LCOV - code coverage report
Current view: top level - net/unix - af_unix.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 106 1238 8.6 %
Date: 2017-01-25 Functions: 12 62 19.4 %

          Line data    Source code
       1             : /*
       2             :  * NET4:        Implementation of BSD Unix domain sockets.
       3             :  *
       4             :  * Authors:     Alan Cox, <alan@lxorguk.ukuu.org.uk>
       5             :  *
       6             :  *              This program is free software; you can redistribute it and/or
       7             :  *              modify it under the terms of the GNU General Public License
       8             :  *              as published by the Free Software Foundation; either version
       9             :  *              2 of the License, or (at your option) any later version.
      10             :  *
      11             :  * Fixes:
      12             :  *              Linus Torvalds  :       Assorted bug cures.
      13             :  *              Niibe Yutaka    :       async I/O support.
      14             :  *              Carsten Paeth   :       PF_UNIX check, address fixes.
      15             :  *              Alan Cox        :       Limit size of allocated blocks.
      16             :  *              Alan Cox        :       Fixed the stupid socketpair bug.
      17             :  *              Alan Cox        :       BSD compatibility fine tuning.
      18             :  *              Alan Cox        :       Fixed a bug in connect when interrupted.
      19             :  *              Alan Cox        :       Sorted out a proper draft version of
      20             :  *                                      file descriptor passing hacked up from
      21             :  *                                      Mike Shaver's work.
      22             :  *              Marty Leisner   :       Fixes to fd passing
      23             :  *              Nick Nevin      :       recvmsg bugfix.
      24             :  *              Alan Cox        :       Started proper garbage collector
      25             :  *              Heiko EiBfeldt  :       Missing verify_area check
      26             :  *              Alan Cox        :       Started POSIXisms
      27             :  *              Andreas Schwab  :       Replace inode by dentry for proper
      28             :  *                                      reference counting
      29             :  *              Kirk Petersen   :       Made this a module
      30             :  *          Christoph Rohland   :       Elegant non-blocking accept/connect algorithm.
      31             :  *                                      Lots of bug fixes.
      32             :  *           Alexey Kuznetosv   :       Repaired (I hope) bugs introduces
      33             :  *                                      by above two patches.
      34             :  *           Andrea Arcangeli   :       If possible we block in connect(2)
      35             :  *                                      if the max backlog of the listen socket
      36             :  *                                      is been reached. This won't break
      37             :  *                                      old apps and it will avoid huge amount
      38             :  *                                      of socks hashed (this for unix_gc()
      39             :  *                                      performances reasons).
      40             :  *                                      Security fix that limits the max
      41             :  *                                      number of socks to 2*max_files and
      42             :  *                                      the number of skb queueable in the
      43             :  *                                      dgram receiver.
      44             :  *              Artur Skawina   :       Hash function optimizations
      45             :  *           Alexey Kuznetsov   :       Full scale SMP. Lot of bugs are introduced 8)
      46             :  *            Malcolm Beattie   :       Set peercred for socketpair
      47             :  *           Michal Ostrowski   :       Module initialization cleanup.
      48             :  *           Arnaldo C. Melo    :       Remove MOD_{INC,DEC}_USE_COUNT,
      49             :  *                                      the core infrastructure is doing that
      50             :  *                                      for all net proto families now (2.5.69+)
      51             :  *
      52             :  *
      53             :  * Known differences from reference BSD that was tested:
      54             :  *
      55             :  *      [TO FIX]
      56             :  *      ECONNREFUSED is not returned from one end of a connected() socket to the
      57             :  *              other the moment one end closes.
      58             :  *      fstat() doesn't return st_dev=0, and give the blksize as high water mark
      59             :  *              and a fake inode identifier (nor the BSD first socket fstat twice bug).
      60             :  *      [NOT TO FIX]
      61             :  *      accept() returns a path name even if the connecting socket has closed
      62             :  *              in the meantime (BSD loses the path and gives up).
      63             :  *      accept() returns 0 length path for an unbound connector. BSD returns 16
      64             :  *              and a null first byte in the path (but not for gethost/peername - BSD bug ??)
      65             :  *      socketpair(...SOCK_RAW..) doesn't panic the kernel.
      66             :  *      BSD af_unix apparently has connect forgetting to block properly.
      67             :  *              (need to check this with the POSIX spec in detail)
      68             :  *
      69             :  * Differences from 2.0.0-11-... (ANK)
      70             :  *      Bug fixes and improvements.
      71             :  *              - client shutdown killed server socket.
      72             :  *              - removed all useless cli/sti pairs.
      73             :  *
      74             :  *      Semantic changes/extensions.
      75             :  *              - generic control message passing.
      76             :  *              - SCM_CREDENTIALS control message.
      77             :  *              - "Abstract" (not FS based) socket bindings.
      78             :  *                Abstract names are sequences of bytes (not zero terminated)
      79             :  *                started by 0, so that this name space does not intersect
      80             :  *                with BSD names.
      81             :  */
      82             : 
      83             : #include <linux/module.h>
      84             : #include <linux/kernel.h>
      85             : #include <linux/signal.h>
      86             : #include <linux/sched.h>
      87             : #include <linux/errno.h>
      88             : #include <linux/string.h>
      89             : #include <linux/stat.h>
      90             : #include <linux/dcache.h>
      91             : #include <linux/namei.h>
      92             : #include <linux/socket.h>
      93             : #include <linux/un.h>
      94             : #include <linux/fcntl.h>
      95             : #include <linux/termios.h>
      96             : #include <linux/sockios.h>
      97             : #include <linux/net.h>
      98             : #include <linux/in.h>
      99             : #include <linux/fs.h>
     100             : #include <linux/slab.h>
     101             : #include <asm/uaccess.h>
     102             : #include <linux/skbuff.h>
     103             : #include <linux/netdevice.h>
     104             : #include <net/net_namespace.h>
     105             : #include <net/sock.h>
     106             : #include <net/tcp_states.h>
     107             : #include <net/af_unix.h>
     108             : #include <linux/proc_fs.h>
     109             : #include <linux/seq_file.h>
     110             : #include <net/scm.h>
     111             : #include <linux/init.h>
     112             : #include <linux/poll.h>
     113             : #include <linux/rtnetlink.h>
     114             : #include <linux/mount.h>
     115             : #include <net/checksum.h>
     116             : #include <linux/security.h>
     117             : 
     118           1 : static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
     119           1 : static DEFINE_SPINLOCK(unix_table_lock);
     120           1 : static atomic_t unix_nr_socks = ATOMIC_INIT(0);
     121             : 
     122             : #define unix_sockets_unbound    (&unix_socket_table[UNIX_HASH_SIZE])
     123             : 
     124             : #define UNIX_ABSTRACT(sk)       (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
     125             : 
     126             : #ifdef CONFIG_SECURITY_NETWORK
     127             : static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
     128             : {
     129             :         memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
     130             : }
     131             : 
     132             : static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
     133             : {
     134             :         scm->secid = *UNIXSID(skb);
     135             : }
     136             : #else
     137             : static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
     138             : { }
     139           0 : 
     140             : static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
     141             : { }
     142             : #endif /* CONFIG_SECURITY_NETWORK */
     143             : 
     144             : /*
     145             :  *  SMP locking strategy:
     146             :  *    hash table is protected with spinlock unix_table_lock
     147             :  *    each socket state is protected by separate rwlock.
     148             :  */
     149             : 
     150             : static inline unsigned unix_hash_fold(__wsum n)
     151             : {
     152           0 :         unsigned hash = (__force unsigned)n;
     153           0 :         hash ^= hash>>16;
     154           0 :         hash ^= hash>>8;
     155           0 :         return hash&(UNIX_HASH_SIZE-1);
     156             : }
     157             : 
     158             : #define unix_peer(sk) (unix_sk(sk)->peer)
     159             : 
     160             : static inline int unix_our_peer(struct sock *sk, struct sock *osk)
     161             : {
     162           0 :         return unix_peer(osk) == sk;
     163             : }
     164             : 
     165             : static inline int unix_may_send(struct sock *sk, struct sock *osk)
     166             : {
     167           0 :         return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
     168           0 : }
     169             : 
     170             : static inline int unix_recvq_full(struct sock const *sk)
     171             : {
     172           0 :         return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
     173             : }
     174             : 
     175             : static struct sock *unix_peer_get(struct sock *s)
     176             : {
     177           0 :         struct sock *peer;
     178             : 
     179           0 :         unix_state_lock(s);
     180           0 :         peer = unix_peer(s);
     181           0 :         if (peer)
     182           0 :                 sock_hold(peer);
     183           0 :         unix_state_unlock(s);
     184           0 :         return peer;
     185             : }
     186             : 
     187             : static inline void unix_release_addr(struct unix_address *addr)
     188             : {
     189           0 :         if (atomic_dec_and_test(&addr->refcnt))
     190           0 :                 kfree(addr);
     191           0 : }
     192             : 
     193             : /*
     194             :  *      Check unix socket name:
     195             :  *              - should be not zero length.
     196             :  *              - if started by not zero, should be NULL terminated (FS object)
     197             :  *              - if started by zero, it is abstract name.
     198             :  */
     199             : 
     200             : static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
     201             : {
     202           0 :         if (len <= sizeof(short) || len > sizeof(*sunaddr))
     203           0 :                 return -EINVAL;
     204           0 :         if (!sunaddr || sunaddr->sun_family != AF_UNIX)
     205           0 :                 return -EINVAL;
     206           0 :         if (sunaddr->sun_path[0]) {
     207             :                 /*
     208             :                  * This may look like an off by one error but it is a bit more
     209             :                  * subtle. 108 is the longest valid AF_UNIX path for a binding.
     210             :                  * sun_path[108] doesnt as such exist.  However in kernel space
     211             :                  * we are guaranteed that it is a valid memory location in our
     212             :                  * kernel address buffer.
     213             :                  */
     214           0 :                 ((char *)sunaddr)[len] = 0;
     215           0 :                 len = strlen(sunaddr->sun_path)+1+sizeof(short);
     216           0 :                 return len;
     217             :         }
     218             : 
     219           0 :         *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
     220           0 :         return len;
     221             : }
     222             : 
     223             : static void __unix_remove_socket(struct sock *sk)
     224             : {
     225           0 :         sk_del_node_init(sk);
     226           0 : }
     227             : 
     228             : static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
     229             : {
     230           0 :         WARN_ON(!sk_unhashed(sk));
     231           0 :         sk_add_node(sk, list);
     232           0 : }
     233             : 
     234             : static inline void unix_remove_socket(struct sock *sk)
     235             : {
     236           0 :         spin_lock(&unix_table_lock);
     237           0 :         __unix_remove_socket(sk);
     238           0 :         spin_unlock(&unix_table_lock);
     239           0 : }
     240             : 
     241             : static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
     242             : {
     243           0 :         spin_lock(&unix_table_lock);
     244           0 :         __unix_insert_socket(list, sk);
     245           0 :         spin_unlock(&unix_table_lock);
     246           0 : }
     247             : 
     248             : static struct sock *__unix_find_socket_byname(struct net *net,
     249             :                                               struct sockaddr_un *sunname,
     250             :                                               int len, int type, unsigned hash)
     251           0 : {
     252           0 :         struct sock *s;
     253           0 :         struct hlist_node *node;
     254           0 : 
     255           0 :         sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
     256           0 :                 struct unix_sock *u = unix_sk(s);
     257           0 : 
     258           0 :                 if (!net_eq(sock_net(s), net))
     259           0 :                         continue;
     260             : 
     261           0 :                 if (u->addr->len == len &&
     262             :                     !memcmp(u->addr->name, sunname, len))
     263           0 :                         goto found;
     264             :         }
     265           0 :         s = NULL;
     266           0 : found:
     267           0 :         return s;
     268             : }
     269             : 
     270           0 : static inline struct sock *unix_find_socket_byname(struct net *net,
     271             :                                                    struct sockaddr_un *sunname,
     272             :                                                    int len, int type,
     273           0 :                                                    unsigned hash)
     274             : {
     275             :         struct sock *s;
     276             : 
     277           0 :         spin_lock(&unix_table_lock);
     278           0 :         s = __unix_find_socket_byname(net, sunname, len, type, hash);
     279           0 :         if (s)
     280           0 :                 sock_hold(s);
     281           0 :         spin_unlock(&unix_table_lock);
     282           0 :         return s;
     283             : }
     284             : 
     285             : static struct sock *unix_find_socket_byinode(struct net *net, struct inode *i)
     286             : {
     287           0 :         struct sock *s;
     288           0 :         struct hlist_node *node;
     289           0 : 
     290           0 :         spin_lock(&unix_table_lock);
     291           0 :         sk_for_each(s, node,
     292           0 :                     &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
     293           0 :                 struct dentry *dentry = unix_sk(s)->dentry;
     294             : 
     295           0 :                 if (!net_eq(sock_net(s), net))
     296           0 :                         continue;
     297             : 
     298           0 :                 if (dentry && dentry->d_inode == i) {
     299           0 :                         sock_hold(s);
     300           0 :                         goto found;
     301             :                 }
     302             :         }
     303           0 :         s = NULL;
     304           0 : found:
     305           0 :         spin_unlock(&unix_table_lock);
     306           0 :         return s;
     307             : }
     308             : 
     309             : static inline int unix_writable(struct sock *sk)
     310             : {
     311           0 :         return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
     312             : }
     313             : 
     314             : static void unix_write_space(struct sock *sk)
     315             : {
     316           0 :         read_lock(&sk->sk_callback_lock);
     317           0 :         if (unix_writable(sk)) {
     318           0 :                 if (sk_has_sleeper(sk))
     319           0 :                         wake_up_interruptible_sync(sk->sk_sleep);
     320           0 :                 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
     321             :         }
     322           0 :         read_unlock(&sk->sk_callback_lock);
     323           0 : }
     324             : 
     325             : /* When dgram socket disconnects (or changes its peer), we clear its receive
     326             :  * queue of packets arrived from previous peer. First, it allows to do
     327             :  * flow control based only on wmem_alloc; second, sk connected to peer
     328             :  * may receive messages only from that peer. */
     329             : static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
     330             : {
     331           0 :         if (!skb_queue_empty(&sk->sk_receive_queue)) {
     332           0 :                 skb_queue_purge(&sk->sk_receive_queue);
     333           0 :                 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
     334             : 
     335             :                 /* If one link of bidirectional dgram pipe is disconnected,
     336             :                  * we signal error. Messages are lost. Do not make this,
     337             :                  * when peer was not connected to us.
     338             :                  */
     339           0 :                 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
     340           0 :                         other->sk_err = ECONNRESET;
     341           0 :                         other->sk_error_report(other);
     342             :                 }
     343             :         }
     344           0 : }
     345             : 
     346             : static void unix_sock_destructor(struct sock *sk)
     347             : {
     348           0 :         struct unix_sock *u = unix_sk(sk);
     349           0 : 
     350           0 :         skb_queue_purge(&sk->sk_receive_queue);
     351           0 : 
     352           0 :         WARN_ON(atomic_read(&sk->sk_wmem_alloc));
     353           0 :         WARN_ON(!sk_unhashed(sk));
     354           0 :         WARN_ON(sk->sk_socket);
     355           0 :         if (!sock_flag(sk, SOCK_DEAD)) {
     356           0 :                 printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
     357           0 :                 return;
     358           0 :         }
     359             : 
     360           0 :         if (u->addr)
     361           0 :                 unix_release_addr(u->addr);
     362             : 
     363           0 :         atomic_dec(&unix_nr_socks);
     364           0 :         local_bh_disable();
     365           0 :         sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
     366           0 :         local_bh_enable();
     367           0 : #ifdef UNIX_REFCNT_DEBUG
     368             :         printk(KERN_DEBUG "UNIX %p is destroyed, %d are still alive.\n", sk,
     369             :                 atomic_read(&unix_nr_socks));
     370             : #endif
     371             : }
     372             : 
     373             : static int unix_release_sock(struct sock *sk, int embrion)
     374             : {
     375           0 :         struct unix_sock *u = unix_sk(sk);
     376           0 :         struct dentry *dentry;
     377           0 :         struct vfsmount *mnt;
     378           0 :         struct sock *skpair;
     379           0 :         struct sk_buff *skb;
     380           0 :         int state;
     381           0 : 
     382           0 :         unix_remove_socket(sk);
     383             : 
     384             :         /* Clear state */
     385           0 :         unix_state_lock(sk);
     386           0 :         sock_orphan(sk);
     387           0 :         sk->sk_shutdown = SHUTDOWN_MASK;
     388           0 :         dentry       = u->dentry;
     389           0 :         u->dentry    = NULL;
     390           0 :         mnt          = u->mnt;
     391           0 :         u->mnt            = NULL;
     392           0 :         state = sk->sk_state;
     393           0 :         sk->sk_state = TCP_CLOSE;
     394           0 :         unix_state_unlock(sk);
     395             : 
     396           0 :         wake_up_interruptible_all(&u->peer_wait);
     397             : 
     398           0 :         skpair = unix_peer(sk);
     399             : 
     400           0 :         if (skpair != NULL) {
     401           0 :                 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
     402           0 :                         unix_state_lock(skpair);
     403             :                         /* No more writes */
     404           0 :                         skpair->sk_shutdown = SHUTDOWN_MASK;
     405           0 :                         if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
     406           0 :                                 skpair->sk_err = ECONNRESET;
     407           0 :                         unix_state_unlock(skpair);
     408           0 :                         skpair->sk_state_change(skpair);
     409           0 :                         read_lock(&skpair->sk_callback_lock);
     410           0 :                         sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
     411           0 :                         read_unlock(&skpair->sk_callback_lock);
     412             :                 }
     413           0 :                 sock_put(skpair); /* It may now die */
     414           0 :                 unix_peer(sk) = NULL;
     415             :         }
     416             : 
     417             :         /* Try to flush out this socket. Throw out buffers at least */
     418             : 
     419           0 :         while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
     420           0 :                 if (state == TCP_LISTEN)
     421           0 :                         unix_release_sock(skb->sk, 1);
     422             :                 /* passed fds are erased in the kfree_skb hook        */
     423           0 :                 kfree_skb(skb);
     424             :         }
     425           0 : 
     426           0 :         if (dentry) {
     427           0 :                 dput(dentry);
     428           0 :                 mntput(mnt);
     429             :         }
     430             : 
     431           0 :         sock_put(sk);
     432             : 
     433             :         /* ---- Socket is dead now and most probably destroyed ---- */
     434             : 
     435             :         /*
     436             :          * Fixme: BSD difference: In BSD all sockets connected to use get
     437             :          *        ECONNRESET and we die on the spot. In Linux we behave
     438             :          *        like files and pipes do and wait for the last
     439             :          *        dereference.
     440             :          *
     441             :          * Can't we simply set sock->err?
     442             :          *
     443             :          *        What the above comment does talk about? --ANK(980817)
     444             :          */
     445             : 
     446           0 :         if (unix_tot_inflight)
     447           0 :                 unix_gc();              /* Garbage collect fds */
     448             : 
     449           0 :         return 0;
     450             : }
     451             : 
     452             : static int unix_listen(struct socket *sock, int backlog)
     453             : {
     454           0 :         int err;
     455           0 :         struct sock *sk = sock->sk;
     456           0 :         struct unix_sock *u = unix_sk(sk);
     457           0 : 
     458           0 :         err = -EOPNOTSUPP;
     459           0 :         if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
     460           0 :                 goto out;       /* Only stream/seqpacket sockets accept */
     461           0 :         err = -EINVAL;
     462           0 :         if (!u->addr)
     463           0 :                 goto out;       /* No listens on an unbound socket */
     464           0 :         unix_state_lock(sk);
     465           0 :         if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
     466           0 :                 goto out_unlock;
     467           0 :         if (backlog > sk->sk_max_ack_backlog)
     468           0 :                 wake_up_interruptible_all(&u->peer_wait);
     469           0 :         sk->sk_max_ack_backlog       = backlog;
     470           0 :         sk->sk_state         = TCP_LISTEN;
     471             :         /* set credentials so connect can copy them */
     472           0 :         sk->sk_peercred.pid  = task_tgid_vnr(current);
     473           0 :         current_euid_egid(&sk->sk_peercred.uid, &sk->sk_peercred.gid);
     474           0 :         err = 0;
     475             : 
     476           0 : out_unlock:
     477           0 :         unix_state_unlock(sk);
     478             : out:
     479           0 :         return err;
     480             : }
     481             : 
     482             : static int unix_release(struct socket *);
     483             : static int unix_bind(struct socket *, struct sockaddr *, int);
     484             : static int unix_stream_connect(struct socket *, struct sockaddr *,
     485             :                                int addr_len, int flags);
     486             : static int unix_socketpair(struct socket *, struct socket *);
     487             : static int unix_accept(struct socket *, struct socket *, int);
     488             : static int unix_getname(struct socket *, struct sockaddr *, int *, int);
     489             : static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
     490             : static unsigned int unix_dgram_poll(struct file *, struct socket *,
     491             :                                     poll_table *);
     492             : static int unix_ioctl(struct socket *, unsigned int, unsigned long);
     493             : static int unix_shutdown(struct socket *, int);
     494             : static int unix_stream_sendmsg(struct kiocb *, struct socket *,
     495             :                                struct msghdr *, size_t);
     496             : static int unix_stream_recvmsg(struct kiocb *, struct socket *,
     497             :                                struct msghdr *, size_t, int);
     498             : static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
     499             :                               struct msghdr *, size_t);
     500             : static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
     501             :                               struct msghdr *, size_t, int);
     502             : static int unix_dgram_connect(struct socket *, struct sockaddr *,
     503             :                               int, int);
     504             : static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
     505             :                                   struct msghdr *, size_t);
     506             : static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
     507             :                                   struct msghdr *, size_t, int);
     508             : 
     509           1 : static const struct proto_ops unix_stream_ops = {
     510             :         .family =       PF_UNIX,
     511             :         .owner =        THIS_MODULE,
     512             :         .release =      unix_release,
     513             :         .bind =         unix_bind,
     514             :         .connect =      unix_stream_connect,
     515             :         .socketpair =   unix_socketpair,
     516             :         .accept =       unix_accept,
     517             :         .getname =      unix_getname,
     518             :         .poll =         unix_poll,
     519             :         .ioctl =        unix_ioctl,
     520             :         .listen =       unix_listen,
     521             :         .shutdown =     unix_shutdown,
     522             :         .setsockopt =   sock_no_setsockopt,
     523             :         .getsockopt =   sock_no_getsockopt,
     524             :         .sendmsg =      unix_stream_sendmsg,
     525             :         .recvmsg =      unix_stream_recvmsg,
     526             :         .mmap =         sock_no_mmap,
     527             :         .sendpage =     sock_no_sendpage,
     528             : };
     529             : 
     530           1 : static const struct proto_ops unix_dgram_ops = {
     531             :         .family =       PF_UNIX,
     532             :         .owner =        THIS_MODULE,
     533             :         .release =      unix_release,
     534             :         .bind =         unix_bind,
     535             :         .connect =      unix_dgram_connect,
     536             :         .socketpair =   unix_socketpair,
     537             :         .accept =       sock_no_accept,
     538             :         .getname =      unix_getname,
     539             :         .poll =         unix_dgram_poll,
     540             :         .ioctl =        unix_ioctl,
     541             :         .listen =       sock_no_listen,
     542             :         .shutdown =     unix_shutdown,
     543             :         .setsockopt =   sock_no_setsockopt,
     544             :         .getsockopt =   sock_no_getsockopt,
     545             :         .sendmsg =      unix_dgram_sendmsg,
     546             :         .recvmsg =      unix_dgram_recvmsg,
     547             :         .mmap =         sock_no_mmap,
     548             :         .sendpage =     sock_no_sendpage,
     549             : };
     550             : 
     551           1 : static const struct proto_ops unix_seqpacket_ops = {
     552             :         .family =       PF_UNIX,
     553             :         .owner =        THIS_MODULE,
     554             :         .release =      unix_release,
     555             :         .bind =         unix_bind,
     556             :         .connect =      unix_stream_connect,
     557             :         .socketpair =   unix_socketpair,
     558             :         .accept =       unix_accept,
     559             :         .getname =      unix_getname,
     560             :         .poll =         unix_dgram_poll,
     561             :         .ioctl =        unix_ioctl,
     562             :         .listen =       unix_listen,
     563             :         .shutdown =     unix_shutdown,
     564             :         .setsockopt =   sock_no_setsockopt,
     565             :         .getsockopt =   sock_no_getsockopt,
     566             :         .sendmsg =      unix_seqpacket_sendmsg,
     567             :         .recvmsg =      unix_seqpacket_recvmsg,
     568             :         .mmap =         sock_no_mmap,
     569             :         .sendpage =     sock_no_sendpage,
     570             : };
     571             : 
     572           1 : static struct proto unix_proto = {
     573             :         .name                   = "UNIX",
     574             :         .owner                  = THIS_MODULE,
     575             :         .obj_size               = sizeof(struct unix_sock),
     576             : };
     577             : 
     578             : /*
     579             :  * AF_UNIX sockets do not interact with hardware, hence they
     580             :  * dont trigger interrupts - so it's safe for them to have
     581             :  * bh-unsafe locking for their sk_receive_queue.lock. Split off
     582             :  * this special lock-class by reinitializing the spinlock key:
     583             :  */
     584             : static struct lock_class_key af_unix_sk_receive_queue_lock_key;
     585             : 
     586             : static struct sock *unix_create1(struct net *net, struct socket *sock)
     587             : {
     588           0 :         struct sock *sk = NULL;
     589           0 :         struct unix_sock *u;
     590           0 : 
     591           0 :         atomic_inc(&unix_nr_socks);
     592           0 :         if (atomic_read(&unix_nr_socks) > 2 * get_max_files())
     593           0 :                 goto out;
     594           0 : 
     595           0 :         sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
     596           0 :         if (!sk)
     597           0 :                 goto out;
     598             : 
     599           0 :         sock_init_data(sock, sk);
     600             :         lockdep_set_class(&sk->sk_receive_queue.lock,
     601             :                                 &af_unix_sk_receive_queue_lock_key);
     602             : 
     603           0 :         sk->sk_write_space   = unix_write_space;
     604           0 :         sk->sk_max_ack_backlog       = net->unx.sysctl_max_dgram_qlen;
     605           0 :         sk->sk_destruct              = unix_sock_destructor;
     606           0 :         u         = unix_sk(sk);
     607           0 :         u->dentry = NULL;
     608           0 :         u->mnt         = NULL;
     609           0 :         spin_lock_init(&u->lock);
     610           0 :         atomic_long_set(&u->inflight, 0);
     611           0 :         INIT_LIST_HEAD(&u->link);
     612           0 :         mutex_init(&u->readlock); /* single task reading lock */
     613           0 :         init_waitqueue_head(&u->peer_wait);
     614           0 :         unix_insert_socket(unix_sockets_unbound, sk);
     615             : out:
     616           0 :         if (sk == NULL)
     617           0 :                 atomic_dec(&unix_nr_socks);
     618             :         else {
     619           0 :                 local_bh_disable();
     620           0 :                 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
     621           0 :                 local_bh_enable();
     622             :         }
     623           0 :         return sk;
     624             : }
     625             : 
     626             : static int unix_create(struct net *net, struct socket *sock, int protocol,
     627             :                        int kern)
     628           0 : {
     629           0 :         if (protocol && protocol != PF_UNIX)
     630           0 :                 return -EPROTONOSUPPORT;
     631             : 
     632           0 :         sock->state = SS_UNCONNECTED;
     633             : 
     634             :         switch (sock->type) {
     635           0 :         case SOCK_STREAM:
     636           0 :                 sock->ops = &unix_stream_ops;
     637           0 :                 break;
     638           0 :                 /*
     639             :                  *      Believe it or not BSD has AF_UNIX, SOCK_RAW though
     640             :                  *      nothing uses it.
     641             :                  */
     642           0 :         case SOCK_RAW:
     643           0 :                 sock->type = SOCK_DGRAM;
     644           0 :         case SOCK_DGRAM:
     645           0 :                 sock->ops = &unix_dgram_ops;
     646           0 :                 break;
     647           0 :         case SOCK_SEQPACKET:
     648           0 :                 sock->ops = &unix_seqpacket_ops;
     649           0 :                 break;
     650           0 :         default:
     651           0 :                 return -ESOCKTNOSUPPORT;
     652             :         }
     653             : 
     654           0 :         return unix_create1(net, sock) ? 0 : -ENOMEM;
     655             : }
     656             : 
     657             : static int unix_release(struct socket *sock)
     658             : {
     659           0 :         struct sock *sk = sock->sk;
     660           0 : 
     661           0 :         if (!sk)
     662           0 :                 return 0;
     663             : 
     664           0 :         sock->sk = NULL;
     665             : 
     666           0 :         return unix_release_sock(sk, 0);
     667             : }
     668             : 
     669             : static int unix_autobind(struct socket *sock)
     670             : {
     671           0 :         struct sock *sk = sock->sk;
     672           0 :         struct net *net = sock_net(sk);
     673           0 :         struct unix_sock *u = unix_sk(sk);
     674           0 :         static u32 ordernum = 1;
     675           0 :         struct unix_address *addr;
     676           0 :         int err;
     677           0 : 
     678           0 :         mutex_lock(&u->readlock);
     679           0 : 
     680           0 :         err = 0;
     681           0 :         if (u->addr)
     682           0 :                 goto out;
     683             : 
     684           0 :         err = -ENOMEM;
     685           0 :         addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
     686           0 :         if (!addr)
     687           0 :                 goto out;
     688             : 
     689           0 :         addr->name->sun_family = AF_UNIX;
     690           0 :         atomic_set(&addr->refcnt, 1);
     691             : 
     692           0 : retry:
     693           0 :         addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
     694           0 :         addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
     695             : 
     696           0 :         spin_lock(&unix_table_lock);
     697           0 :         ordernum = (ordernum+1)&0xFFFFF;
     698             : 
     699           0 :         if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
     700             :                                       addr->hash)) {
     701           0 :                 spin_unlock(&unix_table_lock);
     702             :                 /* Sanity yield. It is unusual case, but yet... */
     703           0 :                 if (!(ordernum&0xFF))
     704           0 :                         yield();
     705           0 :                 goto retry;
     706             :         }
     707           0 :         addr->hash ^= sk->sk_type;
     708             : 
     709           0 :         __unix_remove_socket(sk);
     710           0 :         u->addr = addr;
     711           0 :         __unix_insert_socket(&unix_socket_table[addr->hash], sk);
     712           0 :         spin_unlock(&unix_table_lock);
     713           0 :         err = 0;
     714             : 
     715           0 : out:    mutex_unlock(&u->readlock);
     716           0 :         return err;
     717             : }
     718             : 
     719             : static struct sock *unix_find_other(struct net *net,
     720             :                                     struct sockaddr_un *sunname, int len,
     721             :                                     int type, unsigned hash, int *error)
     722           0 : {
     723           0 :         struct sock *u;
     724           0 :         struct path path;
     725           0 :         int err = 0;
     726           0 : 
     727           0 :         if (sunname->sun_path[0]) {
     728             :                 struct inode *inode;
     729           0 :                 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
     730           0 :                 if (err)
     731           0 :                         goto fail;
     732           0 :                 inode = path.dentry->d_inode;
     733           0 :                 err = inode_permission(inode, MAY_WRITE);
     734           0 :                 if (err)
     735           0 :                         goto put_fail;
     736             : 
     737           0 :                 err = -ECONNREFUSED;
     738           0 :                 if (!S_ISSOCK(inode->i_mode))
     739           0 :                         goto put_fail;
     740           0 :                 u = unix_find_socket_byinode(net, inode);
     741           0 :                 if (!u)
     742           0 :                         goto put_fail;
     743             : 
     744           0 :                 if (u->sk_type == type)
     745           0 :                         touch_atime(path.mnt, path.dentry);
     746             : 
     747           0 :                 path_put(&path);
     748             : 
     749           0 :                 err = -EPROTOTYPE;
     750           0 :                 if (u->sk_type != type) {
     751           0 :                         sock_put(u);
     752           0 :                         goto fail;
     753             :                 }
     754             :         } else {
     755           0 :                 err = -ECONNREFUSED;
     756           0 :                 u = unix_find_socket_byname(net, sunname, len, type, hash);
     757           0 :                 if (u) {
     758             :                         struct dentry *dentry;
     759           0 :                         dentry = unix_sk(u)->dentry;
     760           0 :                         if (dentry)
     761           0 :                                 touch_atime(unix_sk(u)->mnt, dentry);
     762             :                 } else
     763           0 :                         goto fail;
     764             :         }
     765           0 :         return u;
     766           0 : 
     767             : put_fail:
     768           0 :         path_put(&path);
     769             : fail:
     770           0 :         *error = err;
     771           0 :         return NULL;
     772             : }
     773             : 
     774             : 
     775             : static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
     776             : {
     777           0 :         struct sock *sk = sock->sk;
     778           0 :         struct net *net = sock_net(sk);
     779           0 :         struct unix_sock *u = unix_sk(sk);
     780           0 :         struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
     781           0 :         struct dentry *dentry = NULL;
     782           0 :         struct nameidata nd;
     783           0 :         int err;
     784           0 :         unsigned hash;
     785           0 :         struct unix_address *addr;
     786           0 :         struct hlist_head *list;
     787           0 : 
     788           0 :         err = -EINVAL;
     789           0 :         if (sunaddr->sun_family != AF_UNIX)
     790           0 :                 goto out;
     791           0 : 
     792           0 :         if (addr_len == sizeof(short)) {
     793           0 :                 err = unix_autobind(sock);
     794           0 :                 goto out;
     795             :         }
     796             : 
     797           0 :         err = unix_mkname(sunaddr, addr_len, &hash);
     798           0 :         if (err < 0)
     799           0 :                 goto out;
     800           0 :         addr_len = err;
     801             : 
     802           0 :         mutex_lock(&u->readlock);
     803             : 
     804           0 :         err = -EINVAL;
     805           0 :         if (u->addr)
     806           0 :                 goto out_up;
     807             : 
     808           0 :         err = -ENOMEM;
     809           0 :         addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
     810           0 :         if (!addr)
     811           0 :                 goto out_up;
     812             : 
     813           0 :         memcpy(addr->name, sunaddr, addr_len);
     814           0 :         addr->len = addr_len;
     815           0 :         addr->hash = hash ^ sk->sk_type;
     816           0 :         atomic_set(&addr->refcnt, 1);
     817             : 
     818           0 :         if (sunaddr->sun_path[0]) {
     819             :                 unsigned int mode;
     820           0 :                 err = 0;
     821             :                 /*
     822             :                  * Get the parent directory, calculate the hash for last
     823             :                  * component.
     824             :                  */
     825           0 :                 err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd);
     826           0 :                 if (err)
     827           0 :                         goto out_mknod_parent;
     828             : 
     829           0 :                 dentry = lookup_create(&nd, 0);
     830           0 :                 err = PTR_ERR(dentry);
     831           0 :                 if (IS_ERR(dentry))
     832           0 :                         goto out_mknod_unlock;
     833             : 
     834             :                 /*
     835             :                  * All right, let's create it.
     836             :                  */
     837           0 :                 mode = S_IFSOCK |
     838             :                        (SOCK_INODE(sock)->i_mode & ~current_umask());
     839           0 :                 err = mnt_want_write(nd.path.mnt);
     840           0 :                 if (err)
     841           0 :                         goto out_mknod_dput;
     842           0 :                 err = security_path_mknod(&nd.path, dentry, mode, 0);
     843           0 :                 if (err)
     844           0 :                         goto out_mknod_drop_write;
     845           0 :                 err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
     846             : out_mknod_drop_write:
     847           0 :                 mnt_drop_write(nd.path.mnt);
     848           0 :                 if (err)
     849           0 :                         goto out_mknod_dput;
     850           0 :                 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
     851           0 :                 dput(nd.path.dentry);
     852           0 :                 nd.path.dentry = dentry;
     853             : 
     854           0 :                 addr->hash = UNIX_HASH_SIZE;
     855             :         }
     856             : 
     857           0 :         spin_lock(&unix_table_lock);
     858             : 
     859           0 :         if (!sunaddr->sun_path[0]) {
     860           0 :                 err = -EADDRINUSE;
     861           0 :                 if (__unix_find_socket_byname(net, sunaddr, addr_len,
     862             :                                               sk->sk_type, hash)) {
     863           0 :                         unix_release_addr(addr);
     864           0 :                         goto out_unlock;
     865             :                 }
     866             : 
     867           0 :                 list = &unix_socket_table[addr->hash];
     868             :         } else {
     869           0 :                 list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
     870           0 :                 u->dentry = nd.path.dentry;
     871           0 :                 u->mnt    = nd.path.mnt;
     872             :         }
     873             : 
     874           0 :         err = 0;
     875           0 :         __unix_remove_socket(sk);
     876           0 :         u->addr = addr;
     877           0 :         __unix_insert_socket(list, sk);
     878             : 
     879           0 : out_unlock:
     880           0 :         spin_unlock(&unix_table_lock);
     881             : out_up:
     882           0 :         mutex_unlock(&u->readlock);
     883             : out:
     884           0 :         return err;
     885           0 : 
     886             : out_mknod_dput:
     887           0 :         dput(dentry);
     888             : out_mknod_unlock:
     889           0 :         mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
     890           0 :         path_put(&nd.path);
     891             : out_mknod_parent:
     892           0 :         if (err == -EEXIST)
     893           0 :                 err = -EADDRINUSE;
     894           0 :         unix_release_addr(addr);
     895           0 :         goto out_up;
     896             : }
     897             : 
     898             : static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
     899             : {
     900           0 :         if (unlikely(sk1 == sk2) || !sk2) {
     901           0 :                 unix_state_lock(sk1);
     902           0 :                 return;
     903             :         }
     904           0 :         if (sk1 < sk2) {
     905           0 :                 unix_state_lock(sk1);
     906           0 :                 unix_state_lock_nested(sk2);
     907             :         } else {
     908           0 :                 unix_state_lock(sk2);
     909           0 :                 unix_state_lock_nested(sk1);
     910             :         }
     911           0 : }
     912             : 
     913             : static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
     914             : {
     915           0 :         if (unlikely(sk1 == sk2) || !sk2) {
     916           0 :                 unix_state_unlock(sk1);
     917           0 :                 return;
     918             :         }
     919           0 :         unix_state_unlock(sk1);
     920           0 :         unix_state_unlock(sk2);
     921           0 : }
     922             : 
     923             : static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
     924             :                               int alen, int flags)
     925             : {
     926           0 :         struct sock *sk = sock->sk;
     927           0 :         struct net *net = sock_net(sk);
     928           0 :         struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
     929           0 :         struct sock *other;
     930           0 :         unsigned hash;
     931           0 :         int err;
     932           0 : 
     933           0 :         if (addr->sa_family != AF_UNSPEC) {
     934           0 :                 err = unix_mkname(sunaddr, alen, &hash);
     935           0 :                 if (err < 0)
     936           0 :                         goto out;
     937           0 :                 alen = err;
     938             : 
     939           0 :                 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
     940             :                     !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
     941           0 :                         goto out;
     942             : 
     943             : restart:
     944           0 :                 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
     945           0 :                 if (!other)
     946           0 :                         goto out;
     947             : 
     948           0 :                 unix_state_double_lock(sk, other);
     949             : 
     950             :                 /* Apparently VFS overslept socket death. Retry. */
     951           0 :                 if (sock_flag(other, SOCK_DEAD)) {
     952           0 :                         unix_state_double_unlock(sk, other);
     953           0 :                         sock_put(other);
     954           0 :                         goto restart;
     955             :                 }
     956             : 
     957           0 :                 err = -EPERM;
     958           0 :                 if (!unix_may_send(sk, other))
     959           0 :                         goto out_unlock;
     960             : 
     961           0 :                 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
     962           0 :                 if (err)
     963           0 :                         goto out_unlock;
     964             : 
     965             :         } else {
     966             :                 /*
     967             :                  *      1003.1g breaking connected state with AF_UNSPEC
     968             :                  */
     969           0 :                 other = NULL;
     970           0 :                 unix_state_double_lock(sk, other);
     971             :         }
     972             : 
     973             :         /*
     974             :          * If it was connected, reconnect.
     975             :          */
     976           0 :         if (unix_peer(sk)) {
     977           0 :                 struct sock *old_peer = unix_peer(sk);
     978           0 :                 unix_peer(sk) = other;
     979           0 :                 unix_state_double_unlock(sk, other);
     980             : 
     981           0 :                 if (other != old_peer)
     982           0 :                         unix_dgram_disconnected(sk, old_peer);
     983           0 :                 sock_put(old_peer);
     984             :         } else {
     985           0 :                 unix_peer(sk) = other;
     986           0 :                 unix_state_double_unlock(sk, other);
     987             :         }
     988           0 :         return 0;
     989           0 : 
     990             : out_unlock:
     991           0 :         unix_state_double_unlock(sk, other);
     992           0 :         sock_put(other);
     993             : out:
     994           0 :         return err;
     995             : }
     996             : 
     997             : static long unix_wait_for_peer(struct sock *other, long timeo)
     998             : {
     999           0 :         struct unix_sock *u = unix_sk(other);
    1000           0 :         int sched;
    1001           0 :         DEFINE_WAIT(wait);
    1002           0 : 
    1003           0 :         prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
    1004           0 : 
    1005           0 :         sched = !sock_flag(other, SOCK_DEAD) &&
    1006             :                 !(other->sk_shutdown & RCV_SHUTDOWN) &&
    1007             :                 unix_recvq_full(other);
    1008             : 
    1009           0 :         unix_state_unlock(other);
    1010             : 
    1011           0 :         if (sched)
    1012           0 :                 timeo = schedule_timeout(timeo);
    1013             : 
    1014           0 :         finish_wait(&u->peer_wait, &wait);
    1015           0 :         return timeo;
    1016             : }
    1017             : 
    1018             : static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
    1019             :                                int addr_len, int flags)
    1020             : {
    1021           0 :         struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
    1022           0 :         struct sock *sk = sock->sk;
    1023           0 :         struct net *net = sock_net(sk);
    1024           0 :         struct unix_sock *u = unix_sk(sk), *newu, *otheru;
    1025           0 :         struct sock *newsk = NULL;
    1026           0 :         struct sock *other = NULL;
    1027           0 :         struct sk_buff *skb = NULL;
    1028           0 :         unsigned hash;
    1029           0 :         int st;
    1030           0 :         int err;
    1031           0 :         long timeo;
    1032           0 : 
    1033           0 :         err = unix_mkname(sunaddr, addr_len, &hash);
    1034           0 :         if (err < 0)
    1035           0 :                 goto out;
    1036           0 :         addr_len = err;
    1037           0 : 
    1038           0 :         if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
    1039           0 :             (err = unix_autobind(sock)) != 0)
    1040           0 :                 goto out;
    1041           0 : 
    1042           0 :         timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
    1043           0 : 
    1044           0 :         /* First of all allocate resources.
    1045           0 :            If we will make it after state is locked,
    1046             :            we will have to recheck all again in any case.
    1047             :          */
    1048             : 
    1049           0 :         err = -ENOMEM;
    1050             : 
    1051             :         /* create new sock for complete connection */
    1052           0 :         newsk = unix_create1(sock_net(sk), NULL);
    1053           0 :         if (newsk == NULL)
    1054           0 :                 goto out;
    1055             : 
    1056             :         /* Allocate skb for sending to listening sock */
    1057           0 :         skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
    1058           0 :         if (skb == NULL)
    1059           0 :                 goto out;
    1060             : 
    1061             : restart:
    1062             :         /*  Find listening sock. */
    1063           0 :         other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
    1064           0 :         if (!other)
    1065           0 :                 goto out;
    1066             : 
    1067             :         /* Latch state of peer */
    1068           0 :         unix_state_lock(other);
    1069             : 
    1070             :         /* Apparently VFS overslept socket death. Retry. */
    1071           0 :         if (sock_flag(other, SOCK_DEAD)) {
    1072           0 :                 unix_state_unlock(other);
    1073           0 :                 sock_put(other);
    1074           0 :                 goto restart;
    1075             :         }
    1076             : 
    1077           0 :         err = -ECONNREFUSED;
    1078           0 :         if (other->sk_state != TCP_LISTEN)
    1079           0 :                 goto out_unlock;
    1080           0 :         if (other->sk_shutdown & RCV_SHUTDOWN)
    1081           0 :                 goto out_unlock;
    1082             : 
    1083           0 :         if (unix_recvq_full(other)) {
    1084           0 :                 err = -EAGAIN;
    1085           0 :                 if (!timeo)
    1086           0 :                         goto out_unlock;
    1087             : 
    1088           0 :                 timeo = unix_wait_for_peer(other, timeo);
    1089             : 
    1090           0 :                 err = sock_intr_errno(timeo);
    1091           0 :                 if (signal_pending(current))
    1092           0 :                         goto out;
    1093           0 :                 sock_put(other);
    1094           0 :                 goto restart;
    1095             :         }
    1096             : 
    1097             :         /* Latch our state.
    1098             : 
    1099             :            It is tricky place. We need to grab write lock and cannot
    1100             :            drop lock on peer. It is dangerous because deadlock is
    1101             :            possible. Connect to self case and simultaneous
    1102             :            attempt to connect are eliminated by checking socket
    1103             :            state. other is TCP_LISTEN, if sk is TCP_LISTEN we
    1104             :            check this before attempt to grab lock.
    1105             : 
    1106             :            Well, and we have to recheck the state after socket locked.
    1107             :          */
    1108           0 :         st = sk->sk_state;
    1109             : 
    1110             :         switch (st) {
    1111           0 :         case TCP_CLOSE:
    1112             :                 /* This is ok... continue with connect */
    1113           0 :                 break;
    1114           0 :         case TCP_ESTABLISHED:
    1115             :                 /* Socket is already connected */
    1116           0 :                 err = -EISCONN;
    1117           0 :                 goto out_unlock;
    1118           0 :         default:
    1119           0 :                 err = -EINVAL;
    1120           0 :                 goto out_unlock;
    1121             :         }
    1122             : 
    1123           0 :         unix_state_lock_nested(sk);
    1124             : 
    1125           0 :         if (sk->sk_state != st) {
    1126           0 :                 unix_state_unlock(sk);
    1127           0 :                 unix_state_unlock(other);
    1128           0 :                 sock_put(other);
    1129           0 :                 goto restart;
    1130             :         }
    1131             : 
    1132           0 :         err = security_unix_stream_connect(sock, other->sk_socket, newsk);
    1133           0 :         if (err) {
    1134           0 :                 unix_state_unlock(sk);
    1135           0 :                 goto out_unlock;
    1136             :         }
    1137             : 
    1138             :         /* The way is open! Fastly set all the necessary fields... */
    1139             : 
    1140           0 :         sock_hold(sk);
    1141           0 :         unix_peer(newsk)        = sk;
    1142           0 :         newsk->sk_state              = TCP_ESTABLISHED;
    1143           0 :         newsk->sk_type               = sk->sk_type;
    1144           0 :         newsk->sk_peercred.pid       = task_tgid_vnr(current);
    1145           0 :         current_euid_egid(&newsk->sk_peercred.uid, &newsk->sk_peercred.gid);
    1146           0 :         newu = unix_sk(newsk);
    1147           0 :         newsk->sk_sleep              = &newu->peer_wait;
    1148           0 :         otheru = unix_sk(other);
    1149             : 
    1150             :         /* copy address information from listening to new sock*/
    1151           0 :         if (otheru->addr) {
    1152           0 :                 atomic_inc(&otheru->addr->refcnt);
    1153           0 :                 newu->addr = otheru->addr;
    1154             :         }
    1155           0 :         if (otheru->dentry) {
    1156           0 :                 newu->dentry = dget(otheru->dentry);
    1157           0 :                 newu->mnt    = mntget(otheru->mnt);
    1158             :         }
    1159             : 
    1160             :         /* Set credentials */
    1161           0 :         sk->sk_peercred = other->sk_peercred;
    1162             : 
    1163           0 :         sock->state  = SS_CONNECTED;
    1164           0 :         sk->sk_state = TCP_ESTABLISHED;
    1165           0 :         sock_hold(newsk);
    1166             : 
    1167           0 :         smp_mb__after_atomic_inc();     /* sock_hold() does an atomic_inc() */
    1168           0 :         unix_peer(sk)   = newsk;
    1169             : 
    1170           0 :         unix_state_unlock(sk);
    1171             : 
    1172             :         /* take ten and and send info to listening sock */
    1173           0 :         spin_lock(&other->sk_receive_queue.lock);
    1174           0 :         __skb_queue_tail(&other->sk_receive_queue, skb);
    1175           0 :         spin_unlock(&other->sk_receive_queue.lock);
    1176           0 :         unix_state_unlock(other);
    1177           0 :         other->sk_data_ready(other, 0);
    1178           0 :         sock_put(other);
    1179           0 :         return 0;
    1180           0 : 
    1181             : out_unlock:
    1182           0 :         if (other)
    1183           0 :                 unix_state_unlock(other);
    1184             : 
    1185             : out:
    1186           0 :         kfree_skb(skb);
    1187           0 :         if (newsk)
    1188           0 :                 unix_release_sock(newsk, 0);
    1189           0 :         if (other)
    1190           0 :                 sock_put(other);
    1191           0 :         return err;
    1192             : }
    1193             : 
    1194             : static int unix_socketpair(struct socket *socka, struct socket *sockb)
    1195             : {
    1196           0 :         struct sock *ska = socka->sk, *skb = sockb->sk;
    1197           0 : 
    1198           0 :         /* Join our sockets back to back */
    1199           0 :         sock_hold(ska);
    1200           0 :         sock_hold(skb);
    1201           0 :         unix_peer(ska) = skb;
    1202           0 :         unix_peer(skb) = ska;
    1203           0 :         ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current);
    1204           0 :         current_euid_egid(&skb->sk_peercred.uid, &skb->sk_peercred.gid);
    1205           0 :         ska->sk_peercred.uid = skb->sk_peercred.uid;
    1206           0 :         ska->sk_peercred.gid = skb->sk_peercred.gid;
    1207             : 
    1208           0 :         if (ska->sk_type != SOCK_DGRAM) {
    1209           0 :                 ska->sk_state = TCP_ESTABLISHED;
    1210           0 :                 skb->sk_state = TCP_ESTABLISHED;
    1211           0 :                 socka->state  = SS_CONNECTED;
    1212           0 :                 sockb->state  = SS_CONNECTED;
    1213             :         }
    1214           0 :         return 0;
    1215             : }
    1216             : 
    1217             : static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
    1218             : {
    1219           0 :         struct sock *sk = sock->sk;
    1220           0 :         struct sock *tsk;
    1221           0 :         struct sk_buff *skb;
    1222           0 :         int err;
    1223             : 
    1224           0 :         err = -EOPNOTSUPP;
    1225           0 :         if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
    1226           0 :                 goto out;
    1227             : 
    1228           0 :         err = -EINVAL;
    1229           0 :         if (sk->sk_state != TCP_LISTEN)
    1230           0 :                 goto out;
    1231             : 
    1232             :         /* If socket state is TCP_LISTEN it cannot change (for now...),
    1233             :          * so that no locks are necessary.
    1234             :          */
    1235             : 
    1236           0 :         skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
    1237           0 :         if (!skb) {
    1238             :                 /* This means receive shutdown. */
    1239           0 :                 if (err == 0)
    1240           0 :                         err = -EINVAL;
    1241           0 :                 goto out;
    1242             :         }
    1243             : 
    1244           0 :         tsk = skb->sk;
    1245           0 :         skb_free_datagram(sk, skb);
    1246           0 :         wake_up_interruptible(&unix_sk(sk)->peer_wait);
    1247             : 
    1248             :         /* attach accepted sock to socket */
    1249           0 :         unix_state_lock(tsk);
    1250           0 :         newsock->state = SS_CONNECTED;
    1251           0 :         sock_graft(tsk, newsock);
    1252           0 :         unix_state_unlock(tsk);
    1253           0 :         return 0;
    1254           0 : 
    1255             : out:
    1256           0 :         return err;
    1257             : }
    1258             : 
    1259             : 
    1260             : static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
    1261             : {
    1262           0 :         struct sock *sk = sock->sk;
    1263           0 :         struct unix_sock *u;
    1264           0 :         DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
    1265           0 :         int err = 0;
    1266           0 : 
    1267           0 :         if (peer) {
    1268           0 :                 sk = unix_peer_get(sk);
    1269             : 
    1270           0 :                 err = -ENOTCONN;
    1271           0 :                 if (!sk)
    1272           0 :                         goto out;
    1273           0 :                 err = 0;
    1274             :         } else {
    1275           0 :                 sock_hold(sk);
    1276             :         }
    1277             : 
    1278           0 :         u = unix_sk(sk);
    1279           0 :         unix_state_lock(sk);
    1280           0 :         if (!u->addr) {
    1281           0 :                 sunaddr->sun_family = AF_UNIX;
    1282           0 :                 sunaddr->sun_path[0] = 0;
    1283           0 :                 *uaddr_len = sizeof(short);
    1284             :         } else {
    1285           0 :                 struct unix_address *addr = u->addr;
    1286             : 
    1287           0 :                 *uaddr_len = addr->len;
    1288           0 :                 memcpy(sunaddr, addr->name, *uaddr_len);
    1289             :         }
    1290           0 :         unix_state_unlock(sk);
    1291           0 :         sock_put(sk);
    1292             : out:
    1293           0 :         return err;
    1294             : }
    1295             : 
    1296             : static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
    1297             : {
    1298           0 :         int i;
    1299             : 
    1300           0 :         scm->fp = UNIXCB(skb).fp;
    1301           0 :         skb->destructor = sock_wfree;
    1302           0 :         UNIXCB(skb).fp = NULL;
    1303             : 
    1304           0 :         for (i = scm->fp->count-1; i >= 0; i--)
    1305           0 :                 unix_notinflight(scm->fp->fp[i]);
    1306           0 : }
    1307             : 
    1308             : static void unix_destruct_fds(struct sk_buff *skb)
    1309             : {
    1310           0 :         struct scm_cookie scm;
    1311           0 :         memset(&scm, 0, sizeof(scm));
    1312           0 :         unix_detach_fds(&scm, skb);
    1313             : 
    1314             :         /* Alas, it calls VFS */
    1315             :         /* So fscking what? fput() had been SMP-safe since the last Summer */
    1316           0 :         scm_destroy(&scm);
    1317           0 :         sock_wfree(skb);
    1318           0 : }
    1319             : 
    1320             : static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
    1321             : {
    1322           0 :         int i;
    1323             : 
    1324             :         /*
    1325             :          * Need to duplicate file references for the sake of garbage
    1326             :          * collection.  Otherwise a socket in the fps might become a
    1327             :          * candidate for GC while the skb is not yet queued.
    1328             :          */
    1329           0 :         UNIXCB(skb).fp = scm_fp_dup(scm->fp);
    1330           0 :         if (!UNIXCB(skb).fp)
    1331           0 :                 return -ENOMEM;
    1332             : 
    1333           0 :         for (i = scm->fp->count-1; i >= 0; i--)
    1334           0 :                 unix_inflight(scm->fp->fp[i]);
    1335           0 :         skb->destructor = unix_destruct_fds;
    1336           0 :         return 0;
    1337             : }
    1338             : 
    1339             : /*
    1340             :  *      Send AF_UNIX data.
    1341             :  */
    1342             : 
    1343             : static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
    1344             :                               struct msghdr *msg, size_t len)
    1345             : {
    1346           0 :         struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
    1347           0 :         struct sock *sk = sock->sk;
    1348           0 :         struct net *net = sock_net(sk);
    1349           0 :         struct unix_sock *u = unix_sk(sk);
    1350           0 :         struct sockaddr_un *sunaddr = msg->msg_name;
    1351           0 :         struct sock *other = NULL;
    1352           0 :         int namelen = 0; /* fake GCC */
    1353           0 :         int err;
    1354           0 :         unsigned hash;
    1355           0 :         struct sk_buff *skb;
    1356           0 :         long timeo;
    1357           0 :         struct scm_cookie tmp_scm;
    1358           0 : 
    1359           0 :         if (NULL == siocb->scm)
    1360           0 :                 siocb->scm = &tmp_scm;
    1361           0 :         wait_for_unix_gc();
    1362           0 :         err = scm_send(sock, msg, siocb->scm);
    1363           0 :         if (err < 0)
    1364           0 :                 return err;
    1365           0 : 
    1366           0 :         err = -EOPNOTSUPP;
    1367           0 :         if (msg->msg_flags&MSG_OOB)
    1368           0 :                 goto out;
    1369             : 
    1370           0 :         if (msg->msg_namelen) {
    1371           0 :                 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
    1372           0 :                 if (err < 0)
    1373           0 :                         goto out;
    1374           0 :                 namelen = err;
    1375             :         } else {
    1376           0 :                 sunaddr = NULL;
    1377           0 :                 err = -ENOTCONN;
    1378           0 :                 other = unix_peer_get(sk);
    1379           0 :                 if (!other)
    1380           0 :                         goto out;
    1381             :         }
    1382             : 
    1383           0 :         if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
    1384             :             && (err = unix_autobind(sock)) != 0)
    1385           0 :                 goto out;
    1386             : 
    1387           0 :         err = -EMSGSIZE;
    1388           0 :         if (len > sk->sk_sndbuf - 32)
    1389           0 :                 goto out;
    1390             : 
    1391           0 :         skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
    1392           0 :         if (skb == NULL)
    1393           0 :                 goto out;
    1394             : 
    1395           0 :         memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
    1396           0 :         if (siocb->scm->fp) {
    1397           0 :                 err = unix_attach_fds(siocb->scm, skb);
    1398           0 :                 if (err)
    1399           0 :                         goto out_free;
    1400             :         }
    1401           0 :         unix_get_secdata(siocb->scm, skb);
    1402             : 
    1403           0 :         skb_reset_transport_header(skb);
    1404           0 :         err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
    1405           0 :         if (err)
    1406           0 :                 goto out_free;
    1407             : 
    1408           0 :         timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
    1409             : 
    1410           0 : restart:
    1411           0 :         if (!other) {
    1412           0 :                 err = -ECONNRESET;
    1413           0 :                 if (sunaddr == NULL)
    1414           0 :                         goto out_free;
    1415             : 
    1416           0 :                 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
    1417             :                                         hash, &err);
    1418           0 :                 if (other == NULL)
    1419           0 :                         goto out_free;
    1420             :         }
    1421             : 
    1422           0 :         unix_state_lock(other);
    1423           0 :         err = -EPERM;
    1424           0 :         if (!unix_may_send(sk, other))
    1425           0 :                 goto out_unlock;
    1426             : 
    1427           0 :         if (sock_flag(other, SOCK_DEAD)) {
    1428             :                 /*
    1429             :                  *      Check with 1003.1g - what should
    1430             :                  *      datagram error
    1431             :                  */
    1432           0 :                 unix_state_unlock(other);
    1433           0 :                 sock_put(other);
    1434             : 
    1435           0 :                 err = 0;
    1436           0 :                 unix_state_lock(sk);
    1437           0 :                 if (unix_peer(sk) == other) {
    1438           0 :                         unix_peer(sk) = NULL;
    1439           0 :                         unix_state_unlock(sk);
    1440             : 
    1441           0 :                         unix_dgram_disconnected(sk, other);
    1442           0 :                         sock_put(other);
    1443           0 :                         err = -ECONNREFUSED;
    1444             :                 } else {
    1445           0 :                         unix_state_unlock(sk);
    1446             :                 }
    1447             : 
    1448           0 :                 other = NULL;
    1449           0 :                 if (err)
    1450           0 :                         goto out_free;
    1451           0 :                 goto restart;
    1452             :         }
    1453             : 
    1454           0 :         err = -EPIPE;
    1455           0 :         if (other->sk_shutdown & RCV_SHUTDOWN)
    1456           0 :                 goto out_unlock;
    1457             : 
    1458           0 :         if (sk->sk_type != SOCK_SEQPACKET) {
    1459           0 :                 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
    1460           0 :                 if (err)
    1461           0 :                         goto out_unlock;
    1462             :         }
    1463             : 
    1464           0 :         if (unix_peer(other) != sk && unix_recvq_full(other)) {
    1465           0 :                 if (!timeo) {
    1466           0 :                         err = -EAGAIN;
    1467           0 :                         goto out_unlock;
    1468             :                 }
    1469             : 
    1470           0 :                 timeo = unix_wait_for_peer(other, timeo);
    1471             : 
    1472           0 :                 err = sock_intr_errno(timeo);
    1473           0 :                 if (signal_pending(current))
    1474           0 :                         goto out_free;
    1475             : 
    1476           0 :                 goto restart;
    1477             :         }
    1478             : 
    1479           0 :         skb_queue_tail(&other->sk_receive_queue, skb);
    1480           0 :         unix_state_unlock(other);
    1481           0 :         other->sk_data_ready(other, len);
    1482           0 :         sock_put(other);
    1483           0 :         scm_destroy(siocb->scm);
    1484           0 :         return len;
    1485           0 : 
    1486             : out_unlock:
    1487           0 :         unix_state_unlock(other);
    1488             : out_free:
    1489           0 :         kfree_skb(skb);
    1490             : out:
    1491           0 :         if (other)
    1492           0 :                 sock_put(other);
    1493           0 :         scm_destroy(siocb->scm);
    1494           0 :         return err;
    1495             : }
    1496             : 
    1497             : 
    1498             : static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
    1499             :                                struct msghdr *msg, size_t len)
    1500             : {
    1501           0 :         struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
    1502           0 :         struct sock *sk = sock->sk;
    1503           0 :         struct sock *other = NULL;
    1504           0 :         struct sockaddr_un *sunaddr = msg->msg_name;
    1505           0 :         int err, size;
    1506           0 :         struct sk_buff *skb;
    1507           0 :         int sent = 0;
    1508           0 :         struct scm_cookie tmp_scm;
    1509           0 :         bool fds_sent = false;
    1510           0 : 
    1511           0 :         if (NULL == siocb->scm)
    1512           0 :                 siocb->scm = &tmp_scm;
    1513           0 :         wait_for_unix_gc();
    1514           0 :         err = scm_send(sock, msg, siocb->scm);
    1515           0 :         if (err < 0)
    1516           0 :                 return err;
    1517           0 : 
    1518           0 :         err = -EOPNOTSUPP;
    1519           0 :         if (msg->msg_flags&MSG_OOB)
    1520           0 :                 goto out_err;
    1521             : 
    1522           0 :         if (msg->msg_namelen) {
    1523           0 :                 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
    1524           0 :                 goto out_err;
    1525             :         } else {
    1526           0 :                 sunaddr = NULL;
    1527           0 :                 err = -ENOTCONN;
    1528           0 :                 other = unix_peer(sk);
    1529           0 :                 if (!other)
    1530           0 :                         goto out_err;
    1531             :         }
    1532             : 
    1533           0 :         if (sk->sk_shutdown & SEND_SHUTDOWN)
    1534           0 :                 goto pipe_err;
    1535             : 
    1536           0 :         while (sent < len) {
    1537           0 :                 /*
    1538           0 :                  *      Optimisation for the fact that under 0.01% of X
    1539             :                  *      messages typically need breaking up.
    1540             :                  */
    1541             : 
    1542           0 :                 size = len-sent;
    1543             : 
    1544             :                 /* Keep two messages in the pipe so it schedules better */
    1545           0 :                 if (size > ((sk->sk_sndbuf >> 1) - 64))
    1546           0 :                         size = (sk->sk_sndbuf >> 1) - 64;
    1547             : 
    1548           0 :                 if (size > SKB_MAX_ALLOC)
    1549           0 :                         size = SKB_MAX_ALLOC;
    1550             : 
    1551             :                 /*
    1552             :                  *      Grab a buffer
    1553             :                  */
    1554             : 
    1555           0 :                 skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
    1556             :                                           &err);
    1557             : 
    1558           0 :                 if (skb == NULL)
    1559           0 :                         goto out_err;
    1560             : 
    1561             :                 /*
    1562             :                  *      If you pass two values to the sock_alloc_send_skb
    1563             :                  *      it tries to grab the large buffer with GFP_NOFS
    1564             :                  *      (which can fail easily), and if it fails grab the
    1565             :                  *      fallback size buffer which is under a page and will
    1566             :                  *      succeed. [Alan]
    1567             :                  */
    1568           0 :                 size = min_t(int, size, skb_tailroom(skb));
    1569             : 
    1570           0 :                 memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
    1571             :                 /* Only send the fds in the first buffer */
    1572           0 :                 if (siocb->scm->fp && !fds_sent) {
    1573           0 :                         err = unix_attach_fds(siocb->scm, skb);
    1574           0 :                         if (err) {
    1575           0 :                                 kfree_skb(skb);
    1576           0 :                                 goto out_err;
    1577             :                         }
    1578           0 :                         fds_sent = true;
    1579             :                 }
    1580             : 
    1581           0 :                 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
    1582           0 :                 if (err) {
    1583           0 :                         kfree_skb(skb);
    1584           0 :                         goto out_err;
    1585             :                 }
    1586             : 
    1587           0 :                 unix_state_lock(other);
    1588             : 
    1589           0 :                 if (sock_flag(other, SOCK_DEAD) ||
    1590             :                     (other->sk_shutdown & RCV_SHUTDOWN))
    1591           0 :                         goto pipe_err_free;
    1592             : 
    1593           0 :                 skb_queue_tail(&other->sk_receive_queue, skb);
    1594           0 :                 unix_state_unlock(other);
    1595           0 :                 other->sk_data_ready(other, size);
    1596           0 :                 sent += size;
    1597             :         }
    1598           0 : 
    1599           0 :         scm_destroy(siocb->scm);
    1600           0 :         siocb->scm = NULL;
    1601             : 
    1602           0 :         return sent;
    1603           0 : 
    1604             : pipe_err_free:
    1605           0 :         unix_state_unlock(other);
    1606           0 :         kfree_skb(skb);
    1607             : pipe_err:
    1608           0 :         if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
    1609           0 :                 send_sig(SIGPIPE, current, 0);
    1610           0 :         err = -EPIPE;
    1611           0 : out_err:
    1612           0 :         scm_destroy(siocb->scm);
    1613           0 :         siocb->scm = NULL;
    1614           0 :         return sent ? : err;
    1615             : }
    1616             : 
    1617             : static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
    1618             :                                   struct msghdr *msg, size_t len)
    1619             : {
    1620           0 :         int err;
    1621           0 :         struct sock *sk = sock->sk;
    1622           0 : 
    1623           0 :         err = sock_error(sk);
    1624           0 :         if (err)
    1625           0 :                 return err;
    1626             : 
    1627           0 :         if (sk->sk_state != TCP_ESTABLISHED)
    1628           0 :                 return -ENOTCONN;
    1629             : 
    1630           0 :         if (msg->msg_namelen)
    1631           0 :                 msg->msg_namelen = 0;
    1632             : 
    1633           0 :         return unix_dgram_sendmsg(kiocb, sock, msg, len);
    1634             : }
    1635             : 
    1636             : static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
    1637             :                               struct msghdr *msg, size_t size,
    1638             :                               int flags)
    1639           0 : {
    1640           0 :         struct sock *sk = sock->sk;
    1641             : 
    1642           0 :         if (sk->sk_state != TCP_ESTABLISHED)
    1643           0 :                 return -ENOTCONN;
    1644             : 
    1645           0 :         return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
    1646             : }
    1647             : 
    1648             : static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
    1649             : {
    1650           0 :         struct unix_sock *u = unix_sk(sk);
    1651             : 
    1652           0 :         msg->msg_namelen = 0;
    1653           0 :         if (u->addr) {
    1654           0 :                 msg->msg_namelen = u->addr->len;
    1655           0 :                 memcpy(msg->msg_name, u->addr->name, u->addr->len);
    1656             :         }
    1657           0 : }
    1658             : 
    1659             : static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
    1660             :                               struct msghdr *msg, size_t size,
    1661             :                               int flags)
    1662           0 : {
    1663           0 :         struct sock_iocb *siocb = kiocb_to_siocb(iocb);
    1664           0 :         struct scm_cookie tmp_scm;
    1665           0 :         struct sock *sk = sock->sk;
    1666           0 :         struct unix_sock *u = unix_sk(sk);
    1667           0 :         int noblock = flags & MSG_DONTWAIT;
    1668           0 :         struct sk_buff *skb;
    1669           0 :         int err;
    1670             : 
    1671           0 :         err = -EOPNOTSUPP;
    1672           0 :         if (flags&MSG_OOB)
    1673           0 :                 goto out;
    1674             : 
    1675           0 :         msg->msg_namelen = 0;
    1676             : 
    1677           0 :         mutex_lock(&u->readlock);
    1678             : 
    1679           0 :         skb = skb_recv_datagram(sk, flags, noblock, &err);
    1680           0 :         if (!skb) {
    1681           0 :                 unix_state_lock(sk);
    1682             :                 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
    1683           0 :                 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
    1684             :                     (sk->sk_shutdown & RCV_SHUTDOWN))
    1685           0 :                         err = 0;
    1686           0 :                 unix_state_unlock(sk);
    1687           0 :                 goto out_unlock;
    1688             :         }
    1689             : 
    1690           0 :         wake_up_interruptible_sync(&u->peer_wait);
    1691             : 
    1692           0 :         if (msg->msg_name)
    1693           0 :                 unix_copy_addr(msg, skb->sk);
    1694             : 
    1695           0 :         if (size > skb->len)
    1696           0 :                 size = skb->len;
    1697           0 :         else if (size < skb->len)
    1698           0 :                 msg->msg_flags |= MSG_TRUNC;
    1699             : 
    1700           0 :         err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
    1701           0 :         if (err)
    1702           0 :                 goto out_free;
    1703             : 
    1704           0 :         if (!siocb->scm) {
    1705           0 :                 siocb->scm = &tmp_scm;
    1706           0 :                 memset(&tmp_scm, 0, sizeof(tmp_scm));
    1707             :         }
    1708           0 :         siocb->scm->creds = *UNIXCREDS(skb);
    1709           0 :         unix_set_secdata(siocb->scm, skb);
    1710             : 
    1711           0 :         if (!(flags & MSG_PEEK)) {
    1712           0 :                 if (UNIXCB(skb).fp)
    1713           0 :                         unix_detach_fds(siocb->scm, skb);
    1714             :         } else {
    1715             :                 /* It is questionable: on PEEK we could:
    1716             :                    - do not return fds - good, but too simple 8)
    1717             :                    - return fds, and do not return them on read (old strategy,
    1718             :                      apparently wrong)
    1719             :                    - clone fds (I chose it for now, it is the most universal
    1720             :                      solution)
    1721             : 
    1722             :                    POSIX 1003.1g does not actually define this clearly
    1723             :                    at all. POSIX 1003.1g doesn't define a lot of things
    1724             :                    clearly however!
    1725             : 
    1726             :                 */
    1727           0 :                 if (UNIXCB(skb).fp)
    1728           0 :                         siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
    1729             :         }
    1730           0 :         err = size;
    1731             : 
    1732           0 :         scm_recv(sock, msg, siocb->scm, flags);
    1733             : 
    1734           0 : out_free:
    1735           0 :         skb_free_datagram(sk, skb);
    1736             : out_unlock:
    1737           0 :         mutex_unlock(&u->readlock);
    1738             : out:
    1739           0 :         return err;
    1740             : }
    1741             : 
    1742             : /*
    1743             :  *      Sleep until data has arrive. But check for races..
    1744             :  */
    1745             : 
    1746             : static long unix_stream_data_wait(struct sock *sk, long timeo)
    1747             : {
    1748           0 :         DEFINE_WAIT(wait);
    1749           0 : 
    1750           0 :         unix_state_lock(sk);
    1751           0 : 
    1752           0 :         for (;;) {
    1753           0 :                 prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);
    1754             : 
    1755           0 :                 if (!skb_queue_empty(&sk->sk_receive_queue) ||
    1756             :                     sk->sk_err ||
    1757             :                     (sk->sk_shutdown & RCV_SHUTDOWN) ||
    1758             :                     signal_pending(current) ||
    1759             :                     !timeo)
    1760           0 :                         break;
    1761             : 
    1762           0 :                 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
    1763           0 :                 unix_state_unlock(sk);
    1764           0 :                 timeo = schedule_timeout(timeo);
    1765           0 :                 unix_state_lock(sk);
    1766           0 :                 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
    1767           0 :         }
    1768           0 : 
    1769           0 :         finish_wait(sk->sk_sleep, &wait);
    1770           0 :         unix_state_unlock(sk);
    1771           0 :         return timeo;
    1772             : }
    1773             : 
    1774             : 
    1775             : 
    1776             : static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
    1777             :                                struct msghdr *msg, size_t size,
    1778             :                                int flags)
    1779           0 : {
    1780           0 :         struct sock_iocb *siocb = kiocb_to_siocb(iocb);
    1781           0 :         struct scm_cookie tmp_scm;
    1782           0 :         struct sock *sk = sock->sk;
    1783           0 :         struct unix_sock *u = unix_sk(sk);
    1784           0 :         struct sockaddr_un *sunaddr = msg->msg_name;
    1785           0 :         int copied = 0;
    1786           0 :         int check_creds = 0;
    1787           0 :         int target;
    1788           0 :         int err = 0;
    1789           0 :         long timeo;
    1790           0 : 
    1791           0 :         err = -EINVAL;
    1792           0 :         if (sk->sk_state != TCP_ESTABLISHED)
    1793           0 :                 goto out;
    1794           0 : 
    1795           0 :         err = -EOPNOTSUPP;
    1796           0 :         if (flags&MSG_OOB)
    1797           0 :                 goto out;
    1798             : 
    1799           0 :         target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
    1800           0 :         timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
    1801             : 
    1802           0 :         msg->msg_namelen = 0;
    1803             : 
    1804             :         /* Lock the socket to prevent queue disordering
    1805             :          * while sleeps in memcpy_tomsg
    1806             :          */
    1807             : 
    1808           0 :         if (!siocb->scm) {
    1809           0 :                 siocb->scm = &tmp_scm;
    1810           0 :                 memset(&tmp_scm, 0, sizeof(tmp_scm));
    1811             :         }
    1812             : 
    1813           0 :         mutex_lock(&u->readlock);
    1814             : 
    1815           0 :         do {
    1816             :                 int chunk;
    1817             :                 struct sk_buff *skb;
    1818             : 
    1819           0 :                 unix_state_lock(sk);
    1820           0 :                 skb = skb_dequeue(&sk->sk_receive_queue);
    1821           0 :                 if (skb == NULL) {
    1822           0 :                         if (copied >= target)
    1823           0 :                                 goto unlock;
    1824             : 
    1825             :                         /*
    1826             :                          *      POSIX 1003.1g mandates this order.
    1827             :                          */
    1828             : 
    1829           0 :                         err = sock_error(sk);
    1830           0 :                         if (err)
    1831           0 :                                 goto unlock;
    1832           0 :                         if (sk->sk_shutdown & RCV_SHUTDOWN)
    1833           0 :                                 goto unlock;
    1834             : 
    1835           0 :                         unix_state_unlock(sk);
    1836           0 :                         err = -EAGAIN;
    1837           0 :                         if (!timeo)
    1838           0 :                                 break;
    1839           0 :                         mutex_unlock(&u->readlock);
    1840             : 
    1841           0 :                         timeo = unix_stream_data_wait(sk, timeo);
    1842             : 
    1843           0 :                         if (signal_pending(current)) {
    1844           0 :                                 err = sock_intr_errno(timeo);
    1845           0 :                                 goto out;
    1846             :                         }
    1847           0 :                         mutex_lock(&u->readlock);
    1848           0 :                         continue;
    1849           0 :  unlock:
    1850           0 :                         unix_state_unlock(sk);
    1851           0 :                         break;
    1852             :                 }
    1853           0 :                 unix_state_unlock(sk);
    1854             : 
    1855           0 :                 if (check_creds) {
    1856             :                         /* Never glue messages from different writers */
    1857           0 :                         if (memcmp(UNIXCREDS(skb), &siocb->scm->creds,
    1858             :                                    sizeof(siocb->scm->creds)) != 0) {
    1859           0 :                                 skb_queue_head(&sk->sk_receive_queue, skb);
    1860           0 :                                 break;
    1861             :                         }
    1862             :                 } else {
    1863             :                         /* Copy credentials */
    1864           0 :                         siocb->scm->creds = *UNIXCREDS(skb);
    1865           0 :                         check_creds = 1;
    1866             :                 }
    1867             : 
    1868             :                 /* Copy address just once */
    1869           0 :                 if (sunaddr) {
    1870           0 :                         unix_copy_addr(msg, skb->sk);
    1871           0 :                         sunaddr = NULL;
    1872             :                 }
    1873             : 
    1874           0 :                 chunk = min_t(unsigned int, skb->len, size);
    1875           0 :                 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
    1876           0 :                         skb_queue_head(&sk->sk_receive_queue, skb);
    1877           0 :                         if (copied == 0)
    1878           0 :                                 copied = -EFAULT;
    1879           0 :                         break;
    1880             :                 }
    1881           0 :                 copied += chunk;
    1882           0 :                 size -= chunk;
    1883             : 
    1884             :                 /* Mark read part of skb as used */
    1885           0 :                 if (!(flags & MSG_PEEK)) {
    1886           0 :                         skb_pull(skb, chunk);
    1887             : 
    1888           0 :                         if (UNIXCB(skb).fp)
    1889           0 :                                 unix_detach_fds(siocb->scm, skb);
    1890             : 
    1891             :                         /* put the skb back if we didn't use it up.. */
    1892           0 :                         if (skb->len) {
    1893           0 :                                 skb_queue_head(&sk->sk_receive_queue, skb);
    1894           0 :                                 break;
    1895             :                         }
    1896             : 
    1897           0 :                         kfree_skb(skb);
    1898             : 
    1899           0 :                         if (siocb->scm->fp)
    1900           0 :                                 break;
    1901             :                 } else {
    1902             :                         /* It is questionable, see note in unix_dgram_recvmsg.
    1903             :                          */
    1904           0 :                         if (UNIXCB(skb).fp)
    1905           0 :                                 siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
    1906             : 
    1907             :                         /* put message back and return */
    1908           0 :                         skb_queue_head(&sk->sk_receive_queue, skb);
    1909           0 :                         break;
    1910             :                 }
    1911           0 :         } while (size);
    1912             : 
    1913           0 :         mutex_unlock(&u->readlock);
    1914           0 :         scm_recv(sock, msg, siocb->scm, flags);
    1915             : out:
    1916           0 :         return copied ? : err;
    1917           0 : }
    1918             : 
    1919             : static int unix_shutdown(struct socket *sock, int mode)
    1920             : {
    1921           0 :         struct sock *sk = sock->sk;
    1922           0 :         struct sock *other;
    1923           0 : 
    1924           0 :         mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
    1925             : 
    1926           0 :         if (mode) {
    1927           0 :                 unix_state_lock(sk);
    1928           0 :                 sk->sk_shutdown |= mode;
    1929           0 :                 other = unix_peer(sk);
    1930           0 :                 if (other)
    1931           0 :                         sock_hold(other);
    1932           0 :                 unix_state_unlock(sk);
    1933           0 :                 sk->sk_state_change(sk);
    1934             : 
    1935           0 :                 if (other &&
    1936             :                         (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
    1937             : 
    1938           0 :                         int peer_mode = 0;
    1939             : 
    1940           0 :                         if (mode&RCV_SHUTDOWN)
    1941           0 :                                 peer_mode |= SEND_SHUTDOWN;
    1942           0 :                         if (mode&SEND_SHUTDOWN)
    1943           0 :                                 peer_mode |= RCV_SHUTDOWN;
    1944           0 :                         unix_state_lock(other);
    1945           0 :                         other->sk_shutdown |= peer_mode;
    1946           0 :                         unix_state_unlock(other);
    1947           0 :                         other->sk_state_change(other);
    1948           0 :                         read_lock(&other->sk_callback_lock);
    1949           0 :                         if (peer_mode == SHUTDOWN_MASK)
    1950           0 :                                 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
    1951           0 :                         else if (peer_mode & RCV_SHUTDOWN)
    1952           0 :                                 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
    1953           0 :                         read_unlock(&other->sk_callback_lock);
    1954             :                 }
    1955           0 :                 if (other)
    1956           0 :                         sock_put(other);
    1957             :         }
    1958           0 :         return 0;
    1959             : }
    1960             : 
    1961             : static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
    1962             : {
    1963           0 :         struct sock *sk = sock->sk;
    1964           0 :         long amount = 0;
    1965           0 :         int err;
    1966           0 : 
    1967           0 :         switch (cmd) {
    1968           0 :         case SIOCOUTQ:
    1969           0 :                 amount = sk_wmem_alloc_get(sk);
    1970           0 :                 err = put_user(amount, (int __user *)arg);
    1971           0 :                 break;
    1972           0 :         case SIOCINQ:
    1973             :                 {
    1974             :                         struct sk_buff *skb;
    1975             : 
    1976           0 :                         if (sk->sk_state == TCP_LISTEN) {
    1977           0 :                                 err = -EINVAL;
    1978           0 :                                 break;
    1979             :                         }
    1980             : 
    1981           0 :                         spin_lock(&sk->sk_receive_queue.lock);
    1982           0 :                         if (sk->sk_type == SOCK_STREAM ||
    1983             :                             sk->sk_type == SOCK_SEQPACKET) {
    1984           0 :                                 skb_queue_walk(&sk->sk_receive_queue, skb)
    1985           0 :                                         amount += skb->len;
    1986           0 :                         } else {
    1987           0 :                                 skb = skb_peek(&sk->sk_receive_queue);
    1988           0 :                                 if (skb)
    1989           0 :                                         amount = skb->len;
    1990             :                         }
    1991           0 :                         spin_unlock(&sk->sk_receive_queue.lock);
    1992           0 :                         err = put_user(amount, (int __user *)arg);
    1993           0 :                         break;
    1994           0 :                 }
    1995             : 
    1996           0 :         default:
    1997           0 :                 err = -ENOIOCTLCMD;
    1998           0 :                 break;
    1999             :         }
    2000           0 :         return err;
    2001             : }
    2002             : 
    2003             : static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
    2004             : {
    2005           0 :         struct sock *sk = sock->sk;
    2006           0 :         unsigned int mask;
    2007           0 : 
    2008           0 :         sock_poll_wait(file, sk->sk_sleep, wait);
    2009           0 :         mask = 0;
    2010             : 
    2011             :         /* exceptional events? */
    2012           0 :         if (sk->sk_err)
    2013           0 :                 mask |= POLLERR;
    2014           0 :         if (sk->sk_shutdown == SHUTDOWN_MASK)
    2015           0 :                 mask |= POLLHUP;
    2016           0 :         if (sk->sk_shutdown & RCV_SHUTDOWN)
    2017           0 :                 mask |= POLLRDHUP;
    2018             : 
    2019             :         /* readable? */
    2020           0 :         if (!skb_queue_empty(&sk->sk_receive_queue) ||
    2021             :             (sk->sk_shutdown & RCV_SHUTDOWN))
    2022           0 :                 mask |= POLLIN | POLLRDNORM;
    2023             : 
    2024             :         /* Connection-based need to check for termination and startup */
    2025           0 :         if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
    2026             :             sk->sk_state == TCP_CLOSE)
    2027           0 :                 mask |= POLLHUP;
    2028             : 
    2029             :         /*
    2030             :          * we set writable also when the other side has shut down the
    2031             :          * connection. This prevents stuck sockets.
    2032             :          */
    2033           0 :         if (unix_writable(sk))
    2034           0 :                 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
    2035             : 
    2036           0 :         return mask;
    2037             : }
    2038             : 
    2039             : static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
    2040             :                                     poll_table *wait)
    2041           0 : {
    2042           0 :         struct sock *sk = sock->sk, *other;
    2043           0 :         unsigned int mask, writable;
    2044           0 : 
    2045           0 :         sock_poll_wait(file, sk->sk_sleep, wait);
    2046           0 :         mask = 0;
    2047           0 : 
    2048           0 :         /* exceptional events? */
    2049           0 :         if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
    2050           0 :                 mask |= POLLERR;
    2051           0 :         if (sk->sk_shutdown & RCV_SHUTDOWN)
    2052           0 :                 mask |= POLLRDHUP;
    2053           0 :         if (sk->sk_shutdown == SHUTDOWN_MASK)
    2054           0 :                 mask |= POLLHUP;
    2055             : 
    2056             :         /* readable? */
    2057           0 :         if (!skb_queue_empty(&sk->sk_receive_queue) ||
    2058             :             (sk->sk_shutdown & RCV_SHUTDOWN))
    2059           0 :                 mask |= POLLIN | POLLRDNORM;
    2060             : 
    2061             :         /* Connection-based need to check for termination and startup */
    2062           0 :         if (sk->sk_type == SOCK_SEQPACKET) {
    2063           0 :                 if (sk->sk_state == TCP_CLOSE)
    2064           0 :                         mask |= POLLHUP;
    2065             :                 /* connection hasn't started yet? */
    2066           0 :                 if (sk->sk_state == TCP_SYN_SENT)
    2067           0 :                         return mask;
    2068             :         }
    2069             : 
    2070             :         /* writable? */
    2071           0 :         writable = unix_writable(sk);
    2072           0 :         if (writable) {
    2073           0 :                 other = unix_peer_get(sk);
    2074           0 :                 if (other) {
    2075           0 :                         if (unix_peer(other) != sk) {
    2076           0 :                                 sock_poll_wait(file, &unix_sk(other)->peer_wait,
    2077             :                                           wait);
    2078           0 :                                 if (unix_recvq_full(other))
    2079           0 :                                         writable = 0;
    2080             :                         }
    2081             : 
    2082           0 :                         sock_put(other);
    2083             :                 }
    2084             :         }
    2085             : 
    2086           0 :         if (writable)
    2087           0 :                 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
    2088             :         else
    2089           0 :                 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
    2090             : 
    2091           0 :         return mask;
    2092             : }
    2093             : 
    2094             : #ifdef CONFIG_PROC_FS
    2095             : static struct sock *first_unix_socket(int *i)
    2096             : {
    2097          12 :         for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
    2098          14 :                 if (!hlist_empty(&unix_socket_table[*i]))
    2099           8 :                         return __sk_head(&unix_socket_table[*i]);
    2100             :         }
    2101           2 :         return NULL;
    2102             : }
    2103             : 
    2104             : static struct sock *next_unix_socket(int *i, struct sock *s)
    2105             : {
    2106          12 :         struct sock *next = sk_next(s);
    2107           3 :         /* More in this chain? */
    2108           9 :         if (next)
    2109           6 :                 return next;
    2110             :         /* Look for next non-empty chain. */
    2111          15 :         for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
    2112          18 :                 if (!hlist_empty(&unix_socket_table[*i]))
    2113          12 :                         return __sk_head(&unix_socket_table[*i]);
    2114             :         }
    2115           3 :         return NULL;
    2116             : }
    2117           1 : 
    2118             : struct unix_iter_state {
    2119             :         struct seq_net_private p;
    2120             :         int i;
    2121             : };
    2122             : 
    2123             : static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos)
    2124             : {
    2125           3 :         struct unix_iter_state *iter = seq->private;
    2126           2 :         loff_t off = 0;
    2127           1 :         struct sock *s;
    2128           1 : 
    2129          11 :         for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
    2130           7 :                 if (sock_net(s) != seq_file_net(seq))
    2131           3 :                         continue;
    2132           2 :                 if (off == pos)
    2133           1 :                         return s;
    2134           1 :                 ++off;
    2135           1 :         }
    2136           1 :         return NULL;
    2137             : }
    2138             : 
    2139             : static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
    2140             :         __acquires(unix_table_lock)
    2141           1 : {
    2142           3 :         spin_lock(&unix_table_lock);
    2143           9 :         return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
    2144             : }
    2145             : 
    2146             : static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
    2147             : {
    2148           3 :         struct unix_iter_state *iter = seq->private;
    2149           2 :         struct sock *sk = v;
    2150           2 :         ++*pos;
    2151           1 : 
    2152           2 :         if (v == SEQ_START_TOKEN)
    2153           3 :                 sk = first_unix_socket(&iter->i);
    2154             :         else
    2155           4 :                 sk = next_unix_socket(&iter->i, sk);
    2156          10 :         while (sk && (sock_net(sk) != seq_file_net(seq)))
    2157           5 :                 sk = next_unix_socket(&iter->i, sk);
    2158           3 :         return sk;
    2159           1 : }
    2160             : 
    2161           1 : static void unix_seq_stop(struct seq_file *seq, void *v)
    2162             :         __releases(unix_table_lock)
    2163             : {
    2164           2 :         spin_unlock(&unix_table_lock);
    2165           1 : }
    2166           1 : 
    2167             : static int unix_seq_show(struct seq_file *seq, void *v)
    2168             : {
    2169           1 : 
    2170           3 :         if (v == SEQ_START_TOKEN)
    2171           2 :                 seq_puts(seq, "Num       RefCount Protocol Flags    Type St "
    2172           1 :                          "Inode Path\n");
    2173           1 :         else {
    2174           2 :                 struct sock *s = v;
    2175           1 :                 struct unix_sock *u = unix_sk(s);
    2176           2 :                 unix_state_lock(s);
    2177             : 
    2178          11 :                 seq_printf(seq, "%p: %08X %08X %08X %04X %02X %5lu",
    2179          15 :                         s,
    2180             :                         atomic_read(&s->sk_refcnt),
    2181             :                         0,
    2182             :                         s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
    2183             :                         s->sk_type,
    2184             :                         s->sk_socket ?
    2185             :                         (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
    2186             :                         (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
    2187             :                         sock_i_ino(s));
    2188             : 
    2189           3 :                 if (u->addr) {
    2190             :                         int i, len;
    2191           1 :                         seq_putc(seq, ' ');
    2192             : 
    2193           1 :                         i = 0;
    2194           2 :                         len = u->addr->len - sizeof(short);
    2195           2 :                         if (!UNIX_ABSTRACT(s))
    2196           1 :                                 len--;
    2197             :                         else {
    2198           1 :                                 seq_putc(seq, '@');
    2199           1 :                                 i++;
    2200             :                         }
    2201           4 :                         for ( ; i < len; i++)
    2202           2 :                                 seq_putc(seq, u->addr->name->sun_path[i]);
    2203           2 :                 }
    2204           4 :                 unix_state_unlock(s);
    2205           1 :                 seq_putc(seq, '\n');
    2206             :         }
    2207             : 
    2208           2 :         return 0;
    2209             : }
    2210             : 
    2211           1 : static const struct seq_operations unix_seq_ops = {
    2212             :         .start  = unix_seq_start,
    2213             :         .next   = unix_seq_next,
    2214             :         .stop   = unix_seq_stop,
    2215             :         .show   = unix_seq_show,
    2216             : };
    2217             : 
    2218             : static int unix_seq_open(struct inode *inode, struct file *file)
    2219             : {
    2220           3 :         return seq_open_net(inode, file, &unix_seq_ops,
    2221             :                             sizeof(struct unix_iter_state));
    2222             : }
    2223             : 
    2224           1 : static const struct file_operations unix_seq_fops = {
    2225             :         .owner          = THIS_MODULE,
    2226             :         .open           = unix_seq_open,
    2227             :         .read           = seq_read,
    2228             :         .llseek         = seq_lseek,
    2229             :         .release        = seq_release_net,
    2230             : };
    2231             : 
    2232             : #endif
    2233             : 
    2234           1 : static const struct net_proto_family unix_family_ops = {
    2235             :         .family = PF_UNIX,
    2236             :         .create = unix_create,
    2237             :         .owner  = THIS_MODULE,
    2238             : };
    2239             : 
    2240             : 
    2241             : static int unix_net_init(struct net *net)
    2242             : {
    2243           2 :         int error = -ENOMEM;
    2244           1 : 
    2245           2 :         net->unx.sysctl_max_dgram_qlen = 10;
    2246           5 :         if (unix_sysctl_register(net))
    2247           1 :                 goto out;
    2248             : 
    2249             : #ifdef CONFIG_PROC_FS
    2250           3 :         if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
    2251           2 :                 unix_sysctl_unregister(net);
    2252           1 :                 goto out;
    2253             :         }
    2254             : #endif
    2255           1 :         error = 0;
    2256           1 : out:
    2257           2 :         return error;
    2258             : }
    2259             : 
    2260             : static void unix_net_exit(struct net *net)
    2261             : {
    2262           2 :         unix_sysctl_unregister(net);
    2263           1 :         proc_net_remove(net, "unix");
    2264           1 : }
    2265             : 
    2266           1 : static struct pernet_operations unix_net_ops = {
    2267             :         .init = unix_net_init,
    2268             :         .exit = unix_net_exit,
    2269             : };
    2270             : 
    2271             : static int __init af_unix_init(void)
    2272             : {
    2273           2 :         int rc = -1;
    2274             :         struct sk_buff *dummy_skb;
    2275             : 
    2276             :         BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
    2277             : 
    2278           1 :         rc = proto_register(&unix_proto, 1);
    2279           2 :         if (rc != 0) {
    2280           1 :                 printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
    2281             :                        __func__);
    2282           1 :                 goto out;
    2283             :         }
    2284             : 
    2285           1 :         sock_register(&unix_family_ops);
    2286           1 :         register_pernet_subsys(&unix_net_ops);
    2287             : out:
    2288           2 :         return rc;
    2289             : }
    2290             : 
    2291             : static void __exit af_unix_exit(void)
    2292             : {
    2293           2 :         sock_unregister(PF_UNIX);
    2294           2 :         proto_unregister(&unix_proto);
    2295           2 :         unregister_pernet_subsys(&unix_net_ops);
    2296           2 : }
    2297             : 
    2298             : /* Earlier than device_initcall() so that other drivers invoking
    2299             :    request_module() don't end up in a loop when modprobe tries
    2300             :    to use a UNIX socket. But later than subsys_initcall() because
    2301             :    we depend on stuff initialised there */
    2302             : fs_initcall(af_unix_init);
    2303             : module_exit(af_unix_exit);
    2304           1 : 
    2305             : MODULE_LICENSE("GPL");
    2306             : MODULE_ALIAS_NETPROTO(PF_UNIX);

Generated by: LCOV version 1.10