1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
79
80#include <linux/module.h>
81#include <linux/kernel.h>
82#include <linux/signal.h>
83#include <linux/sched/signal.h>
84#include <linux/errno.h>
85#include <linux/string.h>
86#include <linux/stat.h>
87#include <linux/dcache.h>
88#include <linux/namei.h>
89#include <linux/socket.h>
90#include <linux/un.h>
91#include <linux/fcntl.h>
92#include <linux/termios.h>
93#include <linux/sockios.h>
94#include <linux/net.h>
95#include <linux/in.h>
96#include <linux/fs.h>
97#include <linux/slab.h>
98#include <linux/uaccess.h>
99#include <linux/skbuff.h>
100#include <linux/netdevice.h>
101#include <net/net_namespace.h>
102#include <net/sock.h>
103#include <net/tcp_states.h>
104#include <net/af_unix.h>
105#include <linux/proc_fs.h>
106#include <linux/seq_file.h>
107#include <net/scm.h>
108#include <linux/init.h>
109#include <linux/poll.h>
110#include <linux/rtnetlink.h>
111#include <linux/mount.h>
112#include <net/checksum.h>
113#include <linux/security.h>
114#include <linux/freezer.h>
115#include <linux/file.h>
116
117#include "scm.h"
118
119struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
120EXPORT_SYMBOL_GPL(unix_socket_table);
121DEFINE_SPINLOCK(unix_table_lock);
122EXPORT_SYMBOL_GPL(unix_table_lock);
123static atomic_long_t unix_nr_socks;
124
125
126static struct hlist_head *unix_sockets_unbound(void *addr)
127{
128 unsigned long hash = (unsigned long)addr;
129
130 hash ^= hash >> 16;
131 hash ^= hash >> 8;
132 hash %= UNIX_HASH_SIZE;
133 return &unix_socket_table[UNIX_HASH_SIZE + hash];
134}
135
136#define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
137
138#ifdef CONFIG_SECURITY_NETWORK
139static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
140{
141 UNIXCB(skb).secid = scm->secid;
142}
143
144static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
145{
146 scm->secid = UNIXCB(skb).secid;
147}
148
149static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
150{
151 return (scm->secid == UNIXCB(skb).secid);
152}
153#else
154static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
155{ }
156
157static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
158{ }
159
160static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
161{
162 return true;
163}
164#endif
165
166
167
168
169
170
171
172static inline unsigned int unix_hash_fold(__wsum n)
173{
174 unsigned int hash = (__force unsigned int)csum_fold(n);
175
176 hash ^= hash>>8;
177 return hash&(UNIX_HASH_SIZE-1);
178}
179
180#define unix_peer(sk) (unix_sk(sk)->peer)
181
182static inline int unix_our_peer(struct sock *sk, struct sock *osk)
183{
184 return unix_peer(osk) == sk;
185}
186
187static inline int unix_may_send(struct sock *sk, struct sock *osk)
188{
189 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
190}
191
192static inline int unix_recvq_full(const struct sock *sk)
193{
194 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
195}
196
197static inline int unix_recvq_full_lockless(const struct sock *sk)
198{
199 return skb_queue_len_lockless(&sk->sk_receive_queue) >
200 READ_ONCE(sk->sk_max_ack_backlog);
201}
202
203struct sock *unix_peer_get(struct sock *s)
204{
205 struct sock *peer;
206
207 unix_state_lock(s);
208 peer = unix_peer(s);
209 if (peer)
210 sock_hold(peer);
211 unix_state_unlock(s);
212 return peer;
213}
214EXPORT_SYMBOL_GPL(unix_peer_get);
215
216static inline void unix_release_addr(struct unix_address *addr)
217{
218 if (refcount_dec_and_test(&addr->refcnt))
219 kfree(addr);
220}
221
222
223
224
225
226
227
228
229static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
230{
231 *hashp = 0;
232
233 if (len <= sizeof(short) || len > sizeof(*sunaddr))
234 return -EINVAL;
235 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
236 return -EINVAL;
237 if (sunaddr->sun_path[0]) {
238
239
240
241
242
243
244
245 ((char *)sunaddr)[len] = 0;
246 len = strlen(sunaddr->sun_path)+1+sizeof(short);
247 return len;
248 }
249
250 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
251 return len;
252}
253
254static void __unix_remove_socket(struct sock *sk)
255{
256 sk_del_node_init(sk);
257}
258
259static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
260{
261 WARN_ON(!sk_unhashed(sk));
262 sk_add_node(sk, list);
263}
264
265static void __unix_set_addr(struct sock *sk, struct unix_address *addr,
266 unsigned hash)
267{
268 __unix_remove_socket(sk);
269 smp_store_release(&unix_sk(sk)->addr, addr);
270 __unix_insert_socket(&unix_socket_table[hash], sk);
271}
272
273static inline void unix_remove_socket(struct sock *sk)
274{
275 spin_lock(&unix_table_lock);
276 __unix_remove_socket(sk);
277 spin_unlock(&unix_table_lock);
278}
279
280static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
281{
282 spin_lock(&unix_table_lock);
283 __unix_insert_socket(list, sk);
284 spin_unlock(&unix_table_lock);
285}
286
287static struct sock *__unix_find_socket_byname(struct net *net,
288 struct sockaddr_un *sunname,
289 int len, unsigned int hash)
290{
291 struct sock *s;
292
293 sk_for_each(s, &unix_socket_table[hash]) {
294 struct unix_sock *u = unix_sk(s);
295
296 if (!net_eq(sock_net(s), net))
297 continue;
298
299 if (u->addr->len == len &&
300 !memcmp(u->addr->name, sunname, len))
301 return s;
302 }
303 return NULL;
304}
305
306static inline struct sock *unix_find_socket_byname(struct net *net,
307 struct sockaddr_un *sunname,
308 int len, unsigned int hash)
309{
310 struct sock *s;
311
312 spin_lock(&unix_table_lock);
313 s = __unix_find_socket_byname(net, sunname, len, hash);
314 if (s)
315 sock_hold(s);
316 spin_unlock(&unix_table_lock);
317 return s;
318}
319
320static struct sock *unix_find_socket_byinode(struct inode *i)
321{
322 struct sock *s;
323
324 spin_lock(&unix_table_lock);
325 sk_for_each(s,
326 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
327 struct dentry *dentry = unix_sk(s)->path.dentry;
328
329 if (dentry && d_backing_inode(dentry) == i) {
330 sock_hold(s);
331 goto found;
332 }
333 }
334 s = NULL;
335found:
336 spin_unlock(&unix_table_lock);
337 return s;
338}
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365static int unix_dgram_peer_wake_relay(wait_queue_entry_t *q, unsigned mode, int flags,
366 void *key)
367{
368 struct unix_sock *u;
369 wait_queue_head_t *u_sleep;
370
371 u = container_of(q, struct unix_sock, peer_wake);
372
373 __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait,
374 q);
375 u->peer_wake.private = NULL;
376
377
378 u_sleep = sk_sleep(&u->sk);
379 if (u_sleep)
380 wake_up_interruptible_poll(u_sleep, key_to_poll(key));
381
382 return 0;
383}
384
385static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other)
386{
387 struct unix_sock *u, *u_other;
388 int rc;
389
390 u = unix_sk(sk);
391 u_other = unix_sk(other);
392 rc = 0;
393 spin_lock(&u_other->peer_wait.lock);
394
395 if (!u->peer_wake.private) {
396 u->peer_wake.private = other;
397 __add_wait_queue(&u_other->peer_wait, &u->peer_wake);
398
399 rc = 1;
400 }
401
402 spin_unlock(&u_other->peer_wait.lock);
403 return rc;
404}
405
406static void unix_dgram_peer_wake_disconnect(struct sock *sk,
407 struct sock *other)
408{
409 struct unix_sock *u, *u_other;
410
411 u = unix_sk(sk);
412 u_other = unix_sk(other);
413 spin_lock(&u_other->peer_wait.lock);
414
415 if (u->peer_wake.private == other) {
416 __remove_wait_queue(&u_other->peer_wait, &u->peer_wake);
417 u->peer_wake.private = NULL;
418 }
419
420 spin_unlock(&u_other->peer_wait.lock);
421}
422
423static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk,
424 struct sock *other)
425{
426 unix_dgram_peer_wake_disconnect(sk, other);
427 wake_up_interruptible_poll(sk_sleep(sk),
428 EPOLLOUT |
429 EPOLLWRNORM |
430 EPOLLWRBAND);
431}
432
433
434
435
436
437static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
438{
439 int connected;
440
441 connected = unix_dgram_peer_wake_connect(sk, other);
442
443
444
445
446
447
448 if (unix_recvq_full(other) && !sock_flag(other, SOCK_DEAD))
449 return 1;
450
451 if (connected)
452 unix_dgram_peer_wake_disconnect(sk, other);
453
454 return 0;
455}
456
457static int unix_writable(const struct sock *sk)
458{
459 return sk->sk_state != TCP_LISTEN &&
460 (refcount_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
461}
462
463static void unix_write_space(struct sock *sk)
464{
465 struct socket_wq *wq;
466
467 rcu_read_lock();
468 if (unix_writable(sk)) {
469 wq = rcu_dereference(sk->sk_wq);
470 if (skwq_has_sleeper(wq))
471 wake_up_interruptible_sync_poll(&wq->wait,
472 EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND);
473 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
474 }
475 rcu_read_unlock();
476}
477
478
479
480
481
482static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
483{
484 if (!skb_queue_empty(&sk->sk_receive_queue)) {
485 skb_queue_purge(&sk->sk_receive_queue);
486 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
487
488
489
490
491
492 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
493 other->sk_err = ECONNRESET;
494 sk_error_report(other);
495 }
496 }
497}
498
499static void unix_sock_destructor(struct sock *sk)
500{
501 struct unix_sock *u = unix_sk(sk);
502
503 skb_queue_purge(&sk->sk_receive_queue);
504
505 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
506 WARN_ON(!sk_unhashed(sk));
507 WARN_ON(sk->sk_socket);
508 if (!sock_flag(sk, SOCK_DEAD)) {
509 pr_info("Attempt to release alive unix socket: %p\n", sk);
510 return;
511 }
512
513 if (u->addr)
514 unix_release_addr(u->addr);
515
516 atomic_long_dec(&unix_nr_socks);
517 local_bh_disable();
518 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
519 local_bh_enable();
520#ifdef UNIX_REFCNT_DEBUG
521 pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk,
522 atomic_long_read(&unix_nr_socks));
523#endif
524}
525
526static void unix_release_sock(struct sock *sk, int embrion)
527{
528 struct unix_sock *u = unix_sk(sk);
529 struct path path;
530 struct sock *skpair;
531 struct sk_buff *skb;
532 int state;
533
534 unix_remove_socket(sk);
535
536
537 unix_state_lock(sk);
538 sock_orphan(sk);
539 sk->sk_shutdown = SHUTDOWN_MASK;
540 path = u->path;
541 u->path.dentry = NULL;
542 u->path.mnt = NULL;
543 state = sk->sk_state;
544 sk->sk_state = TCP_CLOSE;
545
546 skpair = unix_peer(sk);
547 unix_peer(sk) = NULL;
548
549 unix_state_unlock(sk);
550
551 wake_up_interruptible_all(&u->peer_wait);
552
553 if (skpair != NULL) {
554 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
555 unix_state_lock(skpair);
556
557 skpair->sk_shutdown = SHUTDOWN_MASK;
558 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
559 skpair->sk_err = ECONNRESET;
560 unix_state_unlock(skpair);
561 skpair->sk_state_change(skpair);
562 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
563 }
564
565 unix_dgram_peer_wake_disconnect(sk, skpair);
566 sock_put(skpair);
567 }
568
569
570
571 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
572 if (state == TCP_LISTEN)
573 unix_release_sock(skb->sk, 1);
574
575 UNIXCB(skb).consumed = skb->len;
576 kfree_skb(skb);
577 }
578
579 if (path.dentry)
580 path_put(&path);
581
582 sock_put(sk);
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597 if (unix_tot_inflight)
598 unix_gc();
599}
600
601static void init_peercred(struct sock *sk)
602{
603 put_pid(sk->sk_peer_pid);
604 if (sk->sk_peer_cred)
605 put_cred(sk->sk_peer_cred);
606 sk->sk_peer_pid = get_pid(task_tgid(current));
607 sk->sk_peer_cred = get_current_cred();
608}
609
610static void copy_peercred(struct sock *sk, struct sock *peersk)
611{
612 put_pid(sk->sk_peer_pid);
613 if (sk->sk_peer_cred)
614 put_cred(sk->sk_peer_cred);
615 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
616 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
617}
618
619static int unix_listen(struct socket *sock, int backlog)
620{
621 int err;
622 struct sock *sk = sock->sk;
623 struct unix_sock *u = unix_sk(sk);
624
625 err = -EOPNOTSUPP;
626 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
627 goto out;
628 err = -EINVAL;
629 if (!u->addr)
630 goto out;
631 unix_state_lock(sk);
632 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
633 goto out_unlock;
634 if (backlog > sk->sk_max_ack_backlog)
635 wake_up_interruptible_all(&u->peer_wait);
636 sk->sk_max_ack_backlog = backlog;
637 sk->sk_state = TCP_LISTEN;
638
639 init_peercred(sk);
640 err = 0;
641
642out_unlock:
643 unix_state_unlock(sk);
644out:
645 return err;
646}
647
648static int unix_release(struct socket *);
649static int unix_bind(struct socket *, struct sockaddr *, int);
650static int unix_stream_connect(struct socket *, struct sockaddr *,
651 int addr_len, int flags);
652static int unix_socketpair(struct socket *, struct socket *);
653static int unix_accept(struct socket *, struct socket *, int, bool);
654static int unix_getname(struct socket *, struct sockaddr *, int);
655static __poll_t unix_poll(struct file *, struct socket *, poll_table *);
656static __poll_t unix_dgram_poll(struct file *, struct socket *,
657 poll_table *);
658static int unix_ioctl(struct socket *, unsigned int, unsigned long);
659#ifdef CONFIG_COMPAT
660static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
661#endif
662static int unix_shutdown(struct socket *, int);
663static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t);
664static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int);
665static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset,
666 size_t size, int flags);
667static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos,
668 struct pipe_inode_info *, size_t size,
669 unsigned int flags);
670static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t);
671static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int);
672static int unix_dgram_connect(struct socket *, struct sockaddr *,
673 int, int);
674static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t);
675static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t,
676 int);
677
678static int unix_set_peek_off(struct sock *sk, int val)
679{
680 struct unix_sock *u = unix_sk(sk);
681
682 if (mutex_lock_interruptible(&u->iolock))
683 return -EINTR;
684
685 sk->sk_peek_off = val;
686 mutex_unlock(&u->iolock);
687
688 return 0;
689}
690
691#ifdef CONFIG_PROC_FS
692static void unix_show_fdinfo(struct seq_file *m, struct socket *sock)
693{
694 struct sock *sk = sock->sk;
695 struct unix_sock *u;
696
697 if (sk) {
698 u = unix_sk(sock->sk);
699 seq_printf(m, "scm_fds: %u\n",
700 atomic_read(&u->scm_stat.nr_fds));
701 }
702}
703#else
704#define unix_show_fdinfo NULL
705#endif
706
707static const struct proto_ops unix_stream_ops = {
708 .family = PF_UNIX,
709 .owner = THIS_MODULE,
710 .release = unix_release,
711 .bind = unix_bind,
712 .connect = unix_stream_connect,
713 .socketpair = unix_socketpair,
714 .accept = unix_accept,
715 .getname = unix_getname,
716 .poll = unix_poll,
717 .ioctl = unix_ioctl,
718#ifdef CONFIG_COMPAT
719 .compat_ioctl = unix_compat_ioctl,
720#endif
721 .listen = unix_listen,
722 .shutdown = unix_shutdown,
723 .sendmsg = unix_stream_sendmsg,
724 .recvmsg = unix_stream_recvmsg,
725 .mmap = sock_no_mmap,
726 .sendpage = unix_stream_sendpage,
727 .splice_read = unix_stream_splice_read,
728 .set_peek_off = unix_set_peek_off,
729 .show_fdinfo = unix_show_fdinfo,
730};
731
732static const struct proto_ops unix_dgram_ops = {
733 .family = PF_UNIX,
734 .owner = THIS_MODULE,
735 .release = unix_release,
736 .bind = unix_bind,
737 .connect = unix_dgram_connect,
738 .socketpair = unix_socketpair,
739 .accept = sock_no_accept,
740 .getname = unix_getname,
741 .poll = unix_dgram_poll,
742 .ioctl = unix_ioctl,
743#ifdef CONFIG_COMPAT
744 .compat_ioctl = unix_compat_ioctl,
745#endif
746 .listen = sock_no_listen,
747 .shutdown = unix_shutdown,
748 .sendmsg = unix_dgram_sendmsg,
749 .recvmsg = unix_dgram_recvmsg,
750 .mmap = sock_no_mmap,
751 .sendpage = sock_no_sendpage,
752 .set_peek_off = unix_set_peek_off,
753 .show_fdinfo = unix_show_fdinfo,
754};
755
756static const struct proto_ops unix_seqpacket_ops = {
757 .family = PF_UNIX,
758 .owner = THIS_MODULE,
759 .release = unix_release,
760 .bind = unix_bind,
761 .connect = unix_stream_connect,
762 .socketpair = unix_socketpair,
763 .accept = unix_accept,
764 .getname = unix_getname,
765 .poll = unix_dgram_poll,
766 .ioctl = unix_ioctl,
767#ifdef CONFIG_COMPAT
768 .compat_ioctl = unix_compat_ioctl,
769#endif
770 .listen = unix_listen,
771 .shutdown = unix_shutdown,
772 .sendmsg = unix_seqpacket_sendmsg,
773 .recvmsg = unix_seqpacket_recvmsg,
774 .mmap = sock_no_mmap,
775 .sendpage = sock_no_sendpage,
776 .set_peek_off = unix_set_peek_off,
777 .show_fdinfo = unix_show_fdinfo,
778};
779
780static struct proto unix_proto = {
781 .name = "UNIX",
782 .owner = THIS_MODULE,
783 .obj_size = sizeof(struct unix_sock),
784};
785
786static struct sock *unix_create1(struct net *net, struct socket *sock, int kern)
787{
788 struct sock *sk = NULL;
789 struct unix_sock *u;
790
791 atomic_long_inc(&unix_nr_socks);
792 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
793 goto out;
794
795 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, kern);
796 if (!sk)
797 goto out;
798
799 sock_init_data(sock, sk);
800
801 sk->sk_allocation = GFP_KERNEL_ACCOUNT;
802 sk->sk_write_space = unix_write_space;
803 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
804 sk->sk_destruct = unix_sock_destructor;
805 u = unix_sk(sk);
806 u->path.dentry = NULL;
807 u->path.mnt = NULL;
808 spin_lock_init(&u->lock);
809 atomic_long_set(&u->inflight, 0);
810 INIT_LIST_HEAD(&u->link);
811 mutex_init(&u->iolock);
812 mutex_init(&u->bindlock);
813 init_waitqueue_head(&u->peer_wait);
814 init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);
815 memset(&u->scm_stat, 0, sizeof(struct scm_stat));
816 unix_insert_socket(unix_sockets_unbound(sk), sk);
817out:
818 if (sk == NULL)
819 atomic_long_dec(&unix_nr_socks);
820 else {
821 local_bh_disable();
822 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
823 local_bh_enable();
824 }
825 return sk;
826}
827
828static int unix_create(struct net *net, struct socket *sock, int protocol,
829 int kern)
830{
831 if (protocol && protocol != PF_UNIX)
832 return -EPROTONOSUPPORT;
833
834 sock->state = SS_UNCONNECTED;
835
836 switch (sock->type) {
837 case SOCK_STREAM:
838 sock->ops = &unix_stream_ops;
839 break;
840
841
842
843
844 case SOCK_RAW:
845 sock->type = SOCK_DGRAM;
846 fallthrough;
847 case SOCK_DGRAM:
848 sock->ops = &unix_dgram_ops;
849 break;
850 case SOCK_SEQPACKET:
851 sock->ops = &unix_seqpacket_ops;
852 break;
853 default:
854 return -ESOCKTNOSUPPORT;
855 }
856
857 return unix_create1(net, sock, kern) ? 0 : -ENOMEM;
858}
859
860static int unix_release(struct socket *sock)
861{
862 struct sock *sk = sock->sk;
863
864 if (!sk)
865 return 0;
866
867 unix_release_sock(sk, 0);
868 sock->sk = NULL;
869
870 return 0;
871}
872
873static int unix_autobind(struct socket *sock)
874{
875 struct sock *sk = sock->sk;
876 struct net *net = sock_net(sk);
877 struct unix_sock *u = unix_sk(sk);
878 static u32 ordernum = 1;
879 struct unix_address *addr;
880 int err;
881 unsigned int retries = 0;
882
883 err = mutex_lock_interruptible(&u->bindlock);
884 if (err)
885 return err;
886
887 if (u->addr)
888 goto out;
889
890 err = -ENOMEM;
891 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
892 if (!addr)
893 goto out;
894
895 addr->name->sun_family = AF_UNIX;
896 refcount_set(&addr->refcnt, 1);
897
898retry:
899 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
900 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
901 addr->hash ^= sk->sk_type;
902
903 spin_lock(&unix_table_lock);
904 ordernum = (ordernum+1)&0xFFFFF;
905
906 if (__unix_find_socket_byname(net, addr->name, addr->len, addr->hash)) {
907 spin_unlock(&unix_table_lock);
908
909
910
911
912 cond_resched();
913
914 if (retries++ == 0xFFFFF) {
915 err = -ENOSPC;
916 kfree(addr);
917 goto out;
918 }
919 goto retry;
920 }
921
922 __unix_set_addr(sk, addr, addr->hash);
923 spin_unlock(&unix_table_lock);
924 err = 0;
925
926out: mutex_unlock(&u->bindlock);
927 return err;
928}
929
930static struct sock *unix_find_other(struct net *net,
931 struct sockaddr_un *sunname, int len,
932 int type, unsigned int hash, int *error)
933{
934 struct sock *u;
935 struct path path;
936 int err = 0;
937
938 if (sunname->sun_path[0]) {
939 struct inode *inode;
940 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
941 if (err)
942 goto fail;
943 inode = d_backing_inode(path.dentry);
944 err = path_permission(&path, MAY_WRITE);
945 if (err)
946 goto put_fail;
947
948 err = -ECONNREFUSED;
949 if (!S_ISSOCK(inode->i_mode))
950 goto put_fail;
951 u = unix_find_socket_byinode(inode);
952 if (!u)
953 goto put_fail;
954
955 if (u->sk_type == type)
956 touch_atime(&path);
957
958 path_put(&path);
959
960 err = -EPROTOTYPE;
961 if (u->sk_type != type) {
962 sock_put(u);
963 goto fail;
964 }
965 } else {
966 err = -ECONNREFUSED;
967 u = unix_find_socket_byname(net, sunname, len, type ^ hash);
968 if (u) {
969 struct dentry *dentry;
970 dentry = unix_sk(u)->path.dentry;
971 if (dentry)
972 touch_atime(&unix_sk(u)->path);
973 } else
974 goto fail;
975 }
976 return u;
977
978put_fail:
979 path_put(&path);
980fail:
981 *error = err;
982 return NULL;
983}
984
985static int unix_bind_bsd(struct sock *sk, struct unix_address *addr)
986{
987 struct unix_sock *u = unix_sk(sk);
988 umode_t mode = S_IFSOCK |
989 (SOCK_INODE(sk->sk_socket)->i_mode & ~current_umask());
990 struct user_namespace *ns;
991 struct path parent;
992 struct dentry *dentry;
993 unsigned int hash;
994 int err;
995
996
997
998
999
1000 dentry = kern_path_create(AT_FDCWD, addr->name->sun_path, &parent, 0);
1001 if (IS_ERR(dentry))
1002 return PTR_ERR(dentry);
1003 ns = mnt_user_ns(parent.mnt);
1004
1005
1006
1007
1008 err = security_path_mknod(&parent, dentry, mode, 0);
1009 if (!err)
1010 err = vfs_mknod(ns, d_inode(parent.dentry), dentry, mode, 0);
1011 if (err)
1012 goto out;
1013 err = mutex_lock_interruptible(&u->bindlock);
1014 if (err)
1015 goto out_unlink;
1016 if (u->addr)
1017 goto out_unlock;
1018
1019 addr->hash = UNIX_HASH_SIZE;
1020 hash = d_backing_inode(dentry)->i_ino & (UNIX_HASH_SIZE - 1);
1021 spin_lock(&unix_table_lock);
1022 u->path.mnt = mntget(parent.mnt);
1023 u->path.dentry = dget(dentry);
1024 __unix_set_addr(sk, addr, hash);
1025 spin_unlock(&unix_table_lock);
1026 mutex_unlock(&u->bindlock);
1027 done_path_create(&parent, dentry);
1028 return 0;
1029
1030out_unlock:
1031 mutex_unlock(&u->bindlock);
1032 err = -EINVAL;
1033out_unlink:
1034
1035 vfs_unlink(ns, d_inode(parent.dentry), dentry, NULL);
1036out:
1037 done_path_create(&parent, dentry);
1038 return err;
1039}
1040
1041static int unix_bind_abstract(struct sock *sk, struct unix_address *addr)
1042{
1043 struct unix_sock *u = unix_sk(sk);
1044 int err;
1045
1046 err = mutex_lock_interruptible(&u->bindlock);
1047 if (err)
1048 return err;
1049
1050 if (u->addr) {
1051 mutex_unlock(&u->bindlock);
1052 return -EINVAL;
1053 }
1054
1055 spin_lock(&unix_table_lock);
1056 if (__unix_find_socket_byname(sock_net(sk), addr->name, addr->len,
1057 addr->hash)) {
1058 spin_unlock(&unix_table_lock);
1059 mutex_unlock(&u->bindlock);
1060 return -EADDRINUSE;
1061 }
1062 __unix_set_addr(sk, addr, addr->hash);
1063 spin_unlock(&unix_table_lock);
1064 mutex_unlock(&u->bindlock);
1065 return 0;
1066}
1067
1068static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1069{
1070 struct sock *sk = sock->sk;
1071 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1072 char *sun_path = sunaddr->sun_path;
1073 int err;
1074 unsigned int hash;
1075 struct unix_address *addr;
1076
1077 if (addr_len < offsetofend(struct sockaddr_un, sun_family) ||
1078 sunaddr->sun_family != AF_UNIX)
1079 return -EINVAL;
1080
1081 if (addr_len == sizeof(short))
1082 return unix_autobind(sock);
1083
1084 err = unix_mkname(sunaddr, addr_len, &hash);
1085 if (err < 0)
1086 return err;
1087 addr_len = err;
1088 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
1089 if (!addr)
1090 return -ENOMEM;
1091
1092 memcpy(addr->name, sunaddr, addr_len);
1093 addr->len = addr_len;
1094 addr->hash = hash ^ sk->sk_type;
1095 refcount_set(&addr->refcnt, 1);
1096
1097 if (sun_path[0])
1098 err = unix_bind_bsd(sk, addr);
1099 else
1100 err = unix_bind_abstract(sk, addr);
1101 if (err)
1102 unix_release_addr(addr);
1103 return err == -EEXIST ? -EADDRINUSE : err;
1104}
1105
1106static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
1107{
1108 if (unlikely(sk1 == sk2) || !sk2) {
1109 unix_state_lock(sk1);
1110 return;
1111 }
1112 if (sk1 < sk2) {
1113 unix_state_lock(sk1);
1114 unix_state_lock_nested(sk2);
1115 } else {
1116 unix_state_lock(sk2);
1117 unix_state_lock_nested(sk1);
1118 }
1119}
1120
1121static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
1122{
1123 if (unlikely(sk1 == sk2) || !sk2) {
1124 unix_state_unlock(sk1);
1125 return;
1126 }
1127 unix_state_unlock(sk1);
1128 unix_state_unlock(sk2);
1129}
1130
1131static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
1132 int alen, int flags)
1133{
1134 struct sock *sk = sock->sk;
1135 struct net *net = sock_net(sk);
1136 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
1137 struct sock *other;
1138 unsigned int hash;
1139 int err;
1140
1141 err = -EINVAL;
1142 if (alen < offsetofend(struct sockaddr, sa_family))
1143 goto out;
1144
1145 if (addr->sa_family != AF_UNSPEC) {
1146 err = unix_mkname(sunaddr, alen, &hash);
1147 if (err < 0)
1148 goto out;
1149 alen = err;
1150
1151 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
1152 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
1153 goto out;
1154
1155restart:
1156 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
1157 if (!other)
1158 goto out;
1159
1160 unix_state_double_lock(sk, other);
1161
1162
1163 if (sock_flag(other, SOCK_DEAD)) {
1164 unix_state_double_unlock(sk, other);
1165 sock_put(other);
1166 goto restart;
1167 }
1168
1169 err = -EPERM;
1170 if (!unix_may_send(sk, other))
1171 goto out_unlock;
1172
1173 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1174 if (err)
1175 goto out_unlock;
1176
1177 } else {
1178
1179
1180
1181 other = NULL;
1182 unix_state_double_lock(sk, other);
1183 }
1184
1185
1186
1187
1188 if (unix_peer(sk)) {
1189 struct sock *old_peer = unix_peer(sk);
1190 unix_peer(sk) = other;
1191 unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer);
1192
1193 unix_state_double_unlock(sk, other);
1194
1195 if (other != old_peer)
1196 unix_dgram_disconnected(sk, old_peer);
1197 sock_put(old_peer);
1198 } else {
1199 unix_peer(sk) = other;
1200 unix_state_double_unlock(sk, other);
1201 }
1202 return 0;
1203
1204out_unlock:
1205 unix_state_double_unlock(sk, other);
1206 sock_put(other);
1207out:
1208 return err;
1209}
1210
1211static long unix_wait_for_peer(struct sock *other, long timeo)
1212 __releases(&unix_sk(other)->lock)
1213{
1214 struct unix_sock *u = unix_sk(other);
1215 int sched;
1216 DEFINE_WAIT(wait);
1217
1218 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1219
1220 sched = !sock_flag(other, SOCK_DEAD) &&
1221 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1222 unix_recvq_full(other);
1223
1224 unix_state_unlock(other);
1225
1226 if (sched)
1227 timeo = schedule_timeout(timeo);
1228
1229 finish_wait(&u->peer_wait, &wait);
1230 return timeo;
1231}
1232
1233static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1234 int addr_len, int flags)
1235{
1236 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1237 struct sock *sk = sock->sk;
1238 struct net *net = sock_net(sk);
1239 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1240 struct sock *newsk = NULL;
1241 struct sock *other = NULL;
1242 struct sk_buff *skb = NULL;
1243 unsigned int hash;
1244 int st;
1245 int err;
1246 long timeo;
1247
1248 err = unix_mkname(sunaddr, addr_len, &hash);
1249 if (err < 0)
1250 goto out;
1251 addr_len = err;
1252
1253 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1254 (err = unix_autobind(sock)) != 0)
1255 goto out;
1256
1257 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1258
1259
1260
1261
1262
1263
1264 err = -ENOMEM;
1265
1266
1267 newsk = unix_create1(sock_net(sk), NULL, 0);
1268 if (newsk == NULL)
1269 goto out;
1270
1271
1272 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1273 if (skb == NULL)
1274 goto out;
1275
1276restart:
1277
1278 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1279 if (!other)
1280 goto out;
1281
1282
1283 unix_state_lock(other);
1284
1285
1286 if (sock_flag(other, SOCK_DEAD)) {
1287 unix_state_unlock(other);
1288 sock_put(other);
1289 goto restart;
1290 }
1291
1292 err = -ECONNREFUSED;
1293 if (other->sk_state != TCP_LISTEN)
1294 goto out_unlock;
1295 if (other->sk_shutdown & RCV_SHUTDOWN)
1296 goto out_unlock;
1297
1298 if (unix_recvq_full(other)) {
1299 err = -EAGAIN;
1300 if (!timeo)
1301 goto out_unlock;
1302
1303 timeo = unix_wait_for_peer(other, timeo);
1304
1305 err = sock_intr_errno(timeo);
1306 if (signal_pending(current))
1307 goto out;
1308 sock_put(other);
1309 goto restart;
1310 }
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323 st = sk->sk_state;
1324
1325 switch (st) {
1326 case TCP_CLOSE:
1327
1328 break;
1329 case TCP_ESTABLISHED:
1330
1331 err = -EISCONN;
1332 goto out_unlock;
1333 default:
1334 err = -EINVAL;
1335 goto out_unlock;
1336 }
1337
1338 unix_state_lock_nested(sk);
1339
1340 if (sk->sk_state != st) {
1341 unix_state_unlock(sk);
1342 unix_state_unlock(other);
1343 sock_put(other);
1344 goto restart;
1345 }
1346
1347 err = security_unix_stream_connect(sk, other, newsk);
1348 if (err) {
1349 unix_state_unlock(sk);
1350 goto out_unlock;
1351 }
1352
1353
1354
1355 sock_hold(sk);
1356 unix_peer(newsk) = sk;
1357 newsk->sk_state = TCP_ESTABLISHED;
1358 newsk->sk_type = sk->sk_type;
1359 init_peercred(newsk);
1360 newu = unix_sk(newsk);
1361 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1362 otheru = unix_sk(other);
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381 if (otheru->path.dentry) {
1382 path_get(&otheru->path);
1383 newu->path = otheru->path;
1384 }
1385 refcount_inc(&otheru->addr->refcnt);
1386 smp_store_release(&newu->addr, otheru->addr);
1387
1388
1389 copy_peercred(sk, other);
1390
1391 sock->state = SS_CONNECTED;
1392 sk->sk_state = TCP_ESTABLISHED;
1393 sock_hold(newsk);
1394
1395 smp_mb__after_atomic();
1396 unix_peer(sk) = newsk;
1397
1398 unix_state_unlock(sk);
1399
1400
1401 spin_lock(&other->sk_receive_queue.lock);
1402 __skb_queue_tail(&other->sk_receive_queue, skb);
1403 spin_unlock(&other->sk_receive_queue.lock);
1404 unix_state_unlock(other);
1405 other->sk_data_ready(other);
1406 sock_put(other);
1407 return 0;
1408
1409out_unlock:
1410 if (other)
1411 unix_state_unlock(other);
1412
1413out:
1414 kfree_skb(skb);
1415 if (newsk)
1416 unix_release_sock(newsk, 0);
1417 if (other)
1418 sock_put(other);
1419 return err;
1420}
1421
1422static int unix_socketpair(struct socket *socka, struct socket *sockb)
1423{
1424 struct sock *ska = socka->sk, *skb = sockb->sk;
1425
1426
1427 sock_hold(ska);
1428 sock_hold(skb);
1429 unix_peer(ska) = skb;
1430 unix_peer(skb) = ska;
1431 init_peercred(ska);
1432 init_peercred(skb);
1433
1434 if (ska->sk_type != SOCK_DGRAM) {
1435 ska->sk_state = TCP_ESTABLISHED;
1436 skb->sk_state = TCP_ESTABLISHED;
1437 socka->state = SS_CONNECTED;
1438 sockb->state = SS_CONNECTED;
1439 }
1440 return 0;
1441}
1442
1443static void unix_sock_inherit_flags(const struct socket *old,
1444 struct socket *new)
1445{
1446 if (test_bit(SOCK_PASSCRED, &old->flags))
1447 set_bit(SOCK_PASSCRED, &new->flags);
1448 if (test_bit(SOCK_PASSSEC, &old->flags))
1449 set_bit(SOCK_PASSSEC, &new->flags);
1450}
1451
1452static int unix_accept(struct socket *sock, struct socket *newsock, int flags,
1453 bool kern)
1454{
1455 struct sock *sk = sock->sk;
1456 struct sock *tsk;
1457 struct sk_buff *skb;
1458 int err;
1459
1460 err = -EOPNOTSUPP;
1461 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1462 goto out;
1463
1464 err = -EINVAL;
1465 if (sk->sk_state != TCP_LISTEN)
1466 goto out;
1467
1468
1469
1470
1471
1472 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1473 if (!skb) {
1474
1475 if (err == 0)
1476 err = -EINVAL;
1477 goto out;
1478 }
1479
1480 tsk = skb->sk;
1481 skb_free_datagram(sk, skb);
1482 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1483
1484
1485 unix_state_lock(tsk);
1486 newsock->state = SS_CONNECTED;
1487 unix_sock_inherit_flags(sock, newsock);
1488 sock_graft(tsk, newsock);
1489 unix_state_unlock(tsk);
1490 return 0;
1491
1492out:
1493 return err;
1494}
1495
1496
1497static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer)
1498{
1499 struct sock *sk = sock->sk;
1500 struct unix_address *addr;
1501 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1502 int err = 0;
1503
1504 if (peer) {
1505 sk = unix_peer_get(sk);
1506
1507 err = -ENOTCONN;
1508 if (!sk)
1509 goto out;
1510 err = 0;
1511 } else {
1512 sock_hold(sk);
1513 }
1514
1515 addr = smp_load_acquire(&unix_sk(sk)->addr);
1516 if (!addr) {
1517 sunaddr->sun_family = AF_UNIX;
1518 sunaddr->sun_path[0] = 0;
1519 err = sizeof(short);
1520 } else {
1521 err = addr->len;
1522 memcpy(sunaddr, addr->name, addr->len);
1523 }
1524 sock_put(sk);
1525out:
1526 return err;
1527}
1528
1529static void unix_peek_fds(struct scm_cookie *scm, struct sk_buff *skb)
1530{
1531 scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572 spin_lock(&unix_gc_lock);
1573 spin_unlock(&unix_gc_lock);
1574}
1575
1576static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1577{
1578 int err = 0;
1579
1580 UNIXCB(skb).pid = get_pid(scm->pid);
1581 UNIXCB(skb).uid = scm->creds.uid;
1582 UNIXCB(skb).gid = scm->creds.gid;
1583 UNIXCB(skb).fp = NULL;
1584 unix_get_secdata(scm, skb);
1585 if (scm->fp && send_fds)
1586 err = unix_attach_fds(scm, skb);
1587
1588 skb->destructor = unix_destruct_scm;
1589 return err;
1590}
1591
1592static bool unix_passcred_enabled(const struct socket *sock,
1593 const struct sock *other)
1594{
1595 return test_bit(SOCK_PASSCRED, &sock->flags) ||
1596 !other->sk_socket ||
1597 test_bit(SOCK_PASSCRED, &other->sk_socket->flags);
1598}
1599
1600
1601
1602
1603
1604
1605static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1606 const struct sock *other)
1607{
1608 if (UNIXCB(skb).pid)
1609 return;
1610 if (unix_passcred_enabled(sock, other)) {
1611 UNIXCB(skb).pid = get_pid(task_tgid(current));
1612 current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid);
1613 }
1614}
1615
1616static int maybe_init_creds(struct scm_cookie *scm,
1617 struct socket *socket,
1618 const struct sock *other)
1619{
1620 int err;
1621 struct msghdr msg = { .msg_controllen = 0 };
1622
1623 err = scm_send(socket, &msg, scm, false);
1624 if (err)
1625 return err;
1626
1627 if (unix_passcred_enabled(socket, other)) {
1628 scm->pid = get_pid(task_tgid(current));
1629 current_uid_gid(&scm->creds.uid, &scm->creds.gid);
1630 }
1631 return err;
1632}
1633
1634static bool unix_skb_scm_eq(struct sk_buff *skb,
1635 struct scm_cookie *scm)
1636{
1637 const struct unix_skb_parms *u = &UNIXCB(skb);
1638
1639 return u->pid == scm->pid &&
1640 uid_eq(u->uid, scm->creds.uid) &&
1641 gid_eq(u->gid, scm->creds.gid) &&
1642 unix_secdata_eq(scm, skb);
1643}
1644
1645static void scm_stat_add(struct sock *sk, struct sk_buff *skb)
1646{
1647 struct scm_fp_list *fp = UNIXCB(skb).fp;
1648 struct unix_sock *u = unix_sk(sk);
1649
1650 if (unlikely(fp && fp->count))
1651 atomic_add(fp->count, &u->scm_stat.nr_fds);
1652}
1653
1654static void scm_stat_del(struct sock *sk, struct sk_buff *skb)
1655{
1656 struct scm_fp_list *fp = UNIXCB(skb).fp;
1657 struct unix_sock *u = unix_sk(sk);
1658
1659 if (unlikely(fp && fp->count))
1660 atomic_sub(fp->count, &u->scm_stat.nr_fds);
1661}
1662
1663
1664
1665
1666
1667static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
1668 size_t len)
1669{
1670 struct sock *sk = sock->sk;
1671 struct net *net = sock_net(sk);
1672 struct unix_sock *u = unix_sk(sk);
1673 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
1674 struct sock *other = NULL;
1675 int namelen = 0;
1676 int err;
1677 unsigned int hash;
1678 struct sk_buff *skb;
1679 long timeo;
1680 struct scm_cookie scm;
1681 int data_len = 0;
1682 int sk_locked;
1683
1684 wait_for_unix_gc();
1685 err = scm_send(sock, msg, &scm, false);
1686 if (err < 0)
1687 return err;
1688
1689 err = -EOPNOTSUPP;
1690 if (msg->msg_flags&MSG_OOB)
1691 goto out;
1692
1693 if (msg->msg_namelen) {
1694 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1695 if (err < 0)
1696 goto out;
1697 namelen = err;
1698 } else {
1699 sunaddr = NULL;
1700 err = -ENOTCONN;
1701 other = unix_peer_get(sk);
1702 if (!other)
1703 goto out;
1704 }
1705
1706 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1707 && (err = unix_autobind(sock)) != 0)
1708 goto out;
1709
1710 err = -EMSGSIZE;
1711 if (len > sk->sk_sndbuf - 32)
1712 goto out;
1713
1714 if (len > SKB_MAX_ALLOC) {
1715 data_len = min_t(size_t,
1716 len - SKB_MAX_ALLOC,
1717 MAX_SKB_FRAGS * PAGE_SIZE);
1718 data_len = PAGE_ALIGN(data_len);
1719
1720 BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE);
1721 }
1722
1723 skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1724 msg->msg_flags & MSG_DONTWAIT, &err,
1725 PAGE_ALLOC_COSTLY_ORDER);
1726 if (skb == NULL)
1727 goto out;
1728
1729 err = unix_scm_to_skb(&scm, skb, true);
1730 if (err < 0)
1731 goto out_free;
1732
1733 skb_put(skb, len - data_len);
1734 skb->data_len = data_len;
1735 skb->len = len;
1736 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len);
1737 if (err)
1738 goto out_free;
1739
1740 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1741
1742restart:
1743 if (!other) {
1744 err = -ECONNRESET;
1745 if (sunaddr == NULL)
1746 goto out_free;
1747
1748 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1749 hash, &err);
1750 if (other == NULL)
1751 goto out_free;
1752 }
1753
1754 if (sk_filter(other, skb) < 0) {
1755
1756 err = len;
1757 goto out_free;
1758 }
1759
1760 sk_locked = 0;
1761 unix_state_lock(other);
1762restart_locked:
1763 err = -EPERM;
1764 if (!unix_may_send(sk, other))
1765 goto out_unlock;
1766
1767 if (unlikely(sock_flag(other, SOCK_DEAD))) {
1768
1769
1770
1771
1772 unix_state_unlock(other);
1773 sock_put(other);
1774
1775 if (!sk_locked)
1776 unix_state_lock(sk);
1777
1778 err = 0;
1779 if (unix_peer(sk) == other) {
1780 unix_peer(sk) = NULL;
1781 unix_dgram_peer_wake_disconnect_wakeup(sk, other);
1782
1783 unix_state_unlock(sk);
1784
1785 unix_dgram_disconnected(sk, other);
1786 sock_put(other);
1787 err = -ECONNREFUSED;
1788 } else {
1789 unix_state_unlock(sk);
1790 }
1791
1792 other = NULL;
1793 if (err)
1794 goto out_free;
1795 goto restart;
1796 }
1797
1798 err = -EPIPE;
1799 if (other->sk_shutdown & RCV_SHUTDOWN)
1800 goto out_unlock;
1801
1802 if (sk->sk_type != SOCK_SEQPACKET) {
1803 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1804 if (err)
1805 goto out_unlock;
1806 }
1807
1808
1809
1810
1811
1812 if (other != sk &&
1813 unlikely(unix_peer(other) != sk &&
1814 unix_recvq_full_lockless(other))) {
1815 if (timeo) {
1816 timeo = unix_wait_for_peer(other, timeo);
1817
1818 err = sock_intr_errno(timeo);
1819 if (signal_pending(current))
1820 goto out_free;
1821
1822 goto restart;
1823 }
1824
1825 if (!sk_locked) {
1826 unix_state_unlock(other);
1827 unix_state_double_lock(sk, other);
1828 }
1829
1830 if (unix_peer(sk) != other ||
1831 unix_dgram_peer_wake_me(sk, other)) {
1832 err = -EAGAIN;
1833 sk_locked = 1;
1834 goto out_unlock;
1835 }
1836
1837 if (!sk_locked) {
1838 sk_locked = 1;
1839 goto restart_locked;
1840 }
1841 }
1842
1843 if (unlikely(sk_locked))
1844 unix_state_unlock(sk);
1845
1846 if (sock_flag(other, SOCK_RCVTSTAMP))
1847 __net_timestamp(skb);
1848 maybe_add_creds(skb, sock, other);
1849 scm_stat_add(other, skb);
1850 skb_queue_tail(&other->sk_receive_queue, skb);
1851 unix_state_unlock(other);
1852 other->sk_data_ready(other);
1853 sock_put(other);
1854 scm_destroy(&scm);
1855 return len;
1856
1857out_unlock:
1858 if (sk_locked)
1859 unix_state_unlock(sk);
1860 unix_state_unlock(other);
1861out_free:
1862 kfree_skb(skb);
1863out:
1864 if (other)
1865 sock_put(other);
1866 scm_destroy(&scm);
1867 return err;
1868}
1869
1870
1871
1872
1873#define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768))
1874
1875static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
1876 size_t len)
1877{
1878 struct sock *sk = sock->sk;
1879 struct sock *other = NULL;
1880 int err, size;
1881 struct sk_buff *skb;
1882 int sent = 0;
1883 struct scm_cookie scm;
1884 bool fds_sent = false;
1885 int data_len;
1886
1887 wait_for_unix_gc();
1888 err = scm_send(sock, msg, &scm, false);
1889 if (err < 0)
1890 return err;
1891
1892 err = -EOPNOTSUPP;
1893 if (msg->msg_flags&MSG_OOB)
1894 goto out_err;
1895
1896 if (msg->msg_namelen) {
1897 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1898 goto out_err;
1899 } else {
1900 err = -ENOTCONN;
1901 other = unix_peer(sk);
1902 if (!other)
1903 goto out_err;
1904 }
1905
1906 if (sk->sk_shutdown & SEND_SHUTDOWN)
1907 goto pipe_err;
1908
1909 while (sent < len) {
1910 size = len - sent;
1911
1912
1913 size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64);
1914
1915
1916 size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ);
1917
1918 data_len = max_t(int, 0, size - SKB_MAX_HEAD(0));
1919
1920 data_len = min_t(size_t, size, PAGE_ALIGN(data_len));
1921
1922 skb = sock_alloc_send_pskb(sk, size - data_len, data_len,
1923 msg->msg_flags & MSG_DONTWAIT, &err,
1924 get_order(UNIX_SKB_FRAGS_SZ));
1925 if (!skb)
1926 goto out_err;
1927
1928
1929 err = unix_scm_to_skb(&scm, skb, !fds_sent);
1930 if (err < 0) {
1931 kfree_skb(skb);
1932 goto out_err;
1933 }
1934 fds_sent = true;
1935
1936 skb_put(skb, size - data_len);
1937 skb->data_len = data_len;
1938 skb->len = size;
1939 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size);
1940 if (err) {
1941 kfree_skb(skb);
1942 goto out_err;
1943 }
1944
1945 unix_state_lock(other);
1946
1947 if (sock_flag(other, SOCK_DEAD) ||
1948 (other->sk_shutdown & RCV_SHUTDOWN))
1949 goto pipe_err_free;
1950
1951 maybe_add_creds(skb, sock, other);
1952 scm_stat_add(other, skb);
1953 skb_queue_tail(&other->sk_receive_queue, skb);
1954 unix_state_unlock(other);
1955 other->sk_data_ready(other);
1956 sent += size;
1957 }
1958
1959 scm_destroy(&scm);
1960
1961 return sent;
1962
1963pipe_err_free:
1964 unix_state_unlock(other);
1965 kfree_skb(skb);
1966pipe_err:
1967 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1968 send_sig(SIGPIPE, current, 0);
1969 err = -EPIPE;
1970out_err:
1971 scm_destroy(&scm);
1972 return sent ? : err;
1973}
1974
1975static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page,
1976 int offset, size_t size, int flags)
1977{
1978 int err;
1979 bool send_sigpipe = false;
1980 bool init_scm = true;
1981 struct scm_cookie scm;
1982 struct sock *other, *sk = socket->sk;
1983 struct sk_buff *skb, *newskb = NULL, *tail = NULL;
1984
1985 if (flags & MSG_OOB)
1986 return -EOPNOTSUPP;
1987
1988 other = unix_peer(sk);
1989 if (!other || sk->sk_state != TCP_ESTABLISHED)
1990 return -ENOTCONN;
1991
1992 if (false) {
1993alloc_skb:
1994 unix_state_unlock(other);
1995 mutex_unlock(&unix_sk(other)->iolock);
1996 newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT,
1997 &err, 0);
1998 if (!newskb)
1999 goto err;
2000 }
2001
2002
2003
2004
2005 err = mutex_lock_interruptible(&unix_sk(other)->iolock);
2006 if (err) {
2007 err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS;
2008 goto err;
2009 }
2010
2011 if (sk->sk_shutdown & SEND_SHUTDOWN) {
2012 err = -EPIPE;
2013 send_sigpipe = true;
2014 goto err_unlock;
2015 }
2016
2017 unix_state_lock(other);
2018
2019 if (sock_flag(other, SOCK_DEAD) ||
2020 other->sk_shutdown & RCV_SHUTDOWN) {
2021 err = -EPIPE;
2022 send_sigpipe = true;
2023 goto err_state_unlock;
2024 }
2025
2026 if (init_scm) {
2027 err = maybe_init_creds(&scm, socket, other);
2028 if (err)
2029 goto err_state_unlock;
2030 init_scm = false;
2031 }
2032
2033 skb = skb_peek_tail(&other->sk_receive_queue);
2034 if (tail && tail == skb) {
2035 skb = newskb;
2036 } else if (!skb || !unix_skb_scm_eq(skb, &scm)) {
2037 if (newskb) {
2038 skb = newskb;
2039 } else {
2040 tail = skb;
2041 goto alloc_skb;
2042 }
2043 } else if (newskb) {
2044
2045
2046
2047
2048 consume_skb(newskb);
2049 newskb = NULL;
2050 }
2051
2052 if (skb_append_pagefrags(skb, page, offset, size)) {
2053 tail = skb;
2054 goto alloc_skb;
2055 }
2056
2057 skb->len += size;
2058 skb->data_len += size;
2059 skb->truesize += size;
2060 refcount_add(size, &sk->sk_wmem_alloc);
2061
2062 if (newskb) {
2063 err = unix_scm_to_skb(&scm, skb, false);
2064 if (err)
2065 goto err_state_unlock;
2066 spin_lock(&other->sk_receive_queue.lock);
2067 __skb_queue_tail(&other->sk_receive_queue, newskb);
2068 spin_unlock(&other->sk_receive_queue.lock);
2069 }
2070
2071 unix_state_unlock(other);
2072 mutex_unlock(&unix_sk(other)->iolock);
2073
2074 other->sk_data_ready(other);
2075 scm_destroy(&scm);
2076 return size;
2077
2078err_state_unlock:
2079 unix_state_unlock(other);
2080err_unlock:
2081 mutex_unlock(&unix_sk(other)->iolock);
2082err:
2083 kfree_skb(newskb);
2084 if (send_sigpipe && !(flags & MSG_NOSIGNAL))
2085 send_sig(SIGPIPE, current, 0);
2086 if (!init_scm)
2087 scm_destroy(&scm);
2088 return err;
2089}
2090
2091static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
2092 size_t len)
2093{
2094 int err;
2095 struct sock *sk = sock->sk;
2096
2097 err = sock_error(sk);
2098 if (err)
2099 return err;
2100
2101 if (sk->sk_state != TCP_ESTABLISHED)
2102 return -ENOTCONN;
2103
2104 if (msg->msg_namelen)
2105 msg->msg_namelen = 0;
2106
2107 return unix_dgram_sendmsg(sock, msg, len);
2108}
2109
2110static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg,
2111 size_t size, int flags)
2112{
2113 struct sock *sk = sock->sk;
2114
2115 if (sk->sk_state != TCP_ESTABLISHED)
2116 return -ENOTCONN;
2117
2118 return unix_dgram_recvmsg(sock, msg, size, flags);
2119}
2120
2121static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
2122{
2123 struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr);
2124
2125 if (addr) {
2126 msg->msg_namelen = addr->len;
2127 memcpy(msg->msg_name, addr->name, addr->len);
2128 }
2129}
2130
2131static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg,
2132 size_t size, int flags)
2133{
2134 struct scm_cookie scm;
2135 struct sock *sk = sock->sk;
2136 struct unix_sock *u = unix_sk(sk);
2137 struct sk_buff *skb, *last;
2138 long timeo;
2139 int skip;
2140 int err;
2141
2142 err = -EOPNOTSUPP;
2143 if (flags&MSG_OOB)
2144 goto out;
2145
2146 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
2147
2148 do {
2149 mutex_lock(&u->iolock);
2150
2151 skip = sk_peek_offset(sk, flags);
2152 skb = __skb_try_recv_datagram(sk, &sk->sk_receive_queue, flags,
2153 &skip, &err, &last);
2154 if (skb) {
2155 if (!(flags & MSG_PEEK))
2156 scm_stat_del(sk, skb);
2157 break;
2158 }
2159
2160 mutex_unlock(&u->iolock);
2161
2162 if (err != -EAGAIN)
2163 break;
2164 } while (timeo &&
2165 !__skb_wait_for_more_packets(sk, &sk->sk_receive_queue,
2166 &err, &timeo, last));
2167
2168 if (!skb) {
2169 unix_state_lock(sk);
2170
2171 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
2172 (sk->sk_shutdown & RCV_SHUTDOWN))
2173 err = 0;
2174 unix_state_unlock(sk);
2175 goto out;
2176 }
2177
2178 if (wq_has_sleeper(&u->peer_wait))
2179 wake_up_interruptible_sync_poll(&u->peer_wait,
2180 EPOLLOUT | EPOLLWRNORM |
2181 EPOLLWRBAND);
2182
2183 if (msg->msg_name)
2184 unix_copy_addr(msg, skb->sk);
2185
2186 if (size > skb->len - skip)
2187 size = skb->len - skip;
2188 else if (size < skb->len - skip)
2189 msg->msg_flags |= MSG_TRUNC;
2190
2191 err = skb_copy_datagram_msg(skb, skip, msg, size);
2192 if (err)
2193 goto out_free;
2194
2195 if (sock_flag(sk, SOCK_RCVTSTAMP))
2196 __sock_recv_timestamp(msg, sk, skb);
2197
2198 memset(&scm, 0, sizeof(scm));
2199
2200 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2201 unix_set_secdata(&scm, skb);
2202
2203 if (!(flags & MSG_PEEK)) {
2204 if (UNIXCB(skb).fp)
2205 unix_detach_fds(&scm, skb);
2206
2207 sk_peek_offset_bwd(sk, skb->len);
2208 } else {
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222 sk_peek_offset_fwd(sk, size);
2223
2224 if (UNIXCB(skb).fp)
2225 unix_peek_fds(&scm, skb);
2226 }
2227 err = (flags & MSG_TRUNC) ? skb->len - skip : size;
2228
2229 scm_recv(sock, msg, &scm, flags);
2230
2231out_free:
2232 skb_free_datagram(sk, skb);
2233 mutex_unlock(&u->iolock);
2234out:
2235 return err;
2236}
2237
2238
2239
2240
2241static long unix_stream_data_wait(struct sock *sk, long timeo,
2242 struct sk_buff *last, unsigned int last_len,
2243 bool freezable)
2244{
2245 struct sk_buff *tail;
2246 DEFINE_WAIT(wait);
2247
2248 unix_state_lock(sk);
2249
2250 for (;;) {
2251 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2252
2253 tail = skb_peek_tail(&sk->sk_receive_queue);
2254 if (tail != last ||
2255 (tail && tail->len != last_len) ||
2256 sk->sk_err ||
2257 (sk->sk_shutdown & RCV_SHUTDOWN) ||
2258 signal_pending(current) ||
2259 !timeo)
2260 break;
2261
2262 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2263 unix_state_unlock(sk);
2264 if (freezable)
2265 timeo = freezable_schedule_timeout(timeo);
2266 else
2267 timeo = schedule_timeout(timeo);
2268 unix_state_lock(sk);
2269
2270 if (sock_flag(sk, SOCK_DEAD))
2271 break;
2272
2273 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2274 }
2275
2276 finish_wait(sk_sleep(sk), &wait);
2277 unix_state_unlock(sk);
2278 return timeo;
2279}
2280
2281static unsigned int unix_skb_len(const struct sk_buff *skb)
2282{
2283 return skb->len - UNIXCB(skb).consumed;
2284}
2285
2286struct unix_stream_read_state {
2287 int (*recv_actor)(struct sk_buff *, int, int,
2288 struct unix_stream_read_state *);
2289 struct socket *socket;
2290 struct msghdr *msg;
2291 struct pipe_inode_info *pipe;
2292 size_t size;
2293 int flags;
2294 unsigned int splice_flags;
2295};
2296
2297static int unix_stream_read_generic(struct unix_stream_read_state *state,
2298 bool freezable)
2299{
2300 struct scm_cookie scm;
2301 struct socket *sock = state->socket;
2302 struct sock *sk = sock->sk;
2303 struct unix_sock *u = unix_sk(sk);
2304 int copied = 0;
2305 int flags = state->flags;
2306 int noblock = flags & MSG_DONTWAIT;
2307 bool check_creds = false;
2308 int target;
2309 int err = 0;
2310 long timeo;
2311 int skip;
2312 size_t size = state->size;
2313 unsigned int last_len;
2314
2315 if (unlikely(sk->sk_state != TCP_ESTABLISHED)) {
2316 err = -EINVAL;
2317 goto out;
2318 }
2319
2320 if (unlikely(flags & MSG_OOB)) {
2321 err = -EOPNOTSUPP;
2322 goto out;
2323 }
2324
2325 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
2326 timeo = sock_rcvtimeo(sk, noblock);
2327
2328 memset(&scm, 0, sizeof(scm));
2329
2330
2331
2332
2333 mutex_lock(&u->iolock);
2334
2335 skip = max(sk_peek_offset(sk, flags), 0);
2336
2337 do {
2338 int chunk;
2339 bool drop_skb;
2340 struct sk_buff *skb, *last;
2341
2342redo:
2343 unix_state_lock(sk);
2344 if (sock_flag(sk, SOCK_DEAD)) {
2345 err = -ECONNRESET;
2346 goto unlock;
2347 }
2348 last = skb = skb_peek(&sk->sk_receive_queue);
2349 last_len = last ? last->len : 0;
2350again:
2351 if (skb == NULL) {
2352 if (copied >= target)
2353 goto unlock;
2354
2355
2356
2357
2358
2359 err = sock_error(sk);
2360 if (err)
2361 goto unlock;
2362 if (sk->sk_shutdown & RCV_SHUTDOWN)
2363 goto unlock;
2364
2365 unix_state_unlock(sk);
2366 if (!timeo) {
2367 err = -EAGAIN;
2368 break;
2369 }
2370
2371 mutex_unlock(&u->iolock);
2372
2373 timeo = unix_stream_data_wait(sk, timeo, last,
2374 last_len, freezable);
2375
2376 if (signal_pending(current)) {
2377 err = sock_intr_errno(timeo);
2378 scm_destroy(&scm);
2379 goto out;
2380 }
2381
2382 mutex_lock(&u->iolock);
2383 goto redo;
2384unlock:
2385 unix_state_unlock(sk);
2386 break;
2387 }
2388
2389 while (skip >= unix_skb_len(skb)) {
2390 skip -= unix_skb_len(skb);
2391 last = skb;
2392 last_len = skb->len;
2393 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2394 if (!skb)
2395 goto again;
2396 }
2397
2398 unix_state_unlock(sk);
2399
2400 if (check_creds) {
2401
2402 if (!unix_skb_scm_eq(skb, &scm))
2403 break;
2404 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
2405
2406 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2407 unix_set_secdata(&scm, skb);
2408 check_creds = true;
2409 }
2410
2411
2412 if (state->msg && state->msg->msg_name) {
2413 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
2414 state->msg->msg_name);
2415 unix_copy_addr(state->msg, skb->sk);
2416 sunaddr = NULL;
2417 }
2418
2419 chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
2420 skb_get(skb);
2421 chunk = state->recv_actor(skb, skip, chunk, state);
2422 drop_skb = !unix_skb_len(skb);
2423
2424 consume_skb(skb);
2425 if (chunk < 0) {
2426 if (copied == 0)
2427 copied = -EFAULT;
2428 break;
2429 }
2430 copied += chunk;
2431 size -= chunk;
2432
2433 if (drop_skb) {
2434
2435
2436
2437
2438
2439
2440
2441 err = 0;
2442 break;
2443 }
2444
2445
2446 if (!(flags & MSG_PEEK)) {
2447 UNIXCB(skb).consumed += chunk;
2448
2449 sk_peek_offset_bwd(sk, chunk);
2450
2451 if (UNIXCB(skb).fp) {
2452 scm_stat_del(sk, skb);
2453 unix_detach_fds(&scm, skb);
2454 }
2455
2456 if (unix_skb_len(skb))
2457 break;
2458
2459 skb_unlink(skb, &sk->sk_receive_queue);
2460 consume_skb(skb);
2461
2462 if (scm.fp)
2463 break;
2464 } else {
2465
2466
2467 if (UNIXCB(skb).fp)
2468 unix_peek_fds(&scm, skb);
2469
2470 sk_peek_offset_fwd(sk, chunk);
2471
2472 if (UNIXCB(skb).fp)
2473 break;
2474
2475 skip = 0;
2476 last = skb;
2477 last_len = skb->len;
2478 unix_state_lock(sk);
2479 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2480 if (skb)
2481 goto again;
2482 unix_state_unlock(sk);
2483 break;
2484 }
2485 } while (size);
2486
2487 mutex_unlock(&u->iolock);
2488 if (state->msg)
2489 scm_recv(sock, state->msg, &scm, flags);
2490 else
2491 scm_destroy(&scm);
2492out:
2493 return copied ? : err;
2494}
2495
2496static int unix_stream_read_actor(struct sk_buff *skb,
2497 int skip, int chunk,
2498 struct unix_stream_read_state *state)
2499{
2500 int ret;
2501
2502 ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
2503 state->msg, chunk);
2504 return ret ?: chunk;
2505}
2506
2507static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
2508 size_t size, int flags)
2509{
2510 struct unix_stream_read_state state = {
2511 .recv_actor = unix_stream_read_actor,
2512 .socket = sock,
2513 .msg = msg,
2514 .size = size,
2515 .flags = flags
2516 };
2517
2518 return unix_stream_read_generic(&state, true);
2519}
2520
2521static int unix_stream_splice_actor(struct sk_buff *skb,
2522 int skip, int chunk,
2523 struct unix_stream_read_state *state)
2524{
2525 return skb_splice_bits(skb, state->socket->sk,
2526 UNIXCB(skb).consumed + skip,
2527 state->pipe, chunk, state->splice_flags);
2528}
2529
2530static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos,
2531 struct pipe_inode_info *pipe,
2532 size_t size, unsigned int flags)
2533{
2534 struct unix_stream_read_state state = {
2535 .recv_actor = unix_stream_splice_actor,
2536 .socket = sock,
2537 .pipe = pipe,
2538 .size = size,
2539 .splice_flags = flags,
2540 };
2541
2542 if (unlikely(*ppos))
2543 return -ESPIPE;
2544
2545 if (sock->file->f_flags & O_NONBLOCK ||
2546 flags & SPLICE_F_NONBLOCK)
2547 state.flags = MSG_DONTWAIT;
2548
2549 return unix_stream_read_generic(&state, false);
2550}
2551
2552static int unix_shutdown(struct socket *sock, int mode)
2553{
2554 struct sock *sk = sock->sk;
2555 struct sock *other;
2556
2557 if (mode < SHUT_RD || mode > SHUT_RDWR)
2558 return -EINVAL;
2559
2560
2561
2562
2563
2564 ++mode;
2565
2566 unix_state_lock(sk);
2567 sk->sk_shutdown |= mode;
2568 other = unix_peer(sk);
2569 if (other)
2570 sock_hold(other);
2571 unix_state_unlock(sk);
2572 sk->sk_state_change(sk);
2573
2574 if (other &&
2575 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2576
2577 int peer_mode = 0;
2578
2579 if (mode&RCV_SHUTDOWN)
2580 peer_mode |= SEND_SHUTDOWN;
2581 if (mode&SEND_SHUTDOWN)
2582 peer_mode |= RCV_SHUTDOWN;
2583 unix_state_lock(other);
2584 other->sk_shutdown |= peer_mode;
2585 unix_state_unlock(other);
2586 other->sk_state_change(other);
2587 if (peer_mode == SHUTDOWN_MASK)
2588 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2589 else if (peer_mode & RCV_SHUTDOWN)
2590 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2591 }
2592 if (other)
2593 sock_put(other);
2594
2595 return 0;
2596}
2597
2598long unix_inq_len(struct sock *sk)
2599{
2600 struct sk_buff *skb;
2601 long amount = 0;
2602
2603 if (sk->sk_state == TCP_LISTEN)
2604 return -EINVAL;
2605
2606 spin_lock(&sk->sk_receive_queue.lock);
2607 if (sk->sk_type == SOCK_STREAM ||
2608 sk->sk_type == SOCK_SEQPACKET) {
2609 skb_queue_walk(&sk->sk_receive_queue, skb)
2610 amount += unix_skb_len(skb);
2611 } else {
2612 skb = skb_peek(&sk->sk_receive_queue);
2613 if (skb)
2614 amount = skb->len;
2615 }
2616 spin_unlock(&sk->sk_receive_queue.lock);
2617
2618 return amount;
2619}
2620EXPORT_SYMBOL_GPL(unix_inq_len);
2621
2622long unix_outq_len(struct sock *sk)
2623{
2624 return sk_wmem_alloc_get(sk);
2625}
2626EXPORT_SYMBOL_GPL(unix_outq_len);
2627
2628static int unix_open_file(struct sock *sk)
2629{
2630 struct path path;
2631 struct file *f;
2632 int fd;
2633
2634 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2635 return -EPERM;
2636
2637 if (!smp_load_acquire(&unix_sk(sk)->addr))
2638 return -ENOENT;
2639
2640 path = unix_sk(sk)->path;
2641 if (!path.dentry)
2642 return -ENOENT;
2643
2644 path_get(&path);
2645
2646 fd = get_unused_fd_flags(O_CLOEXEC);
2647 if (fd < 0)
2648 goto out;
2649
2650 f = dentry_open(&path, O_PATH, current_cred());
2651 if (IS_ERR(f)) {
2652 put_unused_fd(fd);
2653 fd = PTR_ERR(f);
2654 goto out;
2655 }
2656
2657 fd_install(fd, f);
2658out:
2659 path_put(&path);
2660
2661 return fd;
2662}
2663
2664static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2665{
2666 struct sock *sk = sock->sk;
2667 long amount = 0;
2668 int err;
2669
2670 switch (cmd) {
2671 case SIOCOUTQ:
2672 amount = unix_outq_len(sk);
2673 err = put_user(amount, (int __user *)arg);
2674 break;
2675 case SIOCINQ:
2676 amount = unix_inq_len(sk);
2677 if (amount < 0)
2678 err = amount;
2679 else
2680 err = put_user(amount, (int __user *)arg);
2681 break;
2682 case SIOCUNIXFILE:
2683 err = unix_open_file(sk);
2684 break;
2685 default:
2686 err = -ENOIOCTLCMD;
2687 break;
2688 }
2689 return err;
2690}
2691
2692#ifdef CONFIG_COMPAT
2693static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2694{
2695 return unix_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
2696}
2697#endif
2698
2699static __poll_t unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2700{
2701 struct sock *sk = sock->sk;
2702 __poll_t mask;
2703
2704 sock_poll_wait(file, sock, wait);
2705 mask = 0;
2706
2707
2708 if (sk->sk_err)
2709 mask |= EPOLLERR;
2710 if (sk->sk_shutdown == SHUTDOWN_MASK)
2711 mask |= EPOLLHUP;
2712 if (sk->sk_shutdown & RCV_SHUTDOWN)
2713 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2714
2715
2716 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
2717 mask |= EPOLLIN | EPOLLRDNORM;
2718
2719
2720 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2721 sk->sk_state == TCP_CLOSE)
2722 mask |= EPOLLHUP;
2723
2724
2725
2726
2727
2728 if (unix_writable(sk))
2729 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2730
2731 return mask;
2732}
2733
2734static __poll_t unix_dgram_poll(struct file *file, struct socket *sock,
2735 poll_table *wait)
2736{
2737 struct sock *sk = sock->sk, *other;
2738 unsigned int writable;
2739 __poll_t mask;
2740
2741 sock_poll_wait(file, sock, wait);
2742 mask = 0;
2743
2744
2745 if (sk->sk_err || !skb_queue_empty_lockless(&sk->sk_error_queue))
2746 mask |= EPOLLERR |
2747 (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0);
2748
2749 if (sk->sk_shutdown & RCV_SHUTDOWN)
2750 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2751 if (sk->sk_shutdown == SHUTDOWN_MASK)
2752 mask |= EPOLLHUP;
2753
2754
2755 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
2756 mask |= EPOLLIN | EPOLLRDNORM;
2757
2758
2759 if (sk->sk_type == SOCK_SEQPACKET) {
2760 if (sk->sk_state == TCP_CLOSE)
2761 mask |= EPOLLHUP;
2762
2763 if (sk->sk_state == TCP_SYN_SENT)
2764 return mask;
2765 }
2766
2767
2768 if (!(poll_requested_events(wait) & (EPOLLWRBAND|EPOLLWRNORM|EPOLLOUT)))
2769 return mask;
2770
2771 writable = unix_writable(sk);
2772 if (writable) {
2773 unix_state_lock(sk);
2774
2775 other = unix_peer(sk);
2776 if (other && unix_peer(other) != sk &&
2777 unix_recvq_full(other) &&
2778 unix_dgram_peer_wake_me(sk, other))
2779 writable = 0;
2780
2781 unix_state_unlock(sk);
2782 }
2783
2784 if (writable)
2785 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2786 else
2787 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2788
2789 return mask;
2790}
2791
2792#ifdef CONFIG_PROC_FS
2793
2794#define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2795
2796#define get_bucket(x) ((x) >> BUCKET_SPACE)
2797#define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2798#define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2799
2800static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
2801{
2802 unsigned long offset = get_offset(*pos);
2803 unsigned long bucket = get_bucket(*pos);
2804 struct sock *sk;
2805 unsigned long count = 0;
2806
2807 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
2808 if (sock_net(sk) != seq_file_net(seq))
2809 continue;
2810 if (++count == offset)
2811 break;
2812 }
2813
2814 return sk;
2815}
2816
2817static struct sock *unix_next_socket(struct seq_file *seq,
2818 struct sock *sk,
2819 loff_t *pos)
2820{
2821 unsigned long bucket;
2822
2823 while (sk > (struct sock *)SEQ_START_TOKEN) {
2824 sk = sk_next(sk);
2825 if (!sk)
2826 goto next_bucket;
2827 if (sock_net(sk) == seq_file_net(seq))
2828 return sk;
2829 }
2830
2831 do {
2832 sk = unix_from_bucket(seq, pos);
2833 if (sk)
2834 return sk;
2835
2836next_bucket:
2837 bucket = get_bucket(*pos) + 1;
2838 *pos = set_bucket_offset(bucket, 1);
2839 } while (bucket < ARRAY_SIZE(unix_socket_table));
2840
2841 return NULL;
2842}
2843
2844static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2845 __acquires(unix_table_lock)
2846{
2847 spin_lock(&unix_table_lock);
2848
2849 if (!*pos)
2850 return SEQ_START_TOKEN;
2851
2852 if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
2853 return NULL;
2854
2855 return unix_next_socket(seq, NULL, pos);
2856}
2857
2858static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2859{
2860 ++*pos;
2861 return unix_next_socket(seq, v, pos);
2862}
2863
2864static void unix_seq_stop(struct seq_file *seq, void *v)
2865 __releases(unix_table_lock)
2866{
2867 spin_unlock(&unix_table_lock);
2868}
2869
2870static int unix_seq_show(struct seq_file *seq, void *v)
2871{
2872
2873 if (v == SEQ_START_TOKEN)
2874 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2875 "Inode Path\n");
2876 else {
2877 struct sock *s = v;
2878 struct unix_sock *u = unix_sk(s);
2879 unix_state_lock(s);
2880
2881 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2882 s,
2883 refcount_read(&s->sk_refcnt),
2884 0,
2885 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2886 s->sk_type,
2887 s->sk_socket ?
2888 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2889 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2890 sock_i_ino(s));
2891
2892 if (u->addr) {
2893 int i, len;
2894 seq_putc(seq, ' ');
2895
2896 i = 0;
2897 len = u->addr->len - sizeof(short);
2898 if (!UNIX_ABSTRACT(s))
2899 len--;
2900 else {
2901 seq_putc(seq, '@');
2902 i++;
2903 }
2904 for ( ; i < len; i++)
2905 seq_putc(seq, u->addr->name->sun_path[i] ?:
2906 '@');
2907 }
2908 unix_state_unlock(s);
2909 seq_putc(seq, '\n');
2910 }
2911
2912 return 0;
2913}
2914
2915static const struct seq_operations unix_seq_ops = {
2916 .start = unix_seq_start,
2917 .next = unix_seq_next,
2918 .stop = unix_seq_stop,
2919 .show = unix_seq_show,
2920};
2921#endif
2922
2923static const struct net_proto_family unix_family_ops = {
2924 .family = PF_UNIX,
2925 .create = unix_create,
2926 .owner = THIS_MODULE,
2927};
2928
2929
2930static int __net_init unix_net_init(struct net *net)
2931{
2932 int error = -ENOMEM;
2933
2934 net->unx.sysctl_max_dgram_qlen = 10;
2935 if (unix_sysctl_register(net))
2936 goto out;
2937
2938#ifdef CONFIG_PROC_FS
2939 if (!proc_create_net("unix", 0, net->proc_net, &unix_seq_ops,
2940 sizeof(struct seq_net_private))) {
2941 unix_sysctl_unregister(net);
2942 goto out;
2943 }
2944#endif
2945 error = 0;
2946out:
2947 return error;
2948}
2949
2950static void __net_exit unix_net_exit(struct net *net)
2951{
2952 unix_sysctl_unregister(net);
2953 remove_proc_entry("unix", net->proc_net);
2954}
2955
2956static struct pernet_operations unix_net_ops = {
2957 .init = unix_net_init,
2958 .exit = unix_net_exit,
2959};
2960
2961static int __init af_unix_init(void)
2962{
2963 int rc = -1;
2964
2965 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof_field(struct sk_buff, cb));
2966
2967 rc = proto_register(&unix_proto, 1);
2968 if (rc != 0) {
2969 pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__);
2970 goto out;
2971 }
2972
2973 sock_register(&unix_family_ops);
2974 register_pernet_subsys(&unix_net_ops);
2975out:
2976 return rc;
2977}
2978
2979static void __exit af_unix_exit(void)
2980{
2981 sock_unregister(PF_UNIX);
2982 proto_unregister(&unix_proto);
2983 unregister_pernet_subsys(&unix_net_ops);
2984}
2985
2986
2987
2988
2989
2990fs_initcall(af_unix_init);
2991module_exit(af_unix_exit);
2992
2993MODULE_LICENSE("GPL");
2994MODULE_ALIAS_NETPROTO(PF_UNIX);
2995
