messages only from that peer. */
 330static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
 331{
 332        if (!skb_queue_empty(&sk->sk_receive_queue)) {
 333                skb_queue_purge(&sk->sk_receive_queue);
 334                wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
 335
 336                /* If one link of bidirectional dgram pipe is disconnected,
 337                 * we signal error. Messages are lost. Do not make this,
 338                 * when peer was not connected to us.
 339                 */
 340                if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
 341                        other->sk_err = ECONNRESET;
 342                        other->sk_error_report(other);
 343                }
 344        }
 345}
 346
 347static void unix_sock_destructor(struct sock *sk)
 348{
 349        struct unix_sock *u = unix_sk(sk);
 350
 351        skb_queue_purge(&sk->sk_receive_queue);
 352
 353        WARN_ON(atomic_read(&sk->sk_wmem_alloc));
 354        WARN_ON(!sk_unhashed(sk));
 355        WARN_ON(sk->sk_socket);
 356        if (!sock_flag(sk, SOCK_DEAD)) {
 357                printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
 358                return;
 359        }
 360
 361        if (u->addr)
 362                unix_release_addr(u->addr);
 363
 364        atomic_long_dec(&unix_nr_socks);
 365        local_bh_disable();
 366        sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
 367        local_bh_enable();
 368#ifdef UNIX_REFCNT_DEBUG
 369        printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
 370                atomic_long_read(&unix_nr_socks));
 371#endif
 372}
 373
 374static int unix_release_sock(struct sock *sk, int embrion)
 375{
 376        struct unix_sock *u = unix_sk(sk);
 377        struct dentry *dentry;
 378        struct vfsmount *mnt;
 379        struct sock *skpair;
 380        struct sk_buff *skb;
 381        int state;
 382
 383        unix_remove_socket(sk);
 384
 385        /* Clear state */
 386        unix_state_lock(sk);
 387        sock_orphan(sk);
 388        sk->sk_shutdown = SHUTDOWN_MASK;
 389        dentry       = u->dentry;
 390        u->dentry    = NULL;
 391        mnt          = u->mnt;
 392        u->mnt       = NULL;
 393        state = sk->sk_state;
 394        sk->sk_state = TCP_CLOSE;
 395        unix_state_unlock(sk);
 396
 397        wake_up_interruptible_all(&u->peer_wait);
 398
 399        skpair = unix_peer(sk);
 400
 401        if (skpair != NULL) {
 402                if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
 403                        unix_state_lock(skpair);
 404                        /* No more writes */
 405                        skpair->sk_shutdown = SHUTDOWN_MASK;
 406                        if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
 407                                skpair->sk_err = ECONNRESET;
 408                        unix_state_unlock(skpair);
 409                        skpair->sk_state_change(skpair);
 410                        sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
 411                }
 412                sock_put(skpair); /* It may now die */
 413                unix_peer(sk) = NULL;
 414        }
 415
 416        /* Try to flush out this socket. Throw out buffers at least */
 417
 418        while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
 419                if (state == TCP_LISTEN)
 420                        unix_release_sock(skb->sk, 1);
 421                /* passed fds are erased in the kfree_skb hook        */
 422                kfree_skb(skb);
 423        }
 424
 425        if (dentry) {
 426                dput(dentry);
 427                mntput(mnt);
 428        }
 429
 430        sock_put(sk);
 431
 432        /* ---- Socket is dead now and most probably destroyed ---- */
 433
 434        /*
 435         * Fixme: BSD difference: In BSD all sockets connected to use get
 436         *        ECONNRESET and we die on the spot. In Linux we behave
 437         *        like files and pipes do and wait for the last
 438         *        dereference.
 439         *
 440         * Can't we simply set sock->err?
 441         *
 442         *        What the above comment does talk about? --ANK(980817)
 443         */
 444
 445        if (unix_tot_inflight)
 446                unix_gc();              /* Garbage collect fds */
 447
 448        return 0;
 449}
 450
 451static void init_peercred(struct sock *sk)
 452{
 453        put_pid(sk->sk_peer_pid);
 454        if (sk->sk_peer_cred)
 455                put_cred(sk->sk_peer_cred);
 456        sk->sk_peer_pid  = get_pid(task_tgid(current));
 457        sk->sk_peer_cred = get_current_cred();
 458}
 459
 460static void copy_peercred(struct sock *sk, struct sock *peersk)
 461{
 462        put_pid(sk->sk_peer_pid);
 463        if (sk->sk_peer_cred)
 464                put_cred(sk->sk_peer_cred);
 465        sk->sk_peer_pid  = get_pid(peersk->sk_peer_pid);
 466        sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
 467}
 468
 469static int unix_listen(struct socket *sock, int backlog)
 470{
 471        int err;
 472        struct sock *sk = sock->sk;
 473        struct unix_sock *u = unix_sk(sk);
 474        struct pid *old_pid = NULL;
 475        const struct cred *old_cred = NULL;
 476
 477        err = -EOPNOTSUPP;
 478        if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
 479                goto out;       /* Only stream/seqpacket sockets accept */
 480        err = -EINVAL;
 481        if (!u->addr)
 482                goto out;       /* No listens on an unbound socket */
 483        unix_state_lock(sk);
 484        if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
 485                goto out_unlock;
 486        if (backlog > sk->sk_max_ack_backlog)
 487                wake_up_interruptible_all(&u->peer_wait);
 488        sk->sk_max_ack_backlog  = backlog;
 489        sk->sk_state            = TCP_LISTEN;
 490        /* set credentials so connect can copy them */
 491        init_peercred(sk);
 492        err = 0;
 493
 494out_unlock:
 495        unix_state_unlock(sk);
 496        put_pid(old_pid);
 497        if (old_cred)
 498                put_cred(old_cred);
 499out:
 500        return err;
 501}
 502
 503static int unix_release(struct socket *);
 504static int unix_bind(struct socket *, struct sockaddr *, int);
 505static int unix_stream_connect(struct socket *, struct sockaddr *,
 506                               int addr_len, int flags);
 507static int unix_socketpair(struct socket *, struct socket *);
 508static int unix_accept(struct socket *, struct socket *, int);
 509static int unix_getname(struct socket *, struct sockaddr *, int *, int);
 510static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
 511static unsigned int unix_dgram_poll(struct file *, struct socket *,
 512                                    poll_table *);
 513static int unix_ioctl(struct socket *, unsigned int, unsigned long);
 514static int unix_shutdown(struct socket *, int);
 515static int unix_stream_sendmsg(struct kiocb *, struct socket *,
 516                               struct msghdr *, size_t);
 517static int unix_stream_recvmsg(struct kiocb *, struct socket *,
 518                               struct msghdr *, size_t, int);
 519static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
 520                              struct msghdr *, size_t);
 521static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
 522                              struct msghdr *, size_t, int);
 523static int unix_dgram_connect(struct socket *, struct sockaddr *,
 524                              int, int);
 525static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
 526                                  struct msghdr *, size_t);
 527
 528static const struct proto_ops unix_stream_ops = {
 529        .family =       PF_UNIX,
 530        .owner =        THIS_MODULE,
 531        .release =      unix_release,
 532        .bind =         unix_bind,
 533        .connect =      unix_stream_connect,
 534        .socketpair =   unix_socketpair,
 535        .accept =       unix_accept,
 536        .getname =      unix_getname,
 537        .poll =         unix_poll,
 538        .ioctl =        unix_ioctl,
 539        .listen =       unix_listen,
 540        .shutdown =     unix_shutdown,
 541        .setsockopt =   sock_no_setsockopt,
 542        .getsockopt =   sock_no_getsockopt,
 543        .sendmsg =      unix_stream_sendmsg,
 544        .recvmsg =      unix_stream_recvmsg,
 545        .mmap =         sock_no_mmap,
 546        .sendpage =     sock_no_sendpage,
 547};
 548
 549static const struct proto_ops unix_dgram_ops = {
 550        .family =       PF_UNIX,
 551        .owner =        THIS_MODULE,
 552        .release =      unix_release,
 553        .bind =         unix_bind,
 554        .connect =      unix_dgram_connect,
 555        .socketpair =   unix_socketpair,
 556        .accept =       sock_no_accept,
 557        .getname =      unix_getname,
 558        .poll =         unix_dgram_poll,
 559        .ioctl =        unix_ioctl,
 560        .listen =       sock_no_listen,
 561        .shutdown =     unix_shutdown,
 562        .setsockopt =   sock_no_setsockopt,
 563        .getsockopt =   sock_no_getsockopt,
 564        .sendmsg =      unix_dgram_sendmsg,
 565        .recvmsg =      unix_dgram_recvmsg,
 566        .mmap =         sock_no_mmap,
 567        .sendpage =     sock_no_sendpage,
 568};
 569
 570static const struct proto_ops unix_seqpacket_ops = {
 571        .family =       PF_UNIX,
 572        .owner =        THIS_MODULE,
 573        .release =      unix_release,
 574        .bind =         unix_bind,
 575        .connect =      unix_stream_connect,
 576        .socketpair =   unix_socketpair,
 577        .accept =       unix_accept,
 578        .getname =      unix_getname,
 579        .poll =         unix_dgram_poll,
 580        .ioctl =        unix_ioctl,
 581        .listen =       unix_listen,
 582        .shutdown =     unix_shutdown,
 583        .setsockopt =   sock_no_setsockopt,
 584        .getsockopt =   sock_no_getsockopt,
 585        .sendmsg =      unix_seqpacket_sendmsg,
 586        .recvmsg =      unix_dgram_recvmsg,
 587        .mmap =         sock_no_mmap,
 588        .sendpage =     sock_no_sendpage,
 589};
 590
 591static struct proto unix_proto = {
 592        .name                   = "UNIX",
 593        .owner                  = THIS_MODULE,
 594        .obj_size               = sizeof(struct unix_sock),
 595};
 596
 597/*
 598 * AF_UNIX sockets do not interact with hardware, hence they
 599 * dont trigger interrupts - so it's safe for them to have
 600 * bh-unsafe locking for their sk_receive_queue.lock. Split off
 601 * this special lock-class by reinitializing the spinlock key:
 602 */
 603static struct lock_class_key af_unix_sk_receive_queue_lock_key;
 604
 605static struct sock *unix_create1(struct net *net, struct socket *sock)
 606{
 607        struct sock *sk = NULL;
 608        struct unix_sock *u;
 609
 610        atomic_long_inc(&unix_nr_socks);
 611        if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
 612                goto out;
 613
 614        sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
 615        if (!sk)
 616                goto out;
 617
 618        sock_init_data(sock, sk);
 619        lockdep_set_class(&sk->sk_receive_queue.lock,
 620                                &af_unix_sk_receive_queue_lock_key);
 621
 622        sk->sk_write_space      = unix_write_space;
 623        sk->sk_max_ack_backlog  = net->unx.sysctl_max_dgram_qlen;
 624        sk->sk_destruct         = unix_sock_destructor;
 625        u         = unix_sk(sk);
 626        u->dentry = NULL;
 627        u->mnt    = NULL;
 628        spin_lock_init(&u->lock);
 629        atomic_long_set(&u->inflight, 0);
 630        INIT_LIST_HEAD(&u->link);
 631        mutex_init(&u->readlock); /* single task reading lock */
 632        init_waitqueue_head(&u->peer_wait);
 633        unix_insert_socket(unix_sockets_unbound, sk);
 634out:
 635        if (sk == NULL)
 636                atomic_long_dec(&unix_nr_socks);
 637        else {
 638                local_bh_disable();
 639                sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
 640                local_bh_enable();
 641        }
 642        return sk;
 643}
 644
 645static int unix_create(struct net *net, struct socket *sock, int protocol,
 646                       int kern)
 647{
 648        if (protocol && protocol != PF_UNIX)
 649                return -EPROTONOSUPPORT;
 650
 651        sock->state = SS_UNCONNECTED;
 652
 653        switch (sock->type) {
 654        case SOCK_STREAM:
 655                sock->ops = &unix_stream_ops;
 656                break;
 657                /*
 658                 *      Believe it or not BSD has AF_UNIX, SOCK_RAW though
 659                 *      nothing uses it.
 660                 */
 661        case SOCK_RAW:
 662                sock->type = SOCK_DGRAM;
 663        case SOCK_DGRAM:
 664                sock->ops = &unix_dgram_ops;
 665                break;
 666        case SOCK_SEQPACKET:
 667                sock->ops = &unix_seqpacket_ops;
 668                break;
 669        default:
 670                return -ESOCKTNOSUPPORT;
 671        }
 672
 673        return unix_create1(net, sock) ? 0 : -ENOMEM;
 674}
 675
 676static int unix_release(struct socket *sock)
 677{
 678        struct sock *sk = sock->sk;
 679
 680        if (!sk)
 681                return 0;
 682
 683        sock->sk = NULL;
 684
 685        return unix_release_sock(sk, 0);
 686}
 687
 688static int unix_autobind(struct socket *sock)
 689{
 690        struct sock *sk = sock->sk;
 691        struct net *net = sock_net(sk);
 692        struct unix_sock *u = unix_sk(sk);
 693        static u32 ordernum = 1;
 694        struct unix_address *addr;
 695        int err;
 696        unsigned int retries = 0;
 697
 698        mutex_lock(&u->readlock);
 699
 700        err = 0;
 701        if (u->addr)
 702                goto out;
 703
 704        err = -ENOMEM;
 705        addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
 706        if (!addr)
 707                goto out;
 708
 709        addr->name->sun_family = AF_UNIX;
 710        atomic_set(&addr->refcnt, 1);
 711
 712retry:
 713        addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
 714        addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
 715
 716        spin_lock(&unix_table_lock);
 717        ordernum = (ordernum+1)&0xFFFFF;
 718
 719        if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
 720                                      addr->hash)) {
 721                spin_unlock(&unix_table_lock);
 722                /*
 723                 * __unix_find_socket_byname() may take long time if many names
 724                 * are already in use.
 725                 */
 726                cond_resched();
 727                /* Give up if all names seems to be in use. */
 728                if (retries++ == 0xFFFFF) {
 729                        err = -ENOSPC;
 730                        kfree(addr);
 731                        goto out;
 732                }
 733                goto retry;
 734        }
 735        addr->hash ^= sk->sk_type;
 736
 737        __unix_remove_socket(sk);
 738        u->addr = addr;
 739        __unix_insert_socket(&unix_socket_table[addr->hash], sk);
 740        spin_unlock(&unix_table_lock);
 741        err = 0;
 742
 743out:    mutex_unlock(&u->readlock);
 744        return err;
 745}
 746
 747static struct sock *unix_find_other(struct net *net,
 748                                    struct sockaddr_un *sunname, int len,
 749                                    int type, unsigned hash, int *error)
 750{
 751        struct sock *u;
 752        struct path path;
 753        int err = 0;
 754
 755        if (sunname->sun_path[0]) {
 756                struct inode *inode;
 757                err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
 758                if (err)
 759                        goto fail;
 760                inode = path.dentry->d_inode;
 761                err = inode_permission(inode, MAY_WRITE);
 762                if (err)
 763                        goto put_fail;
 764
 765                err = -ECONNREFUSED;
 766                if (!S_ISSOCK(inode->i_mode))
 767                        goto put_fail;
 768                u = unix_find_socket_byinode(inode);
 769                if (!u)
 770                        goto put_fail;
 771
 772                if (u->sk_type == type)
 773                        touch_atime(path.mnt, path.dentry);
 774
 775                path_put(&path);
 776
 777                err = -EPROTOTYPE;
 778                if (u->sk_type != type) {
 779                        sock_put(u);
 780                        goto fail;
 781                }
 782        } else {
 783                err = -ECONNREFUSED;
 784                u = unix_find_socket_byname(net, sunname, len, type, hash);
 785                if (u) {
 786                        struct dentry *dentry;
 787                        dentry = unix_sk(u)->dentry;
 788                        if (dentry)
 789                                touch_atime(unix_sk(u)->mnt, dentry);
 790                } else
 791                        goto fail;
 792        }
 793        return u;
 794
 795put_fail:
 796        path_put(&path);
 797fail:
 798        *error = err;
 799        return NULL;
 800}
 801
 802
 803static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 804{
 805        struct sock *sk = sock->sk;
 806        struct net *net = sock_net(sk);
 807        struct unix_sock *u = unix_sk(sk);
 808        struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
 809        struct dentry *dentry = NULL;
 810        struct nameidata nd;
 811        int err;
 812        unsigned hash;
 813        struct unix_address *addr;
 814        struct hlist_head *list;
 815
 816        err = -EINVAL;
 817        if (sunaddr->sun_family != AF_UNIX)
 818                goto out;
 819
 820        if (addr_len == sizeof(short)) {
 821                err = unix_autobind(sock);
 822                goto out;
 823        }
 824
 825        err = unix_mkname(sunaddr, addr_len, &hash);
 826        if (err < 0)
 827                goto out;
 828        addr_len = err;
 829
 830        mutex_lock(&u->readlock);
 831
 832        err = -EINVAL;
 833        if (u->addr)
 834                goto out_up;
 835
 836        err = -ENOMEM;
 837        addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
 838        if (!addr)
 839                goto out_up;
 840
 841        memcpy(addr->name, sunaddr, addr_len);
 842        addr->len = addr_len;
 843        addr->hash = hash ^ sk->sk_type;
 844        atomic_set(&addr->refcnt, 1);
 845
 846        if (sunaddr->sun_path[0]) {
 847                unsigned int mode;
 848                err = 0;
 849                /*
 850                 * Get the parent directory, calculate the hash for last
 851                 * component.
 852                 */
 853                err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd);
 854                if (err)
 855                        goto out_mknod_parent;
 856
 857                dentry = lookup_create(&nd, 0);
 858                err = PTR_ERR(dentry);
 859                if (IS_ERR(dentry))
 860                        goto out_mknod_unlock;
 861
 862                /*
 863                 * All right, let's create it.
 864                 */
 865                mode = S_IFSOCK |
 866                       (SOCK_INODE(sock)->i_mode & ~current_umask());
 867                err = mnt_want_write(nd.path.mnt);
 868                if (err)
 869                        goto out_mknod_dput;
 870                err = security_path_mknod(&nd.path, dentry, mode, 0);
 871                if (err)
 872                        goto out_mknod_drop_write;
 873                err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
 874out_mknod_drop_write:
 875                mnt_drop_write(nd.path.mnt);
 876                if (err)
 877                        goto out_mknod_dput;
 878                mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
 879                dput(nd.path.dentry);
 880                nd.path.dentry = dentry;
 881
 882                addr->hash = UNIX_HASH_SIZE;
 883        }
 884
 885        spin_lock(&unix_table_lock);
 886
 887        if (!sunaddr->sun_path[0]) {
 888                err = -EADDRINUSE;
 889                if (__unix_find_socket_byname(net, sunaddr, addr_len,
 890                                              sk->sk_type, hash)) {
 891                        unix_release_addr(addr);
 892                        goto out_unlock;
 893                }
 894
 895                list = &unix_socket_table[addr->hash];
 896        } else {
 897                list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
 898                u->dentry = nd.path.dentry;
 899                u->mnt    = nd.path.mnt;
 900        }
 901
 902        err = 0;
 903        __unix_remove_socket(sk);
 904        u->addr = addr;
 905        __unix_insert_socket(list, sk);
 906
 907out_unlock:
 908        spin_unlock(&unix_table_lock);
 909out_up:
 910        mutex_unlock(&u->readlock);
 911out:
 912        return err;
 913
 914out_mknod_dput:
 915        dput(dentry);
 916out_mknod_unlock:
 917        mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
 918        path_put(&nd.path);
 919out_mknod_parent:
 920        if (err == -EEXIST)
 921                err = -EADDRINUSE;
 922        unix_release_addr(addr);
 923        goto out_up;
 924}
 925
 926static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
 927{
 928        if (unlikely(sk1 == sk2) || !sk2) {
 929                unix_state_lock(sk1);
 930                return;
 931        }
 932        if (sk1 < sk2) {
 933                unix_state_lock(sk1);
 934                unix_state_lock_nested(sk2);
 935        } else {
 936                unix_state_lock(sk2);
 937                unix_state_lock_nested(sk1);
 938        }
 939}
 940
 941static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
 942{
 943        if (unlikely(sk1 == sk2) || !sk2) {
 944                unix_state_unlock(sk1);
 945                return;
 946        }
 947        unix_state_unlock(sk1);
 948        unix_state_unlock(sk2);
 949}
 950
 951static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
 952                              int alen, int flags)
 953{
 954        struct sock *sk = sock->sk;
 955        struct net *net = sock_net(sk);
 956        struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
 957        struct sock *other;
 958        unsigned hash;
 959        int err;
 960
 961        if (addr->sa_family != AF_UNSPEC) {
 962                err = unix_mkname(sunaddr, alen, &hash);
 963                if (err < 0)
 964                        goto out;
 965                alen = err;
 966
 967                if (test_bit(SOCK_PASSCRED, &sock->flags) &&
 968                    !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
 969                        goto out;
 970
 971restart:
 972                other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
 973                if (!other)
 974                        goto out;
 975
 976                unix_state_double_lock(sk, other);
 977
 978                /* Apparently VFS overslept socket death. Retry. */
 979                if (sock_flag(other, SOCK_DEAD)) {
 980                        unix_state_double_unlock(sk, other);
 981                        sock_put(other);
 982                        goto restart;
 983                }
 984
 985                err = -EPERM;
 986                if (!unix_may_send(sk, other))
 987                        goto out_unlock;
 988
 989                err = security_unix_may_send(sk->sk_socket, other->sk_socket);
 990                if (err)
 991                        goto out_unlock;
 992
 993        } else {
 994                /*
 995                 *      1003.1g breaking connected state with AF_UNSPEC
 996                 */
 997                other = NULL;
 998                unix_state_double_lock(sk, other);
 999        }
1000

1001        /*
1002         * If it was connected, reconnect.
1003         */
1004        if (unix_peer(sk)) {
1005                struct sock *old_peer = unix_peer(sk);
1006                unix_peer(sk) = other;
1007                unix_state_double_unlock(sk, other);
1008
1009                if (other != old_peer)
1010                        unix_dgram_disconnected(sk, old_peer);
1011                sock_put(old_peer);
1012        } else {
1013                unix_peer(sk) = other;
1014                unix_state_double_unlock(sk, other);
1015        }
1016        return 0;
1017
1018out_unlock:
1019        unix_state_double_unlock(sk, other);
1020        sock_put(other);
1021out:
1022        return err;
1023}
1024
1025static long unix_wait_for_peer(struct sock *other, long timeo)
1026{
1027        struct unix_sock *u = unix_sk(other);
1028        int sched;
1029        DEFINE_WAIT(wait);
1030
1031        prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1032
1033        sched = !sock_flag(other, SOCK_DEAD) &&
1034                !(other->sk_shutdown & RCV_SHUTDOWN) &&
1035                unix_recvq_full(other);
1036
1037        unix_state_unlock(other);
1038
1039        if (sched)
1040                timeo = schedule_timeout(timeo);
1041
1042        finish_wait(&u->peer_wait, &wait);
1043        return timeo;
1044}
1045
1046static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1047                               int addr_len, int flags)
1048{
1049        struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1050        struct sock *sk = sock->sk;
1051        struct net *net = sock_net(sk);
1052        struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1053        struct sock *newsk = NULL;
1054        struct sock *other = NULL;
1055        struct sk_buff *skb = NULL;
1056        unsigned hash;
1057        int st;
1058        int err;
1059        long timeo;
1060
1061        err = unix_mkname(sunaddr, addr_len, &hash);
1062        if (err < 0)
1063                goto out;
1064        addr_len = err;
1065
1066        if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1067            (err = unix_autobind(sock)) != 0)
1068                goto out;
1069
1070        timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1071
1072        /* First of all allocate resources.
1073           If we will make it after state is locked,
1074           we will have to recheck all again in any case.
1075         */
1076
1077        err = -ENOMEM;
1078
1079        /* create new sock for complete connection */
1080        newsk = unix_create1(sock_net(sk), NULL);
1081        if (newsk == NULL)
1082                goto out;
1083
1084        /* Allocate skb for sending to listening sock */
1085        skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1086        if (skb == NULL)
1087                goto out;
1088
1089restart:
1090        /*  Find listening sock. */
1091        other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1092        if (!other)
1093                goto out;
1094
1095        /* Latch state of peer */
1096        unix_state_lock(other);
1097
1098        /* Apparently VFS overslept socket death. Retry. */
1099        if (sock_flag(other, SOCK_DEAD)) {
1100                unix_state_unlock(other);
1101                sock_put(other);
1102                goto restart;
1103        }
1104
1105        err = -ECONNREFUSED;
1106        if (other->sk_state != TCP_LISTEN)
1107                goto out_unlock;
1108        if (other->sk_shutdown & RCV_SHUTDOWN)
1109                goto out_unlock;
1110
1111        if (unix_recvq_full(other)) {
1112                err = -EAGAIN;
1113                if (!timeo)
1114                        goto out_unlock;
1115
1116                timeo = unix_wait_for_peer(other, timeo);
1117
1118                err = sock_intr_errno(timeo);
1119                if (signal_pending(current))
1120                        goto out;
1121                sock_put(other);
1122                goto restart;
1123        }
1124
1125        /* Latch our state.
1126
1127           It is tricky place. We need to grab write lock and cannot
1128           drop lock on peer. It is dangerous because deadlock is
1129           possible. Connect to self case and simultaneous
1130           attempt to connect are eliminated by checking socket
1131           state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1132           check this before attempt to grab lock.
1133
1134           Well, and we have to recheck the state after socket locked.
1135         */
1136        st = sk->sk_state;
1137
1138        switch (st) {
1139        case TCP_CLOSE:
1140                /* This is ok... continue with connect */
1141                break;
1142        case TCP_ESTABLISHED:
1143                /* Socket is already connected */
1144                err = -EISCONN;
1145                goto out_unlock;
1146        default:
1147                err = -EINVAL;
1148                goto out_unlock;
1149        }
1150
1151        unix_state_lock_nested(sk);
1152
1153        if (sk->sk_state != st) {
1154                unix_state_unlock(sk);
1155                unix_state_unlock(other);
1156                sock_put(other);
1157                goto restart;
1158        }
1159
1160        err = security_unix_stream_connect(sk, other, newsk);
1161        if (err) {
1162                unix_state_unlock(sk);
1163                goto out_unlock;
1164        }
1165
1166        /* The way is open! Fastly set all the necessary fields... */
1167
1168        sock_hold(sk);
1169        unix_peer(newsk)        = sk;
1170        newsk->sk_state         = TCP_ESTABLISHED;
1171        newsk->sk_type          = sk->sk_type;
1172        init_peercred(newsk);
1173        newu = unix_sk(newsk);
1174        newsk->sk_wq            = &newu->peer_wq;
1175        otheru = unix_sk(other);
1176
1177        /* copy address information from listening to new sock*/
1178        if (otheru->addr) {
1179                atomic_inc(&otheru->addr->refcnt);
1180                newu->addr = otheru->addr;
1181        }
1182        if (otheru->dentry) {
1183                newu->dentry    = dget(otheru->dentry);
1184                newu->mnt       = mntget(otheru->mnt);
1185        }
1186
1187        /* Set credentials */
1188        copy_peercred(sk, other);
1189
1190        sock->state     = SS_CONNECTED;
1191        sk->sk_state    = TCP_ESTABLISHED;
1192        sock_hold(newsk);
1193
1194        smp_mb__after_atomic_inc();     /* sock_hold() does an atomic_inc() */
1195        unix_peer(sk)   = newsk;
1196
1197        unix_state_unlock(sk);
1198
1199        /* take ten and and send info to listening sock */
1200        spin_lock(&other->sk_receive_queue.lock);
1201        __skb_queue_tail(&other->sk_receive_queue, skb);
1202        spin_unlock(&other->sk_receive_queue.lock);
1203        unix_state_unlock(other);
1204        other->sk_data_ready(other, 0);
1205        sock_put(other);
1206        return 0;
1207
1208out_unlock:
1209        if (other)
1210                unix_state_unlock(other);
1211
1212out:
1213        kfree_skb(skb);
1214        if (newsk)
1215                unix_release_sock(newsk, 0);
1216        if (other)
1217                sock_put(other);
1218        return err;
1219}
1220
1221static int unix_socketpair(struct socket *socka, struct socket *sockb)
1222{
1223        struct sock *ska = socka->sk, *skb = sockb->sk;
1224
1225        /* Join our sockets back to back */
1226        sock_hold(ska);
1227        sock_hold(skb);
1228        unix_peer(ska) = skb;
1229        unix_peer(skb) = ska;
1230        init_peercred(ska);
1231        init_peercred(skb);
1232
1233        if (ska->sk_type != SOCK_DGRAM) {
1234                ska->sk_state = TCP_ESTABLISHED;
1235                skb->sk_state = TCP_ESTABLISHED;
1236                socka->state  = SS_CONNECTED;
1237                sockb->state  = SS_CONNECTED;
1238        }
1239        return 0;
1240}
1241
1242static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1243{
1244        struct sock *sk = sock->sk;
1245        struct sock *tsk;
1246        struct sk_buff *skb;
1247        int err;
1248
1249        err = -EOPNOTSUPP;
1250        if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1251                goto out;
1252
1253        err = -EINVAL;
1254        if (sk->sk_state != TCP_LISTEN)
1255                goto out;
1256
1257        /* If socket state is TCP_LISTEN it cannot change (for now...),
1258         * so that no locks are necessary.
1259         */
1260
1261        skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1262        if (!skb) {
1263                /* This means receive shutdown. */
1264                if (err == 0)
1265                        err = -EINVAL;
1266                goto out;
1267        }
1268
1269        tsk = skb->sk;
1270        skb_free_datagram(sk, skb);
1271        wake_up_interruptible(&unix_sk(sk)->peer_wait);
1272
1273        /* attach accepted sock to socket */
1274        unix_state_lock(tsk);
1275        newsock->state = SS_CONNECTED;
1276        sock_graft(tsk, newsock);
1277        unix_state_unlock(tsk);
1278        return 0;
1279
1280out:
1281        return err;
1282}
1283
1284
1285static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1286{
1287        struct sock *sk = sock->sk;
1288        struct unix_sock *u;
1289        DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1290        int err = 0;
1291
1292        if (peer) {
1293                sk = unix_peer_get(sk);
1294
1295                err = -ENOTCONN;
1296                if (!sk)
1297                        goto out;
1298                err = 0;
1299        } else {
1300                sock_hold(sk);
1301        }
1302
1303        u = unix_sk(sk);
1304        unix_state_lock(sk);
1305        if (!u->addr) {
1306                sunaddr->sun_family = AF_UNIX;
1307                sunaddr->sun_path[0] = 0;
1308                *uaddr_len = sizeof(short);
1309        } else {
1310                struct unix_address *addr = u->addr;
1311
1312                *uaddr_len = addr->len;
1313                memcpy(sunaddr, addr->name, *uaddr_len);
1314        }
1315        unix_state_unlock(sk);
1316        sock_put(sk);
1317out:
1318        return err;
1319}
1320
1321static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1322{
1323        int i;
1324
1325        scm->fp = UNIXCB(skb).fp;
1326        UNIXCB(skb).fp = NULL;
1327
1328        for (i = scm->fp->count-1; i >= 0; i--)
1329                unix_notinflight(scm->fp->fp[i]);
1330}
1331
1332static void unix_destruct_scm(struct sk_buff *skb)
1333{
1334        struct scm_cookie scm;
1335        memset(&scm, 0, sizeof(scm));
1336        scm.pid  = UNIXCB(skb).pid;
1337        scm.cred = UNIXCB(skb).cred;
1338        if (UNIXCB(skb).fp)
1339                unix_detach_fds(&scm, skb);
1340
1341        /* Alas, it calls VFS */
1342        /* So fscking what? fput() had been SMP-safe since the last Summer */
1343        scm_destroy(&scm);
1344        sock_wfree(skb);
1345}
1346
1347#define MAX_RECURSION_LEVEL 4
1348
1349static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1350{
1351        int i;
1352        unsigned char max_level = 0;
1353        int unix_sock_count = 0;
1354
1355        for (i = scm->fp->count - 1; i >= 0; i--) {
1356                struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1357
1358                if (sk) {
1359                        unix_sock_count++;
1360                        max_level = max(max_level,
1361                                        unix_sk(sk)->recursion_level);
1362                }
1363        }
1364        if (unlikely(max_level > MAX_RECURSION_LEVEL))
1365                return -ETOOMANYREFS;
1366
1367        /*
1368         * Need to duplicate file references for the sake of garbage
1369         * collection.  Otherwise a socket in the fps might become a
1370         * candidate for GC while the skb is not yet queued.
1371         */
1372        UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1373        if (!UNIXCB(skb).fp)
1374                return -ENOMEM;
1375
1376        if (unix_sock_count) {
1377                for (i = scm->fp->count - 1; i >= 0; i--)
1378                        unix_inflight(scm->fp->fp[i]);
1379        }
1380        return max_level;
1381}
1382
1383static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1384{
1385        int err = 0;
1386        UNIXCB(skb).pid  = get_pid(scm->pid);
1387        UNIXCB(skb).cred = get_cred(scm->cred);
1388        UNIXCB(skb).fp = NULL;
1389        if (scm->fp && send_fds)
1390                err = unix_attach_fds(scm, skb);
1391
1392        skb->destructor = unix_destruct_scm;
1393        return err;
1394}
1395
1396/*
1397 *      Send AF_UNIX data.
1398 */
1399
1400static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1401                              struct msghdr *msg, size_t len)
1402{
1403        struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1404        struct sock *sk = sock->sk;
1405        struct net *net = sock_net(sk);
1406        struct unix_sock *u = unix_sk(sk);
1407        struct sockaddr_un *sunaddr = msg->msg_name;
1408        struct sock *other = NULL;
1409        int namelen = 0; /* fake GCC */
1410        int err;
1411        unsigned hash;
1412        struct sk_buff *skb;
1413        long timeo;
1414        struct scm_cookie tmp_scm;
1415        int max_level;
1416
1417        if (NULL == siocb->scm)
1418                siocb->scm = &tmp_scm;
1419        wait_for_unix_gc();
1420        err = scm_send(sock, msg, siocb->scm);
1421        if (err < 0)
1422                return err;
1423
1424        err = -EOPNOTSUPP;
1425        if (msg->msg_flags&MSG_OOB)
1426                goto out;
1427
1428        if (msg->msg_namelen) {
1429                err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1430                if (err < 0)
1431                        goto out;
1432                namelen = err;
1433        } else {
1434                sunaddr = NULL;
1435                err = -ENOTCONN;
1436                other = unix_peer_get(sk);
1437                if (!other)
1438                        goto out;
1439        }
1440
1441        if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1442            && (err = unix_autobind(sock)) != 0)
1443                goto out;
1444
1445        err = -EMSGSIZE;
1446        if (len > sk->sk_sndbuf - 32)
1447                goto out;
1448
1449        skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
1450        if (skb == NULL)
1451                goto out;
1452
1453        err = unix_scm_to_skb(siocb->scm, skb, true);
1454        if (err < 0)
1455                goto out_free;
1456        max_level = err + 1;
1457        unix_get_secdata(siocb->scm, skb);
1458
1459        skb_reset_transport_header(skb);
1460        err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
1461        if (err)
1462                goto out_free;
1463
1464        timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1465
1466restart:
1467        if (!other) {
1468                err = -ECONNRESET;
1469                if (sunaddr == NULL)
1470                        goto out_free;
1471
1472                other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1473                                        hash, &err);
1474                if (other == NULL)
1475                        goto out_free;
1476        }
1477
1478        unix_state_lock(other);
1479        err = -EPERM;
1480        if (!unix_may_send(sk, other))
1481                goto out_unlock;
1482
1483        if (sock_flag(other, SOCK_DEAD)) {
1484                /*
1485                 *      Check with 1003.1g - what should
1486                 *      datagram error
1487                 */
1488                unix_state_unlock(other);
1489                sock_put(other);
1490
1491                err = 0;
1492                unix_state_lock(sk);
1493                if (unix_peer(sk) == other) {
1494                        unix_peer(sk) = NULL;
1495                        unix_state_unlock(sk);
1496
1497                        unix_dgram_disconnected(sk, other);
1498                        sock_put(other);
1499                        err = -ECONNREFUSED;
1500                } else {
1501                        unix_state_unlock(sk);
1502                }
1503
1504                other = NULL;
1505                if (err)
1506                        goto out_free;
1507                goto restart;
1508        }
1509
1510        err = -EPIPE;
1511        if (other->sk_shutdown & RCV_SHUTDOWN)
1512                goto out_unlock;
1513
1514        if (sk->sk_type != SOCK_SEQPACKET) {
1515                err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1516                if (err)
1517                        goto out_unlock;
1518        }
1519
1520        if (unix_peer(other) != sk && unix_recvq_full(other)) {
1521                if (!timeo) {
1522                        err = -EAGAIN;
1523                        goto out_unlock;
1524                }
1525
1526                timeo = unix_wait_for_peer(other, timeo);
1527
1528                err = sock_intr_errno(timeo);
1529                if (signal_pending(current))
1530                        goto out_free;
1531
1532                goto restart;
1533        }
1534
1535        if (sock_flag(other, SOCK_RCVTSTAMP))
1536                __net_timestamp(skb);
1537        skb_queue_tail(&other->sk_receive_queue, skb);
1538        if (max_level > unix_sk(other)->recursion_level)
1539                unix_sk(other)->recursion_level = max_level;
1540        unix_state_unlock(other);
1541        other->sk_data_ready(other, len);
1542        sock_put(other);
1543        scm_destroy(siocb->scm);
1544        return len;
1545
1546out_unlock:
1547        unix_state_unlock(other);
1548out_free:
1549        kfree_skb(skb);
1550out:
1551        if (other)
1552                sock_put(other);
1553        scm_destroy(siocb->scm);
1554        return err;
1555}
1556
1557
1558static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1559                               struct msghdr *msg, size_t len)
1560{
1561        struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1562        struct sock *sk = sock->sk;
1563        struct sock *other = NULL;
1564        struct sockaddr_un *sunaddr = msg->msg_name;
1565        int err, size;
1566        struct sk_buff *skb;
1567        int sent = 0;
1568        struct scm_cookie tmp_scm;
1569        bool fds_sent = false;
1570        int max_level;
1571
1572        if (NULL == siocb->scm)
1573                siocb->scm = &tmp_scm;
1574        wait_for_unix_gc();
1575        err = scm_send(sock, msg, siocb->scm);
1576        if (err < 0)
1577                return err;
1578
1579        err = -EOPNOTSUPP;
1580        if (msg->msg_flags&MSG_OOB)
1581                goto out_err;
1582
1583        if (msg->msg_namelen) {
1584                err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1585                goto out_err;
1586        } else {
1587                sunaddr = NULL;
1588                err = -ENOTCONN;
1589                other = unix_peer(sk);
1590                if (!other)
1591                        goto out_err;
1592        }
1593
1594        if (sk->sk_shutdown & SEND_SHUTDOWN)
1595                goto pipe_err;
1596
1597        while (sent < len) {
1598                /*
1599                 *      Optimisation for the fact that under 0.01% of X
1600                 *      messages typically need breaking up.
1601                 */
1602
1603                size = len-sent;
1604
1605                /* Keep two messages in the pipe so it schedules better */
1606                if (size > ((sk->sk_sndbuf >> 1) - 64))
1607                        size = (sk->sk_sndbuf >> 1) - 64;
1608
1609                if (size > SKB_MAX_ALLOC)
1610                        size = SKB_MAX_ALLOC;
1611
1612                /*
1613                 *      Grab a buffer
1614                 */
1615
1616                skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1617                                          &err);
1618
1619                if (skb == NULL)
1620                        goto out_err;
1621
1622                /*
1623                 *      If you pass two values to the sock_alloc_send_skb
1624                 *      it tries to grab the large buffer with GFP_NOFS
1625                 *      (which can fail easily), and if it fails grab the
1626                 *      fallback size buffer which is under a page and will
1627                 *      succeed. [Alan]
1628                 */
1629                size = min_t(int, size, skb_tailroom(skb));
1630
1631
1632                /* Only send the fds in the first buffer */
1633                err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1634                if (err < 0) {
1635                        kfree_skb(skb);
1636                        goto out_err;
1637                }
1638                max_level = err + 1;
1639                fds_sent = true;
1640
1641                err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1642                if (err) {
1643                        kfree_skb(skb);
1644                        goto out_err;
1645                }
1646
1647                unix_state_lock(other);
1648
1649                if (sock_flag(other, SOCK_DEAD) ||
1650                    (other->sk_shutdown & RCV_SHUTDOWN))
1651                        goto pipe_err_free;
1652
1653                skb_queue_tail(&other->sk_receive_queue, skb);
1654                if (max_level > unix_sk(other)->recursion_level)
1655                        unix_sk(other)->recursion_level = max_level;
1656                unix_state_unlock(other);
1657                other->sk_data_ready(other, size);
1658                sent += size;
1659        }
1660
1661        scm_destroy(siocb->scm);
1662        siocb->scm = NULL;
1663
1664        return sent;
1665
1666pipe_err_free:
1667        unix_state_unlock(other);
1668        kfree_skb(skb);
1669pipe_err:
1670        if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1671                send_sig(SIGPIPE, current, 0);
1672        err = -EPIPE;
1673out_err:
1674        scm_destroy(siocb->scm);
1675        siocb->scm = NULL;
1676        return sent ? : err;
1677}
1678
1679static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1680                                  struct msghdr *msg, size_t len)
1681{
1682        int err;
1683        struct sock *sk = sock->sk;
1684
1685        err = sock_error(sk);
1686        if (err)
1687                return err;
1688
1689        if (sk->sk_state != TCP_ESTABLISHED)
1690                return -ENOTCONN;
1691
1692        if (msg->msg_namelen)
1693                msg->msg_namelen = 0;
1694
1695        return unix_dgram_sendmsg(kiocb, sock, msg, len);
1696}
1697
1698static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1699{
1700        struct unix_sock *u = unix_sk(sk);
1701
1702        msg->msg_namelen = 0;
1703        if (u->addr) {
1704                msg->msg_namelen = u->addr->len;
1705                memcpy(msg->msg_name, u->addr->name, u->addr->len);
1706        }
1707}
1708
1709static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1710                              struct msghdr *msg, size_t size,
1711                              int flags)
1712{
1713        struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1714        struct scm_cookie tmp_scm;
1715        struct sock *sk = sock->sk;
1716        struct unix_sock *u = unix_sk(sk);
1717        int noblock = flags & MSG_DONTWAIT;
1718        struct sk_buff *skb;
1719        int err;
1720
1721        err = -EOPNOTSUPP;
1722        if (flags&MSG_OOB)
1723                goto out;
1724
1725        msg->msg_namelen = 0;
1726
1727        err = mutex_lock_interruptible(&u->readlock);
1728        if (err) {
1729                err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1730                goto out;
1731        }
1732
1733        skb = skb_recv_datagram(sk, flags, noblock, &err);
1734        if (!skb) {
1735                unix_state_lock(sk);
1736                /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1737                if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1738                    (sk->sk_shutdown & RCV_SHUTDOWN))
1739                        err = 0;
1740                unix_state_unlock(sk);
1741                goto out_unlock;
1742        }
1743
1744        wake_up_interruptible_sync_poll(&u->peer_wait,
1745                                        POLLOUT | POLLWRNORM | POLLWRBAND);
1746
1747        if (msg->msg_name)
1748                unix_copy_addr(msg, skb->sk);
1749
1750        if (size > skb->len)
1751                size = skb->len;
1752        else if (size < skb->len)
1753                msg->msg_flags |= MSG_TRUNC;
1754
1755        err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1756        if (err)
1757                goto out_free;
1758
1759        if (sock_flag(sk, SOCK_RCVTSTAMP))
1760                __sock_recv_timestamp(msg, sk, skb);
1761
1762        if (!siocb->scm) {
1763                siocb->scm = &tmp_scm;
1764                memset(&tmp_scm, 0, sizeof(tmp_scm));
1765        }
1766        scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1767        unix_set_secdata(siocb->scm, skb);
1768
1769        if (!(flags & MSG_PEEK)) {
1770                if (UNIXCB(skb).fp)
1771                        unix_detach_fds(siocb->scm, skb);
1772        } else {
1773                /* It is questionable: on PEEK we could:
1774                   - do not return fds - good, but too simple 8)
1775                   - return fds, and do not return them on read (old strategy,
1776                     apparently wrong)
1777                   - clone fds (I chose it for now, it is the most universal
1778                     solution)
1779
1780                   POSIX 1003.1g does not actually define this clearly
1781                   at all. POSIX 1003.1g doesn't define a lot of things
1782                   clearly however!
1783
1784                */
1785                if (UNIXCB(skb).fp)
1786                        siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1787        }
1788        err = size;
1789
1790        scm_recv(sock, msg, siocb->scm, flags);
1791
1792out_free:
1793        skb_free_datagram(sk, skb);
1794out_unlock:
1795        mutex_unlock(&u->readlock);
1796out:
1797        return err;
1798}
1799
1800/*
1801 *      Sleep until data has arrive. But check for races..
1802 */
1803
1804static long unix_stream_data_wait(struct sock *sk, long timeo)
1805{
1806        DEFINE_WAIT(wait);
1807
1808        unix_state_lock(sk);
1809
1810        for (;;) {
1811                prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1812
1813                if (!skb_queue_empty(&sk->sk_receive_queue) ||
1814                    sk->sk_err ||
1815                    (sk->sk_shutdown & RCV_SHUTDOWN) ||
1816                    signal_pending(current) ||
1817                    !timeo)
1818                        break;
1819
1820                set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1821                unix_state_unlock(sk);
1822                timeo = schedule_timeout(timeo);
1823                unix_state_lock(sk);
1824                clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1825        }
1826
1827        finish_wait(sk_sleep(sk), &wait);
1828        unix_state_unlock(sk);
1829        return timeo;
1830}
1831
1832
1833
1834static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1835                               struct msghdr *msg, size_t size,
1836                               int flags)
1837{
1838        struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1839        struct scm_cookie tmp_scm;
1840        struct sock *sk = sock->sk;
1841        struct unix_sock *u = unix_sk(sk);
1842        struct sockaddr_un *sunaddr = msg->msg_name;
1843        int copied = 0;
1844        int check_creds = 0;
1845        int target;
1846        int err = 0;
1847        long timeo;
1848
1849        err = -EINVAL;
1850        if (sk->sk_state != TCP_ESTABLISHED)
1851                goto out;
1852
1853        err = -EOPNOTSUPP;
1854        if (flags&MSG_OOB)
1855                goto out;
1856
1857        target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1858        timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1859
1860        msg->msg_namelen = 0;
1861
1862        /* Lock the socket to prevent queue disordering
1863         * while sleeps in memcpy_tomsg
1864         */
1865
1866        if (!siocb->scm) {
1867                siocb->scm = &tmp_scm;
1868                memset(&tmp_scm, 0, sizeof(tmp_scm));
1869        }
1870
1871        err = mutex_lock_interruptible(&u->readlock);
1872        if (err) {
1873                err = sock_intr_errno(timeo);
1874                goto out;
1875        }
1876
1877        do {
1878                int chunk;
1879                struct sk_buff *skb;
1880
1881                unix_state_lock(sk);
1882                skb = skb_dequeue(&sk->sk_receive_queue);
1883                if (skb == NULL) {
1884                        unix_sk(sk)->recursion_level = 0;
1885                        if (copied >= target)
1886                                goto unlock;
1887
1888                        /*
1889                         *      POSIX 1003.1g mandates this order.
1890                         */
1891
1892                        err = sock_error(sk);
1893                        if (err)
1894                                goto unlock;
1895                        if (sk->sk_shutdown & RCV_SHUTDOWN)
1896                                goto unlock;
1897
1898                        unix_state_unlock(sk);
1899                        err = -EAGAIN;
1900                        if (!timeo)
1901                                break;
1902                        mutex_unlock(&u->readlock);
1903
1904                        timeo = unix_stream_data_wait(sk, timeo);
1905
1906                        if (signal_pending(current)
1907                            ||  mutex_lock_interruptible(&u->readlock)) {
1908                                err = sock_intr_errno(timeo);
1909                                goto out;
1910                        }
1911
1912                        continue;
1913 unlock:
1914                        unix_state_unlock(sk);
1915                        break;
1916                }
1917                unix_state_unlock(sk);
1918
1919                if (check_creds) {
1920                        /* Never glue messages from different writers */
1921                        if ((UNIXCB(skb).pid  != siocb->scm->pid) ||
1922                            (UNIXCB(skb).cred != siocb->scm->cred)) {
1923                                skb_queue_head(&sk->sk_receive_queue, skb);
1924                                break;
1925                        }
1926                } else {
1927                        /* Copy credentials */
1928                        scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1929                        check_creds = 1;
1930                }
1931
1932                /* Copy address just once */
1933                if (sunaddr) {
1934                        unix_copy_addr(msg, skb->sk);
1935                        sunaddr = NULL;
1936                }
1937
1938                chunk = min_t(unsigned int, skb->len, size);
1939                if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1940                        skb_queue_head(&sk->sk_receive_queue, skb);
1941                        if (copied == 0)
1942                                copied = -EFAULT;
1943                        break;
1944                }
1945                copied += chunk;
1946                size -= chunk;
1947
1948                /* Mark read part of skb as used */
1949                if (!(flags & MSG_PEEK)) {
1950                        skb_pull(skb, chunk);
1951
1952                        if (UNIXCB(skb).fp)
1953                                unix_detach_fds(siocb->scm, skb);
1954
1955                        /* put the skb back if we didn't use it up.. */
1956                        if (skb->len) {
1957                                skb_queue_head(&sk->sk_receive_queue, skb);
1958                                break;
1959                        }
1960
1961                        consume_skb(skb);
1962
1963                        if (siocb->scm->fp)
1964                                break;
1965                } else {
1966                        /* It is questionable, see note in unix_dgram_recvmsg.
1967                         */
1968                        if (UNIXCB(skb).fp)
1969                                siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1970
1971                        /* put message back and return */
1972                        skb_queue_head(&sk->sk_receive_queue, skb);
1973                        break;
1974                }
1975        } while (size);
1976
1977        mutex_unlock(&u->readlock);
1978        scm_recv(sock, msg, siocb->scm, flags);
1979out:
1980        return copied ? : err;
1981}
1982
1983static int unix_shutdown(struct socket *sock, int mode)
1984{
1985        struct sock *sk = sock->sk;
1986        struct sock *other;
1987
1988        mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
1989
1990        if (mode) {
1991                unix_state_lock(sk);
1992                sk->sk_shutdown |= mode;
1993                other = unix_peer(sk);
1994                if (other)
1995                        sock_hold(other);
1996                unix_state_unlock(sk);
1997                sk->sk_state_change(sk);
1998
1999                if (other &&
2000                        (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {

2001
2002                        int peer_mode = 0;
2003
2004                        if (mode&RCV_SHUTDOWN)
2005                                peer_mode |= SEND_SHUTDOWN;
2006                        if (mode&SEND_SHUTDOWN)
2007                                peer_mode |= RCV_SHUTDOWN;
2008                        unix_state_lock(other);
2009                        other->sk_shutdown |= peer_mode;
2010                        unix_state_unlock(other);
2011                        other->sk_state_change(other);
2012                        if (peer_mode == SHUTDOWN_MASK)
2013                                sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2014                        else if (peer_mode & RCV_SHUTDOWN)
2015                                sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2016                }
2017                if (other)
2018                        sock_put(other);
2019        }
2020        return 0;
2021}
2022
2023static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2024{
2025        struct sock *sk = sock->sk;
2026        long amount = 0;
2027        int err;
2028
2029        switch (cmd) {
2030        case SIOCOUTQ:
2031                amount = sk_wmem_alloc_get(sk);
2032                err = put_user(amount, (int __user *)arg);
2033                break;
2034        case SIOCINQ:
2035                {
2036                        struct sk_buff *skb;
2037
2038                        if (sk->sk_state == TCP_LISTEN) {
2039                                err = -EINVAL;
2040                                break;
2041                        }
2042
2043                        spin_lock(&sk->sk_receive_queue.lock);
2044                        if (sk->sk_type == SOCK_STREAM ||
2045                            sk->sk_type == SOCK_SEQPACKET) {
2046                                skb_queue_walk(&sk->sk_receive_queue, skb)
2047                                        amount += skb->len;
2048                        } else {
2049                                skb = skb_peek(&sk->sk_receive_queue);
2050                                if (skb)
2051                                        amount = skb->len;
2052                        }
2053                        spin_unlock(&sk->sk_receive_queue.lock);
2054                        err = put_user(amount, (int __user *)arg);
2055                        break;
2056                }
2057
2058        default:
2059                err = -ENOIOCTLCMD;
2060                break;
2061        }
2062        return err;
2063}
2064
2065static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2066{
2067        struct sock *sk = sock->sk;
2068        unsigned int mask;
2069
2070        sock_poll_wait(file, sk_sleep(sk), wait);
2071        mask = 0;
2072
2073        /* exceptional events? */
2074        if (sk->sk_err)
2075                mask |= POLLERR;
2076        if (sk->sk_shutdown == SHUTDOWN_MASK)
2077                mask |= POLLHUP;
2078        if (sk->sk_shutdown & RCV_SHUTDOWN)
2079                mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2080
2081        /* readable? */
2082        if (!skb_queue_empty(&sk->sk_receive_queue))
2083                mask |= POLLIN | POLLRDNORM;
2084
2085        /* Connection-based need to check for termination and startup */
2086        if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2087            sk->sk_state == TCP_CLOSE)
2088                mask |= POLLHUP;
2089
2090        /*
2091         * we set writable also when the other side has shut down the
2092         * connection. This prevents stuck sockets.
2093         */
2094        if (unix_writable(sk))
2095                mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2096
2097        return mask;
2098}
2099
2100static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2101                                    poll_table *wait)
2102{
2103        struct sock *sk = sock->sk, *other;
2104        unsigned int mask, writable;
2105
2106        sock_poll_wait(file, sk_sleep(sk), wait);
2107        mask = 0;
2108
2109        /* exceptional events? */
2110        if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2111                mask |= POLLERR;
2112        if (sk->sk_shutdown & RCV_SHUTDOWN)
2113                mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2114        if (sk->sk_shutdown == SHUTDOWN_MASK)
2115                mask |= POLLHUP;
2116
2117        /* readable? */
2118        if (!skb_queue_empty(&sk->sk_receive_queue))
2119                mask |= POLLIN | POLLRDNORM;
2120
2121        /* Connection-based need to check for termination and startup */
2122        if (sk->sk_type == SOCK_SEQPACKET) {
2123                if (sk->sk_state == TCP_CLOSE)
2124                        mask |= POLLHUP;
2125                /* connection hasn't started yet? */
2126                if (sk->sk_state == TCP_SYN_SENT)
2127                        return mask;
2128        }
2129
2130        /* No write status requested, avoid expensive OUT tests. */
2131        if (wait && !(wait->key & (POLLWRBAND | POLLWRNORM | POLLOUT)))
2132                return mask;
2133
2134        writable = unix_writable(sk);
2135        other = unix_peer_get(sk);
2136        if (other) {
2137                if (unix_peer(other) != sk) {
2138                        sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2139                        if (unix_recvq_full(other))
2140                                writable = 0;
2141                }
2142                sock_put(other);
2143        }
2144
2145        if (writable)
2146                mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2147        else
2148                set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2149
2150        return mask;
2151}
2152
2153#ifdef CONFIG_PROC_FS
2154static struct sock *first_unix_socket(int *i)
2155{
2156        for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
2157                if (!hlist_empty(&unix_socket_table[*i]))
2158                        return __sk_head(&unix_socket_table[*i]);
2159        }
2160        return NULL;
2161}
2162
2163static struct sock *next_unix_socket(int *i, struct sock *s)
2164{
2165        struct sock *next = sk_next(s);
2166        /* More in this chain? */
2167        if (next)
2168                return next;
2169        /* Look for next non-empty chain. */
2170        for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
2171                if (!hlist_empty(&unix_socket_table[*i]))
2172                        return __sk_head(&unix_socket_table[*i]);
2173        }
2174        return NULL;
2175}
2176
2177struct unix_iter_state {
2178        struct seq_net_private p;
2179        int i;
2180};
2181
2182static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos)
2183{
2184        struct unix_iter_state *iter = seq->private;
2185        loff_t off = 0;
2186        struct sock *s;
2187
2188        for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
2189                if (sock_net(s) != seq_file_net(seq))
2190                        continue;
2191                if (off == pos)
2192                        return s;
2193                ++off;
2194        }
2195        return NULL;
2196}
2197
2198static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2199        __acquires(unix_table_lock)
2200{
2201        spin_lock(&unix_table_lock);
2202        return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2203}
2204
2205static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2206{
2207        struct unix_iter_state *iter = seq->private;
2208        struct sock *sk = v;
2209        ++*pos;
2210
2211        if (v == SEQ_START_TOKEN)
2212                sk = first_unix_socket(&iter->i);
2213        else
2214                sk = next_unix_socket(&iter->i, sk);
2215        while (sk && (sock_net(sk) != seq_file_net(seq)))
2216                sk = next_unix_socket(&iter->i, sk);
2217        return sk;
2218}
2219
2220static void unix_seq_stop(struct seq_file *seq, void *v)
2221        __releases(unix_table_lock)
2222{
2223        spin_unlock(&unix_table_lock);
2224}
2225
2226static int unix_seq_show(struct seq_file *seq, void *v)
2227{
2228
2229        if (v == SEQ_START_TOKEN)
2230                seq_puts(seq, "Num       RefCount Protocol Flags    Type St "
2231                         "Inode Path\n");
2232        else {
2233                struct sock *s = v;
2234                struct unix_sock *u = unix_sk(s);
2235                unix_state_lock(s);
2236
2237                seq_printf(seq, "%p: %08X %08X %08X %04X %02X %5lu",
2238                        s,
2239                        atomic_read(&s->sk_refcnt),
2240                        0,
2241                        s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2242                        s->sk_type,
2243                        s->sk_socket ?
2244                        (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2245                        (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2246                        sock_i_ino(s));
2247
2248                if (u->addr) {
2249                        int i, len;
2250                        seq_putc(seq, ' ');
2251
2252                        i = 0;
2253                        len = u->addr->len - sizeof(short);
2254                        if (!UNIX_ABSTRACT(s))
2255                                len--;
2256                        else {
2257                                seq_putc(seq, '@');
2258                                i++;
2259                        }
2260                        for ( ; i < len; i++)
2261                                seq_putc(seq, u->addr->name->sun_path[i]);
2262                }
2263                unix_state_unlock(s);
2264                seq_putc(seq, '\n');
2265        }
2266
2267        return 0;
2268}
2269
2270static const struct seq_operations unix_seq_ops = {
2271        .start  = unix_seq_start,
2272        .next   = unix_seq_next,
2273        .stop   = unix_seq_stop,
2274        .show   = unix_seq_show,
2275};
2276
2277static int unix_seq_open(struct inode *inode, struct file *file)
2278{
2279        return seq_open_net(inode, file, &unix_seq_ops,
2280                            sizeof(struct unix_iter_state));
2281}
2282
2283static const struct file_operations unix_seq_fops = {
2284        .owner          = THIS_MODULE,
2285        .open           = unix_seq_open,
2286        .read           = seq_read,
2287        .llseek         = seq_lseek,
2288        .release        = seq_release_net,
2289};
2290
2291#endif
2292
2293static const struct net_proto_family unix_family_ops = {
2294        .family = PF_UNIX,
2295        .create = unix_create,
2296        .owner  = THIS_MODULE,
2297};
2298
2299
2300static int __net_init unix_net_init(struct net *net)
2301{
2302        int error = -ENOMEM;
2303
2304        net->unx.sysctl_max_dgram_qlen = 10;
2305        if (unix_sysctl_register(net))
2306                goto out;
2307
2308#ifdef CONFIG_PROC_FS
2309        if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2310                unix_sysctl_unregister(net);
2311                goto out;
2312        }
2313#endif
2314        error = 0;
2315out:
2316        return error;
2317}
2318
2319static void __net_exit unix_net_exit(struct net *net)
2320{
2321        unix_sysctl_unregister(net);
2322        proc_net_remove(net, "unix");
2323}
2324
2325static struct pernet_operations unix_net_ops = {
2326        .init = unix_net_init,
2327        .exit = unix_net_exit,
2328};
2329
2330static int __init af_unix_init(void)
2331{
2332        int rc = -1;
2333        struct sk_buff *dummy_skb;
2334
2335        BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2336
2337        rc = proto_register(&unix_proto, 1);
2338        if (rc != 0) {
2339                printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2340                       __func__);
2341                goto out;
2342        }
2343
2344        sock_register(&unix_family_ops);
2345        register_pernet_subsys(&unix_net_ops);
2346out:
2347        return rc;
2348}
2349
2350static void __exit af_unix_exit(void)
2351{
2352        sock_unregister(PF_UNIX);
2353        proto_unregister(&unix_proto);
2354        unregister_pernet_subsys(&unix_net_ops);
2355}
2356
2357/* Earlier than device_initcall() so that other drivers invoking
2358   request_module() don't end up in a loop when modprobe tries
2359   to use a UNIX socket. But later than subsys_initcall() because
2360   we depend on stuff initialised there */
2361fs_initcall(af_unix_init);
2362module_exit(af_unix_exit);
2363
2364MODULE_LICENSE("GPL");
2365MODULE_ALIAS_NETPROTO(PF_UNIX);
2366
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.