1 /* 2 * NET4: Implementation of BSD Unix domain sockets. 3 * 4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 * 11 * Fixes: 12 * Linus Torvalds : Assorted bug cures. 13 * Niibe Yutaka : async I/O support. 14 * Carsten Paeth : PF_UNIX check, address fixes. 15 * Alan Cox : Limit size of allocated blocks. 16 * Alan Cox : Fixed the stupid socketpair bug. 17 * Alan Cox : BSD compatibility fine tuning. 18 * Alan Cox : Fixed a bug in connect when interrupted. 19 * Alan Cox : Sorted out a proper draft version of 20 * file descriptor passing hacked up from 21 * Mike Shaver's work. 22 * Marty Leisner : Fixes to fd passing 23 * Nick Nevin : recvmsg bugfix. 24 * Alan Cox : Started proper garbage collector 25 * Heiko EiBfeldt : Missing verify_area check 26 * Alan Cox : Started POSIXisms 27 * Andreas Schwab : Replace inode by dentry for proper 28 * reference counting 29 * Kirk Petersen : Made this a module 30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm. 31 * Lots of bug fixes. 32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces 33 * by above two patches. 34 * Andrea Arcangeli : If possible we block in connect(2) 35 * if the max backlog of the listen socket 36 * is been reached. This won't break 37 * old apps and it will avoid huge amount 38 * of socks hashed (this for unix_gc() 39 * performances reasons). 40 * Security fix that limits the max 41 * number of socks to 2*max_files and 42 * the number of skb queueable in the 43 * dgram receiver. 44 * Artur Skawina : Hash function optimizations 45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8) 46 * Malcolm Beattie : Set peercred for socketpair 47 * Michal Ostrowski : Module initialization cleanup. 48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT, 49 * the core infrastructure is doing that 50 * for all net proto families now (2.5.69+) 51 * 52 * 53 * Known differences from reference BSD that was tested: 54 * 55 * [TO FIX] 56 * ECONNREFUSED is not returned from one end of a connected() socket to the 57 * other the moment one end closes. 58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark 59 * and a fake inode identifier (nor the BSD first socket fstat twice bug). 60 * [NOT TO FIX] 61 * accept() returns a path name even if the connecting socket has closed 62 * in the meantime (BSD loses the path and gives up). 63 * accept() returns 0 length path for an unbound connector. BSD returns 16 64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??) 65 * socketpair(...SOCK_RAW..) doesn't panic the kernel. 66 * BSD af_unix apparently has connect forgetting to block properly. 67 * (need to check this with the POSIX spec in detail) 68 * 69 * Differences from 2.0.0-11-... (ANK) 70 * Bug fixes and improvements. 71 * - client shutdown killed server socket. 72 * - removed all useless cli/sti pairs. 73 * 74 * Semantic changes/extensions. 75 * - generic control message passing. 76 * - SCM_CREDENTIALS control message. 77 * - "Abstract" (not FS based) socket bindings. 78 * Abstract names are sequences of bytes (not zero terminated) 79 * started by 0, so that this name space does not intersect 80 * with BSD names. 81 */ 82 83 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 84 85 #include <linux/module.h> 86 #include <linux/kernel.h> 87 #include <linux/signal.h> 88 #include <linux/sched.h> 89 #include <linux/errno.h> 90 #include <linux/string.h> 91 #include <linux/stat.h> 92 #include <linux/dcache.h> 93 #include <linux/namei.h> 94 #include <linux/socket.h> 95 #include <linux/un.h> 96 #include <linux/fcntl.h> 97 #include <linux/termios.h> 98 #include <linux/sockios.h> 99 #include <linux/net.h> 100 #include <linux/in.h> 101 #include <linux/fs.h> 102 #include <linux/slab.h> 103 #include <asm/uaccess.h> 104 #include <linux/skbuff.h> 105 #include <linux/netdevice.h> 106 #include <net/net_namespace.h> 107 #include <net/sock.h> 108 #include <net/tcp_states.h> 109 #include <net/af_unix.h> 110 #include <linux/proc_fs.h> 111 #include <linux/seq_file.h> 112 #include <net/scm.h> 113 #include <linux/init.h> 114 #include <linux/poll.h> 115 #include <linux/rtnetlink.h> 116 #include <linux/mount.h> 117 #include <net/checksum.h> 118 #include <linux/security.h> 119 #include <linux/freezer.h> 120 121 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE]; 122 EXPORT_SYMBOL_GPL(unix_socket_table); 123 DEFINE_SPINLOCK(unix_table_lock); 124 EXPORT_SYMBOL_GPL(unix_table_lock); 125 static atomic_long_t unix_nr_socks; 126 127 128 static struct hlist_head *unix_sockets_unbound(void *addr) 129 { 130 unsigned long hash = (unsigned long)addr; 131 132 hash ^= hash >> 16; 133 hash ^= hash >> 8; 134 hash %= UNIX_HASH_SIZE; 135 return &unix_socket_table[UNIX_HASH_SIZE + hash]; 136 } 137 138 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE) 139 140 #ifdef CONFIG_SECURITY_NETWORK 141 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb) 142 { 143 UNIXCB(skb).secid = scm->secid; 144 } 145 146 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) 147 { 148 scm->secid = UNIXCB(skb).secid; 149 } 150 151 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb) 152 { 153 return (scm->secid == UNIXCB(skb).secid); 154 } 155 #else 156 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb) 157 { } 158 159 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) 160 { } 161 162 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb) 163 { 164 return true; 165 } 166 #endif /* CONFIG_SECURITY_NETWORK */ 167 168 /* 169 * SMP locking strategy: 170 * hash table is protected with spinlock unix_table_lock 171 * each socket state is protected by separate spin lock. 172 */ 173 174 static inline unsigned int unix_hash_fold(__wsum n) 175 { 176 unsigned int hash = (__force unsigned int)csum_fold(n); 177 178 hash ^= hash>>8; 179 return hash&(UNIX_HASH_SIZE-1); 180 } 181 182 #define unix_peer(sk) (unix_sk(sk)->peer) 183 184 static inline int unix_our_peer(struct sock *sk, struct sock *osk) 185 { 186 return unix_peer(osk) == sk; 187 } 188 189 static inline int unix_may_send(struct sock *sk, struct sock *osk) 190 { 191 return unix_peer(osk) == NULL || unix_our_peer(sk, osk); 192 } 193 194 static inline int unix_recvq_full(struct sock const *sk) 195 { 196 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog; 197 } 198 199 struct sock *unix_peer_get(struct sock *s) 200 { 201 struct sock *peer; 202 203 unix_state_lock(s); 204 peer = unix_peer(s); 205 if (peer) 206 sock_hold(peer); 207 unix_state_unlock(s); 208 return peer; 209 } 210 EXPORT_SYMBOL_GPL(unix_peer_get); 211 212 static inline void unix_release_addr(struct unix_address *addr) 213 { 214 if (atomic_dec_and_test(&addr->refcnt)) 215 kfree(addr); 216 } 217 218 /* 219 * Check unix socket name: 220 * - should be not zero length. 221 * - if started by not zero, should be NULL terminated (FS object) 222 * - if started by zero, it is abstract name. 223 */ 224 225 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp) 226 { 227 if (len <= sizeof(short) || len > sizeof(*sunaddr)) 228 return -EINVAL; 229 if (!sunaddr || sunaddr->sun_family != AF_UNIX) 230 return -EINVAL; 231 if (sunaddr->sun_path[0]) { 232 /* 233 * This may look like an off by one error but it is a bit more 234 * subtle. 108 is the longest valid AF_UNIX path for a binding. 235 * sun_path[108] doesn't as such exist. However in kernel space 236 * we are guaranteed that it is a valid memory location in our 237 * kernel address buffer. 238 */ 239 ((char *)sunaddr)[len] = 0; 240 len = strlen(sunaddr->sun_path)+1+sizeof(short); 241 return len; 242 } 243 244 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0)); 245 return len; 246 } 247 248 static void __unix_remove_socket(struct sock *sk) 249 { 250 sk_del_node_init(sk); 251 } 252 253 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk) 254 { 255 WARN_ON(!sk_unhashed(sk)); 256 sk_add_node(sk, list); 257 } 258 259 static inline void unix_remove_socket(struct sock *sk) 260 { 261 spin_lock(&unix_table_lock); 262 __unix_remove_socket(sk); 263 spin_unlock(&unix_table_lock); 264 } 265 266 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk) 267 { 268 spin_lock(&unix_table_lock); 269 __unix_insert_socket(list, sk); 270 spin_unlock(&unix_table_lock); 271 } 272 273 static struct sock *__unix_find_socket_byname(struct net *net, 274 struct sockaddr_un *sunname, 275 int len, int type, unsigned int hash) 276 { 277 struct sock *s; 278 279 sk_for_each(s, &unix_socket_table[hash ^ type]) { 280 struct unix_sock *u = unix_sk(s); 281 282 if (!net_eq(sock_net(s), net)) 283 continue; 284 285 if (u->addr->len == len && 286 !memcmp(u->addr->name, sunname, len)) 287 goto found; 288 } 289 s = NULL; 290 found: 291 return s; 292 } 293 294 static inline struct sock *unix_find_socket_byname(struct net *net, 295 struct sockaddr_un *sunname, 296 int len, int type, 297 unsigned int hash) 298 { 299 struct sock *s; 300 301 spin_lock(&unix_table_lock); 302 s = __unix_find_socket_byname(net, sunname, len, type, hash); 303 if (s) 304 sock_hold(s); 305 spin_unlock(&unix_table_lock); 306 return s; 307 } 308 309 static struct sock *unix_find_socket_byinode(struct inode *i) 310 { 311 struct sock *s; 312 313 spin_lock(&unix_table_lock); 314 sk_for_each(s, 315 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) { 316 struct dentry *dentry = unix_sk(s)->path.dentry; 317 318 if (dentry && d_backing_inode(dentry) == i) { 319 sock_hold(s); 320 goto found; 321 } 322 } 323 s = NULL; 324 found: 325 spin_unlock(&unix_table_lock); 326 return s; 327 } 328 329 /* Support code for asymmetrically connected dgram sockets 330 * 331 * If a datagram socket is connected to a socket not itself connected 332 * to the first socket (eg, /dev/log), clients may only enqueue more 333 * messages if the present receive queue of the server socket is not 334 * "too large". This means there's a second writeability condition 335 * poll and sendmsg need to test. The dgram recv code will do a wake 336 * up on the peer_wait wait queue of a socket upon reception of a 337 * datagram which needs to be propagated to sleeping would-be writers 338 * since these might not have sent anything so far. This can't be 339 * accomplished via poll_wait because the lifetime of the server 340 * socket might be less than that of its clients if these break their 341 * association with it or if the server socket is closed while clients 342 * are still connected to it and there's no way to inform "a polling 343 * implementation" that it should let go of a certain wait queue 344 * 345 * In order to propagate a wake up, a wait_queue_t of the client 346 * socket is enqueued on the peer_wait queue of the server socket 347 * whose wake function does a wake_up on the ordinary client socket 348 * wait queue. This connection is established whenever a write (or 349 * poll for write) hit the flow control condition and broken when the 350 * association to the server socket is dissolved or after a wake up 351 * was relayed. 352 */ 353 354 static int unix_dgram_peer_wake_relay(wait_queue_t *q, unsigned mode, int flags, 355 void *key) 356 { 357 struct unix_sock *u; 358 wait_queue_head_t *u_sleep; 359 360 u = container_of(q, struct unix_sock, peer_wake); 361 362 __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait, 363 q); 364 u->peer_wake.private = NULL; 365 366 /* relaying can only happen while the wq still exists */ 367 u_sleep = sk_sleep(&u->sk); 368 if (u_sleep) 369 wake_up_interruptible_poll(u_sleep, key); 370 371 return 0; 372 } 373 374 static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other) 375 { 376 struct unix_sock *u, *u_other; 377 int rc; 378 379 u = unix_sk(sk); 380 u_other = unix_sk(other); 381 rc = 0; 382 spin_lock(&u_other->peer_wait.lock); 383 384 if (!u->peer_wake.private) { 385 u->peer_wake.private = other; 386 __add_wait_queue(&u_other->peer_wait, &u->peer_wake); 387 388 rc = 1; 389 } 390 391 spin_unlock(&u_other->peer_wait.lock); 392 return rc; 393 } 394 395 static void unix_dgram_peer_wake_disconnect(struct sock *sk, 396 struct sock *other) 397 { 398 struct unix_sock *u, *u_other; 399 400 u = unix_sk(sk); 401 u_other = unix_sk(other); 402 spin_lock(&u_other->peer_wait.lock); 403 404 if (u->peer_wake.private == other) { 405 __remove_wait_queue(&u_other->peer_wait, &u->peer_wake); 406 u->peer_wake.private = NULL; 407 } 408 409 spin_unlock(&u_other->peer_wait.lock); 410 } 411 412 static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk, 413 struct sock *other) 414 { 415 unix_dgram_peer_wake_disconnect(sk, other); 416 wake_up_interruptible_poll(sk_sleep(sk), 417 POLLOUT | 418 POLLWRNORM | 419 POLLWRBAND); 420 } 421 422 /* preconditions: 423 * - unix_peer(sk) == other 424 * - association is stable 425 */ 426 static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other) 427 { 428 int connected; 429 430 connected = unix_dgram_peer_wake_connect(sk, other); 431 432 if (unix_recvq_full(other)) 433 return 1; 434 435 if (connected) 436 unix_dgram_peer_wake_disconnect(sk, other); 437 438 return 0; 439 } 440 441 static int unix_writable(const struct sock *sk) 442 { 443 return sk->sk_state != TCP_LISTEN && 444 (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf; 445 } 446 447 static void unix_write_space(struct sock *sk) 448 { 449 struct socket_wq *wq; 450 451 rcu_read_lock(); 452 if (unix_writable(sk)) { 453 wq = rcu_dereference(sk->sk_wq); 454 if (skwq_has_sleeper(wq)) 455 wake_up_interruptible_sync_poll(&wq->wait, 456 POLLOUT | POLLWRNORM | POLLWRBAND); 457 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 458 } 459 rcu_read_unlock(); 460 } 461 462 /* When dgram socket disconnects (or changes its peer), we clear its receive 463 * queue of packets arrived from previous peer. First, it allows to do 464 * flow control based only on wmem_alloc; second, sk connected to peer 465 * may receive messages only from that peer. */ 466 static void unix_dgram_disconnected(struct sock *sk, struct sock *other) 467 { 468 if (!skb_queue_empty(&sk->sk_receive_queue)) { 469 skb_queue_purge(&sk->sk_receive_queue); 470 wake_up_interruptible_all(&unix_sk(sk)->peer_wait); 471 472 /* If one link of bidirectional dgram pipe is disconnected, 473 * we signal error. Messages are lost. Do not make this, 474 * when peer was not connected to us. 475 */ 476 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) { 477 other->sk_err = ECONNRESET; 478 other->sk_error_report(other); 479 } 480 } 481 } 482 483 static void unix_sock_destructor(struct sock *sk) 484 { 485 struct unix_sock *u = unix_sk(sk); 486 487 skb_queue_purge(&sk->sk_receive_queue); 488 489 WARN_ON(atomic_read(&sk->sk_wmem_alloc)); 490 WARN_ON(!sk_unhashed(sk)); 491 WARN_ON(sk->sk_socket); 492 if (!sock_flag(sk, SOCK_DEAD)) { 493 pr_info("Attempt to release alive unix socket: %p\n", sk); 494 return; 495 } 496 497 if (u->addr) 498 unix_release_addr(u->addr); 499 500 atomic_long_dec(&unix_nr_socks); 501 local_bh_disable(); 502 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 503 local_bh_enable(); 504 #ifdef UNIX_REFCNT_DEBUG 505 pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk, 506 atomic_long_read(&unix_nr_socks)); 507 #endif 508 } 509 510 static void unix_release_sock(struct sock *sk, int embrion) 511 { 512 struct unix_sock *u = unix_sk(sk); 513 struct path path; 514 struct sock *skpair; 515 struct sk_buff *skb; 516 int state; 517 518 unix_remove_socket(sk); 519 520 /* Clear state */ 521 unix_state_lock(sk); 522 sock_orphan(sk); 523 sk->sk_shutdown = SHUTDOWN_MASK; 524 path = u->path; 525 u->path.dentry = NULL; 526 u->path.mnt = NULL; 527 state = sk->sk_state; 528 sk->sk_state = TCP_CLOSE; 529 unix_state_unlock(sk); 530 531 wake_up_interruptible_all(&u->peer_wait); 532 533 skpair = unix_peer(sk); 534 535 if (skpair != NULL) { 536 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) { 537 unix_state_lock(skpair); 538 /* No more writes */ 539 skpair->sk_shutdown = SHUTDOWN_MASK; 540 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion) 541 skpair->sk_err = ECONNRESET; 542 unix_state_unlock(skpair); 543 skpair->sk_state_change(skpair); 544 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP); 545 } 546 547 unix_dgram_peer_wake_disconnect(sk, skpair); 548 sock_put(skpair); /* It may now die */ 549 unix_peer(sk) = NULL; 550 } 551 552 /* Try to flush out this socket. Throw out buffers at least */ 553 554 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) { 555 if (state == TCP_LISTEN) 556 unix_release_sock(skb->sk, 1); 557 /* passed fds are erased in the kfree_skb hook */ 558 UNIXCB(skb).consumed = skb->len; 559 kfree_skb(skb); 560 } 561 562 if (path.dentry) 563 path_put(&path); 564 565 sock_put(sk); 566 567 /* ---- Socket is dead now and most probably destroyed ---- */ 568 569 /* 570 * Fixme: BSD difference: In BSD all sockets connected to us get 571 * ECONNRESET and we die on the spot. In Linux we behave 572 * like files and pipes do and wait for the last 573 * dereference. 574 * 575 * Can't we simply set sock->err? 576 * 577 * What the above comment does talk about? --ANK(980817) 578 */ 579 580 if (unix_tot_inflight) 581 unix_gc(); /* Garbage collect fds */ 582 } 583 584 static void init_peercred(struct sock *sk) 585 { 586 put_pid(sk->sk_peer_pid); 587 if (sk->sk_peer_cred) 588 put_cred(sk->sk_peer_cred); 589 sk->sk_peer_pid = get_pid(task_tgid(current)); 590 sk->sk_peer_cred = get_current_cred(); 591 } 592 593 static void copy_peercred(struct sock *sk, struct sock *peersk) 594 { 595 put_pid(sk->sk_peer_pid); 596 if (sk->sk_peer_cred) 597 put_cred(sk->sk_peer_cred); 598 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid); 599 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred); 600 } 601 602 static int unix_listen(struct socket *sock, int backlog) 603 { 604 int err; 605 struct sock *sk = sock->sk; 606 struct unix_sock *u = unix_sk(sk); 607 struct pid *old_pid = NULL; 608 609 err = -EOPNOTSUPP; 610 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET) 611 goto out; /* Only stream/seqpacket sockets accept */ 612 err = -EINVAL; 613 if (!u->addr) 614 goto out; /* No listens on an unbound socket */ 615 unix_state_lock(sk); 616 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN) 617 goto out_unlock; 618 if (backlog > sk->sk_max_ack_backlog) 619 wake_up_interruptible_all(&u->peer_wait); 620 sk->sk_max_ack_backlog = backlog; 621 sk->sk_state = TCP_LISTEN; 622 /* set credentials so connect can copy them */ 623 init_peercred(sk); 624 err = 0; 625 626 out_unlock: 627 unix_state_unlock(sk); 628 put_pid(old_pid); 629 out: 630 return err; 631 } 632 633 static int unix_release(struct socket *); 634 static int unix_bind(struct socket *, struct sockaddr *, int); 635 static int unix_stream_connect(struct socket *, struct sockaddr *, 636 int addr_len, int flags); 637 static int unix_socketpair(struct socket *, struct socket *); 638 static int unix_accept(struct socket *, struct socket *, int); 639 static int unix_getname(struct socket *, struct sockaddr *, int *, int); 640 static unsigned int unix_poll(struct file *, struct socket *, poll_table *); 641 static unsigned int unix_dgram_poll(struct file *, struct socket *, 642 poll_table *); 643 static int unix_ioctl(struct socket *, unsigned int, unsigned long); 644 static int unix_shutdown(struct socket *, int); 645 static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t); 646 static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int); 647 static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset, 648 size_t size, int flags); 649 static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos, 650 struct pipe_inode_info *, size_t size, 651 unsigned int flags); 652 static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t); 653 static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int); 654 static int unix_dgram_connect(struct socket *, struct sockaddr *, 655 int, int); 656 static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t); 657 static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t, 658 int); 659 660 static int unix_set_peek_off(struct sock *sk, int val) 661 { 662 struct unix_sock *u = unix_sk(sk); 663 664 if (mutex_lock_interruptible(&u->readlock)) 665 return -EINTR; 666 667 sk->sk_peek_off = val; 668 mutex_unlock(&u->readlock); 669 670 return 0; 671 } 672 673 674 static const struct proto_ops unix_stream_ops = { 675 .family = PF_UNIX, 676 .owner = THIS_MODULE, 677 .release = unix_release, 678 .bind = unix_bind, 679 .connect = unix_stream_connect, 680 .socketpair = unix_socketpair, 681 .accept = unix_accept, 682 .getname = unix_getname, 683 .poll = unix_poll, 684 .ioctl = unix_ioctl, 685 .listen = unix_listen, 686 .shutdown = unix_shutdown, 687 .setsockopt = sock_no_setsockopt, 688 .getsockopt = sock_no_getsockopt, 689 .sendmsg = unix_stream_sendmsg, 690 .recvmsg = unix_stream_recvmsg, 691 .mmap = sock_no_mmap, 692 .sendpage = unix_stream_sendpage, 693 .splice_read = unix_stream_splice_read, 694 .set_peek_off = unix_set_peek_off, 695 }; 696 697 static const struct proto_ops unix_dgram_ops = { 698 .family = PF_UNIX, 699 .owner = THIS_MODULE, 700 .release = unix_release, 701 .bind = unix_bind, 702 .connect = unix_dgram_connect, 703 .socketpair = unix_socketpair, 704 .accept = sock_no_accept, 705 .getname = unix_getname, 706 .poll = unix_dgram_poll, 707 .ioctl = unix_ioctl, 708 .listen = sock_no_listen, 709 .shutdown = unix_shutdown, 710 .setsockopt = sock_no_setsockopt, 711 .getsockopt = sock_no_getsockopt, 712 .sendmsg = unix_dgram_sendmsg, 713 .recvmsg = unix_dgram_recvmsg, 714 .mmap = sock_no_mmap, 715 .sendpage = sock_no_sendpage, 716 .set_peek_off = unix_set_peek_off, 717 }; 718 719 static const struct proto_ops unix_seqpacket_ops = { 720 .family = PF_UNIX, 721 .owner = THIS_MODULE, 722 .release = unix_release, 723 .bind = unix_bind, 724 .connect = unix_stream_connect, 725 .socketpair = unix_socketpair, 726 .accept = unix_accept, 727 .getname = unix_getname, 728 .poll = unix_dgram_poll, 729 .ioctl = unix_ioctl, 730 .listen = unix_listen, 731 .shutdown = unix_shutdown, 732 .setsockopt = sock_no_setsockopt, 733 .getsockopt = sock_no_getsockopt, 734 .sendmsg = unix_seqpacket_sendmsg, 735 .recvmsg = unix_seqpacket_recvmsg, 736 .mmap = sock_no_mmap, 737 .sendpage = sock_no_sendpage, 738 .set_peek_off = unix_set_peek_off, 739 }; 740 741 static struct proto unix_proto = { 742 .name = "UNIX", 743 .owner = THIS_MODULE, 744 .obj_size = sizeof(struct unix_sock), 745 }; 746 747 /* 748 * AF_UNIX sockets do not interact with hardware, hence they 749 * dont trigger interrupts - so it's safe for them to have 750 * bh-unsafe locking for their sk_receive_queue.lock. Split off 751 * this special lock-class by reinitializing the spinlock key: 752 */ 753 static struct lock_class_key af_unix_sk_receive_queue_lock_key; 754 755 static struct sock *unix_create1(struct net *net, struct socket *sock, int kern) 756 { 757 struct sock *sk = NULL; 758 struct unix_sock *u; 759 760 atomic_long_inc(&unix_nr_socks); 761 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files()) 762 goto out; 763 764 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, kern); 765 if (!sk) 766 goto out; 767 768 sock_init_data(sock, sk); 769 lockdep_set_class(&sk->sk_receive_queue.lock, 770 &af_unix_sk_receive_queue_lock_key); 771 772 sk->sk_write_space = unix_write_space; 773 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen; 774 sk->sk_destruct = unix_sock_destructor; 775 u = unix_sk(sk); 776 u->path.dentry = NULL; 777 u->path.mnt = NULL; 778 spin_lock_init(&u->lock); 779 atomic_long_set(&u->inflight, 0); 780 INIT_LIST_HEAD(&u->link); 781 mutex_init(&u->readlock); /* single task reading lock */ 782 init_waitqueue_head(&u->peer_wait); 783 init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay); 784 unix_insert_socket(unix_sockets_unbound(sk), sk); 785 out: 786 if (sk == NULL) 787 atomic_long_dec(&unix_nr_socks); 788 else { 789 local_bh_disable(); 790 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 791 local_bh_enable(); 792 } 793 return sk; 794 } 795 796 static int unix_create(struct net *net, struct socket *sock, int protocol, 797 int kern) 798 { 799 if (protocol && protocol != PF_UNIX) 800 return -EPROTONOSUPPORT; 801 802 sock->state = SS_UNCONNECTED; 803 804 switch (sock->type) { 805 case SOCK_STREAM: 806 sock->ops = &unix_stream_ops; 807 break; 808 /* 809 * Believe it or not BSD has AF_UNIX, SOCK_RAW though 810 * nothing uses it. 811 */ 812 case SOCK_RAW: 813 sock->type = SOCK_DGRAM; 814 case SOCK_DGRAM: 815 sock->ops = &unix_dgram_ops; 816 break; 817 case SOCK_SEQPACKET: 818 sock->ops = &unix_seqpacket_ops; 819 break; 820 default: 821 return -ESOCKTNOSUPPORT; 822 } 823 824 return unix_create1(net, sock, kern) ? 0 : -ENOMEM; 825 } 826 827 static int unix_release(struct socket *sock) 828 { 829 struct sock *sk = sock->sk; 830 831 if (!sk) 832 return 0; 833 834 unix_release_sock(sk, 0); 835 sock->sk = NULL; 836 837 return 0; 838 } 839 840 static int unix_autobind(struct socket *sock) 841 { 842 struct sock *sk = sock->sk; 843 struct net *net = sock_net(sk); 844 struct unix_sock *u = unix_sk(sk); 845 static u32 ordernum = 1; 846 struct unix_address *addr; 847 int err; 848 unsigned int retries = 0; 849 850 err = mutex_lock_interruptible(&u->readlock); 851 if (err) 852 return err; 853 854 err = 0; 855 if (u->addr) 856 goto out; 857 858 err = -ENOMEM; 859 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL); 860 if (!addr) 861 goto out; 862 863 addr->name->sun_family = AF_UNIX; 864 atomic_set(&addr->refcnt, 1); 865 866 retry: 867 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short); 868 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0)); 869 870 spin_lock(&unix_table_lock); 871 ordernum = (ordernum+1)&0xFFFFF; 872 873 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type, 874 addr->hash)) { 875 spin_unlock(&unix_table_lock); 876 /* 877 * __unix_find_socket_byname() may take long time if many names 878 * are already in use. 879 */ 880 cond_resched(); 881 /* Give up if all names seems to be in use. */ 882 if (retries++ == 0xFFFFF) { 883 err = -ENOSPC; 884 kfree(addr); 885 goto out; 886 } 887 goto retry; 888 } 889 addr->hash ^= sk->sk_type; 890 891 __unix_remove_socket(sk); 892 u->addr = addr; 893 __unix_insert_socket(&unix_socket_table[addr->hash], sk); 894 spin_unlock(&unix_table_lock); 895 err = 0; 896 897 out: mutex_unlock(&u->readlock); 898 return err; 899 } 900 901 static struct sock *unix_find_other(struct net *net, 902 struct sockaddr_un *sunname, int len, 903 int type, unsigned int hash, int *error) 904 { 905 struct sock *u; 906 struct path path; 907 int err = 0; 908 909 if (sunname->sun_path[0]) { 910 struct inode *inode; 911 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path); 912 if (err) 913 goto fail; 914 inode = d_backing_inode(path.dentry); 915 err = inode_permission(inode, MAY_WRITE); 916 if (err) 917 goto put_fail; 918 919 err = -ECONNREFUSED; 920 if (!S_ISSOCK(inode->i_mode)) 921 goto put_fail; 922 u = unix_find_socket_byinode(inode); 923 if (!u) 924 goto put_fail; 925 926 if (u->sk_type == type) 927 touch_atime(&path); 928 929 path_put(&path); 930 931 err = -EPROTOTYPE; 932 if (u->sk_type != type) { 933 sock_put(u); 934 goto fail; 935 } 936 } else { 937 err = -ECONNREFUSED; 938 u = unix_find_socket_byname(net, sunname, len, type, hash); 939 if (u) { 940 struct dentry *dentry; 941 dentry = unix_sk(u)->path.dentry; 942 if (dentry) 943 touch_atime(&unix_sk(u)->path); 944 } else 945 goto fail; 946 } 947 return u; 948 949 put_fail: 950 path_put(&path); 951 fail: 952 *error = err; 953 return NULL; 954 } 955 956 static int unix_mknod(struct dentry *dentry, const struct path *path, umode_t mode, 957 struct path *res) 958 { 959 int err; 960 961 err = security_path_mknod(path, dentry, mode, 0); 962 if (!err) { 963 err = vfs_mknod(d_inode(path->dentry), dentry, mode, 0); 964 if (!err) { 965 res->mnt = mntget(path->mnt); 966 res->dentry = dget(dentry); 967 } 968 } 969 970 return err; 971 } 972 973 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 974 { 975 struct sock *sk = sock->sk; 976 struct net *net = sock_net(sk); 977 struct unix_sock *u = unix_sk(sk); 978 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr; 979 char *sun_path = sunaddr->sun_path; 980 int err, name_err; 981 unsigned int hash; 982 struct unix_address *addr; 983 struct hlist_head *list; 984 struct path path; 985 struct dentry *dentry; 986 987 err = -EINVAL; 988 if (sunaddr->sun_family != AF_UNIX) 989 goto out; 990 991 if (addr_len == sizeof(short)) { 992 err = unix_autobind(sock); 993 goto out; 994 } 995 996 err = unix_mkname(sunaddr, addr_len, &hash); 997 if (err < 0) 998 goto out; 999 addr_len = err; 1000 1001 name_err = 0; 1002 dentry = NULL; 1003 if (sun_path[0]) { 1004 /* Get the parent directory, calculate the hash for last 1005 * component. 1006 */ 1007 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0); 1008 1009 if (IS_ERR(dentry)) { 1010 /* delay report until after 'already bound' check */ 1011 name_err = PTR_ERR(dentry); 1012 dentry = NULL; 1013 } 1014 } 1015 1016 err = mutex_lock_interruptible(&u->readlock); 1017 if (err) 1018 goto out_path; 1019 1020 err = -EINVAL; 1021 if (u->addr) 1022 goto out_up; 1023 1024 if (name_err) { 1025 err = name_err == -EEXIST ? -EADDRINUSE : name_err; 1026 goto out_up; 1027 } 1028 1029 err = -ENOMEM; 1030 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL); 1031 if (!addr) 1032 goto out_up; 1033 1034 memcpy(addr->name, sunaddr, addr_len); 1035 addr->len = addr_len; 1036 addr->hash = hash ^ sk->sk_type; 1037 atomic_set(&addr->refcnt, 1); 1038 1039 if (dentry) { 1040 struct path u_path; 1041 umode_t mode = S_IFSOCK | 1042 (SOCK_INODE(sock)->i_mode & ~current_umask()); 1043 err = unix_mknod(dentry, &path, mode, &u_path); 1044 if (err) { 1045 if (err == -EEXIST) 1046 err = -EADDRINUSE; 1047 unix_release_addr(addr); 1048 goto out_up; 1049 } 1050 addr->hash = UNIX_HASH_SIZE; 1051 hash = d_backing_inode(dentry)->i_ino & (UNIX_HASH_SIZE - 1); 1052 spin_lock(&unix_table_lock); 1053 u->path = u_path; 1054 list = &unix_socket_table[hash]; 1055 } else { 1056 spin_lock(&unix_table_lock); 1057 err = -EADDRINUSE; 1058 if (__unix_find_socket_byname(net, sunaddr, addr_len, 1059 sk->sk_type, hash)) { 1060 unix_release_addr(addr); 1061 goto out_unlock; 1062 } 1063 1064 list = &unix_socket_table[addr->hash]; 1065 } 1066 1067 err = 0; 1068 __unix_remove_socket(sk); 1069 u->addr = addr; 1070 __unix_insert_socket(list, sk); 1071 1072 out_unlock: 1073 spin_unlock(&unix_table_lock); 1074 out_up: 1075 mutex_unlock(&u->readlock); 1076 out_path: 1077 if (dentry) 1078 done_path_create(&path, dentry); 1079 1080 out: 1081 return err; 1082 } 1083 1084 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2) 1085 { 1086 if (unlikely(sk1 == sk2) || !sk2) { 1087 unix_state_lock(sk1); 1088 return; 1089 } 1090 if (sk1 < sk2) { 1091 unix_state_lock(sk1); 1092 unix_state_lock_nested(sk2); 1093 } else { 1094 unix_state_lock(sk2); 1095 unix_state_lock_nested(sk1); 1096 } 1097 } 1098 1099 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2) 1100 { 1101 if (unlikely(sk1 == sk2) || !sk2) { 1102 unix_state_unlock(sk1); 1103 return; 1104 } 1105 unix_state_unlock(sk1); 1106 unix_state_unlock(sk2); 1107 } 1108 1109 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr, 1110 int alen, int flags) 1111 { 1112 struct sock *sk = sock->sk; 1113 struct net *net = sock_net(sk); 1114 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr; 1115 struct sock *other; 1116 unsigned int hash; 1117 int err; 1118 1119 if (addr->sa_family != AF_UNSPEC) { 1120 err = unix_mkname(sunaddr, alen, &hash); 1121 if (err < 0) 1122 goto out; 1123 alen = err; 1124 1125 if (test_bit(SOCK_PASSCRED, &sock->flags) && 1126 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0) 1127 goto out; 1128 1129 restart: 1130 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err); 1131 if (!other) 1132 goto out; 1133 1134 unix_state_double_lock(sk, other); 1135 1136 /* Apparently VFS overslept socket death. Retry. */ 1137 if (sock_flag(other, SOCK_DEAD)) { 1138 unix_state_double_unlock(sk, other); 1139 sock_put(other); 1140 goto restart; 1141 } 1142 1143 err = -EPERM; 1144 if (!unix_may_send(sk, other)) 1145 goto out_unlock; 1146 1147 err = security_unix_may_send(sk->sk_socket, other->sk_socket); 1148 if (err) 1149 goto out_unlock; 1150 1151 } else { 1152 /* 1153 * 1003.1g breaking connected state with AF_UNSPEC 1154 */ 1155 other = NULL; 1156 unix_state_double_lock(sk, other); 1157 } 1158 1159 /* 1160 * If it was connected, reconnect. 1161 */ 1162 if (unix_peer(sk)) { 1163 struct sock *old_peer = unix_peer(sk); 1164 unix_peer(sk) = other; 1165 unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer); 1166 1167 unix_state_double_unlock(sk, other); 1168 1169 if (other != old_peer) 1170 unix_dgram_disconnected(sk, old_peer); 1171 sock_put(old_peer); 1172 } else { 1173 unix_peer(sk) = other; 1174 unix_state_double_unlock(sk, other); 1175 } 1176 return 0; 1177 1178 out_unlock: 1179 unix_state_double_unlock(sk, other); 1180 sock_put(other); 1181 out: 1182 return err; 1183 } 1184 1185 static long unix_wait_for_peer(struct sock *other, long timeo) 1186 { 1187 struct unix_sock *u = unix_sk(other); 1188 int sched; 1189 DEFINE_WAIT(wait); 1190 1191 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE); 1192 1193 sched = !sock_flag(other, SOCK_DEAD) && 1194 !(other->sk_shutdown & RCV_SHUTDOWN) && 1195 unix_recvq_full(other); 1196 1197 unix_state_unlock(other); 1198 1199 if (sched) 1200 timeo = schedule_timeout(timeo); 1201 1202 finish_wait(&u->peer_wait, &wait); 1203 return timeo; 1204 } 1205 1206 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr, 1207 int addr_len, int flags) 1208 { 1209 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr; 1210 struct sock *sk = sock->sk; 1211 struct net *net = sock_net(sk); 1212 struct unix_sock *u = unix_sk(sk), *newu, *otheru; 1213 struct sock *newsk = NULL; 1214 struct sock *other = NULL; 1215 struct sk_buff *skb = NULL; 1216 unsigned int hash; 1217 int st; 1218 int err; 1219 long timeo; 1220 1221 err = unix_mkname(sunaddr, addr_len, &hash); 1222 if (err < 0) 1223 goto out; 1224 addr_len = err; 1225 1226 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr && 1227 (err = unix_autobind(sock)) != 0) 1228 goto out; 1229 1230 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK); 1231 1232 /* First of all allocate resources. 1233 If we will make it after state is locked, 1234 we will have to recheck all again in any case. 1235 */ 1236 1237 err = -ENOMEM; 1238 1239 /* create new sock for complete connection */ 1240 newsk = unix_create1(sock_net(sk), NULL, 0); 1241 if (newsk == NULL) 1242 goto out; 1243 1244 /* Allocate skb for sending to listening sock */ 1245 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL); 1246 if (skb == NULL) 1247 goto out; 1248 1249 restart: 1250 /* Find listening sock. */ 1251 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err); 1252 if (!other) 1253 goto out; 1254 1255 /* Latch state of peer */ 1256 unix_state_lock(other); 1257 1258 /* Apparently VFS overslept socket death. Retry. */ 1259 if (sock_flag(other, SOCK_DEAD)) { 1260 unix_state_unlock(other); 1261 sock_put(other); 1262 goto restart; 1263 } 1264 1265 err = -ECONNREFUSED; 1266 if (other->sk_state != TCP_LISTEN) 1267 goto out_unlock; 1268 if (other->sk_shutdown & RCV_SHUTDOWN) 1269 goto out_unlock; 1270 1271 if (unix_recvq_full(other)) { 1272 err = -EAGAIN; 1273 if (!timeo) 1274 goto out_unlock; 1275 1276 timeo = unix_wait_for_peer(other, timeo); 1277 1278 err = sock_intr_errno(timeo); 1279 if (signal_pending(current)) 1280 goto out; 1281 sock_put(other); 1282 goto restart; 1283 } 1284 1285 /* Latch our state. 1286 1287 It is tricky place. We need to grab our state lock and cannot 1288 drop lock on peer. It is dangerous because deadlock is 1289 possible. Connect to self case and simultaneous 1290 attempt to connect are eliminated by checking socket 1291 state. other is TCP_LISTEN, if sk is TCP_LISTEN we 1292 check this before attempt to grab lock. 1293 1294 Well, and we have to recheck the state after socket locked. 1295 */ 1296 st = sk->sk_state; 1297 1298 switch (st) { 1299 case TCP_CLOSE: 1300 /* This is ok... continue with connect */ 1301 break; 1302 case TCP_ESTABLISHED: 1303 /* Socket is already connected */ 1304 err = -EISCONN; 1305 goto out_unlock; 1306 default: 1307 err = -EINVAL; 1308 goto out_unlock; 1309 } 1310 1311 unix_state_lock_nested(sk); 1312 1313 if (sk->sk_state != st) { 1314 unix_state_unlock(sk); 1315 unix_state_unlock(other); 1316 sock_put(other); 1317 goto restart; 1318 } 1319 1320 err = security_unix_stream_connect(sk, other, newsk); 1321 if (err) { 1322 unix_state_unlock(sk); 1323 goto out_unlock; 1324 } 1325 1326 /* The way is open! Fastly set all the necessary fields... */ 1327 1328 sock_hold(sk); 1329 unix_peer(newsk) = sk; 1330 newsk->sk_state = TCP_ESTABLISHED; 1331 newsk->sk_type = sk->sk_type; 1332 init_peercred(newsk); 1333 newu = unix_sk(newsk); 1334 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq); 1335 otheru = unix_sk(other); 1336 1337 /* copy address information from listening to new sock*/ 1338 if (otheru->addr) { 1339 atomic_inc(&otheru->addr->refcnt); 1340 newu->addr = otheru->addr; 1341 } 1342 if (otheru->path.dentry) { 1343 path_get(&otheru->path); 1344 newu->path = otheru->path; 1345 } 1346 1347 /* Set credentials */ 1348 copy_peercred(sk, other); 1349 1350 sock->state = SS_CONNECTED; 1351 sk->sk_state = TCP_ESTABLISHED; 1352 sock_hold(newsk); 1353 1354 smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */ 1355 unix_peer(sk) = newsk; 1356 1357 unix_state_unlock(sk); 1358 1359 /* take ten and and send info to listening sock */ 1360 spin_lock(&other->sk_receive_queue.lock); 1361 __skb_queue_tail(&other->sk_receive_queue, skb); 1362 spin_unlock(&other->sk_receive_queue.lock); 1363 unix_state_unlock(other); 1364 other->sk_data_ready(other); 1365 sock_put(other); 1366 return 0; 1367 1368 out_unlock: 1369 if (other) 1370 unix_state_unlock(other); 1371 1372 out: 1373 kfree_skb(skb); 1374 if (newsk) 1375 unix_release_sock(newsk, 0); 1376 if (other) 1377 sock_put(other); 1378 return err; 1379 } 1380 1381 static int unix_socketpair(struct socket *socka, struct socket *sockb) 1382 { 1383 struct sock *ska = socka->sk, *skb = sockb->sk; 1384 1385 /* Join our sockets back to back */ 1386 sock_hold(ska); 1387 sock_hold(skb); 1388 unix_peer(ska) = skb; 1389 unix_peer(skb) = ska; 1390 init_peercred(ska); 1391 init_peercred(skb); 1392 1393 if (ska->sk_type != SOCK_DGRAM) { 1394 ska->sk_state = TCP_ESTABLISHED; 1395 skb->sk_state = TCP_ESTABLISHED; 1396 socka->state = SS_CONNECTED; 1397 sockb->state = SS_CONNECTED; 1398 } 1399 return 0; 1400 } 1401 1402 static void unix_sock_inherit_flags(const struct socket *old, 1403 struct socket *new) 1404 { 1405 if (test_bit(SOCK_PASSCRED, &old->flags)) 1406 set_bit(SOCK_PASSCRED, &new->flags); 1407 if (test_bit(SOCK_PASSSEC, &old->flags)) 1408 set_bit(SOCK_PASSSEC, &new->flags); 1409 } 1410 1411 static int unix_accept(struct socket *sock, struct socket *newsock, int flags) 1412 { 1413 struct sock *sk = sock->sk; 1414 struct sock *tsk; 1415 struct sk_buff *skb; 1416 int err; 1417 1418 err = -EOPNOTSUPP; 1419 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET) 1420 goto out; 1421 1422 err = -EINVAL; 1423 if (sk->sk_state != TCP_LISTEN) 1424 goto out; 1425 1426 /* If socket state is TCP_LISTEN it cannot change (for now...), 1427 * so that no locks are necessary. 1428 */ 1429 1430 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err); 1431 if (!skb) { 1432 /* This means receive shutdown. */ 1433 if (err == 0) 1434 err = -EINVAL; 1435 goto out; 1436 } 1437 1438 tsk = skb->sk; 1439 skb_free_datagram(sk, skb); 1440 wake_up_interruptible(&unix_sk(sk)->peer_wait); 1441 1442 /* attach accepted sock to socket */ 1443 unix_state_lock(tsk); 1444 newsock->state = SS_CONNECTED; 1445 unix_sock_inherit_flags(sock, newsock); 1446 sock_graft(tsk, newsock); 1447 unix_state_unlock(tsk); 1448 return 0; 1449 1450 out: 1451 return err; 1452 } 1453 1454 1455 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) 1456 { 1457 struct sock *sk = sock->sk; 1458 struct unix_sock *u; 1459 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr); 1460 int err = 0; 1461 1462 if (peer) { 1463 sk = unix_peer_get(sk); 1464 1465 err = -ENOTCONN; 1466 if (!sk) 1467 goto out; 1468 err = 0; 1469 } else { 1470 sock_hold(sk); 1471 } 1472 1473 u = unix_sk(sk); 1474 unix_state_lock(sk); 1475 if (!u->addr) { 1476 sunaddr->sun_family = AF_UNIX; 1477 sunaddr->sun_path[0] = 0; 1478 *uaddr_len = sizeof(short); 1479 } else { 1480 struct unix_address *addr = u->addr; 1481 1482 *uaddr_len = addr->len; 1483 memcpy(sunaddr, addr->name, *uaddr_len); 1484 } 1485 unix_state_unlock(sk); 1486 sock_put(sk); 1487 out: 1488 return err; 1489 } 1490 1491 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb) 1492 { 1493 int i; 1494 1495 scm->fp = UNIXCB(skb).fp; 1496 UNIXCB(skb).fp = NULL; 1497 1498 for (i = scm->fp->count-1; i >= 0; i--) 1499 unix_notinflight(scm->fp->user, scm->fp->fp[i]); 1500 } 1501 1502 static void unix_destruct_scm(struct sk_buff *skb) 1503 { 1504 struct scm_cookie scm; 1505 memset(&scm, 0, sizeof(scm)); 1506 scm.pid = UNIXCB(skb).pid; 1507 if (UNIXCB(skb).fp) 1508 unix_detach_fds(&scm, skb); 1509 1510 /* Alas, it calls VFS */ 1511 /* So fscking what? fput() had been SMP-safe since the last Summer */ 1512 scm_destroy(&scm); 1513 sock_wfree(skb); 1514 } 1515 1516 /* 1517 * The "user->unix_inflight" variable is protected by the garbage 1518 * collection lock, and we just read it locklessly here. If you go 1519 * over the limit, there might be a tiny race in actually noticing 1520 * it across threads. Tough. 1521 */ 1522 static inline bool too_many_unix_fds(struct task_struct *p) 1523 { 1524 struct user_struct *user = current_user(); 1525 1526 if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE))) 1527 return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); 1528 return false; 1529 } 1530 1531 #define MAX_RECURSION_LEVEL 4 1532 1533 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb) 1534 { 1535 int i; 1536 unsigned char max_level = 0; 1537 1538 if (too_many_unix_fds(current)) 1539 return -ETOOMANYREFS; 1540 1541 for (i = scm->fp->count - 1; i >= 0; i--) { 1542 struct sock *sk = unix_get_socket(scm->fp->fp[i]); 1543 1544 if (sk) 1545 max_level = max(max_level, 1546 unix_sk(sk)->recursion_level); 1547 } 1548 if (unlikely(max_level > MAX_RECURSION_LEVEL)) 1549 return -ETOOMANYREFS; 1550 1551 /* 1552 * Need to duplicate file references for the sake of garbage 1553 * collection. Otherwise a socket in the fps might become a 1554 * candidate for GC while the skb is not yet queued. 1555 */ 1556 UNIXCB(skb).fp = scm_fp_dup(scm->fp); 1557 if (!UNIXCB(skb).fp) 1558 return -ENOMEM; 1559 1560 for (i = scm->fp->count - 1; i >= 0; i--) 1561 unix_inflight(scm->fp->user, scm->fp->fp[i]); 1562 return max_level; 1563 } 1564 1565 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds) 1566 { 1567 int err = 0; 1568 1569 UNIXCB(skb).pid = get_pid(scm->pid); 1570 UNIXCB(skb).uid = scm->creds.uid; 1571 UNIXCB(skb).gid = scm->creds.gid; 1572 UNIXCB(skb).fp = NULL; 1573 unix_get_secdata(scm, skb); 1574 if (scm->fp && send_fds) 1575 err = unix_attach_fds(scm, skb); 1576 1577 skb->destructor = unix_destruct_scm; 1578 return err; 1579 } 1580 1581 static bool unix_passcred_enabled(const struct socket *sock, 1582 const struct sock *other) 1583 { 1584 return test_bit(SOCK_PASSCRED, &sock->flags) || 1585 !other->sk_socket || 1586 test_bit(SOCK_PASSCRED, &other->sk_socket->flags); 1587 } 1588 1589 /* 1590 * Some apps rely on write() giving SCM_CREDENTIALS 1591 * We include credentials if source or destination socket 1592 * asserted SOCK_PASSCRED. 1593 */ 1594 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock, 1595 const struct sock *other) 1596 { 1597 if (UNIXCB(skb).pid) 1598 return; 1599 if (unix_passcred_enabled(sock, other)) { 1600 UNIXCB(skb).pid = get_pid(task_tgid(current)); 1601 current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid); 1602 } 1603 } 1604 1605 static int maybe_init_creds(struct scm_cookie *scm, 1606 struct socket *socket, 1607 const struct sock *other) 1608 { 1609 int err; 1610 struct msghdr msg = { .msg_controllen = 0 }; 1611 1612 err = scm_send(socket, &msg, scm, false); 1613 if (err) 1614 return err; 1615 1616 if (unix_passcred_enabled(socket, other)) { 1617 scm->pid = get_pid(task_tgid(current)); 1618 current_uid_gid(&scm->creds.uid, &scm->creds.gid); 1619 } 1620 return err; 1621 } 1622 1623 static bool unix_skb_scm_eq(struct sk_buff *skb, 1624 struct scm_cookie *scm) 1625 { 1626 const struct unix_skb_parms *u = &UNIXCB(skb); 1627 1628 return u->pid == scm->pid && 1629 uid_eq(u->uid, scm->creds.uid) && 1630 gid_eq(u->gid, scm->creds.gid) && 1631 unix_secdata_eq(scm, skb); 1632 } 1633 1634 /* 1635 * Send AF_UNIX data. 1636 */ 1637 1638 static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg, 1639 size_t len) 1640 { 1641 struct sock *sk = sock->sk; 1642 struct net *net = sock_net(sk); 1643 struct unix_sock *u = unix_sk(sk); 1644 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name); 1645 struct sock *other = NULL; 1646 int namelen = 0; /* fake GCC */ 1647 int err; 1648 unsigned int hash; 1649 struct sk_buff *skb; 1650 long timeo; 1651 struct scm_cookie scm; 1652 int max_level; 1653 int data_len = 0; 1654 int sk_locked; 1655 1656 wait_for_unix_gc(); 1657 err = scm_send(sock, msg, &scm, false); 1658 if (err < 0) 1659 return err; 1660 1661 err = -EOPNOTSUPP; 1662 if (msg->msg_flags&MSG_OOB) 1663 goto out; 1664 1665 if (msg->msg_namelen) { 1666 err = unix_mkname(sunaddr, msg->msg_namelen, &hash); 1667 if (err < 0) 1668 goto out; 1669 namelen = err; 1670 } else { 1671 sunaddr = NULL; 1672 err = -ENOTCONN; 1673 other = unix_peer_get(sk); 1674 if (!other) 1675 goto out; 1676 } 1677 1678 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr 1679 && (err = unix_autobind(sock)) != 0) 1680 goto out; 1681 1682 err = -EMSGSIZE; 1683 if (len > sk->sk_sndbuf - 32) 1684 goto out; 1685 1686 if (len > SKB_MAX_ALLOC) { 1687 data_len = min_t(size_t, 1688 len - SKB_MAX_ALLOC, 1689 MAX_SKB_FRAGS * PAGE_SIZE); 1690 data_len = PAGE_ALIGN(data_len); 1691 1692 BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE); 1693 } 1694 1695 skb = sock_alloc_send_pskb(sk, len - data_len, data_len, 1696 msg->msg_flags & MSG_DONTWAIT, &err, 1697 PAGE_ALLOC_COSTLY_ORDER); 1698 if (skb == NULL) 1699 goto out; 1700 1701 err = unix_scm_to_skb(&scm, skb, true); 1702 if (err < 0) 1703 goto out_free; 1704 max_level = err + 1; 1705 1706 skb_put(skb, len - data_len); 1707 skb->data_len = data_len; 1708 skb->len = len; 1709 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len); 1710 if (err) 1711 goto out_free; 1712 1713 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); 1714 1715 restart: 1716 if (!other) { 1717 err = -ECONNRESET; 1718 if (sunaddr == NULL) 1719 goto out_free; 1720 1721 other = unix_find_other(net, sunaddr, namelen, sk->sk_type, 1722 hash, &err); 1723 if (other == NULL) 1724 goto out_free; 1725 } 1726 1727 if (sk_filter(other, skb) < 0) { 1728 /* Toss the packet but do not return any error to the sender */ 1729 err = len; 1730 goto out_free; 1731 } 1732 1733 sk_locked = 0; 1734 unix_state_lock(other); 1735 restart_locked: 1736 err = -EPERM; 1737 if (!unix_may_send(sk, other)) 1738 goto out_unlock; 1739 1740 if (unlikely(sock_flag(other, SOCK_DEAD))) { 1741 /* 1742 * Check with 1003.1g - what should 1743 * datagram error 1744 */ 1745 unix_state_unlock(other); 1746 sock_put(other); 1747 1748 if (!sk_locked) 1749 unix_state_lock(sk); 1750 1751 err = 0; 1752 if (unix_peer(sk) == other) { 1753 unix_peer(sk) = NULL; 1754 unix_dgram_peer_wake_disconnect_wakeup(sk, other); 1755 1756 unix_state_unlock(sk); 1757 1758 unix_dgram_disconnected(sk, other); 1759 sock_put(other); 1760 err = -ECONNREFUSED; 1761 } else { 1762 unix_state_unlock(sk); 1763 } 1764 1765 other = NULL; 1766 if (err) 1767 goto out_free; 1768 goto restart; 1769 } 1770 1771 err = -EPIPE; 1772 if (other->sk_shutdown & RCV_SHUTDOWN) 1773 goto out_unlock; 1774 1775 if (sk->sk_type != SOCK_SEQPACKET) { 1776 err = security_unix_may_send(sk->sk_socket, other->sk_socket); 1777 if (err) 1778 goto out_unlock; 1779 } 1780 1781 /* other == sk && unix_peer(other) != sk if 1782 * - unix_peer(sk) == NULL, destination address bound to sk 1783 * - unix_peer(sk) == sk by time of get but disconnected before lock 1784 */ 1785 if (other != sk && 1786 unlikely(unix_peer(other) != sk && unix_recvq_full(other))) { 1787 if (timeo) { 1788 timeo = unix_wait_for_peer(other, timeo); 1789 1790 err = sock_intr_errno(timeo); 1791 if (signal_pending(current)) 1792 goto out_free; 1793 1794 goto restart; 1795 } 1796 1797 if (!sk_locked) { 1798 unix_state_unlock(other); 1799 unix_state_double_lock(sk, other); 1800 } 1801 1802 if (unix_peer(sk) != other || 1803 unix_dgram_peer_wake_me(sk, other)) { 1804 err = -EAGAIN; 1805 sk_locked = 1; 1806 goto out_unlock; 1807 } 1808 1809 if (!sk_locked) { 1810 sk_locked = 1; 1811 goto restart_locked; 1812 } 1813 } 1814 1815 if (unlikely(sk_locked)) 1816 unix_state_unlock(sk); 1817 1818 if (sock_flag(other, SOCK_RCVTSTAMP)) 1819 __net_timestamp(skb); 1820 maybe_add_creds(skb, sock, other); 1821 skb_queue_tail(&other->sk_receive_queue, skb); 1822 if (max_level > unix_sk(other)->recursion_level) 1823 unix_sk(other)->recursion_level = max_level; 1824 unix_state_unlock(other); 1825 other->sk_data_ready(other); 1826 sock_put(other); 1827 scm_destroy(&scm); 1828 return len; 1829 1830 out_unlock: 1831 if (sk_locked) 1832 unix_state_unlock(sk); 1833 unix_state_unlock(other); 1834 out_free: 1835 kfree_skb(skb); 1836 out: 1837 if (other) 1838 sock_put(other); 1839 scm_destroy(&scm); 1840 return err; 1841 } 1842 1843 /* We use paged skbs for stream sockets, and limit occupancy to 32768 1844 * bytes, and a minimun of a full page. 1845 */ 1846 #define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768)) 1847 1848 static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg, 1849 size_t len) 1850 { 1851 struct sock *sk = sock->sk; 1852 struct sock *other = NULL; 1853 int err, size; 1854 struct sk_buff *skb; 1855 int sent = 0; 1856 struct scm_cookie scm; 1857 bool fds_sent = false; 1858 int max_level; 1859 int data_len; 1860 1861 wait_for_unix_gc(); 1862 err = scm_send(sock, msg, &scm, false); 1863 if (err < 0) 1864 return err; 1865 1866 err = -EOPNOTSUPP; 1867 if (msg->msg_flags&MSG_OOB) 1868 goto out_err; 1869 1870 if (msg->msg_namelen) { 1871 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP; 1872 goto out_err; 1873 } else { 1874 err = -ENOTCONN; 1875 other = unix_peer(sk); 1876 if (!other) 1877 goto out_err; 1878 } 1879 1880 if (sk->sk_shutdown & SEND_SHUTDOWN) 1881 goto pipe_err; 1882 1883 while (sent < len) { 1884 size = len - sent; 1885 1886 /* Keep two messages in the pipe so it schedules better */ 1887 size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64); 1888 1889 /* allow fallback to order-0 allocations */ 1890 size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ); 1891 1892 data_len = max_t(int, 0, size - SKB_MAX_HEAD(0)); 1893 1894 data_len = min_t(size_t, size, PAGE_ALIGN(data_len)); 1895 1896 skb = sock_alloc_send_pskb(sk, size - data_len, data_len, 1897 msg->msg_flags & MSG_DONTWAIT, &err, 1898 get_order(UNIX_SKB_FRAGS_SZ)); 1899 if (!skb) 1900 goto out_err; 1901 1902 /* Only send the fds in the first buffer */ 1903 err = unix_scm_to_skb(&scm, skb, !fds_sent); 1904 if (err < 0) { 1905 kfree_skb(skb); 1906 goto out_err; 1907 } 1908 max_level = err + 1; 1909 fds_sent = true; 1910 1911 skb_put(skb, size - data_len); 1912 skb->data_len = data_len; 1913 skb->len = size; 1914 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size); 1915 if (err) { 1916 kfree_skb(skb); 1917 goto out_err; 1918 } 1919 1920 unix_state_lock(other); 1921 1922 if (sock_flag(other, SOCK_DEAD) || 1923 (other->sk_shutdown & RCV_SHUTDOWN)) 1924 goto pipe_err_free; 1925 1926 maybe_add_creds(skb, sock, other); 1927 skb_queue_tail(&other->sk_receive_queue, skb); 1928 if (max_level > unix_sk(other)->recursion_level) 1929 unix_sk(other)->recursion_level = max_level; 1930 unix_state_unlock(other); 1931 other->sk_data_ready(other); 1932 sent += size; 1933 } 1934 1935 scm_destroy(&scm); 1936 1937 return sent; 1938 1939 pipe_err_free: 1940 unix_state_unlock(other); 1941 kfree_skb(skb); 1942 pipe_err: 1943 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL)) 1944 send_sig(SIGPIPE, current, 0); 1945 err = -EPIPE; 1946 out_err: 1947 scm_destroy(&scm); 1948 return sent ? : err; 1949 } 1950 1951 static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page, 1952 int offset, size_t size, int flags) 1953 { 1954 int err; 1955 bool send_sigpipe = false; 1956 bool init_scm = true; 1957 struct scm_cookie scm; 1958 struct sock *other, *sk = socket->sk; 1959 struct sk_buff *skb, *newskb = NULL, *tail = NULL; 1960 1961 if (flags & MSG_OOB) 1962 return -EOPNOTSUPP; 1963 1964 other = unix_peer(sk); 1965 if (!other || sk->sk_state != TCP_ESTABLISHED) 1966 return -ENOTCONN; 1967 1968 if (false) { 1969 alloc_skb: 1970 unix_state_unlock(other); 1971 mutex_unlock(&unix_sk(other)->readlock); 1972 newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT, 1973 &err, 0); 1974 if (!newskb) 1975 goto err; 1976 } 1977 1978 /* we must acquire readlock as we modify already present 1979 * skbs in the sk_receive_queue and mess with skb->len 1980 */ 1981 err = mutex_lock_interruptible(&unix_sk(other)->readlock); 1982 if (err) { 1983 err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS; 1984 goto err; 1985 } 1986 1987 if (sk->sk_shutdown & SEND_SHUTDOWN) { 1988 err = -EPIPE; 1989 send_sigpipe = true; 1990 goto err_unlock; 1991 } 1992 1993 unix_state_lock(other); 1994 1995 if (sock_flag(other, SOCK_DEAD) || 1996 other->sk_shutdown & RCV_SHUTDOWN) { 1997 err = -EPIPE; 1998 send_sigpipe = true; 1999 goto err_state_unlock; 2000 } 2001 2002 if (init_scm) { 2003 err = maybe_init_creds(&scm, socket, other); 2004 if (err) 2005 goto err_state_unlock; 2006 init_scm = false; 2007 } 2008 2009 skb = skb_peek_tail(&other->sk_receive_queue); 2010 if (tail && tail == skb) { 2011 skb = newskb; 2012 } else if (!skb || !unix_skb_scm_eq(skb, &scm)) { 2013 if (newskb) { 2014 skb = newskb; 2015 } else { 2016 tail = skb; 2017 goto alloc_skb; 2018 } 2019 } else if (newskb) { 2020 /* this is fast path, we don't necessarily need to 2021 * call to kfree_skb even though with newskb == NULL 2022 * this - does no harm 2023 */ 2024 consume_skb(newskb); 2025 newskb = NULL; 2026 } 2027 2028 if (skb_append_pagefrags(skb, page, offset, size)) { 2029 tail = skb; 2030 goto alloc_skb; 2031 } 2032 2033 skb->len += size; 2034 skb->data_len += size; 2035 skb->truesize += size; 2036 atomic_add(size, &sk->sk_wmem_alloc); 2037 2038 if (newskb) { 2039 err = unix_scm_to_skb(&scm, skb, false); 2040 if (err) 2041 goto err_state_unlock; 2042 spin_lock(&other->sk_receive_queue.lock); 2043 __skb_queue_tail(&other->sk_receive_queue, newskb); 2044 spin_unlock(&other->sk_receive_queue.lock); 2045 } 2046 2047 unix_state_unlock(other); 2048 mutex_unlock(&unix_sk(other)->readlock); 2049 2050 other->sk_data_ready(other); 2051 scm_destroy(&scm); 2052 return size; 2053 2054 err_state_unlock: 2055 unix_state_unlock(other); 2056 err_unlock: 2057 mutex_unlock(&unix_sk(other)->readlock); 2058 err: 2059 kfree_skb(newskb); 2060 if (send_sigpipe && !(flags & MSG_NOSIGNAL)) 2061 send_sig(SIGPIPE, current, 0); 2062 if (!init_scm) 2063 scm_destroy(&scm); 2064 return err; 2065 } 2066 2067 static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg, 2068 size_t len) 2069 { 2070 int err; 2071 struct sock *sk = sock->sk; 2072 2073 err = sock_error(sk); 2074 if (err) 2075 return err; 2076 2077 if (sk->sk_state != TCP_ESTABLISHED) 2078 return -ENOTCONN; 2079 2080 if (msg->msg_namelen) 2081 msg->msg_namelen = 0; 2082 2083 return unix_dgram_sendmsg(sock, msg, len); 2084 } 2085 2086 static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg, 2087 size_t size, int flags) 2088 { 2089 struct sock *sk = sock->sk; 2090 2091 if (sk->sk_state != TCP_ESTABLISHED) 2092 return -ENOTCONN; 2093 2094 return unix_dgram_recvmsg(sock, msg, size, flags); 2095 } 2096 2097 static void unix_copy_addr(struct msghdr *msg, struct sock *sk) 2098 { 2099 struct unix_sock *u = unix_sk(sk); 2100 2101 if (u->addr) { 2102 msg->msg_namelen = u->addr->len; 2103 memcpy(msg->msg_name, u->addr->name, u->addr->len); 2104 } 2105 } 2106 2107 static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg, 2108 size_t size, int flags) 2109 { 2110 struct scm_cookie scm; 2111 struct sock *sk = sock->sk; 2112 struct unix_sock *u = unix_sk(sk); 2113 struct sk_buff *skb, *last; 2114 long timeo; 2115 int err; 2116 int peeked, skip; 2117 2118 err = -EOPNOTSUPP; 2119 if (flags&MSG_OOB) 2120 goto out; 2121 2122 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 2123 2124 do { 2125 mutex_lock(&u->readlock); 2126 2127 skip = sk_peek_offset(sk, flags); 2128 skb = __skb_try_recv_datagram(sk, flags, &peeked, &skip, &err, 2129 &last); 2130 if (skb) 2131 break; 2132 2133 mutex_unlock(&u->readlock); 2134 2135 if (err != -EAGAIN) 2136 break; 2137 } while (timeo && 2138 !__skb_wait_for_more_packets(sk, &err, &timeo, last)); 2139 2140 if (!skb) { /* implies readlock unlocked */ 2141 unix_state_lock(sk); 2142 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */ 2143 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && 2144 (sk->sk_shutdown & RCV_SHUTDOWN)) 2145 err = 0; 2146 unix_state_unlock(sk); 2147 goto out; 2148 } 2149 2150 if (wq_has_sleeper(&u->peer_wait)) 2151 wake_up_interruptible_sync_poll(&u->peer_wait, 2152 POLLOUT | POLLWRNORM | 2153 POLLWRBAND); 2154 2155 if (msg->msg_name) 2156 unix_copy_addr(msg, skb->sk); 2157 2158 if (size > skb->len - skip) 2159 size = skb->len - skip; 2160 else if (size < skb->len - skip) 2161 msg->msg_flags |= MSG_TRUNC; 2162 2163 err = skb_copy_datagram_msg(skb, skip, msg, size); 2164 if (err) 2165 goto out_free; 2166 2167 if (sock_flag(sk, SOCK_RCVTSTAMP)) 2168 __sock_recv_timestamp(msg, sk, skb); 2169 2170 memset(&scm, 0, sizeof(scm)); 2171 2172 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); 2173 unix_set_secdata(&scm, skb); 2174 2175 if (!(flags & MSG_PEEK)) { 2176 if (UNIXCB(skb).fp) 2177 unix_detach_fds(&scm, skb); 2178 2179 sk_peek_offset_bwd(sk, skb->len); 2180 } else { 2181 /* It is questionable: on PEEK we could: 2182 - do not return fds - good, but too simple 8) 2183 - return fds, and do not return them on read (old strategy, 2184 apparently wrong) 2185 - clone fds (I chose it for now, it is the most universal 2186 solution) 2187 2188 POSIX 1003.1g does not actually define this clearly 2189 at all. POSIX 1003.1g doesn't define a lot of things 2190 clearly however! 2191 2192 */ 2193 2194 sk_peek_offset_fwd(sk, size); 2195 2196 if (UNIXCB(skb).fp) 2197 scm.fp = scm_fp_dup(UNIXCB(skb).fp); 2198 } 2199 err = (flags & MSG_TRUNC) ? skb->len - skip : size; 2200 2201 scm_recv(sock, msg, &scm, flags); 2202 2203 out_free: 2204 skb_free_datagram(sk, skb); 2205 mutex_unlock(&u->readlock); 2206 out: 2207 return err; 2208 } 2209 2210 /* 2211 * Sleep until more data has arrived. But check for races.. 2212 */ 2213 static long unix_stream_data_wait(struct sock *sk, long timeo, 2214 struct sk_buff *last, unsigned int last_len) 2215 { 2216 struct sk_buff *tail; 2217 DEFINE_WAIT(wait); 2218 2219 unix_state_lock(sk); 2220 2221 for (;;) { 2222 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); 2223 2224 tail = skb_peek_tail(&sk->sk_receive_queue); 2225 if (tail != last || 2226 (tail && tail->len != last_len) || 2227 sk->sk_err || 2228 (sk->sk_shutdown & RCV_SHUTDOWN) || 2229 signal_pending(current) || 2230 !timeo) 2231 break; 2232 2233 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 2234 unix_state_unlock(sk); 2235 timeo = freezable_schedule_timeout(timeo); 2236 unix_state_lock(sk); 2237 2238 if (sock_flag(sk, SOCK_DEAD)) 2239 break; 2240 2241 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 2242 } 2243 2244 finish_wait(sk_sleep(sk), &wait); 2245 unix_state_unlock(sk); 2246 return timeo; 2247 } 2248 2249 static unsigned int unix_skb_len(const struct sk_buff *skb) 2250 { 2251 return skb->len - UNIXCB(skb).consumed; 2252 } 2253 2254 struct unix_stream_read_state { 2255 int (*recv_actor)(struct sk_buff *, int, int, 2256 struct unix_stream_read_state *); 2257 struct socket *socket; 2258 struct msghdr *msg; 2259 struct pipe_inode_info *pipe; 2260 size_t size; 2261 int flags; 2262 unsigned int splice_flags; 2263 }; 2264 2265 static int unix_stream_read_generic(struct unix_stream_read_state *state) 2266 { 2267 struct scm_cookie scm; 2268 struct socket *sock = state->socket; 2269 struct sock *sk = sock->sk; 2270 struct unix_sock *u = unix_sk(sk); 2271 int copied = 0; 2272 int flags = state->flags; 2273 int noblock = flags & MSG_DONTWAIT; 2274 bool check_creds = false; 2275 int target; 2276 int err = 0; 2277 long timeo; 2278 int skip; 2279 size_t size = state->size; 2280 unsigned int last_len; 2281 2282 if (unlikely(sk->sk_state != TCP_ESTABLISHED)) { 2283 err = -EINVAL; 2284 goto out; 2285 } 2286 2287 if (unlikely(flags & MSG_OOB)) { 2288 err = -EOPNOTSUPP; 2289 goto out; 2290 } 2291 2292 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 2293 timeo = sock_rcvtimeo(sk, noblock); 2294 2295 memset(&scm, 0, sizeof(scm)); 2296 2297 /* Lock the socket to prevent queue disordering 2298 * while sleeps in memcpy_tomsg 2299 */ 2300 mutex_lock(&u->readlock); 2301 2302 if (flags & MSG_PEEK) 2303 skip = sk_peek_offset(sk, flags); 2304 else 2305 skip = 0; 2306 2307 do { 2308 int chunk; 2309 bool drop_skb; 2310 struct sk_buff *skb, *last; 2311 2312 redo: 2313 unix_state_lock(sk); 2314 if (sock_flag(sk, SOCK_DEAD)) { 2315 err = -ECONNRESET; 2316 goto unlock; 2317 } 2318 last = skb = skb_peek(&sk->sk_receive_queue); 2319 last_len = last ? last->len : 0; 2320 again: 2321 if (skb == NULL) { 2322 unix_sk(sk)->recursion_level = 0; 2323 if (copied >= target) 2324 goto unlock; 2325 2326 /* 2327 * POSIX 1003.1g mandates this order. 2328 */ 2329 2330 err = sock_error(sk); 2331 if (err) 2332 goto unlock; 2333 if (sk->sk_shutdown & RCV_SHUTDOWN) 2334 goto unlock; 2335 2336 unix_state_unlock(sk); 2337 if (!timeo) { 2338 err = -EAGAIN; 2339 break; 2340 } 2341 2342 mutex_unlock(&u->readlock); 2343 2344 timeo = unix_stream_data_wait(sk, timeo, last, 2345 last_len); 2346 2347 if (signal_pending(current)) { 2348 err = sock_intr_errno(timeo); 2349 scm_destroy(&scm); 2350 goto out; 2351 } 2352 2353 mutex_lock(&u->readlock); 2354 goto redo; 2355 unlock: 2356 unix_state_unlock(sk); 2357 break; 2358 } 2359 2360 while (skip >= unix_skb_len(skb)) { 2361 skip -= unix_skb_len(skb); 2362 last = skb; 2363 last_len = skb->len; 2364 skb = skb_peek_next(skb, &sk->sk_receive_queue); 2365 if (!skb) 2366 goto again; 2367 } 2368 2369 unix_state_unlock(sk); 2370 2371 if (check_creds) { 2372 /* Never glue messages from different writers */ 2373 if (!unix_skb_scm_eq(skb, &scm)) 2374 break; 2375 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { 2376 /* Copy credentials */ 2377 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); 2378 unix_set_secdata(&scm, skb); 2379 check_creds = true; 2380 } 2381 2382 /* Copy address just once */ 2383 if (state->msg && state->msg->msg_name) { 2384 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, 2385 state->msg->msg_name); 2386 unix_copy_addr(state->msg, skb->sk); 2387 sunaddr = NULL; 2388 } 2389 2390 chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); 2391 skb_get(skb); 2392 chunk = state->recv_actor(skb, skip, chunk, state); 2393 drop_skb = !unix_skb_len(skb); 2394 /* skb is only safe to use if !drop_skb */ 2395 consume_skb(skb); 2396 if (chunk < 0) { 2397 if (copied == 0) 2398 copied = -EFAULT; 2399 break; 2400 } 2401 copied += chunk; 2402 size -= chunk; 2403 2404 if (drop_skb) { 2405 /* the skb was touched by a concurrent reader; 2406 * we should not expect anything from this skb 2407 * anymore and assume it invalid - we can be 2408 * sure it was dropped from the socket queue 2409 * 2410 * let's report a short read 2411 */ 2412 err = 0; 2413 break; 2414 } 2415 2416 /* Mark read part of skb as used */ 2417 if (!(flags & MSG_PEEK)) { 2418 UNIXCB(skb).consumed += chunk; 2419 2420 sk_peek_offset_bwd(sk, chunk); 2421 2422 if (UNIXCB(skb).fp) 2423 unix_detach_fds(&scm, skb); 2424 2425 if (unix_skb_len(skb)) 2426 break; 2427 2428 skb_unlink(skb, &sk->sk_receive_queue); 2429 consume_skb(skb); 2430 2431 if (scm.fp) 2432 break; 2433 } else { 2434 /* It is questionable, see note in unix_dgram_recvmsg. 2435 */ 2436 if (UNIXCB(skb).fp) 2437 scm.fp = scm_fp_dup(UNIXCB(skb).fp); 2438 2439 sk_peek_offset_fwd(sk, chunk); 2440 2441 if (UNIXCB(skb).fp) 2442 break; 2443 2444 skip = 0; 2445 last = skb; 2446 last_len = skb->len; 2447 unix_state_lock(sk); 2448 skb = skb_peek_next(skb, &sk->sk_receive_queue); 2449 if (skb) 2450 goto again; 2451 unix_state_unlock(sk); 2452 break; 2453 } 2454 } while (size); 2455 2456 mutex_unlock(&u->readlock); 2457 if (state->msg) 2458 scm_recv(sock, state->msg, &scm, flags); 2459 else 2460 scm_destroy(&scm); 2461 out: 2462 return copied ? : err; 2463 } 2464 2465 static int unix_stream_read_actor(struct sk_buff *skb, 2466 int skip, int chunk, 2467 struct unix_stream_read_state *state) 2468 { 2469 int ret; 2470 2471 ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip, 2472 state->msg, chunk); 2473 return ret ?: chunk; 2474 } 2475 2476 static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg, 2477 size_t size, int flags) 2478 { 2479 struct unix_stream_read_state state = { 2480 .recv_actor = unix_stream_read_actor, 2481 .socket = sock, 2482 .msg = msg, 2483 .size = size, 2484 .flags = flags 2485 }; 2486 2487 return unix_stream_read_generic(&state); 2488 } 2489 2490 static ssize_t skb_unix_socket_splice(struct sock *sk, 2491 struct pipe_inode_info *pipe, 2492 struct splice_pipe_desc *spd) 2493 { 2494 int ret; 2495 struct unix_sock *u = unix_sk(sk); 2496 2497 mutex_unlock(&u->readlock); 2498 ret = splice_to_pipe(pipe, spd); 2499 mutex_lock(&u->readlock); 2500 2501 return ret; 2502 } 2503 2504 static int unix_stream_splice_actor(struct sk_buff *skb, 2505 int skip, int chunk, 2506 struct unix_stream_read_state *state) 2507 { 2508 return skb_splice_bits(skb, state->socket->sk, 2509 UNIXCB(skb).consumed + skip, 2510 state->pipe, chunk, state->splice_flags, 2511 skb_unix_socket_splice); 2512 } 2513 2514 static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos, 2515 struct pipe_inode_info *pipe, 2516 size_t size, unsigned int flags) 2517 { 2518 struct unix_stream_read_state state = { 2519 .recv_actor = unix_stream_splice_actor, 2520 .socket = sock, 2521 .pipe = pipe, 2522 .size = size, 2523 .splice_flags = flags, 2524 }; 2525 2526 if (unlikely(*ppos)) 2527 return -ESPIPE; 2528 2529 if (sock->file->f_flags & O_NONBLOCK || 2530 flags & SPLICE_F_NONBLOCK) 2531 state.flags = MSG_DONTWAIT; 2532 2533 return unix_stream_read_generic(&state); 2534 } 2535 2536 static int unix_shutdown(struct socket *sock, int mode) 2537 { 2538 struct sock *sk = sock->sk; 2539 struct sock *other; 2540 2541 if (mode < SHUT_RD || mode > SHUT_RDWR) 2542 return -EINVAL; 2543 /* This maps: 2544 * SHUT_RD (0) -> RCV_SHUTDOWN (1) 2545 * SHUT_WR (1) -> SEND_SHUTDOWN (2) 2546 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3) 2547 */ 2548 ++mode; 2549 2550 unix_state_lock(sk); 2551 sk->sk_shutdown |= mode; 2552 other = unix_peer(sk); 2553 if (other) 2554 sock_hold(other); 2555 unix_state_unlock(sk); 2556 sk->sk_state_change(sk); 2557 2558 if (other && 2559 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) { 2560 2561 int peer_mode = 0; 2562 2563 if (mode&RCV_SHUTDOWN) 2564 peer_mode |= SEND_SHUTDOWN; 2565 if (mode&SEND_SHUTDOWN) 2566 peer_mode |= RCV_SHUTDOWN; 2567 unix_state_lock(other); 2568 other->sk_shutdown |= peer_mode; 2569 unix_state_unlock(other); 2570 other->sk_state_change(other); 2571 if (peer_mode == SHUTDOWN_MASK) 2572 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP); 2573 else if (peer_mode & RCV_SHUTDOWN) 2574 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN); 2575 } 2576 if (other) 2577 sock_put(other); 2578 2579 return 0; 2580 } 2581 2582 long unix_inq_len(struct sock *sk) 2583 { 2584 struct sk_buff *skb; 2585 long amount = 0; 2586 2587 if (sk->sk_state == TCP_LISTEN) 2588 return -EINVAL; 2589 2590 spin_lock(&sk->sk_receive_queue.lock); 2591 if (sk->sk_type == SOCK_STREAM || 2592 sk->sk_type == SOCK_SEQPACKET) { 2593 skb_queue_walk(&sk->sk_receive_queue, skb) 2594 amount += unix_skb_len(skb); 2595 } else { 2596 skb = skb_peek(&sk->sk_receive_queue); 2597 if (skb) 2598 amount = skb->len; 2599 } 2600 spin_unlock(&sk->sk_receive_queue.lock); 2601 2602 return amount; 2603 } 2604 EXPORT_SYMBOL_GPL(unix_inq_len); 2605 2606 long unix_outq_len(struct sock *sk) 2607 { 2608 return sk_wmem_alloc_get(sk); 2609 } 2610 EXPORT_SYMBOL_GPL(unix_outq_len); 2611 2612 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 2613 { 2614 struct sock *sk = sock->sk; 2615 long amount = 0; 2616 int err; 2617 2618 switch (cmd) { 2619 case SIOCOUTQ: 2620 amount = unix_outq_len(sk); 2621 err = put_user(amount, (int __user *)arg); 2622 break; 2623 case SIOCINQ: 2624 amount = unix_inq_len(sk); 2625 if (amount < 0) 2626 err = amount; 2627 else 2628 err = put_user(amount, (int __user *)arg); 2629 break; 2630 default: 2631 err = -ENOIOCTLCMD; 2632 break; 2633 } 2634 return err; 2635 } 2636 2637 static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait) 2638 { 2639 struct sock *sk = sock->sk; 2640 unsigned int mask; 2641 2642 sock_poll_wait(file, sk_sleep(sk), wait); 2643 mask = 0; 2644 2645 /* exceptional events? */ 2646 if (sk->sk_err) 2647 mask |= POLLERR; 2648 if (sk->sk_shutdown == SHUTDOWN_MASK) 2649 mask |= POLLHUP; 2650 if (sk->sk_shutdown & RCV_SHUTDOWN) 2651 mask |= POLLRDHUP | POLLIN | POLLRDNORM; 2652 2653 /* readable? */ 2654 if (!skb_queue_empty(&sk->sk_receive_queue)) 2655 mask |= POLLIN | POLLRDNORM; 2656 2657 /* Connection-based need to check for termination and startup */ 2658 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) && 2659 sk->sk_state == TCP_CLOSE) 2660 mask |= POLLHUP; 2661 2662 /* 2663 * we set writable also when the other side has shut down the 2664 * connection. This prevents stuck sockets. 2665 */ 2666 if (unix_writable(sk)) 2667 mask |= POLLOUT | POLLWRNORM | POLLWRBAND; 2668 2669 return mask; 2670 } 2671 2672 static unsigned int unix_dgram_poll(struct file *file, struct socket *sock, 2673 poll_table *wait) 2674 { 2675 struct sock *sk = sock->sk, *other; 2676 unsigned int mask, writable; 2677 2678 sock_poll_wait(file, sk_sleep(sk), wait); 2679 mask = 0; 2680 2681 /* exceptional events? */ 2682 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue)) 2683 mask |= POLLERR | 2684 (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? POLLPRI : 0); 2685 2686 if (sk->sk_shutdown & RCV_SHUTDOWN) 2687 mask |= POLLRDHUP | POLLIN | POLLRDNORM; 2688 if (sk->sk_shutdown == SHUTDOWN_MASK) 2689 mask |= POLLHUP; 2690 2691 /* readable? */ 2692 if (!skb_queue_empty(&sk->sk_receive_queue)) 2693 mask |= POLLIN | POLLRDNORM; 2694 2695 /* Connection-based need to check for termination and startup */ 2696 if (sk->sk_type == SOCK_SEQPACKET) { 2697 if (sk->sk_state == TCP_CLOSE) 2698 mask |= POLLHUP; 2699 /* connection hasn't started yet? */ 2700 if (sk->sk_state == TCP_SYN_SENT) 2701 return mask; 2702 } 2703 2704 /* No write status requested, avoid expensive OUT tests. */ 2705 if (!(poll_requested_events(wait) & (POLLWRBAND|POLLWRNORM|POLLOUT))) 2706 return mask; 2707 2708 writable = unix_writable(sk); 2709 if (writable) { 2710 unix_state_lock(sk); 2711 2712 other = unix_peer(sk); 2713 if (other && unix_peer(other) != sk && 2714 unix_recvq_full(other) && 2715 unix_dgram_peer_wake_me(sk, other)) 2716 writable = 0; 2717 2718 unix_state_unlock(sk); 2719 } 2720 2721 if (writable) 2722 mask |= POLLOUT | POLLWRNORM | POLLWRBAND; 2723 else 2724 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk); 2725 2726 return mask; 2727 } 2728 2729 #ifdef CONFIG_PROC_FS 2730 2731 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1) 2732 2733 #define get_bucket(x) ((x) >> BUCKET_SPACE) 2734 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1)) 2735 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o)) 2736 2737 static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos) 2738 { 2739 unsigned long offset = get_offset(*pos); 2740 unsigned long bucket = get_bucket(*pos); 2741 struct sock *sk; 2742 unsigned long count = 0; 2743 2744 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) { 2745 if (sock_net(sk) != seq_file_net(seq)) 2746 continue; 2747 if (++count == offset) 2748 break; 2749 } 2750 2751 return sk; 2752 } 2753 2754 static struct sock *unix_next_socket(struct seq_file *seq, 2755 struct sock *sk, 2756 loff_t *pos) 2757 { 2758 unsigned long bucket; 2759 2760 while (sk > (struct sock *)SEQ_START_TOKEN) { 2761 sk = sk_next(sk); 2762 if (!sk) 2763 goto next_bucket; 2764 if (sock_net(sk) == seq_file_net(seq)) 2765 return sk; 2766 } 2767 2768 do { 2769 sk = unix_from_bucket(seq, pos); 2770 if (sk) 2771 return sk; 2772 2773 next_bucket: 2774 bucket = get_bucket(*pos) + 1; 2775 *pos = set_bucket_offset(bucket, 1); 2776 } while (bucket < ARRAY_SIZE(unix_socket_table)); 2777 2778 return NULL; 2779 } 2780 2781 static void *unix_seq_start(struct seq_file *seq, loff_t *pos) 2782 __acquires(unix_table_lock) 2783 { 2784 spin_lock(&unix_table_lock); 2785 2786 if (!*pos) 2787 return SEQ_START_TOKEN; 2788 2789 if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table)) 2790 return NULL; 2791 2792 return unix_next_socket(seq, NULL, pos); 2793 } 2794 2795 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2796 { 2797 ++*pos; 2798 return unix_next_socket(seq, v, pos); 2799 } 2800 2801 static void unix_seq_stop(struct seq_file *seq, void *v) 2802 __releases(unix_table_lock) 2803 { 2804 spin_unlock(&unix_table_lock); 2805 } 2806 2807 static int unix_seq_show(struct seq_file *seq, void *v) 2808 { 2809 2810 if (v == SEQ_START_TOKEN) 2811 seq_puts(seq, "Num RefCount Protocol Flags Type St " 2812 "Inode Path\n"); 2813 else { 2814 struct sock *s = v; 2815 struct unix_sock *u = unix_sk(s); 2816 unix_state_lock(s); 2817 2818 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", 2819 s, 2820 atomic_read(&s->sk_refcnt), 2821 0, 2822 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0, 2823 s->sk_type, 2824 s->sk_socket ? 2825 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) : 2826 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING), 2827 sock_i_ino(s)); 2828 2829 if (u->addr) { 2830 int i, len; 2831 seq_putc(seq, ' '); 2832 2833 i = 0; 2834 len = u->addr->len - sizeof(short); 2835 if (!UNIX_ABSTRACT(s)) 2836 len--; 2837 else { 2838 seq_putc(seq, '@'); 2839 i++; 2840 } 2841 for ( ; i < len; i++) 2842 seq_putc(seq, u->addr->name->sun_path[i]); 2843 } 2844 unix_state_unlock(s); 2845 seq_putc(seq, '\n'); 2846 } 2847 2848 return 0; 2849 } 2850 2851 static const struct seq_operations unix_seq_ops = { 2852 .start = unix_seq_start, 2853 .next = unix_seq_next, 2854 .stop = unix_seq_stop, 2855 .show = unix_seq_show, 2856 }; 2857 2858 static int unix_seq_open(struct inode *inode, struct file *file) 2859 { 2860 return seq_open_net(inode, file, &unix_seq_ops, 2861 sizeof(struct seq_net_private)); 2862 } 2863 2864 static const struct file_operations unix_seq_fops = { 2865 .owner = THIS_MODULE, 2866 .open = unix_seq_open, 2867 .read = seq_read, 2868 .llseek = seq_lseek, 2869 .release = seq_release_net, 2870 }; 2871 2872 #endif 2873 2874 static const struct net_proto_family unix_family_ops = { 2875 .family = PF_UNIX, 2876 .create = unix_create, 2877 .owner = THIS_MODULE, 2878 }; 2879 2880 2881 static int __net_init unix_net_init(struct net *net) 2882 { 2883 int error = -ENOMEM; 2884 2885 net->unx.sysctl_max_dgram_qlen = 10; 2886 if (unix_sysctl_register(net)) 2887 goto out; 2888 2889 #ifdef CONFIG_PROC_FS 2890 if (!proc_create("unix", 0, net->proc_net, &unix_seq_fops)) { 2891 unix_sysctl_unregister(net); 2892 goto out; 2893 } 2894 #endif 2895 error = 0; 2896 out: 2897 return error; 2898 } 2899 2900 static void __net_exit unix_net_exit(struct net *net) 2901 { 2902 unix_sysctl_unregister(net); 2903 remove_proc_entry("unix", net->proc_net); 2904 } 2905 2906 static struct pernet_operations unix_net_ops = { 2907 .init = unix_net_init, 2908 .exit = unix_net_exit, 2909 }; 2910 2911 static int __init af_unix_init(void) 2912 { 2913 int rc = -1; 2914 2915 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > FIELD_SIZEOF(struct sk_buff, cb)); 2916 2917 rc = proto_register(&unix_proto, 1); 2918 if (rc != 0) { 2919 pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__); 2920 goto out; 2921 } 2922 2923 sock_register(&unix_family_ops); 2924 register_pernet_subsys(&unix_net_ops); 2925 out: 2926 return rc; 2927 } 2928 2929 static void __exit af_unix_exit(void) 2930 { 2931 sock_unregister(PF_UNIX); 2932 proto_unregister(&unix_proto); 2933 unregister_pernet_subsys(&unix_net_ops); 2934 } 2935 2936 /* Earlier than device_initcall() so that other drivers invoking 2937 request_module() don't end up in a loop when modprobe tries 2938 to use a UNIX socket. But later than subsys_initcall() because 2939 we depend on stuff initialised there */ 2940 fs_initcall(af_unix_init); 2941 module_exit(af_unix_exit); 2942 2943 MODULE_LICENSE("GPL"); 2944 MODULE_ALIAS_NETPROTO(PF_UNIX); 2945