Line data Source code
1 : /*
2 : * NET4: Implementation of BSD Unix domain sockets.
3 : *
4 : * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
5 : *
6 : * This program is free software; you can redistribute it and/or
7 : * modify it under the terms of the GNU General Public License
8 : * as published by the Free Software Foundation; either version
9 : * 2 of the License, or (at your option) any later version.
10 : *
11 : * Fixes:
12 : * Linus Torvalds : Assorted bug cures.
13 : * Niibe Yutaka : async I/O support.
14 : * Carsten Paeth : PF_UNIX check, address fixes.
15 : * Alan Cox : Limit size of allocated blocks.
16 : * Alan Cox : Fixed the stupid socketpair bug.
17 : * Alan Cox : BSD compatibility fine tuning.
18 : * Alan Cox : Fixed a bug in connect when interrupted.
19 : * Alan Cox : Sorted out a proper draft version of
20 : * file descriptor passing hacked up from
21 : * Mike Shaver's work.
22 : * Marty Leisner : Fixes to fd passing
23 : * Nick Nevin : recvmsg bugfix.
24 : * Alan Cox : Started proper garbage collector
25 : * Heiko EiBfeldt : Missing verify_area check
26 : * Alan Cox : Started POSIXisms
27 : * Andreas Schwab : Replace inode by dentry for proper
28 : * reference counting
29 : * Kirk Petersen : Made this a module
30 : * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
31 : * Lots of bug fixes.
32 : * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 : * by above two patches.
34 : * Andrea Arcangeli : If possible we block in connect(2)
35 : * if the max backlog of the listen socket
36 : * is been reached. This won't break
37 : * old apps and it will avoid huge amount
38 : * of socks hashed (this for unix_gc()
39 : * performances reasons).
40 : * Security fix that limits the max
41 : * number of socks to 2*max_files and
42 : * the number of skb queueable in the
43 : * dgram receiver.
44 : * Artur Skawina : Hash function optimizations
45 : * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 : * Malcolm Beattie : Set peercred for socketpair
47 : * Michal Ostrowski : Module initialization cleanup.
48 : * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 : * the core infrastructure is doing that
50 : * for all net proto families now (2.5.69+)
51 : *
52 : *
53 : * Known differences from reference BSD that was tested:
54 : *
55 : * [TO FIX]
56 : * ECONNREFUSED is not returned from one end of a connected() socket to the
57 : * other the moment one end closes.
58 : * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 : * and a fake inode identifier (nor the BSD first socket fstat twice bug).
60 : * [NOT TO FIX]
61 : * accept() returns a path name even if the connecting socket has closed
62 : * in the meantime (BSD loses the path and gives up).
63 : * accept() returns 0 length path for an unbound connector. BSD returns 16
64 : * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 : * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 : * BSD af_unix apparently has connect forgetting to block properly.
67 : * (need to check this with the POSIX spec in detail)
68 : *
69 : * Differences from 2.0.0-11-... (ANK)
70 : * Bug fixes and improvements.
71 : * - client shutdown killed server socket.
72 : * - removed all useless cli/sti pairs.
73 : *
74 : * Semantic changes/extensions.
75 : * - generic control message passing.
76 : * - SCM_CREDENTIALS control message.
77 : * - "Abstract" (not FS based) socket bindings.
78 : * Abstract names are sequences of bytes (not zero terminated)
79 : * started by 0, so that this name space does not intersect
80 : * with BSD names.
81 : */
82 :
83 : #include <linux/module.h>
84 : #include <linux/kernel.h>
85 : #include <linux/signal.h>
86 : #include <linux/sched.h>
87 : #include <linux/errno.h>
88 : #include <linux/string.h>
89 : #include <linux/stat.h>
90 : #include <linux/dcache.h>
91 : #include <linux/namei.h>
92 : #include <linux/socket.h>
93 : #include <linux/un.h>
94 : #include <linux/fcntl.h>
95 : #include <linux/termios.h>
96 : #include <linux/sockios.h>
97 : #include <linux/net.h>
98 : #include <linux/in.h>
99 : #include <linux/fs.h>
100 : #include <linux/slab.h>
101 : #include <asm/uaccess.h>
102 : #include <linux/skbuff.h>
103 : #include <linux/netdevice.h>
104 : #include <net/net_namespace.h>
105 : #include <net/sock.h>
106 : #include <net/tcp_states.h>
107 : #include <net/af_unix.h>
108 : #include <linux/proc_fs.h>
109 : #include <linux/seq_file.h>
110 : #include <net/scm.h>
111 : #include <linux/init.h>
112 : #include <linux/poll.h>
113 : #include <linux/rtnetlink.h>
114 : #include <linux/mount.h>
115 : #include <net/checksum.h>
116 : #include <linux/security.h>
117 :
118 1 : static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119 1 : static DEFINE_SPINLOCK(unix_table_lock);
120 1 : static atomic_t unix_nr_socks = ATOMIC_INIT(0);
121 :
122 : #define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
123 :
124 : #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
125 :
126 : #ifdef CONFIG_SECURITY_NETWORK
127 : static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
128 : {
129 : memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
130 : }
131 :
132 : static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
133 : {
134 : scm->secid = *UNIXSID(skb);
135 : }
136 : #else
137 : static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
138 : { }
139 0 :
140 : static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
141 : { }
142 : #endif /* CONFIG_SECURITY_NETWORK */
143 :
144 : /*
145 : * SMP locking strategy:
146 : * hash table is protected with spinlock unix_table_lock
147 : * each socket state is protected by separate rwlock.
148 : */
149 :
150 : static inline unsigned unix_hash_fold(__wsum n)
151 : {
152 0 : unsigned hash = (__force unsigned)n;
153 0 : hash ^= hash>>16;
154 0 : hash ^= hash>>8;
155 0 : return hash&(UNIX_HASH_SIZE-1);
156 : }
157 :
158 : #define unix_peer(sk) (unix_sk(sk)->peer)
159 :
160 : static inline int unix_our_peer(struct sock *sk, struct sock *osk)
161 : {
162 0 : return unix_peer(osk) == sk;
163 : }
164 :
165 : static inline int unix_may_send(struct sock *sk, struct sock *osk)
166 : {
167 0 : return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
168 0 : }
169 :
170 : static inline int unix_recvq_full(struct sock const *sk)
171 : {
172 0 : return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
173 : }
174 :
175 : static struct sock *unix_peer_get(struct sock *s)
176 : {
177 0 : struct sock *peer;
178 :
179 0 : unix_state_lock(s);
180 0 : peer = unix_peer(s);
181 0 : if (peer)
182 0 : sock_hold(peer);
183 0 : unix_state_unlock(s);
184 0 : return peer;
185 : }
186 :
187 : static inline void unix_release_addr(struct unix_address *addr)
188 : {
189 0 : if (atomic_dec_and_test(&addr->refcnt))
190 0 : kfree(addr);
191 0 : }
192 :
193 : /*
194 : * Check unix socket name:
195 : * - should be not zero length.
196 : * - if started by not zero, should be NULL terminated (FS object)
197 : * - if started by zero, it is abstract name.
198 : */
199 :
200 : static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned *hashp)
201 : {
202 0 : if (len <= sizeof(short) || len > sizeof(*sunaddr))
203 0 : return -EINVAL;
204 0 : if (!sunaddr || sunaddr->sun_family != AF_UNIX)
205 0 : return -EINVAL;
206 0 : if (sunaddr->sun_path[0]) {
207 : /*
208 : * This may look like an off by one error but it is a bit more
209 : * subtle. 108 is the longest valid AF_UNIX path for a binding.
210 : * sun_path[108] doesnt as such exist. However in kernel space
211 : * we are guaranteed that it is a valid memory location in our
212 : * kernel address buffer.
213 : */
214 0 : ((char *)sunaddr)[len] = 0;
215 0 : len = strlen(sunaddr->sun_path)+1+sizeof(short);
216 0 : return len;
217 : }
218 :
219 0 : *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
220 0 : return len;
221 : }
222 :
223 : static void __unix_remove_socket(struct sock *sk)
224 : {
225 0 : sk_del_node_init(sk);
226 0 : }
227 :
228 : static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
229 : {
230 0 : WARN_ON(!sk_unhashed(sk));
231 0 : sk_add_node(sk, list);
232 0 : }
233 :
234 : static inline void unix_remove_socket(struct sock *sk)
235 : {
236 0 : spin_lock(&unix_table_lock);
237 0 : __unix_remove_socket(sk);
238 0 : spin_unlock(&unix_table_lock);
239 0 : }
240 :
241 : static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
242 : {
243 0 : spin_lock(&unix_table_lock);
244 0 : __unix_insert_socket(list, sk);
245 0 : spin_unlock(&unix_table_lock);
246 0 : }
247 :
248 : static struct sock *__unix_find_socket_byname(struct net *net,
249 : struct sockaddr_un *sunname,
250 : int len, int type, unsigned hash)
251 0 : {
252 0 : struct sock *s;
253 0 : struct hlist_node *node;
254 0 :
255 0 : sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
256 0 : struct unix_sock *u = unix_sk(s);
257 0 :
258 0 : if (!net_eq(sock_net(s), net))
259 0 : continue;
260 :
261 0 : if (u->addr->len == len &&
262 : !memcmp(u->addr->name, sunname, len))
263 0 : goto found;
264 : }
265 0 : s = NULL;
266 0 : found:
267 0 : return s;
268 : }
269 :
270 0 : static inline struct sock *unix_find_socket_byname(struct net *net,
271 : struct sockaddr_un *sunname,
272 : int len, int type,
273 0 : unsigned hash)
274 : {
275 : struct sock *s;
276 :
277 0 : spin_lock(&unix_table_lock);
278 0 : s = __unix_find_socket_byname(net, sunname, len, type, hash);
279 0 : if (s)
280 0 : sock_hold(s);
281 0 : spin_unlock(&unix_table_lock);
282 0 : return s;
283 : }
284 :
285 : static struct sock *unix_find_socket_byinode(struct net *net, struct inode *i)
286 : {
287 0 : struct sock *s;
288 0 : struct hlist_node *node;
289 0 :
290 0 : spin_lock(&unix_table_lock);
291 0 : sk_for_each(s, node,
292 0 : &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
293 0 : struct dentry *dentry = unix_sk(s)->dentry;
294 :
295 0 : if (!net_eq(sock_net(s), net))
296 0 : continue;
297 :
298 0 : if (dentry && dentry->d_inode == i) {
299 0 : sock_hold(s);
300 0 : goto found;
301 : }
302 : }
303 0 : s = NULL;
304 0 : found:
305 0 : spin_unlock(&unix_table_lock);
306 0 : return s;
307 : }
308 :
309 : static inline int unix_writable(struct sock *sk)
310 : {
311 0 : return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
312 : }
313 :
314 : static void unix_write_space(struct sock *sk)
315 : {
316 0 : read_lock(&sk->sk_callback_lock);
317 0 : if (unix_writable(sk)) {
318 0 : if (sk_has_sleeper(sk))
319 0 : wake_up_interruptible_sync(sk->sk_sleep);
320 0 : sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
321 : }
322 0 : read_unlock(&sk->sk_callback_lock);
323 0 : }
324 :
325 : /* When dgram socket disconnects (or changes its peer), we clear its receive
326 : * queue of packets arrived from previous peer. First, it allows to do
327 : * flow control based only on wmem_alloc; second, sk connected to peer
328 : * may receive messages only from that peer. */
329 : static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
330 : {
331 0 : if (!skb_queue_empty(&sk->sk_receive_queue)) {
332 0 : skb_queue_purge(&sk->sk_receive_queue);
333 0 : wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
334 :
335 : /* If one link of bidirectional dgram pipe is disconnected,
336 : * we signal error. Messages are lost. Do not make this,
337 : * when peer was not connected to us.
338 : */
339 0 : if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
340 0 : other->sk_err = ECONNRESET;
341 0 : other->sk_error_report(other);
342 : }
343 : }
344 0 : }
345 :
346 : static void unix_sock_destructor(struct sock *sk)
347 : {
348 0 : struct unix_sock *u = unix_sk(sk);
349 0 :
350 0 : skb_queue_purge(&sk->sk_receive_queue);
351 0 :
352 0 : WARN_ON(atomic_read(&sk->sk_wmem_alloc));
353 0 : WARN_ON(!sk_unhashed(sk));
354 0 : WARN_ON(sk->sk_socket);
355 0 : if (!sock_flag(sk, SOCK_DEAD)) {
356 0 : printk(KERN_INFO "Attempt to release alive unix socket: %p\n", sk);
357 0 : return;
358 0 : }
359 :
360 0 : if (u->addr)
361 0 : unix_release_addr(u->addr);
362 :
363 0 : atomic_dec(&unix_nr_socks);
364 0 : local_bh_disable();
365 0 : sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
366 0 : local_bh_enable();
367 0 : #ifdef UNIX_REFCNT_DEBUG
368 : printk(KERN_DEBUG "UNIX %p is destroyed, %d are still alive.\n", sk,
369 : atomic_read(&unix_nr_socks));
370 : #endif
371 : }
372 :
373 : static int unix_release_sock(struct sock *sk, int embrion)
374 : {
375 0 : struct unix_sock *u = unix_sk(sk);
376 0 : struct dentry *dentry;
377 0 : struct vfsmount *mnt;
378 0 : struct sock *skpair;
379 0 : struct sk_buff *skb;
380 0 : int state;
381 0 :
382 0 : unix_remove_socket(sk);
383 :
384 : /* Clear state */
385 0 : unix_state_lock(sk);
386 0 : sock_orphan(sk);
387 0 : sk->sk_shutdown = SHUTDOWN_MASK;
388 0 : dentry = u->dentry;
389 0 : u->dentry = NULL;
390 0 : mnt = u->mnt;
391 0 : u->mnt = NULL;
392 0 : state = sk->sk_state;
393 0 : sk->sk_state = TCP_CLOSE;
394 0 : unix_state_unlock(sk);
395 :
396 0 : wake_up_interruptible_all(&u->peer_wait);
397 :
398 0 : skpair = unix_peer(sk);
399 :
400 0 : if (skpair != NULL) {
401 0 : if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
402 0 : unix_state_lock(skpair);
403 : /* No more writes */
404 0 : skpair->sk_shutdown = SHUTDOWN_MASK;
405 0 : if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
406 0 : skpair->sk_err = ECONNRESET;
407 0 : unix_state_unlock(skpair);
408 0 : skpair->sk_state_change(skpair);
409 0 : read_lock(&skpair->sk_callback_lock);
410 0 : sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
411 0 : read_unlock(&skpair->sk_callback_lock);
412 : }
413 0 : sock_put(skpair); /* It may now die */
414 0 : unix_peer(sk) = NULL;
415 : }
416 :
417 : /* Try to flush out this socket. Throw out buffers at least */
418 :
419 0 : while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
420 0 : if (state == TCP_LISTEN)
421 0 : unix_release_sock(skb->sk, 1);
422 : /* passed fds are erased in the kfree_skb hook */
423 0 : kfree_skb(skb);
424 : }
425 0 :
426 0 : if (dentry) {
427 0 : dput(dentry);
428 0 : mntput(mnt);
429 : }
430 :
431 0 : sock_put(sk);
432 :
433 : /* ---- Socket is dead now and most probably destroyed ---- */
434 :
435 : /*
436 : * Fixme: BSD difference: In BSD all sockets connected to use get
437 : * ECONNRESET and we die on the spot. In Linux we behave
438 : * like files and pipes do and wait for the last
439 : * dereference.
440 : *
441 : * Can't we simply set sock->err?
442 : *
443 : * What the above comment does talk about? --ANK(980817)
444 : */
445 :
446 0 : if (unix_tot_inflight)
447 0 : unix_gc(); /* Garbage collect fds */
448 :
449 0 : return 0;
450 : }
451 :
452 : static int unix_listen(struct socket *sock, int backlog)
453 : {
454 0 : int err;
455 0 : struct sock *sk = sock->sk;
456 0 : struct unix_sock *u = unix_sk(sk);
457 0 :
458 0 : err = -EOPNOTSUPP;
459 0 : if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
460 0 : goto out; /* Only stream/seqpacket sockets accept */
461 0 : err = -EINVAL;
462 0 : if (!u->addr)
463 0 : goto out; /* No listens on an unbound socket */
464 0 : unix_state_lock(sk);
465 0 : if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
466 0 : goto out_unlock;
467 0 : if (backlog > sk->sk_max_ack_backlog)
468 0 : wake_up_interruptible_all(&u->peer_wait);
469 0 : sk->sk_max_ack_backlog = backlog;
470 0 : sk->sk_state = TCP_LISTEN;
471 : /* set credentials so connect can copy them */
472 0 : sk->sk_peercred.pid = task_tgid_vnr(current);
473 0 : current_euid_egid(&sk->sk_peercred.uid, &sk->sk_peercred.gid);
474 0 : err = 0;
475 :
476 0 : out_unlock:
477 0 : unix_state_unlock(sk);
478 : out:
479 0 : return err;
480 : }
481 :
482 : static int unix_release(struct socket *);
483 : static int unix_bind(struct socket *, struct sockaddr *, int);
484 : static int unix_stream_connect(struct socket *, struct sockaddr *,
485 : int addr_len, int flags);
486 : static int unix_socketpair(struct socket *, struct socket *);
487 : static int unix_accept(struct socket *, struct socket *, int);
488 : static int unix_getname(struct socket *, struct sockaddr *, int *, int);
489 : static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
490 : static unsigned int unix_dgram_poll(struct file *, struct socket *,
491 : poll_table *);
492 : static int unix_ioctl(struct socket *, unsigned int, unsigned long);
493 : static int unix_shutdown(struct socket *, int);
494 : static int unix_stream_sendmsg(struct kiocb *, struct socket *,
495 : struct msghdr *, size_t);
496 : static int unix_stream_recvmsg(struct kiocb *, struct socket *,
497 : struct msghdr *, size_t, int);
498 : static int unix_dgram_sendmsg(struct kiocb *, struct socket *,
499 : struct msghdr *, size_t);
500 : static int unix_dgram_recvmsg(struct kiocb *, struct socket *,
501 : struct msghdr *, size_t, int);
502 : static int unix_dgram_connect(struct socket *, struct sockaddr *,
503 : int, int);
504 : static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
505 : struct msghdr *, size_t);
506 : static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
507 : struct msghdr *, size_t, int);
508 :
509 1 : static const struct proto_ops unix_stream_ops = {
510 : .family = PF_UNIX,
511 : .owner = THIS_MODULE,
512 : .release = unix_release,
513 : .bind = unix_bind,
514 : .connect = unix_stream_connect,
515 : .socketpair = unix_socketpair,
516 : .accept = unix_accept,
517 : .getname = unix_getname,
518 : .poll = unix_poll,
519 : .ioctl = unix_ioctl,
520 : .listen = unix_listen,
521 : .shutdown = unix_shutdown,
522 : .setsockopt = sock_no_setsockopt,
523 : .getsockopt = sock_no_getsockopt,
524 : .sendmsg = unix_stream_sendmsg,
525 : .recvmsg = unix_stream_recvmsg,
526 : .mmap = sock_no_mmap,
527 : .sendpage = sock_no_sendpage,
528 : };
529 :
530 1 : static const struct proto_ops unix_dgram_ops = {
531 : .family = PF_UNIX,
532 : .owner = THIS_MODULE,
533 : .release = unix_release,
534 : .bind = unix_bind,
535 : .connect = unix_dgram_connect,
536 : .socketpair = unix_socketpair,
537 : .accept = sock_no_accept,
538 : .getname = unix_getname,
539 : .poll = unix_dgram_poll,
540 : .ioctl = unix_ioctl,
541 : .listen = sock_no_listen,
542 : .shutdown = unix_shutdown,
543 : .setsockopt = sock_no_setsockopt,
544 : .getsockopt = sock_no_getsockopt,
545 : .sendmsg = unix_dgram_sendmsg,
546 : .recvmsg = unix_dgram_recvmsg,
547 : .mmap = sock_no_mmap,
548 : .sendpage = sock_no_sendpage,
549 : };
550 :
551 1 : static const struct proto_ops unix_seqpacket_ops = {
552 : .family = PF_UNIX,
553 : .owner = THIS_MODULE,
554 : .release = unix_release,
555 : .bind = unix_bind,
556 : .connect = unix_stream_connect,
557 : .socketpair = unix_socketpair,
558 : .accept = unix_accept,
559 : .getname = unix_getname,
560 : .poll = unix_dgram_poll,
561 : .ioctl = unix_ioctl,
562 : .listen = unix_listen,
563 : .shutdown = unix_shutdown,
564 : .setsockopt = sock_no_setsockopt,
565 : .getsockopt = sock_no_getsockopt,
566 : .sendmsg = unix_seqpacket_sendmsg,
567 : .recvmsg = unix_seqpacket_recvmsg,
568 : .mmap = sock_no_mmap,
569 : .sendpage = sock_no_sendpage,
570 : };
571 :
572 1 : static struct proto unix_proto = {
573 : .name = "UNIX",
574 : .owner = THIS_MODULE,
575 : .obj_size = sizeof(struct unix_sock),
576 : };
577 :
578 : /*
579 : * AF_UNIX sockets do not interact with hardware, hence they
580 : * dont trigger interrupts - so it's safe for them to have
581 : * bh-unsafe locking for their sk_receive_queue.lock. Split off
582 : * this special lock-class by reinitializing the spinlock key:
583 : */
584 : static struct lock_class_key af_unix_sk_receive_queue_lock_key;
585 :
586 : static struct sock *unix_create1(struct net *net, struct socket *sock)
587 : {
588 0 : struct sock *sk = NULL;
589 0 : struct unix_sock *u;
590 0 :
591 0 : atomic_inc(&unix_nr_socks);
592 0 : if (atomic_read(&unix_nr_socks) > 2 * get_max_files())
593 0 : goto out;
594 0 :
595 0 : sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
596 0 : if (!sk)
597 0 : goto out;
598 :
599 0 : sock_init_data(sock, sk);
600 : lockdep_set_class(&sk->sk_receive_queue.lock,
601 : &af_unix_sk_receive_queue_lock_key);
602 :
603 0 : sk->sk_write_space = unix_write_space;
604 0 : sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
605 0 : sk->sk_destruct = unix_sock_destructor;
606 0 : u = unix_sk(sk);
607 0 : u->dentry = NULL;
608 0 : u->mnt = NULL;
609 0 : spin_lock_init(&u->lock);
610 0 : atomic_long_set(&u->inflight, 0);
611 0 : INIT_LIST_HEAD(&u->link);
612 0 : mutex_init(&u->readlock); /* single task reading lock */
613 0 : init_waitqueue_head(&u->peer_wait);
614 0 : unix_insert_socket(unix_sockets_unbound, sk);
615 : out:
616 0 : if (sk == NULL)
617 0 : atomic_dec(&unix_nr_socks);
618 : else {
619 0 : local_bh_disable();
620 0 : sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
621 0 : local_bh_enable();
622 : }
623 0 : return sk;
624 : }
625 :
626 : static int unix_create(struct net *net, struct socket *sock, int protocol,
627 : int kern)
628 0 : {
629 0 : if (protocol && protocol != PF_UNIX)
630 0 : return -EPROTONOSUPPORT;
631 :
632 0 : sock->state = SS_UNCONNECTED;
633 :
634 : switch (sock->type) {
635 0 : case SOCK_STREAM:
636 0 : sock->ops = &unix_stream_ops;
637 0 : break;
638 0 : /*
639 : * Believe it or not BSD has AF_UNIX, SOCK_RAW though
640 : * nothing uses it.
641 : */
642 0 : case SOCK_RAW:
643 0 : sock->type = SOCK_DGRAM;
644 0 : case SOCK_DGRAM:
645 0 : sock->ops = &unix_dgram_ops;
646 0 : break;
647 0 : case SOCK_SEQPACKET:
648 0 : sock->ops = &unix_seqpacket_ops;
649 0 : break;
650 0 : default:
651 0 : return -ESOCKTNOSUPPORT;
652 : }
653 :
654 0 : return unix_create1(net, sock) ? 0 : -ENOMEM;
655 : }
656 :
657 : static int unix_release(struct socket *sock)
658 : {
659 0 : struct sock *sk = sock->sk;
660 0 :
661 0 : if (!sk)
662 0 : return 0;
663 :
664 0 : sock->sk = NULL;
665 :
666 0 : return unix_release_sock(sk, 0);
667 : }
668 :
669 : static int unix_autobind(struct socket *sock)
670 : {
671 0 : struct sock *sk = sock->sk;
672 0 : struct net *net = sock_net(sk);
673 0 : struct unix_sock *u = unix_sk(sk);
674 0 : static u32 ordernum = 1;
675 0 : struct unix_address *addr;
676 0 : int err;
677 0 :
678 0 : mutex_lock(&u->readlock);
679 0 :
680 0 : err = 0;
681 0 : if (u->addr)
682 0 : goto out;
683 :
684 0 : err = -ENOMEM;
685 0 : addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
686 0 : if (!addr)
687 0 : goto out;
688 :
689 0 : addr->name->sun_family = AF_UNIX;
690 0 : atomic_set(&addr->refcnt, 1);
691 :
692 0 : retry:
693 0 : addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
694 0 : addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
695 :
696 0 : spin_lock(&unix_table_lock);
697 0 : ordernum = (ordernum+1)&0xFFFFF;
698 :
699 0 : if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
700 : addr->hash)) {
701 0 : spin_unlock(&unix_table_lock);
702 : /* Sanity yield. It is unusual case, but yet... */
703 0 : if (!(ordernum&0xFF))
704 0 : yield();
705 0 : goto retry;
706 : }
707 0 : addr->hash ^= sk->sk_type;
708 :
709 0 : __unix_remove_socket(sk);
710 0 : u->addr = addr;
711 0 : __unix_insert_socket(&unix_socket_table[addr->hash], sk);
712 0 : spin_unlock(&unix_table_lock);
713 0 : err = 0;
714 :
715 0 : out: mutex_unlock(&u->readlock);
716 0 : return err;
717 : }
718 :
719 : static struct sock *unix_find_other(struct net *net,
720 : struct sockaddr_un *sunname, int len,
721 : int type, unsigned hash, int *error)
722 0 : {
723 0 : struct sock *u;
724 0 : struct path path;
725 0 : int err = 0;
726 0 :
727 0 : if (sunname->sun_path[0]) {
728 : struct inode *inode;
729 0 : err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
730 0 : if (err)
731 0 : goto fail;
732 0 : inode = path.dentry->d_inode;
733 0 : err = inode_permission(inode, MAY_WRITE);
734 0 : if (err)
735 0 : goto put_fail;
736 :
737 0 : err = -ECONNREFUSED;
738 0 : if (!S_ISSOCK(inode->i_mode))
739 0 : goto put_fail;
740 0 : u = unix_find_socket_byinode(net, inode);
741 0 : if (!u)
742 0 : goto put_fail;
743 :
744 0 : if (u->sk_type == type)
745 0 : touch_atime(path.mnt, path.dentry);
746 :
747 0 : path_put(&path);
748 :
749 0 : err = -EPROTOTYPE;
750 0 : if (u->sk_type != type) {
751 0 : sock_put(u);
752 0 : goto fail;
753 : }
754 : } else {
755 0 : err = -ECONNREFUSED;
756 0 : u = unix_find_socket_byname(net, sunname, len, type, hash);
757 0 : if (u) {
758 : struct dentry *dentry;
759 0 : dentry = unix_sk(u)->dentry;
760 0 : if (dentry)
761 0 : touch_atime(unix_sk(u)->mnt, dentry);
762 : } else
763 0 : goto fail;
764 : }
765 0 : return u;
766 0 :
767 : put_fail:
768 0 : path_put(&path);
769 : fail:
770 0 : *error = err;
771 0 : return NULL;
772 : }
773 :
774 :
775 : static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
776 : {
777 0 : struct sock *sk = sock->sk;
778 0 : struct net *net = sock_net(sk);
779 0 : struct unix_sock *u = unix_sk(sk);
780 0 : struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
781 0 : struct dentry *dentry = NULL;
782 0 : struct nameidata nd;
783 0 : int err;
784 0 : unsigned hash;
785 0 : struct unix_address *addr;
786 0 : struct hlist_head *list;
787 0 :
788 0 : err = -EINVAL;
789 0 : if (sunaddr->sun_family != AF_UNIX)
790 0 : goto out;
791 0 :
792 0 : if (addr_len == sizeof(short)) {
793 0 : err = unix_autobind(sock);
794 0 : goto out;
795 : }
796 :
797 0 : err = unix_mkname(sunaddr, addr_len, &hash);
798 0 : if (err < 0)
799 0 : goto out;
800 0 : addr_len = err;
801 :
802 0 : mutex_lock(&u->readlock);
803 :
804 0 : err = -EINVAL;
805 0 : if (u->addr)
806 0 : goto out_up;
807 :
808 0 : err = -ENOMEM;
809 0 : addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
810 0 : if (!addr)
811 0 : goto out_up;
812 :
813 0 : memcpy(addr->name, sunaddr, addr_len);
814 0 : addr->len = addr_len;
815 0 : addr->hash = hash ^ sk->sk_type;
816 0 : atomic_set(&addr->refcnt, 1);
817 :
818 0 : if (sunaddr->sun_path[0]) {
819 : unsigned int mode;
820 0 : err = 0;
821 : /*
822 : * Get the parent directory, calculate the hash for last
823 : * component.
824 : */
825 0 : err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd);
826 0 : if (err)
827 0 : goto out_mknod_parent;
828 :
829 0 : dentry = lookup_create(&nd, 0);
830 0 : err = PTR_ERR(dentry);
831 0 : if (IS_ERR(dentry))
832 0 : goto out_mknod_unlock;
833 :
834 : /*
835 : * All right, let's create it.
836 : */
837 0 : mode = S_IFSOCK |
838 : (SOCK_INODE(sock)->i_mode & ~current_umask());
839 0 : err = mnt_want_write(nd.path.mnt);
840 0 : if (err)
841 0 : goto out_mknod_dput;
842 0 : err = security_path_mknod(&nd.path, dentry, mode, 0);
843 0 : if (err)
844 0 : goto out_mknod_drop_write;
845 0 : err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
846 : out_mknod_drop_write:
847 0 : mnt_drop_write(nd.path.mnt);
848 0 : if (err)
849 0 : goto out_mknod_dput;
850 0 : mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
851 0 : dput(nd.path.dentry);
852 0 : nd.path.dentry = dentry;
853 :
854 0 : addr->hash = UNIX_HASH_SIZE;
855 : }
856 :
857 0 : spin_lock(&unix_table_lock);
858 :
859 0 : if (!sunaddr->sun_path[0]) {
860 0 : err = -EADDRINUSE;
861 0 : if (__unix_find_socket_byname(net, sunaddr, addr_len,
862 : sk->sk_type, hash)) {
863 0 : unix_release_addr(addr);
864 0 : goto out_unlock;
865 : }
866 :
867 0 : list = &unix_socket_table[addr->hash];
868 : } else {
869 0 : list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
870 0 : u->dentry = nd.path.dentry;
871 0 : u->mnt = nd.path.mnt;
872 : }
873 :
874 0 : err = 0;
875 0 : __unix_remove_socket(sk);
876 0 : u->addr = addr;
877 0 : __unix_insert_socket(list, sk);
878 :
879 0 : out_unlock:
880 0 : spin_unlock(&unix_table_lock);
881 : out_up:
882 0 : mutex_unlock(&u->readlock);
883 : out:
884 0 : return err;
885 0 :
886 : out_mknod_dput:
887 0 : dput(dentry);
888 : out_mknod_unlock:
889 0 : mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
890 0 : path_put(&nd.path);
891 : out_mknod_parent:
892 0 : if (err == -EEXIST)
893 0 : err = -EADDRINUSE;
894 0 : unix_release_addr(addr);
895 0 : goto out_up;
896 : }
897 :
898 : static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
899 : {
900 0 : if (unlikely(sk1 == sk2) || !sk2) {
901 0 : unix_state_lock(sk1);
902 0 : return;
903 : }
904 0 : if (sk1 < sk2) {
905 0 : unix_state_lock(sk1);
906 0 : unix_state_lock_nested(sk2);
907 : } else {
908 0 : unix_state_lock(sk2);
909 0 : unix_state_lock_nested(sk1);
910 : }
911 0 : }
912 :
913 : static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
914 : {
915 0 : if (unlikely(sk1 == sk2) || !sk2) {
916 0 : unix_state_unlock(sk1);
917 0 : return;
918 : }
919 0 : unix_state_unlock(sk1);
920 0 : unix_state_unlock(sk2);
921 0 : }
922 :
923 : static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
924 : int alen, int flags)
925 : {
926 0 : struct sock *sk = sock->sk;
927 0 : struct net *net = sock_net(sk);
928 0 : struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
929 0 : struct sock *other;
930 0 : unsigned hash;
931 0 : int err;
932 0 :
933 0 : if (addr->sa_family != AF_UNSPEC) {
934 0 : err = unix_mkname(sunaddr, alen, &hash);
935 0 : if (err < 0)
936 0 : goto out;
937 0 : alen = err;
938 :
939 0 : if (test_bit(SOCK_PASSCRED, &sock->flags) &&
940 : !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
941 0 : goto out;
942 :
943 : restart:
944 0 : other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
945 0 : if (!other)
946 0 : goto out;
947 :
948 0 : unix_state_double_lock(sk, other);
949 :
950 : /* Apparently VFS overslept socket death. Retry. */
951 0 : if (sock_flag(other, SOCK_DEAD)) {
952 0 : unix_state_double_unlock(sk, other);
953 0 : sock_put(other);
954 0 : goto restart;
955 : }
956 :
957 0 : err = -EPERM;
958 0 : if (!unix_may_send(sk, other))
959 0 : goto out_unlock;
960 :
961 0 : err = security_unix_may_send(sk->sk_socket, other->sk_socket);
962 0 : if (err)
963 0 : goto out_unlock;
964 :
965 : } else {
966 : /*
967 : * 1003.1g breaking connected state with AF_UNSPEC
968 : */
969 0 : other = NULL;
970 0 : unix_state_double_lock(sk, other);
971 : }
972 :
973 : /*
974 : * If it was connected, reconnect.
975 : */
976 0 : if (unix_peer(sk)) {
977 0 : struct sock *old_peer = unix_peer(sk);
978 0 : unix_peer(sk) = other;
979 0 : unix_state_double_unlock(sk, other);
980 :
981 0 : if (other != old_peer)
982 0 : unix_dgram_disconnected(sk, old_peer);
983 0 : sock_put(old_peer);
984 : } else {
985 0 : unix_peer(sk) = other;
986 0 : unix_state_double_unlock(sk, other);
987 : }
988 0 : return 0;
989 0 :
990 : out_unlock:
991 0 : unix_state_double_unlock(sk, other);
992 0 : sock_put(other);
993 : out:
994 0 : return err;
995 : }
996 :
997 : static long unix_wait_for_peer(struct sock *other, long timeo)
998 : {
999 0 : struct unix_sock *u = unix_sk(other);
1000 0 : int sched;
1001 0 : DEFINE_WAIT(wait);
1002 0 :
1003 0 : prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1004 0 :
1005 0 : sched = !sock_flag(other, SOCK_DEAD) &&
1006 : !(other->sk_shutdown & RCV_SHUTDOWN) &&
1007 : unix_recvq_full(other);
1008 :
1009 0 : unix_state_unlock(other);
1010 :
1011 0 : if (sched)
1012 0 : timeo = schedule_timeout(timeo);
1013 :
1014 0 : finish_wait(&u->peer_wait, &wait);
1015 0 : return timeo;
1016 : }
1017 :
1018 : static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1019 : int addr_len, int flags)
1020 : {
1021 0 : struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1022 0 : struct sock *sk = sock->sk;
1023 0 : struct net *net = sock_net(sk);
1024 0 : struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1025 0 : struct sock *newsk = NULL;
1026 0 : struct sock *other = NULL;
1027 0 : struct sk_buff *skb = NULL;
1028 0 : unsigned hash;
1029 0 : int st;
1030 0 : int err;
1031 0 : long timeo;
1032 0 :
1033 0 : err = unix_mkname(sunaddr, addr_len, &hash);
1034 0 : if (err < 0)
1035 0 : goto out;
1036 0 : addr_len = err;
1037 0 :
1038 0 : if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1039 0 : (err = unix_autobind(sock)) != 0)
1040 0 : goto out;
1041 0 :
1042 0 : timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1043 0 :
1044 0 : /* First of all allocate resources.
1045 0 : If we will make it after state is locked,
1046 : we will have to recheck all again in any case.
1047 : */
1048 :
1049 0 : err = -ENOMEM;
1050 :
1051 : /* create new sock for complete connection */
1052 0 : newsk = unix_create1(sock_net(sk), NULL);
1053 0 : if (newsk == NULL)
1054 0 : goto out;
1055 :
1056 : /* Allocate skb for sending to listening sock */
1057 0 : skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1058 0 : if (skb == NULL)
1059 0 : goto out;
1060 :
1061 : restart:
1062 : /* Find listening sock. */
1063 0 : other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1064 0 : if (!other)
1065 0 : goto out;
1066 :
1067 : /* Latch state of peer */
1068 0 : unix_state_lock(other);
1069 :
1070 : /* Apparently VFS overslept socket death. Retry. */
1071 0 : if (sock_flag(other, SOCK_DEAD)) {
1072 0 : unix_state_unlock(other);
1073 0 : sock_put(other);
1074 0 : goto restart;
1075 : }
1076 :
1077 0 : err = -ECONNREFUSED;
1078 0 : if (other->sk_state != TCP_LISTEN)
1079 0 : goto out_unlock;
1080 0 : if (other->sk_shutdown & RCV_SHUTDOWN)
1081 0 : goto out_unlock;
1082 :
1083 0 : if (unix_recvq_full(other)) {
1084 0 : err = -EAGAIN;
1085 0 : if (!timeo)
1086 0 : goto out_unlock;
1087 :
1088 0 : timeo = unix_wait_for_peer(other, timeo);
1089 :
1090 0 : err = sock_intr_errno(timeo);
1091 0 : if (signal_pending(current))
1092 0 : goto out;
1093 0 : sock_put(other);
1094 0 : goto restart;
1095 : }
1096 :
1097 : /* Latch our state.
1098 :
1099 : It is tricky place. We need to grab write lock and cannot
1100 : drop lock on peer. It is dangerous because deadlock is
1101 : possible. Connect to self case and simultaneous
1102 : attempt to connect are eliminated by checking socket
1103 : state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1104 : check this before attempt to grab lock.
1105 :
1106 : Well, and we have to recheck the state after socket locked.
1107 : */
1108 0 : st = sk->sk_state;
1109 :
1110 : switch (st) {
1111 0 : case TCP_CLOSE:
1112 : /* This is ok... continue with connect */
1113 0 : break;
1114 0 : case TCP_ESTABLISHED:
1115 : /* Socket is already connected */
1116 0 : err = -EISCONN;
1117 0 : goto out_unlock;
1118 0 : default:
1119 0 : err = -EINVAL;
1120 0 : goto out_unlock;
1121 : }
1122 :
1123 0 : unix_state_lock_nested(sk);
1124 :
1125 0 : if (sk->sk_state != st) {
1126 0 : unix_state_unlock(sk);
1127 0 : unix_state_unlock(other);
1128 0 : sock_put(other);
1129 0 : goto restart;
1130 : }
1131 :
1132 0 : err = security_unix_stream_connect(sock, other->sk_socket, newsk);
1133 0 : if (err) {
1134 0 : unix_state_unlock(sk);
1135 0 : goto out_unlock;
1136 : }
1137 :
1138 : /* The way is open! Fastly set all the necessary fields... */
1139 :
1140 0 : sock_hold(sk);
1141 0 : unix_peer(newsk) = sk;
1142 0 : newsk->sk_state = TCP_ESTABLISHED;
1143 0 : newsk->sk_type = sk->sk_type;
1144 0 : newsk->sk_peercred.pid = task_tgid_vnr(current);
1145 0 : current_euid_egid(&newsk->sk_peercred.uid, &newsk->sk_peercred.gid);
1146 0 : newu = unix_sk(newsk);
1147 0 : newsk->sk_sleep = &newu->peer_wait;
1148 0 : otheru = unix_sk(other);
1149 :
1150 : /* copy address information from listening to new sock*/
1151 0 : if (otheru->addr) {
1152 0 : atomic_inc(&otheru->addr->refcnt);
1153 0 : newu->addr = otheru->addr;
1154 : }
1155 0 : if (otheru->dentry) {
1156 0 : newu->dentry = dget(otheru->dentry);
1157 0 : newu->mnt = mntget(otheru->mnt);
1158 : }
1159 :
1160 : /* Set credentials */
1161 0 : sk->sk_peercred = other->sk_peercred;
1162 :
1163 0 : sock->state = SS_CONNECTED;
1164 0 : sk->sk_state = TCP_ESTABLISHED;
1165 0 : sock_hold(newsk);
1166 :
1167 0 : smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1168 0 : unix_peer(sk) = newsk;
1169 :
1170 0 : unix_state_unlock(sk);
1171 :
1172 : /* take ten and and send info to listening sock */
1173 0 : spin_lock(&other->sk_receive_queue.lock);
1174 0 : __skb_queue_tail(&other->sk_receive_queue, skb);
1175 0 : spin_unlock(&other->sk_receive_queue.lock);
1176 0 : unix_state_unlock(other);
1177 0 : other->sk_data_ready(other, 0);
1178 0 : sock_put(other);
1179 0 : return 0;
1180 0 :
1181 : out_unlock:
1182 0 : if (other)
1183 0 : unix_state_unlock(other);
1184 :
1185 : out:
1186 0 : kfree_skb(skb);
1187 0 : if (newsk)
1188 0 : unix_release_sock(newsk, 0);
1189 0 : if (other)
1190 0 : sock_put(other);
1191 0 : return err;
1192 : }
1193 :
1194 : static int unix_socketpair(struct socket *socka, struct socket *sockb)
1195 : {
1196 0 : struct sock *ska = socka->sk, *skb = sockb->sk;
1197 0 :
1198 0 : /* Join our sockets back to back */
1199 0 : sock_hold(ska);
1200 0 : sock_hold(skb);
1201 0 : unix_peer(ska) = skb;
1202 0 : unix_peer(skb) = ska;
1203 0 : ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current);
1204 0 : current_euid_egid(&skb->sk_peercred.uid, &skb->sk_peercred.gid);
1205 0 : ska->sk_peercred.uid = skb->sk_peercred.uid;
1206 0 : ska->sk_peercred.gid = skb->sk_peercred.gid;
1207 :
1208 0 : if (ska->sk_type != SOCK_DGRAM) {
1209 0 : ska->sk_state = TCP_ESTABLISHED;
1210 0 : skb->sk_state = TCP_ESTABLISHED;
1211 0 : socka->state = SS_CONNECTED;
1212 0 : sockb->state = SS_CONNECTED;
1213 : }
1214 0 : return 0;
1215 : }
1216 :
1217 : static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
1218 : {
1219 0 : struct sock *sk = sock->sk;
1220 0 : struct sock *tsk;
1221 0 : struct sk_buff *skb;
1222 0 : int err;
1223 :
1224 0 : err = -EOPNOTSUPP;
1225 0 : if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1226 0 : goto out;
1227 :
1228 0 : err = -EINVAL;
1229 0 : if (sk->sk_state != TCP_LISTEN)
1230 0 : goto out;
1231 :
1232 : /* If socket state is TCP_LISTEN it cannot change (for now...),
1233 : * so that no locks are necessary.
1234 : */
1235 :
1236 0 : skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1237 0 : if (!skb) {
1238 : /* This means receive shutdown. */
1239 0 : if (err == 0)
1240 0 : err = -EINVAL;
1241 0 : goto out;
1242 : }
1243 :
1244 0 : tsk = skb->sk;
1245 0 : skb_free_datagram(sk, skb);
1246 0 : wake_up_interruptible(&unix_sk(sk)->peer_wait);
1247 :
1248 : /* attach accepted sock to socket */
1249 0 : unix_state_lock(tsk);
1250 0 : newsock->state = SS_CONNECTED;
1251 0 : sock_graft(tsk, newsock);
1252 0 : unix_state_unlock(tsk);
1253 0 : return 0;
1254 0 :
1255 : out:
1256 0 : return err;
1257 : }
1258 :
1259 :
1260 : static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
1261 : {
1262 0 : struct sock *sk = sock->sk;
1263 0 : struct unix_sock *u;
1264 0 : DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1265 0 : int err = 0;
1266 0 :
1267 0 : if (peer) {
1268 0 : sk = unix_peer_get(sk);
1269 :
1270 0 : err = -ENOTCONN;
1271 0 : if (!sk)
1272 0 : goto out;
1273 0 : err = 0;
1274 : } else {
1275 0 : sock_hold(sk);
1276 : }
1277 :
1278 0 : u = unix_sk(sk);
1279 0 : unix_state_lock(sk);
1280 0 : if (!u->addr) {
1281 0 : sunaddr->sun_family = AF_UNIX;
1282 0 : sunaddr->sun_path[0] = 0;
1283 0 : *uaddr_len = sizeof(short);
1284 : } else {
1285 0 : struct unix_address *addr = u->addr;
1286 :
1287 0 : *uaddr_len = addr->len;
1288 0 : memcpy(sunaddr, addr->name, *uaddr_len);
1289 : }
1290 0 : unix_state_unlock(sk);
1291 0 : sock_put(sk);
1292 : out:
1293 0 : return err;
1294 : }
1295 :
1296 : static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1297 : {
1298 0 : int i;
1299 :
1300 0 : scm->fp = UNIXCB(skb).fp;
1301 0 : skb->destructor = sock_wfree;
1302 0 : UNIXCB(skb).fp = NULL;
1303 :
1304 0 : for (i = scm->fp->count-1; i >= 0; i--)
1305 0 : unix_notinflight(scm->fp->fp[i]);
1306 0 : }
1307 :
1308 : static void unix_destruct_fds(struct sk_buff *skb)
1309 : {
1310 0 : struct scm_cookie scm;
1311 0 : memset(&scm, 0, sizeof(scm));
1312 0 : unix_detach_fds(&scm, skb);
1313 :
1314 : /* Alas, it calls VFS */
1315 : /* So fscking what? fput() had been SMP-safe since the last Summer */
1316 0 : scm_destroy(&scm);
1317 0 : sock_wfree(skb);
1318 0 : }
1319 :
1320 : static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1321 : {
1322 0 : int i;
1323 :
1324 : /*
1325 : * Need to duplicate file references for the sake of garbage
1326 : * collection. Otherwise a socket in the fps might become a
1327 : * candidate for GC while the skb is not yet queued.
1328 : */
1329 0 : UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1330 0 : if (!UNIXCB(skb).fp)
1331 0 : return -ENOMEM;
1332 :
1333 0 : for (i = scm->fp->count-1; i >= 0; i--)
1334 0 : unix_inflight(scm->fp->fp[i]);
1335 0 : skb->destructor = unix_destruct_fds;
1336 0 : return 0;
1337 : }
1338 :
1339 : /*
1340 : * Send AF_UNIX data.
1341 : */
1342 :
1343 : static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1344 : struct msghdr *msg, size_t len)
1345 : {
1346 0 : struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1347 0 : struct sock *sk = sock->sk;
1348 0 : struct net *net = sock_net(sk);
1349 0 : struct unix_sock *u = unix_sk(sk);
1350 0 : struct sockaddr_un *sunaddr = msg->msg_name;
1351 0 : struct sock *other = NULL;
1352 0 : int namelen = 0; /* fake GCC */
1353 0 : int err;
1354 0 : unsigned hash;
1355 0 : struct sk_buff *skb;
1356 0 : long timeo;
1357 0 : struct scm_cookie tmp_scm;
1358 0 :
1359 0 : if (NULL == siocb->scm)
1360 0 : siocb->scm = &tmp_scm;
1361 0 : wait_for_unix_gc();
1362 0 : err = scm_send(sock, msg, siocb->scm);
1363 0 : if (err < 0)
1364 0 : return err;
1365 0 :
1366 0 : err = -EOPNOTSUPP;
1367 0 : if (msg->msg_flags&MSG_OOB)
1368 0 : goto out;
1369 :
1370 0 : if (msg->msg_namelen) {
1371 0 : err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1372 0 : if (err < 0)
1373 0 : goto out;
1374 0 : namelen = err;
1375 : } else {
1376 0 : sunaddr = NULL;
1377 0 : err = -ENOTCONN;
1378 0 : other = unix_peer_get(sk);
1379 0 : if (!other)
1380 0 : goto out;
1381 : }
1382 :
1383 0 : if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1384 : && (err = unix_autobind(sock)) != 0)
1385 0 : goto out;
1386 :
1387 0 : err = -EMSGSIZE;
1388 0 : if (len > sk->sk_sndbuf - 32)
1389 0 : goto out;
1390 :
1391 0 : skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err);
1392 0 : if (skb == NULL)
1393 0 : goto out;
1394 :
1395 0 : memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1396 0 : if (siocb->scm->fp) {
1397 0 : err = unix_attach_fds(siocb->scm, skb);
1398 0 : if (err)
1399 0 : goto out_free;
1400 : }
1401 0 : unix_get_secdata(siocb->scm, skb);
1402 :
1403 0 : skb_reset_transport_header(skb);
1404 0 : err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
1405 0 : if (err)
1406 0 : goto out_free;
1407 :
1408 0 : timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1409 :
1410 0 : restart:
1411 0 : if (!other) {
1412 0 : err = -ECONNRESET;
1413 0 : if (sunaddr == NULL)
1414 0 : goto out_free;
1415 :
1416 0 : other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1417 : hash, &err);
1418 0 : if (other == NULL)
1419 0 : goto out_free;
1420 : }
1421 :
1422 0 : unix_state_lock(other);
1423 0 : err = -EPERM;
1424 0 : if (!unix_may_send(sk, other))
1425 0 : goto out_unlock;
1426 :
1427 0 : if (sock_flag(other, SOCK_DEAD)) {
1428 : /*
1429 : * Check with 1003.1g - what should
1430 : * datagram error
1431 : */
1432 0 : unix_state_unlock(other);
1433 0 : sock_put(other);
1434 :
1435 0 : err = 0;
1436 0 : unix_state_lock(sk);
1437 0 : if (unix_peer(sk) == other) {
1438 0 : unix_peer(sk) = NULL;
1439 0 : unix_state_unlock(sk);
1440 :
1441 0 : unix_dgram_disconnected(sk, other);
1442 0 : sock_put(other);
1443 0 : err = -ECONNREFUSED;
1444 : } else {
1445 0 : unix_state_unlock(sk);
1446 : }
1447 :
1448 0 : other = NULL;
1449 0 : if (err)
1450 0 : goto out_free;
1451 0 : goto restart;
1452 : }
1453 :
1454 0 : err = -EPIPE;
1455 0 : if (other->sk_shutdown & RCV_SHUTDOWN)
1456 0 : goto out_unlock;
1457 :
1458 0 : if (sk->sk_type != SOCK_SEQPACKET) {
1459 0 : err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1460 0 : if (err)
1461 0 : goto out_unlock;
1462 : }
1463 :
1464 0 : if (unix_peer(other) != sk && unix_recvq_full(other)) {
1465 0 : if (!timeo) {
1466 0 : err = -EAGAIN;
1467 0 : goto out_unlock;
1468 : }
1469 :
1470 0 : timeo = unix_wait_for_peer(other, timeo);
1471 :
1472 0 : err = sock_intr_errno(timeo);
1473 0 : if (signal_pending(current))
1474 0 : goto out_free;
1475 :
1476 0 : goto restart;
1477 : }
1478 :
1479 0 : skb_queue_tail(&other->sk_receive_queue, skb);
1480 0 : unix_state_unlock(other);
1481 0 : other->sk_data_ready(other, len);
1482 0 : sock_put(other);
1483 0 : scm_destroy(siocb->scm);
1484 0 : return len;
1485 0 :
1486 : out_unlock:
1487 0 : unix_state_unlock(other);
1488 : out_free:
1489 0 : kfree_skb(skb);
1490 : out:
1491 0 : if (other)
1492 0 : sock_put(other);
1493 0 : scm_destroy(siocb->scm);
1494 0 : return err;
1495 : }
1496 :
1497 :
1498 : static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1499 : struct msghdr *msg, size_t len)
1500 : {
1501 0 : struct sock_iocb *siocb = kiocb_to_siocb(kiocb);
1502 0 : struct sock *sk = sock->sk;
1503 0 : struct sock *other = NULL;
1504 0 : struct sockaddr_un *sunaddr = msg->msg_name;
1505 0 : int err, size;
1506 0 : struct sk_buff *skb;
1507 0 : int sent = 0;
1508 0 : struct scm_cookie tmp_scm;
1509 0 : bool fds_sent = false;
1510 0 :
1511 0 : if (NULL == siocb->scm)
1512 0 : siocb->scm = &tmp_scm;
1513 0 : wait_for_unix_gc();
1514 0 : err = scm_send(sock, msg, siocb->scm);
1515 0 : if (err < 0)
1516 0 : return err;
1517 0 :
1518 0 : err = -EOPNOTSUPP;
1519 0 : if (msg->msg_flags&MSG_OOB)
1520 0 : goto out_err;
1521 :
1522 0 : if (msg->msg_namelen) {
1523 0 : err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1524 0 : goto out_err;
1525 : } else {
1526 0 : sunaddr = NULL;
1527 0 : err = -ENOTCONN;
1528 0 : other = unix_peer(sk);
1529 0 : if (!other)
1530 0 : goto out_err;
1531 : }
1532 :
1533 0 : if (sk->sk_shutdown & SEND_SHUTDOWN)
1534 0 : goto pipe_err;
1535 :
1536 0 : while (sent < len) {
1537 0 : /*
1538 0 : * Optimisation for the fact that under 0.01% of X
1539 : * messages typically need breaking up.
1540 : */
1541 :
1542 0 : size = len-sent;
1543 :
1544 : /* Keep two messages in the pipe so it schedules better */
1545 0 : if (size > ((sk->sk_sndbuf >> 1) - 64))
1546 0 : size = (sk->sk_sndbuf >> 1) - 64;
1547 :
1548 0 : if (size > SKB_MAX_ALLOC)
1549 0 : size = SKB_MAX_ALLOC;
1550 :
1551 : /*
1552 : * Grab a buffer
1553 : */
1554 :
1555 0 : skb = sock_alloc_send_skb(sk, size, msg->msg_flags&MSG_DONTWAIT,
1556 : &err);
1557 :
1558 0 : if (skb == NULL)
1559 0 : goto out_err;
1560 :
1561 : /*
1562 : * If you pass two values to the sock_alloc_send_skb
1563 : * it tries to grab the large buffer with GFP_NOFS
1564 : * (which can fail easily), and if it fails grab the
1565 : * fallback size buffer which is under a page and will
1566 : * succeed. [Alan]
1567 : */
1568 0 : size = min_t(int, size, skb_tailroom(skb));
1569 :
1570 0 : memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1571 : /* Only send the fds in the first buffer */
1572 0 : if (siocb->scm->fp && !fds_sent) {
1573 0 : err = unix_attach_fds(siocb->scm, skb);
1574 0 : if (err) {
1575 0 : kfree_skb(skb);
1576 0 : goto out_err;
1577 : }
1578 0 : fds_sent = true;
1579 : }
1580 :
1581 0 : err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1582 0 : if (err) {
1583 0 : kfree_skb(skb);
1584 0 : goto out_err;
1585 : }
1586 :
1587 0 : unix_state_lock(other);
1588 :
1589 0 : if (sock_flag(other, SOCK_DEAD) ||
1590 : (other->sk_shutdown & RCV_SHUTDOWN))
1591 0 : goto pipe_err_free;
1592 :
1593 0 : skb_queue_tail(&other->sk_receive_queue, skb);
1594 0 : unix_state_unlock(other);
1595 0 : other->sk_data_ready(other, size);
1596 0 : sent += size;
1597 : }
1598 0 :
1599 0 : scm_destroy(siocb->scm);
1600 0 : siocb->scm = NULL;
1601 :
1602 0 : return sent;
1603 0 :
1604 : pipe_err_free:
1605 0 : unix_state_unlock(other);
1606 0 : kfree_skb(skb);
1607 : pipe_err:
1608 0 : if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1609 0 : send_sig(SIGPIPE, current, 0);
1610 0 : err = -EPIPE;
1611 0 : out_err:
1612 0 : scm_destroy(siocb->scm);
1613 0 : siocb->scm = NULL;
1614 0 : return sent ? : err;
1615 : }
1616 :
1617 : static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1618 : struct msghdr *msg, size_t len)
1619 : {
1620 0 : int err;
1621 0 : struct sock *sk = sock->sk;
1622 0 :
1623 0 : err = sock_error(sk);
1624 0 : if (err)
1625 0 : return err;
1626 :
1627 0 : if (sk->sk_state != TCP_ESTABLISHED)
1628 0 : return -ENOTCONN;
1629 :
1630 0 : if (msg->msg_namelen)
1631 0 : msg->msg_namelen = 0;
1632 :
1633 0 : return unix_dgram_sendmsg(kiocb, sock, msg, len);
1634 : }
1635 :
1636 : static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1637 : struct msghdr *msg, size_t size,
1638 : int flags)
1639 0 : {
1640 0 : struct sock *sk = sock->sk;
1641 :
1642 0 : if (sk->sk_state != TCP_ESTABLISHED)
1643 0 : return -ENOTCONN;
1644 :
1645 0 : return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1646 : }
1647 :
1648 : static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1649 : {
1650 0 : struct unix_sock *u = unix_sk(sk);
1651 :
1652 0 : msg->msg_namelen = 0;
1653 0 : if (u->addr) {
1654 0 : msg->msg_namelen = u->addr->len;
1655 0 : memcpy(msg->msg_name, u->addr->name, u->addr->len);
1656 : }
1657 0 : }
1658 :
1659 : static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1660 : struct msghdr *msg, size_t size,
1661 : int flags)
1662 0 : {
1663 0 : struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1664 0 : struct scm_cookie tmp_scm;
1665 0 : struct sock *sk = sock->sk;
1666 0 : struct unix_sock *u = unix_sk(sk);
1667 0 : int noblock = flags & MSG_DONTWAIT;
1668 0 : struct sk_buff *skb;
1669 0 : int err;
1670 :
1671 0 : err = -EOPNOTSUPP;
1672 0 : if (flags&MSG_OOB)
1673 0 : goto out;
1674 :
1675 0 : msg->msg_namelen = 0;
1676 :
1677 0 : mutex_lock(&u->readlock);
1678 :
1679 0 : skb = skb_recv_datagram(sk, flags, noblock, &err);
1680 0 : if (!skb) {
1681 0 : unix_state_lock(sk);
1682 : /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1683 0 : if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
1684 : (sk->sk_shutdown & RCV_SHUTDOWN))
1685 0 : err = 0;
1686 0 : unix_state_unlock(sk);
1687 0 : goto out_unlock;
1688 : }
1689 :
1690 0 : wake_up_interruptible_sync(&u->peer_wait);
1691 :
1692 0 : if (msg->msg_name)
1693 0 : unix_copy_addr(msg, skb->sk);
1694 :
1695 0 : if (size > skb->len)
1696 0 : size = skb->len;
1697 0 : else if (size < skb->len)
1698 0 : msg->msg_flags |= MSG_TRUNC;
1699 :
1700 0 : err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1701 0 : if (err)
1702 0 : goto out_free;
1703 :
1704 0 : if (!siocb->scm) {
1705 0 : siocb->scm = &tmp_scm;
1706 0 : memset(&tmp_scm, 0, sizeof(tmp_scm));
1707 : }
1708 0 : siocb->scm->creds = *UNIXCREDS(skb);
1709 0 : unix_set_secdata(siocb->scm, skb);
1710 :
1711 0 : if (!(flags & MSG_PEEK)) {
1712 0 : if (UNIXCB(skb).fp)
1713 0 : unix_detach_fds(siocb->scm, skb);
1714 : } else {
1715 : /* It is questionable: on PEEK we could:
1716 : - do not return fds - good, but too simple 8)
1717 : - return fds, and do not return them on read (old strategy,
1718 : apparently wrong)
1719 : - clone fds (I chose it for now, it is the most universal
1720 : solution)
1721 :
1722 : POSIX 1003.1g does not actually define this clearly
1723 : at all. POSIX 1003.1g doesn't define a lot of things
1724 : clearly however!
1725 :
1726 : */
1727 0 : if (UNIXCB(skb).fp)
1728 0 : siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1729 : }
1730 0 : err = size;
1731 :
1732 0 : scm_recv(sock, msg, siocb->scm, flags);
1733 :
1734 0 : out_free:
1735 0 : skb_free_datagram(sk, skb);
1736 : out_unlock:
1737 0 : mutex_unlock(&u->readlock);
1738 : out:
1739 0 : return err;
1740 : }
1741 :
1742 : /*
1743 : * Sleep until data has arrive. But check for races..
1744 : */
1745 :
1746 : static long unix_stream_data_wait(struct sock *sk, long timeo)
1747 : {
1748 0 : DEFINE_WAIT(wait);
1749 0 :
1750 0 : unix_state_lock(sk);
1751 0 :
1752 0 : for (;;) {
1753 0 : prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);
1754 :
1755 0 : if (!skb_queue_empty(&sk->sk_receive_queue) ||
1756 : sk->sk_err ||
1757 : (sk->sk_shutdown & RCV_SHUTDOWN) ||
1758 : signal_pending(current) ||
1759 : !timeo)
1760 0 : break;
1761 :
1762 0 : set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1763 0 : unix_state_unlock(sk);
1764 0 : timeo = schedule_timeout(timeo);
1765 0 : unix_state_lock(sk);
1766 0 : clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1767 0 : }
1768 0 :
1769 0 : finish_wait(sk->sk_sleep, &wait);
1770 0 : unix_state_unlock(sk);
1771 0 : return timeo;
1772 : }
1773 :
1774 :
1775 :
1776 : static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1777 : struct msghdr *msg, size_t size,
1778 : int flags)
1779 0 : {
1780 0 : struct sock_iocb *siocb = kiocb_to_siocb(iocb);
1781 0 : struct scm_cookie tmp_scm;
1782 0 : struct sock *sk = sock->sk;
1783 0 : struct unix_sock *u = unix_sk(sk);
1784 0 : struct sockaddr_un *sunaddr = msg->msg_name;
1785 0 : int copied = 0;
1786 0 : int check_creds = 0;
1787 0 : int target;
1788 0 : int err = 0;
1789 0 : long timeo;
1790 0 :
1791 0 : err = -EINVAL;
1792 0 : if (sk->sk_state != TCP_ESTABLISHED)
1793 0 : goto out;
1794 0 :
1795 0 : err = -EOPNOTSUPP;
1796 0 : if (flags&MSG_OOB)
1797 0 : goto out;
1798 :
1799 0 : target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1800 0 : timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1801 :
1802 0 : msg->msg_namelen = 0;
1803 :
1804 : /* Lock the socket to prevent queue disordering
1805 : * while sleeps in memcpy_tomsg
1806 : */
1807 :
1808 0 : if (!siocb->scm) {
1809 0 : siocb->scm = &tmp_scm;
1810 0 : memset(&tmp_scm, 0, sizeof(tmp_scm));
1811 : }
1812 :
1813 0 : mutex_lock(&u->readlock);
1814 :
1815 0 : do {
1816 : int chunk;
1817 : struct sk_buff *skb;
1818 :
1819 0 : unix_state_lock(sk);
1820 0 : skb = skb_dequeue(&sk->sk_receive_queue);
1821 0 : if (skb == NULL) {
1822 0 : if (copied >= target)
1823 0 : goto unlock;
1824 :
1825 : /*
1826 : * POSIX 1003.1g mandates this order.
1827 : */
1828 :
1829 0 : err = sock_error(sk);
1830 0 : if (err)
1831 0 : goto unlock;
1832 0 : if (sk->sk_shutdown & RCV_SHUTDOWN)
1833 0 : goto unlock;
1834 :
1835 0 : unix_state_unlock(sk);
1836 0 : err = -EAGAIN;
1837 0 : if (!timeo)
1838 0 : break;
1839 0 : mutex_unlock(&u->readlock);
1840 :
1841 0 : timeo = unix_stream_data_wait(sk, timeo);
1842 :
1843 0 : if (signal_pending(current)) {
1844 0 : err = sock_intr_errno(timeo);
1845 0 : goto out;
1846 : }
1847 0 : mutex_lock(&u->readlock);
1848 0 : continue;
1849 0 : unlock:
1850 0 : unix_state_unlock(sk);
1851 0 : break;
1852 : }
1853 0 : unix_state_unlock(sk);
1854 :
1855 0 : if (check_creds) {
1856 : /* Never glue messages from different writers */
1857 0 : if (memcmp(UNIXCREDS(skb), &siocb->scm->creds,
1858 : sizeof(siocb->scm->creds)) != 0) {
1859 0 : skb_queue_head(&sk->sk_receive_queue, skb);
1860 0 : break;
1861 : }
1862 : } else {
1863 : /* Copy credentials */
1864 0 : siocb->scm->creds = *UNIXCREDS(skb);
1865 0 : check_creds = 1;
1866 : }
1867 :
1868 : /* Copy address just once */
1869 0 : if (sunaddr) {
1870 0 : unix_copy_addr(msg, skb->sk);
1871 0 : sunaddr = NULL;
1872 : }
1873 :
1874 0 : chunk = min_t(unsigned int, skb->len, size);
1875 0 : if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1876 0 : skb_queue_head(&sk->sk_receive_queue, skb);
1877 0 : if (copied == 0)
1878 0 : copied = -EFAULT;
1879 0 : break;
1880 : }
1881 0 : copied += chunk;
1882 0 : size -= chunk;
1883 :
1884 : /* Mark read part of skb as used */
1885 0 : if (!(flags & MSG_PEEK)) {
1886 0 : skb_pull(skb, chunk);
1887 :
1888 0 : if (UNIXCB(skb).fp)
1889 0 : unix_detach_fds(siocb->scm, skb);
1890 :
1891 : /* put the skb back if we didn't use it up.. */
1892 0 : if (skb->len) {
1893 0 : skb_queue_head(&sk->sk_receive_queue, skb);
1894 0 : break;
1895 : }
1896 :
1897 0 : kfree_skb(skb);
1898 :
1899 0 : if (siocb->scm->fp)
1900 0 : break;
1901 : } else {
1902 : /* It is questionable, see note in unix_dgram_recvmsg.
1903 : */
1904 0 : if (UNIXCB(skb).fp)
1905 0 : siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1906 :
1907 : /* put message back and return */
1908 0 : skb_queue_head(&sk->sk_receive_queue, skb);
1909 0 : break;
1910 : }
1911 0 : } while (size);
1912 :
1913 0 : mutex_unlock(&u->readlock);
1914 0 : scm_recv(sock, msg, siocb->scm, flags);
1915 : out:
1916 0 : return copied ? : err;
1917 0 : }
1918 :
1919 : static int unix_shutdown(struct socket *sock, int mode)
1920 : {
1921 0 : struct sock *sk = sock->sk;
1922 0 : struct sock *other;
1923 0 :
1924 0 : mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN);
1925 :
1926 0 : if (mode) {
1927 0 : unix_state_lock(sk);
1928 0 : sk->sk_shutdown |= mode;
1929 0 : other = unix_peer(sk);
1930 0 : if (other)
1931 0 : sock_hold(other);
1932 0 : unix_state_unlock(sk);
1933 0 : sk->sk_state_change(sk);
1934 :
1935 0 : if (other &&
1936 : (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
1937 :
1938 0 : int peer_mode = 0;
1939 :
1940 0 : if (mode&RCV_SHUTDOWN)
1941 0 : peer_mode |= SEND_SHUTDOWN;
1942 0 : if (mode&SEND_SHUTDOWN)
1943 0 : peer_mode |= RCV_SHUTDOWN;
1944 0 : unix_state_lock(other);
1945 0 : other->sk_shutdown |= peer_mode;
1946 0 : unix_state_unlock(other);
1947 0 : other->sk_state_change(other);
1948 0 : read_lock(&other->sk_callback_lock);
1949 0 : if (peer_mode == SHUTDOWN_MASK)
1950 0 : sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
1951 0 : else if (peer_mode & RCV_SHUTDOWN)
1952 0 : sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
1953 0 : read_unlock(&other->sk_callback_lock);
1954 : }
1955 0 : if (other)
1956 0 : sock_put(other);
1957 : }
1958 0 : return 0;
1959 : }
1960 :
1961 : static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1962 : {
1963 0 : struct sock *sk = sock->sk;
1964 0 : long amount = 0;
1965 0 : int err;
1966 0 :
1967 0 : switch (cmd) {
1968 0 : case SIOCOUTQ:
1969 0 : amount = sk_wmem_alloc_get(sk);
1970 0 : err = put_user(amount, (int __user *)arg);
1971 0 : break;
1972 0 : case SIOCINQ:
1973 : {
1974 : struct sk_buff *skb;
1975 :
1976 0 : if (sk->sk_state == TCP_LISTEN) {
1977 0 : err = -EINVAL;
1978 0 : break;
1979 : }
1980 :
1981 0 : spin_lock(&sk->sk_receive_queue.lock);
1982 0 : if (sk->sk_type == SOCK_STREAM ||
1983 : sk->sk_type == SOCK_SEQPACKET) {
1984 0 : skb_queue_walk(&sk->sk_receive_queue, skb)
1985 0 : amount += skb->len;
1986 0 : } else {
1987 0 : skb = skb_peek(&sk->sk_receive_queue);
1988 0 : if (skb)
1989 0 : amount = skb->len;
1990 : }
1991 0 : spin_unlock(&sk->sk_receive_queue.lock);
1992 0 : err = put_user(amount, (int __user *)arg);
1993 0 : break;
1994 0 : }
1995 :
1996 0 : default:
1997 0 : err = -ENOIOCTLCMD;
1998 0 : break;
1999 : }
2000 0 : return err;
2001 : }
2002 :
2003 : static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2004 : {
2005 0 : struct sock *sk = sock->sk;
2006 0 : unsigned int mask;
2007 0 :
2008 0 : sock_poll_wait(file, sk->sk_sleep, wait);
2009 0 : mask = 0;
2010 :
2011 : /* exceptional events? */
2012 0 : if (sk->sk_err)
2013 0 : mask |= POLLERR;
2014 0 : if (sk->sk_shutdown == SHUTDOWN_MASK)
2015 0 : mask |= POLLHUP;
2016 0 : if (sk->sk_shutdown & RCV_SHUTDOWN)
2017 0 : mask |= POLLRDHUP;
2018 :
2019 : /* readable? */
2020 0 : if (!skb_queue_empty(&sk->sk_receive_queue) ||
2021 : (sk->sk_shutdown & RCV_SHUTDOWN))
2022 0 : mask |= POLLIN | POLLRDNORM;
2023 :
2024 : /* Connection-based need to check for termination and startup */
2025 0 : if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2026 : sk->sk_state == TCP_CLOSE)
2027 0 : mask |= POLLHUP;
2028 :
2029 : /*
2030 : * we set writable also when the other side has shut down the
2031 : * connection. This prevents stuck sockets.
2032 : */
2033 0 : if (unix_writable(sk))
2034 0 : mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2035 :
2036 0 : return mask;
2037 : }
2038 :
2039 : static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2040 : poll_table *wait)
2041 0 : {
2042 0 : struct sock *sk = sock->sk, *other;
2043 0 : unsigned int mask, writable;
2044 0 :
2045 0 : sock_poll_wait(file, sk->sk_sleep, wait);
2046 0 : mask = 0;
2047 0 :
2048 0 : /* exceptional events? */
2049 0 : if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2050 0 : mask |= POLLERR;
2051 0 : if (sk->sk_shutdown & RCV_SHUTDOWN)
2052 0 : mask |= POLLRDHUP;
2053 0 : if (sk->sk_shutdown == SHUTDOWN_MASK)
2054 0 : mask |= POLLHUP;
2055 :
2056 : /* readable? */
2057 0 : if (!skb_queue_empty(&sk->sk_receive_queue) ||
2058 : (sk->sk_shutdown & RCV_SHUTDOWN))
2059 0 : mask |= POLLIN | POLLRDNORM;
2060 :
2061 : /* Connection-based need to check for termination and startup */
2062 0 : if (sk->sk_type == SOCK_SEQPACKET) {
2063 0 : if (sk->sk_state == TCP_CLOSE)
2064 0 : mask |= POLLHUP;
2065 : /* connection hasn't started yet? */
2066 0 : if (sk->sk_state == TCP_SYN_SENT)
2067 0 : return mask;
2068 : }
2069 :
2070 : /* writable? */
2071 0 : writable = unix_writable(sk);
2072 0 : if (writable) {
2073 0 : other = unix_peer_get(sk);
2074 0 : if (other) {
2075 0 : if (unix_peer(other) != sk) {
2076 0 : sock_poll_wait(file, &unix_sk(other)->peer_wait,
2077 : wait);
2078 0 : if (unix_recvq_full(other))
2079 0 : writable = 0;
2080 : }
2081 :
2082 0 : sock_put(other);
2083 : }
2084 : }
2085 :
2086 0 : if (writable)
2087 0 : mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2088 : else
2089 0 : set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2090 :
2091 0 : return mask;
2092 : }
2093 :
2094 : #ifdef CONFIG_PROC_FS
2095 : static struct sock *first_unix_socket(int *i)
2096 : {
2097 12 : for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
2098 14 : if (!hlist_empty(&unix_socket_table[*i]))
2099 8 : return __sk_head(&unix_socket_table[*i]);
2100 : }
2101 2 : return NULL;
2102 : }
2103 :
2104 : static struct sock *next_unix_socket(int *i, struct sock *s)
2105 : {
2106 12 : struct sock *next = sk_next(s);
2107 3 : /* More in this chain? */
2108 9 : if (next)
2109 6 : return next;
2110 : /* Look for next non-empty chain. */
2111 15 : for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
2112 18 : if (!hlist_empty(&unix_socket_table[*i]))
2113 12 : return __sk_head(&unix_socket_table[*i]);
2114 : }
2115 3 : return NULL;
2116 : }
2117 1 :
2118 : struct unix_iter_state {
2119 : struct seq_net_private p;
2120 : int i;
2121 : };
2122 :
2123 : static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos)
2124 : {
2125 3 : struct unix_iter_state *iter = seq->private;
2126 2 : loff_t off = 0;
2127 1 : struct sock *s;
2128 1 :
2129 11 : for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
2130 7 : if (sock_net(s) != seq_file_net(seq))
2131 3 : continue;
2132 2 : if (off == pos)
2133 1 : return s;
2134 1 : ++off;
2135 1 : }
2136 1 : return NULL;
2137 : }
2138 :
2139 : static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2140 : __acquires(unix_table_lock)
2141 1 : {
2142 3 : spin_lock(&unix_table_lock);
2143 9 : return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2144 : }
2145 :
2146 : static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2147 : {
2148 3 : struct unix_iter_state *iter = seq->private;
2149 2 : struct sock *sk = v;
2150 2 : ++*pos;
2151 1 :
2152 2 : if (v == SEQ_START_TOKEN)
2153 3 : sk = first_unix_socket(&iter->i);
2154 : else
2155 4 : sk = next_unix_socket(&iter->i, sk);
2156 10 : while (sk && (sock_net(sk) != seq_file_net(seq)))
2157 5 : sk = next_unix_socket(&iter->i, sk);
2158 3 : return sk;
2159 1 : }
2160 :
2161 1 : static void unix_seq_stop(struct seq_file *seq, void *v)
2162 : __releases(unix_table_lock)
2163 : {
2164 2 : spin_unlock(&unix_table_lock);
2165 1 : }
2166 1 :
2167 : static int unix_seq_show(struct seq_file *seq, void *v)
2168 : {
2169 1 :
2170 3 : if (v == SEQ_START_TOKEN)
2171 2 : seq_puts(seq, "Num RefCount Protocol Flags Type St "
2172 1 : "Inode Path\n");
2173 1 : else {
2174 2 : struct sock *s = v;
2175 1 : struct unix_sock *u = unix_sk(s);
2176 2 : unix_state_lock(s);
2177 :
2178 11 : seq_printf(seq, "%p: %08X %08X %08X %04X %02X %5lu",
2179 15 : s,
2180 : atomic_read(&s->sk_refcnt),
2181 : 0,
2182 : s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2183 : s->sk_type,
2184 : s->sk_socket ?
2185 : (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2186 : (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2187 : sock_i_ino(s));
2188 :
2189 3 : if (u->addr) {
2190 : int i, len;
2191 1 : seq_putc(seq, ' ');
2192 :
2193 1 : i = 0;
2194 2 : len = u->addr->len - sizeof(short);
2195 2 : if (!UNIX_ABSTRACT(s))
2196 1 : len--;
2197 : else {
2198 1 : seq_putc(seq, '@');
2199 1 : i++;
2200 : }
2201 4 : for ( ; i < len; i++)
2202 2 : seq_putc(seq, u->addr->name->sun_path[i]);
2203 2 : }
2204 4 : unix_state_unlock(s);
2205 1 : seq_putc(seq, '\n');
2206 : }
2207 :
2208 2 : return 0;
2209 : }
2210 :
2211 1 : static const struct seq_operations unix_seq_ops = {
2212 : .start = unix_seq_start,
2213 : .next = unix_seq_next,
2214 : .stop = unix_seq_stop,
2215 : .show = unix_seq_show,
2216 : };
2217 :
2218 : static int unix_seq_open(struct inode *inode, struct file *file)
2219 : {
2220 3 : return seq_open_net(inode, file, &unix_seq_ops,
2221 : sizeof(struct unix_iter_state));
2222 : }
2223 :
2224 1 : static const struct file_operations unix_seq_fops = {
2225 : .owner = THIS_MODULE,
2226 : .open = unix_seq_open,
2227 : .read = seq_read,
2228 : .llseek = seq_lseek,
2229 : .release = seq_release_net,
2230 : };
2231 :
2232 : #endif
2233 :
2234 1 : static const struct net_proto_family unix_family_ops = {
2235 : .family = PF_UNIX,
2236 : .create = unix_create,
2237 : .owner = THIS_MODULE,
2238 : };
2239 :
2240 :
2241 : static int unix_net_init(struct net *net)
2242 : {
2243 2 : int error = -ENOMEM;
2244 1 :
2245 2 : net->unx.sysctl_max_dgram_qlen = 10;
2246 5 : if (unix_sysctl_register(net))
2247 1 : goto out;
2248 :
2249 : #ifdef CONFIG_PROC_FS
2250 3 : if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
2251 2 : unix_sysctl_unregister(net);
2252 1 : goto out;
2253 : }
2254 : #endif
2255 1 : error = 0;
2256 1 : out:
2257 2 : return error;
2258 : }
2259 :
2260 : static void unix_net_exit(struct net *net)
2261 : {
2262 2 : unix_sysctl_unregister(net);
2263 1 : proc_net_remove(net, "unix");
2264 1 : }
2265 :
2266 1 : static struct pernet_operations unix_net_ops = {
2267 : .init = unix_net_init,
2268 : .exit = unix_net_exit,
2269 : };
2270 :
2271 : static int __init af_unix_init(void)
2272 : {
2273 2 : int rc = -1;
2274 : struct sk_buff *dummy_skb;
2275 :
2276 : BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb));
2277 :
2278 1 : rc = proto_register(&unix_proto, 1);
2279 2 : if (rc != 0) {
2280 1 : printk(KERN_CRIT "%s: Cannot create unix_sock SLAB cache!\n",
2281 : __func__);
2282 1 : goto out;
2283 : }
2284 :
2285 1 : sock_register(&unix_family_ops);
2286 1 : register_pernet_subsys(&unix_net_ops);
2287 : out:
2288 2 : return rc;
2289 : }
2290 :
2291 : static void __exit af_unix_exit(void)
2292 : {
2293 2 : sock_unregister(PF_UNIX);
2294 2 : proto_unregister(&unix_proto);
2295 2 : unregister_pernet_subsys(&unix_net_ops);
2296 2 : }
2297 :
2298 : /* Earlier than device_initcall() so that other drivers invoking
2299 : request_module() don't end up in a loop when modprobe tries
2300 : to use a UNIX socket. But later than subsys_initcall() because
2301 : we depend on stuff initialised there */
2302 : fs_initcall(af_unix_init);
2303 : module_exit(af_unix_exit);
2304 1 :
2305 : MODULE_LICENSE("GPL");
2306 : MODULE_ALIAS_NETPROTO(PF_UNIX);
|