2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
85 #include <linux/module.h>
86 #include <linux/kernel.h>
87 #include <linux/signal.h>
88 #include <linux/sched/signal.h>
89 #include <linux/errno.h>
90 #include <linux/string.h>
91 #include <linux/stat.h>
92 #include <linux/dcache.h>
93 #include <linux/namei.h>
94 #include <linux/socket.h>
96 #include <linux/fcntl.h>
97 #include <linux/termios.h>
98 #include <linux/sockios.h>
99 #include <linux/net.h>
100 #include <linux/in.h>
101 #include <linux/fs.h>
102 #include <linux/slab.h>
103 #include <linux/uaccess.h>
104 #include <linux/skbuff.h>
105 #include <linux/netdevice.h>
106 #include <net/net_namespace.h>
107 #include <net/sock.h>
108 #include <net/tcp_states.h>
109 #include <net/af_unix.h>
110 #include <linux/proc_fs.h>
111 #include <linux/seq_file.h>
113 #include <linux/init.h>
114 #include <linux/poll.h>
115 #include <linux/rtnetlink.h>
116 #include <linux/mount.h>
117 #include <net/checksum.h>
118 #include <linux/security.h>
119 #include <linux/freezer.h>
120 #include <linux/file.h>
124 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
125 EXPORT_SYMBOL_GPL(unix_socket_table);
126 DEFINE_SPINLOCK(unix_table_lock);
127 EXPORT_SYMBOL_GPL(unix_table_lock);
128 static atomic_long_t unix_nr_socks;
131 static struct hlist_head *unix_sockets_unbound(void *addr)
133 unsigned long hash = (unsigned long)addr;
137 hash %= UNIX_HASH_SIZE;
138 return &unix_socket_table[UNIX_HASH_SIZE + hash];
141 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
143 #ifdef CONFIG_SECURITY_NETWORK
144 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
146 UNIXCB(skb).secid = scm->secid;
149 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
151 scm->secid = UNIXCB(skb).secid;
154 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
156 return (scm->secid == UNIXCB(skb).secid);
159 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
162 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
165 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
169 #endif /* CONFIG_SECURITY_NETWORK */
172 * SMP locking strategy:
173 * hash table is protected with spinlock unix_table_lock
174 * each socket state is protected by separate spin lock.
177 static inline unsigned int unix_hash_fold(__wsum n)
179 unsigned int hash = (__force unsigned int)csum_fold(n);
182 return hash&(UNIX_HASH_SIZE-1);
185 #define unix_peer(sk) (unix_sk(sk)->peer)
187 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
189 return unix_peer(osk) == sk;
192 static inline int unix_may_send(struct sock *sk, struct sock *osk)
194 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
197 static inline int unix_recvq_full(struct sock const *sk)
199 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
202 struct sock *unix_peer_get(struct sock *s)
210 unix_state_unlock(s);
213 EXPORT_SYMBOL_GPL(unix_peer_get);
215 static inline void unix_release_addr(struct unix_address *addr)
217 if (refcount_dec_and_test(&addr->refcnt))
222 * Check unix socket name:
223 * - should be not zero length.
224 * - if started by not zero, should be NULL terminated (FS object)
225 * - if started by zero, it is abstract name.
228 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
232 if (len <= sizeof(short) || len > sizeof(*sunaddr))
234 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
236 if (sunaddr->sun_path[0]) {
238 * This may look like an off by one error but it is a bit more
239 * subtle. 108 is the longest valid AF_UNIX path for a binding.
240 * sun_path[108] doesn't as such exist. However in kernel space
241 * we are guaranteed that it is a valid memory location in our
242 * kernel address buffer.
244 ((char *)sunaddr)[len] = 0;
245 len = strlen(sunaddr->sun_path)+1+sizeof(short);
249 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
253 static void __unix_remove_socket(struct sock *sk)
255 sk_del_node_init(sk);
258 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
260 WARN_ON(!sk_unhashed(sk));
261 sk_add_node(sk, list);
264 static inline void unix_remove_socket(struct sock *sk)
266 spin_lock(&unix_table_lock);
267 __unix_remove_socket(sk);
268 spin_unlock(&unix_table_lock);
271 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
273 spin_lock(&unix_table_lock);
274 __unix_insert_socket(list, sk);
275 spin_unlock(&unix_table_lock);
278 static struct sock *__unix_find_socket_byname(struct net *net,
279 struct sockaddr_un *sunname,
280 int len, int type, unsigned int hash)
284 sk_for_each(s, &unix_socket_table[hash ^ type]) {
285 struct unix_sock *u = unix_sk(s);
287 if (!net_eq(sock_net(s), net))
290 if (u->addr->len == len &&
291 !memcmp(u->addr->name, sunname, len))
299 static inline struct sock *unix_find_socket_byname(struct net *net,
300 struct sockaddr_un *sunname,
306 spin_lock(&unix_table_lock);
307 s = __unix_find_socket_byname(net, sunname, len, type, hash);
310 spin_unlock(&unix_table_lock);
314 static struct sock *unix_find_socket_byinode(struct inode *i)
318 spin_lock(&unix_table_lock);
320 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
321 struct dentry *dentry = unix_sk(s)->path.dentry;
323 if (dentry && d_backing_inode(dentry) == i) {
330 spin_unlock(&unix_table_lock);
334 /* Support code for asymmetrically connected dgram sockets
336 * If a datagram socket is connected to a socket not itself connected
337 * to the first socket (eg, /dev/log), clients may only enqueue more
338 * messages if the present receive queue of the server socket is not
339 * "too large". This means there's a second writeability condition
340 * poll and sendmsg need to test. The dgram recv code will do a wake
341 * up on the peer_wait wait queue of a socket upon reception of a
342 * datagram which needs to be propagated to sleeping would-be writers
343 * since these might not have sent anything so far. This can't be
344 * accomplished via poll_wait because the lifetime of the server
345 * socket might be less than that of its clients if these break their
346 * association with it or if the server socket is closed while clients
347 * are still connected to it and there's no way to inform "a polling
348 * implementation" that it should let go of a certain wait queue
350 * In order to propagate a wake up, a wait_queue_entry_t of the client
351 * socket is enqueued on the peer_wait queue of the server socket
352 * whose wake function does a wake_up on the ordinary client socket
353 * wait queue. This connection is established whenever a write (or
354 * poll for write) hit the flow control condition and broken when the
355 * association to the server socket is dissolved or after a wake up
359 static int unix_dgram_peer_wake_relay(wait_queue_entry_t *q, unsigned mode, int flags,
363 wait_queue_head_t *u_sleep;
365 u = container_of(q, struct unix_sock, peer_wake);
367 __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait,
369 u->peer_wake.private = NULL;
371 /* relaying can only happen while the wq still exists */
372 u_sleep = sk_sleep(&u->sk);
374 wake_up_interruptible_poll(u_sleep, key_to_poll(key));
379 static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other)
381 struct unix_sock *u, *u_other;
385 u_other = unix_sk(other);
387 spin_lock(&u_other->peer_wait.lock);
389 if (!u->peer_wake.private) {
390 u->peer_wake.private = other;
391 __add_wait_queue(&u_other->peer_wait, &u->peer_wake);
396 spin_unlock(&u_other->peer_wait.lock);
400 static void unix_dgram_peer_wake_disconnect(struct sock *sk,
403 struct unix_sock *u, *u_other;
406 u_other = unix_sk(other);
407 spin_lock(&u_other->peer_wait.lock);
409 if (u->peer_wake.private == other) {
410 __remove_wait_queue(&u_other->peer_wait, &u->peer_wake);
411 u->peer_wake.private = NULL;
414 spin_unlock(&u_other->peer_wait.lock);
417 static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk,
420 unix_dgram_peer_wake_disconnect(sk, other);
421 wake_up_interruptible_poll(sk_sleep(sk),
428 * - unix_peer(sk) == other
429 * - association is stable
431 static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
435 connected = unix_dgram_peer_wake_connect(sk, other);
437 /* If other is SOCK_DEAD, we want to make sure we signal
438 * POLLOUT, such that a subsequent write() can get a
439 * -ECONNREFUSED. Otherwise, if we haven't queued any skbs
440 * to other and its full, we will hang waiting for POLLOUT.
442 if (unix_recvq_full(other) && !sock_flag(other, SOCK_DEAD))
446 unix_dgram_peer_wake_disconnect(sk, other);
451 static int unix_writable(const struct sock *sk)
453 return sk->sk_state != TCP_LISTEN &&
454 (refcount_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
457 static void unix_write_space(struct sock *sk)
459 struct socket_wq *wq;
462 if (unix_writable(sk)) {
463 wq = rcu_dereference(sk->sk_wq);
464 if (skwq_has_sleeper(wq))
465 wake_up_interruptible_sync_poll(&wq->wait,
466 EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND);
467 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
472 /* When dgram socket disconnects (or changes its peer), we clear its receive
473 * queue of packets arrived from previous peer. First, it allows to do
474 * flow control based only on wmem_alloc; second, sk connected to peer
475 * may receive messages only from that peer. */
476 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
478 if (!skb_queue_empty(&sk->sk_receive_queue)) {
479 skb_queue_purge(&sk->sk_receive_queue);
480 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
482 /* If one link of bidirectional dgram pipe is disconnected,
483 * we signal error. Messages are lost. Do not make this,
484 * when peer was not connected to us.
486 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
487 other->sk_err = ECONNRESET;
488 other->sk_error_report(other);
493 static void unix_sock_destructor(struct sock *sk)
495 struct unix_sock *u = unix_sk(sk);
497 skb_queue_purge(&sk->sk_receive_queue);
499 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
500 WARN_ON(!sk_unhashed(sk));
501 WARN_ON(sk->sk_socket);
502 if (!sock_flag(sk, SOCK_DEAD)) {
503 pr_info("Attempt to release alive unix socket: %p\n", sk);
508 unix_release_addr(u->addr);
510 atomic_long_dec(&unix_nr_socks);
512 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
514 #ifdef UNIX_REFCNT_DEBUG
515 pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk,
516 atomic_long_read(&unix_nr_socks));
520 static void unix_release_sock(struct sock *sk, int embrion)
522 struct unix_sock *u = unix_sk(sk);
528 unix_remove_socket(sk);
533 sk->sk_shutdown = SHUTDOWN_MASK;
535 u->path.dentry = NULL;
537 state = sk->sk_state;
538 sk->sk_state = TCP_CLOSE;
539 unix_state_unlock(sk);
541 wake_up_interruptible_all(&u->peer_wait);
543 skpair = unix_peer(sk);
545 if (skpair != NULL) {
546 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
547 unix_state_lock(skpair);
549 skpair->sk_shutdown = SHUTDOWN_MASK;
550 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
551 skpair->sk_err = ECONNRESET;
552 unix_state_unlock(skpair);
553 skpair->sk_state_change(skpair);
554 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
557 unix_dgram_peer_wake_disconnect(sk, skpair);
558 sock_put(skpair); /* It may now die */
559 unix_peer(sk) = NULL;
562 /* Try to flush out this socket. Throw out buffers at least */
564 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
565 if (state == TCP_LISTEN)
566 unix_release_sock(skb->sk, 1);
567 /* passed fds are erased in the kfree_skb hook */
568 UNIXCB(skb).consumed = skb->len;
577 /* ---- Socket is dead now and most probably destroyed ---- */
580 * Fixme: BSD difference: In BSD all sockets connected to us get
581 * ECONNRESET and we die on the spot. In Linux we behave
582 * like files and pipes do and wait for the last
585 * Can't we simply set sock->err?
587 * What the above comment does talk about? --ANK(980817)
590 if (unix_tot_inflight)
591 unix_gc(); /* Garbage collect fds */
594 static void init_peercred(struct sock *sk)
596 put_pid(sk->sk_peer_pid);
597 if (sk->sk_peer_cred)
598 put_cred(sk->sk_peer_cred);
599 sk->sk_peer_pid = get_pid(task_tgid(current));
600 sk->sk_peer_cred = get_current_cred();
603 static void copy_peercred(struct sock *sk, struct sock *peersk)
605 put_pid(sk->sk_peer_pid);
606 if (sk->sk_peer_cred)
607 put_cred(sk->sk_peer_cred);
608 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
609 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
612 static int unix_listen(struct socket *sock, int backlog)
615 struct sock *sk = sock->sk;
616 struct unix_sock *u = unix_sk(sk);
617 struct pid *old_pid = NULL;
620 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
621 goto out; /* Only stream/seqpacket sockets accept */
624 goto out; /* No listens on an unbound socket */
626 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
628 if (backlog > sk->sk_max_ack_backlog)
629 wake_up_interruptible_all(&u->peer_wait);
630 sk->sk_max_ack_backlog = backlog;
631 sk->sk_state = TCP_LISTEN;
632 /* set credentials so connect can copy them */
637 unix_state_unlock(sk);
643 static int unix_release(struct socket *);
644 static int unix_bind(struct socket *, struct sockaddr *, int);
645 static int unix_stream_connect(struct socket *, struct sockaddr *,
646 int addr_len, int flags);
647 static int unix_socketpair(struct socket *, struct socket *);
648 static int unix_accept(struct socket *, struct socket *, int, bool);
649 static int unix_getname(struct socket *, struct sockaddr *, int);
650 static __poll_t unix_poll(struct file *, struct socket *, poll_table *);
651 static __poll_t unix_dgram_poll(struct file *, struct socket *,
653 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
654 static int unix_shutdown(struct socket *, int);
655 static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t);
656 static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int);
657 static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset,
658 size_t size, int flags);
659 static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos,
660 struct pipe_inode_info *, size_t size,
662 static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t);
663 static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int);
664 static int unix_dgram_connect(struct socket *, struct sockaddr *,
666 static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t);
667 static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t,
670 static int unix_set_peek_off(struct sock *sk, int val)
672 struct unix_sock *u = unix_sk(sk);
674 if (mutex_lock_interruptible(&u->iolock))
677 sk->sk_peek_off = val;
678 mutex_unlock(&u->iolock);
684 static const struct proto_ops unix_stream_ops = {
686 .owner = THIS_MODULE,
687 .release = unix_release,
689 .connect = unix_stream_connect,
690 .socketpair = unix_socketpair,
691 .accept = unix_accept,
692 .getname = unix_getname,
695 .listen = unix_listen,
696 .shutdown = unix_shutdown,
697 .setsockopt = sock_no_setsockopt,
698 .getsockopt = sock_no_getsockopt,
699 .sendmsg = unix_stream_sendmsg,
700 .recvmsg = unix_stream_recvmsg,
701 .mmap = sock_no_mmap,
702 .sendpage = unix_stream_sendpage,
703 .splice_read = unix_stream_splice_read,
704 .set_peek_off = unix_set_peek_off,
707 static const struct proto_ops unix_dgram_ops = {
709 .owner = THIS_MODULE,
710 .release = unix_release,
712 .connect = unix_dgram_connect,
713 .socketpair = unix_socketpair,
714 .accept = sock_no_accept,
715 .getname = unix_getname,
716 .poll = unix_dgram_poll,
718 .listen = sock_no_listen,
719 .shutdown = unix_shutdown,
720 .setsockopt = sock_no_setsockopt,
721 .getsockopt = sock_no_getsockopt,
722 .sendmsg = unix_dgram_sendmsg,
723 .recvmsg = unix_dgram_recvmsg,
724 .mmap = sock_no_mmap,
725 .sendpage = sock_no_sendpage,
726 .set_peek_off = unix_set_peek_off,
729 static const struct proto_ops unix_seqpacket_ops = {
731 .owner = THIS_MODULE,
732 .release = unix_release,
734 .connect = unix_stream_connect,
735 .socketpair = unix_socketpair,
736 .accept = unix_accept,
737 .getname = unix_getname,
738 .poll = unix_dgram_poll,
740 .listen = unix_listen,
741 .shutdown = unix_shutdown,
742 .setsockopt = sock_no_setsockopt,
743 .getsockopt = sock_no_getsockopt,
744 .sendmsg = unix_seqpacket_sendmsg,
745 .recvmsg = unix_seqpacket_recvmsg,
746 .mmap = sock_no_mmap,
747 .sendpage = sock_no_sendpage,
748 .set_peek_off = unix_set_peek_off,
751 static struct proto unix_proto = {
753 .owner = THIS_MODULE,
754 .obj_size = sizeof(struct unix_sock),
757 static struct sock *unix_create1(struct net *net, struct socket *sock, int kern)
759 struct sock *sk = NULL;
762 atomic_long_inc(&unix_nr_socks);
763 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
766 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, kern);
770 sock_init_data(sock, sk);
772 sk->sk_allocation = GFP_KERNEL_ACCOUNT;
773 sk->sk_write_space = unix_write_space;
774 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
775 sk->sk_destruct = unix_sock_destructor;
777 u->path.dentry = NULL;
779 spin_lock_init(&u->lock);
780 atomic_long_set(&u->inflight, 0);
781 INIT_LIST_HEAD(&u->link);
782 mutex_init(&u->iolock); /* single task reading lock */
783 mutex_init(&u->bindlock); /* single task binding lock */
784 init_waitqueue_head(&u->peer_wait);
785 init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);
786 unix_insert_socket(unix_sockets_unbound(sk), sk);
789 atomic_long_dec(&unix_nr_socks);
792 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
798 static int unix_create(struct net *net, struct socket *sock, int protocol,
801 if (protocol && protocol != PF_UNIX)
802 return -EPROTONOSUPPORT;
804 sock->state = SS_UNCONNECTED;
806 switch (sock->type) {
808 sock->ops = &unix_stream_ops;
811 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
815 sock->type = SOCK_DGRAM;
818 sock->ops = &unix_dgram_ops;
821 sock->ops = &unix_seqpacket_ops;
824 return -ESOCKTNOSUPPORT;
827 return unix_create1(net, sock, kern) ? 0 : -ENOMEM;
830 static int unix_release(struct socket *sock)
832 struct sock *sk = sock->sk;
837 unix_release_sock(sk, 0);
843 static int unix_autobind(struct socket *sock)
845 struct sock *sk = sock->sk;
846 struct net *net = sock_net(sk);
847 struct unix_sock *u = unix_sk(sk);
848 static u32 ordernum = 1;
849 struct unix_address *addr;
851 unsigned int retries = 0;
853 err = mutex_lock_interruptible(&u->bindlock);
862 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
866 addr->name->sun_family = AF_UNIX;
867 refcount_set(&addr->refcnt, 1);
870 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
871 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
873 spin_lock(&unix_table_lock);
874 ordernum = (ordernum+1)&0xFFFFF;
876 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
878 spin_unlock(&unix_table_lock);
880 * __unix_find_socket_byname() may take long time if many names
881 * are already in use.
884 /* Give up if all names seems to be in use. */
885 if (retries++ == 0xFFFFF) {
892 addr->hash ^= sk->sk_type;
894 __unix_remove_socket(sk);
895 smp_store_release(&u->addr, addr);
896 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
897 spin_unlock(&unix_table_lock);
900 out: mutex_unlock(&u->bindlock);
904 static struct sock *unix_find_other(struct net *net,
905 struct sockaddr_un *sunname, int len,
906 int type, unsigned int hash, int *error)
912 if (sunname->sun_path[0]) {
914 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
917 inode = d_backing_inode(path.dentry);
918 err = inode_permission(inode, MAY_WRITE);
923 if (!S_ISSOCK(inode->i_mode))
925 u = unix_find_socket_byinode(inode);
929 if (u->sk_type == type)
935 if (u->sk_type != type) {
941 u = unix_find_socket_byname(net, sunname, len, type, hash);
943 struct dentry *dentry;
944 dentry = unix_sk(u)->path.dentry;
946 touch_atime(&unix_sk(u)->path);
959 static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
961 struct dentry *dentry;
965 * Get the parent directory, calculate the hash for last
968 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
969 err = PTR_ERR(dentry);
974 * All right, let's create it.
976 err = security_path_mknod(&path, dentry, mode, 0);
978 err = vfs_mknod(d_inode(path.dentry), dentry, mode, 0);
980 res->mnt = mntget(path.mnt);
981 res->dentry = dget(dentry);
984 done_path_create(&path, dentry);
988 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
990 struct sock *sk = sock->sk;
991 struct net *net = sock_net(sk);
992 struct unix_sock *u = unix_sk(sk);
993 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
994 char *sun_path = sunaddr->sun_path;
997 struct unix_address *addr;
998 struct hlist_head *list;
999 struct path path = { };
1002 if (addr_len < offsetofend(struct sockaddr_un, sun_family) ||
1003 sunaddr->sun_family != AF_UNIX)
1006 if (addr_len == sizeof(short)) {
1007 err = unix_autobind(sock);
1011 err = unix_mkname(sunaddr, addr_len, &hash);
1017 umode_t mode = S_IFSOCK |
1018 (SOCK_INODE(sock)->i_mode & ~current_umask());
1019 err = unix_mknod(sun_path, mode, &path);
1027 err = mutex_lock_interruptible(&u->bindlock);
1036 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
1040 memcpy(addr->name, sunaddr, addr_len);
1041 addr->len = addr_len;
1042 addr->hash = hash ^ sk->sk_type;
1043 refcount_set(&addr->refcnt, 1);
1046 addr->hash = UNIX_HASH_SIZE;
1047 hash = d_backing_inode(path.dentry)->i_ino & (UNIX_HASH_SIZE - 1);
1048 spin_lock(&unix_table_lock);
1050 list = &unix_socket_table[hash];
1052 spin_lock(&unix_table_lock);
1054 if (__unix_find_socket_byname(net, sunaddr, addr_len,
1055 sk->sk_type, hash)) {
1056 unix_release_addr(addr);
1060 list = &unix_socket_table[addr->hash];
1064 __unix_remove_socket(sk);
1065 smp_store_release(&u->addr, addr);
1066 __unix_insert_socket(list, sk);
1069 spin_unlock(&unix_table_lock);
1071 mutex_unlock(&u->bindlock);
1079 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
1081 if (unlikely(sk1 == sk2) || !sk2) {
1082 unix_state_lock(sk1);
1086 unix_state_lock(sk1);
1087 unix_state_lock_nested(sk2);
1089 unix_state_lock(sk2);
1090 unix_state_lock_nested(sk1);
1094 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
1096 if (unlikely(sk1 == sk2) || !sk2) {
1097 unix_state_unlock(sk1);
1100 unix_state_unlock(sk1);
1101 unix_state_unlock(sk2);
1104 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
1105 int alen, int flags)
1107 struct sock *sk = sock->sk;
1108 struct net *net = sock_net(sk);
1109 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
1115 if (alen < offsetofend(struct sockaddr, sa_family))
1118 if (addr->sa_family != AF_UNSPEC) {
1119 err = unix_mkname(sunaddr, alen, &hash);
1124 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
1125 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
1129 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
1133 unix_state_double_lock(sk, other);
1135 /* Apparently VFS overslept socket death. Retry. */
1136 if (sock_flag(other, SOCK_DEAD)) {
1137 unix_state_double_unlock(sk, other);
1143 if (!unix_may_send(sk, other))
1146 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1152 * 1003.1g breaking connected state with AF_UNSPEC
1155 unix_state_double_lock(sk, other);
1159 * If it was connected, reconnect.
1161 if (unix_peer(sk)) {
1162 struct sock *old_peer = unix_peer(sk);
1163 unix_peer(sk) = other;
1164 unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer);
1166 unix_state_double_unlock(sk, other);
1168 if (other != old_peer)
1169 unix_dgram_disconnected(sk, old_peer);
1172 unix_peer(sk) = other;
1173 unix_state_double_unlock(sk, other);
1178 unix_state_double_unlock(sk, other);
1184 static long unix_wait_for_peer(struct sock *other, long timeo)
1186 struct unix_sock *u = unix_sk(other);
1190 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1192 sched = !sock_flag(other, SOCK_DEAD) &&
1193 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1194 unix_recvq_full(other);
1196 unix_state_unlock(other);
1199 timeo = schedule_timeout(timeo);
1201 finish_wait(&u->peer_wait, &wait);
1205 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1206 int addr_len, int flags)
1208 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1209 struct sock *sk = sock->sk;
1210 struct net *net = sock_net(sk);
1211 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1212 struct sock *newsk = NULL;
1213 struct sock *other = NULL;
1214 struct sk_buff *skb = NULL;
1220 err = unix_mkname(sunaddr, addr_len, &hash);
1225 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1226 (err = unix_autobind(sock)) != 0)
1229 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1231 /* First of all allocate resources.
1232 If we will make it after state is locked,
1233 we will have to recheck all again in any case.
1238 /* create new sock for complete connection */
1239 newsk = unix_create1(sock_net(sk), NULL, 0);
1243 /* Allocate skb for sending to listening sock */
1244 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1249 /* Find listening sock. */
1250 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1254 /* Latch state of peer */
1255 unix_state_lock(other);
1257 /* Apparently VFS overslept socket death. Retry. */
1258 if (sock_flag(other, SOCK_DEAD)) {
1259 unix_state_unlock(other);
1264 err = -ECONNREFUSED;
1265 if (other->sk_state != TCP_LISTEN)
1267 if (other->sk_shutdown & RCV_SHUTDOWN)
1270 if (unix_recvq_full(other)) {
1275 timeo = unix_wait_for_peer(other, timeo);
1277 err = sock_intr_errno(timeo);
1278 if (signal_pending(current))
1286 It is tricky place. We need to grab our state lock and cannot
1287 drop lock on peer. It is dangerous because deadlock is
1288 possible. Connect to self case and simultaneous
1289 attempt to connect are eliminated by checking socket
1290 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1291 check this before attempt to grab lock.
1293 Well, and we have to recheck the state after socket locked.
1299 /* This is ok... continue with connect */
1301 case TCP_ESTABLISHED:
1302 /* Socket is already connected */
1310 unix_state_lock_nested(sk);
1312 if (sk->sk_state != st) {
1313 unix_state_unlock(sk);
1314 unix_state_unlock(other);
1319 err = security_unix_stream_connect(sk, other, newsk);
1321 unix_state_unlock(sk);
1325 /* The way is open! Fastly set all the necessary fields... */
1328 unix_peer(newsk) = sk;
1329 newsk->sk_state = TCP_ESTABLISHED;
1330 newsk->sk_type = sk->sk_type;
1331 init_peercred(newsk);
1332 newu = unix_sk(newsk);
1333 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1334 otheru = unix_sk(other);
1336 /* copy address information from listening to new sock
1338 * The contents of *(otheru->addr) and otheru->path
1339 * are seen fully set up here, since we have found
1340 * otheru in hash under unix_table_lock. Insertion
1341 * into the hash chain we'd found it in had been done
1342 * in an earlier critical area protected by unix_table_lock,
1343 * the same one where we'd set *(otheru->addr) contents,
1344 * as well as otheru->path and otheru->addr itself.
1346 * Using smp_store_release() here to set newu->addr
1347 * is enough to make those stores, as well as stores
1348 * to newu->path visible to anyone who gets newu->addr
1349 * by smp_load_acquire(). IOW, the same warranties
1350 * as for unix_sock instances bound in unix_bind() or
1351 * in unix_autobind().
1353 if (otheru->path.dentry) {
1354 path_get(&otheru->path);
1355 newu->path = otheru->path;
1357 refcount_inc(&otheru->addr->refcnt);
1358 smp_store_release(&newu->addr, otheru->addr);
1360 /* Set credentials */
1361 copy_peercred(sk, other);
1363 sock->state = SS_CONNECTED;
1364 sk->sk_state = TCP_ESTABLISHED;
1367 smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */
1368 unix_peer(sk) = newsk;
1370 unix_state_unlock(sk);
1372 /* take ten and and send info to listening sock */
1373 spin_lock(&other->sk_receive_queue.lock);
1374 __skb_queue_tail(&other->sk_receive_queue, skb);
1375 spin_unlock(&other->sk_receive_queue.lock);
1376 unix_state_unlock(other);
1377 other->sk_data_ready(other);
1383 unix_state_unlock(other);
1388 unix_release_sock(newsk, 0);
1394 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1396 struct sock *ska = socka->sk, *skb = sockb->sk;
1398 /* Join our sockets back to back */
1401 unix_peer(ska) = skb;
1402 unix_peer(skb) = ska;
1406 if (ska->sk_type != SOCK_DGRAM) {
1407 ska->sk_state = TCP_ESTABLISHED;
1408 skb->sk_state = TCP_ESTABLISHED;
1409 socka->state = SS_CONNECTED;
1410 sockb->state = SS_CONNECTED;
1415 static void unix_sock_inherit_flags(const struct socket *old,
1418 if (test_bit(SOCK_PASSCRED, &old->flags))
1419 set_bit(SOCK_PASSCRED, &new->flags);
1420 if (test_bit(SOCK_PASSSEC, &old->flags))
1421 set_bit(SOCK_PASSSEC, &new->flags);
1424 static int unix_accept(struct socket *sock, struct socket *newsock, int flags,
1427 struct sock *sk = sock->sk;
1429 struct sk_buff *skb;
1433 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1437 if (sk->sk_state != TCP_LISTEN)
1440 /* If socket state is TCP_LISTEN it cannot change (for now...),
1441 * so that no locks are necessary.
1444 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1446 /* This means receive shutdown. */
1453 skb_free_datagram(sk, skb);
1454 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1456 /* attach accepted sock to socket */
1457 unix_state_lock(tsk);
1458 newsock->state = SS_CONNECTED;
1459 unix_sock_inherit_flags(sock, newsock);
1460 sock_graft(tsk, newsock);
1461 unix_state_unlock(tsk);
1469 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer)
1471 struct sock *sk = sock->sk;
1472 struct unix_address *addr;
1473 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1477 sk = unix_peer_get(sk);
1487 addr = smp_load_acquire(&unix_sk(sk)->addr);
1489 sunaddr->sun_family = AF_UNIX;
1490 sunaddr->sun_path[0] = 0;
1491 err = sizeof(short);
1494 memcpy(sunaddr, addr->name, addr->len);
1501 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1505 UNIXCB(skb).pid = get_pid(scm->pid);
1506 UNIXCB(skb).uid = scm->creds.uid;
1507 UNIXCB(skb).gid = scm->creds.gid;
1508 UNIXCB(skb).fp = NULL;
1509 unix_get_secdata(scm, skb);
1510 if (scm->fp && send_fds)
1511 err = unix_attach_fds(scm, skb);
1513 skb->destructor = unix_destruct_scm;
1517 static bool unix_passcred_enabled(const struct socket *sock,
1518 const struct sock *other)
1520 return test_bit(SOCK_PASSCRED, &sock->flags) ||
1521 !other->sk_socket ||
1522 test_bit(SOCK_PASSCRED, &other->sk_socket->flags);
1526 * Some apps rely on write() giving SCM_CREDENTIALS
1527 * We include credentials if source or destination socket
1528 * asserted SOCK_PASSCRED.
1530 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1531 const struct sock *other)
1533 if (UNIXCB(skb).pid)
1535 if (unix_passcred_enabled(sock, other)) {
1536 UNIXCB(skb).pid = get_pid(task_tgid(current));
1537 current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid);
1541 static int maybe_init_creds(struct scm_cookie *scm,
1542 struct socket *socket,
1543 const struct sock *other)
1546 struct msghdr msg = { .msg_controllen = 0 };
1548 err = scm_send(socket, &msg, scm, false);
1552 if (unix_passcred_enabled(socket, other)) {
1553 scm->pid = get_pid(task_tgid(current));
1554 current_uid_gid(&scm->creds.uid, &scm->creds.gid);
1559 static bool unix_skb_scm_eq(struct sk_buff *skb,
1560 struct scm_cookie *scm)
1562 const struct unix_skb_parms *u = &UNIXCB(skb);
1564 return u->pid == scm->pid &&
1565 uid_eq(u->uid, scm->creds.uid) &&
1566 gid_eq(u->gid, scm->creds.gid) &&
1567 unix_secdata_eq(scm, skb);
1571 * Send AF_UNIX data.
1574 static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
1577 struct sock *sk = sock->sk;
1578 struct net *net = sock_net(sk);
1579 struct unix_sock *u = unix_sk(sk);
1580 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
1581 struct sock *other = NULL;
1582 int namelen = 0; /* fake GCC */
1585 struct sk_buff *skb;
1587 struct scm_cookie scm;
1592 err = scm_send(sock, msg, &scm, false);
1597 if (msg->msg_flags&MSG_OOB)
1600 if (msg->msg_namelen) {
1601 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1608 other = unix_peer_get(sk);
1613 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1614 && (err = unix_autobind(sock)) != 0)
1618 if (len > sk->sk_sndbuf - 32)
1621 if (len > SKB_MAX_ALLOC) {
1622 data_len = min_t(size_t,
1623 len - SKB_MAX_ALLOC,
1624 MAX_SKB_FRAGS * PAGE_SIZE);
1625 data_len = PAGE_ALIGN(data_len);
1627 BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE);
1630 skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1631 msg->msg_flags & MSG_DONTWAIT, &err,
1632 PAGE_ALLOC_COSTLY_ORDER);
1636 err = unix_scm_to_skb(&scm, skb, true);
1640 skb_put(skb, len - data_len);
1641 skb->data_len = data_len;
1643 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len);
1647 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1652 if (sunaddr == NULL)
1655 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1661 if (sk_filter(other, skb) < 0) {
1662 /* Toss the packet but do not return any error to the sender */
1668 unix_state_lock(other);
1671 if (!unix_may_send(sk, other))
1674 if (unlikely(sock_flag(other, SOCK_DEAD))) {
1676 * Check with 1003.1g - what should
1679 unix_state_unlock(other);
1683 unix_state_lock(sk);
1686 if (unix_peer(sk) == other) {
1687 unix_peer(sk) = NULL;
1688 unix_dgram_peer_wake_disconnect_wakeup(sk, other);
1690 unix_state_unlock(sk);
1692 unix_dgram_disconnected(sk, other);
1694 err = -ECONNREFUSED;
1696 unix_state_unlock(sk);
1706 if (other->sk_shutdown & RCV_SHUTDOWN)
1709 if (sk->sk_type != SOCK_SEQPACKET) {
1710 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1715 /* other == sk && unix_peer(other) != sk if
1716 * - unix_peer(sk) == NULL, destination address bound to sk
1717 * - unix_peer(sk) == sk by time of get but disconnected before lock
1720 unlikely(unix_peer(other) != sk && unix_recvq_full(other))) {
1722 timeo = unix_wait_for_peer(other, timeo);
1724 err = sock_intr_errno(timeo);
1725 if (signal_pending(current))
1732 unix_state_unlock(other);
1733 unix_state_double_lock(sk, other);
1736 if (unix_peer(sk) != other ||
1737 unix_dgram_peer_wake_me(sk, other)) {
1745 goto restart_locked;
1749 if (unlikely(sk_locked))
1750 unix_state_unlock(sk);
1752 if (sock_flag(other, SOCK_RCVTSTAMP))
1753 __net_timestamp(skb);
1754 maybe_add_creds(skb, sock, other);
1755 skb_queue_tail(&other->sk_receive_queue, skb);
1756 unix_state_unlock(other);
1757 other->sk_data_ready(other);
1764 unix_state_unlock(sk);
1765 unix_state_unlock(other);
1775 /* We use paged skbs for stream sockets, and limit occupancy to 32768
1776 * bytes, and a minimum of a full page.
1778 #define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768))
1780 static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
1783 struct sock *sk = sock->sk;
1784 struct sock *other = NULL;
1786 struct sk_buff *skb;
1788 struct scm_cookie scm;
1789 bool fds_sent = false;
1793 err = scm_send(sock, msg, &scm, false);
1798 if (msg->msg_flags&MSG_OOB)
1801 if (msg->msg_namelen) {
1802 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1806 other = unix_peer(sk);
1811 if (sk->sk_shutdown & SEND_SHUTDOWN)
1814 while (sent < len) {
1817 /* Keep two messages in the pipe so it schedules better */
1818 size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64);
1820 /* allow fallback to order-0 allocations */
1821 size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ);
1823 data_len = max_t(int, 0, size - SKB_MAX_HEAD(0));
1825 data_len = min_t(size_t, size, PAGE_ALIGN(data_len));
1827 skb = sock_alloc_send_pskb(sk, size - data_len, data_len,
1828 msg->msg_flags & MSG_DONTWAIT, &err,
1829 get_order(UNIX_SKB_FRAGS_SZ));
1833 /* Only send the fds in the first buffer */
1834 err = unix_scm_to_skb(&scm, skb, !fds_sent);
1841 skb_put(skb, size - data_len);
1842 skb->data_len = data_len;
1844 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size);
1850 unix_state_lock(other);
1852 if (sock_flag(other, SOCK_DEAD) ||
1853 (other->sk_shutdown & RCV_SHUTDOWN))
1856 maybe_add_creds(skb, sock, other);
1857 skb_queue_tail(&other->sk_receive_queue, skb);
1858 unix_state_unlock(other);
1859 other->sk_data_ready(other);
1868 unix_state_unlock(other);
1871 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1872 send_sig(SIGPIPE, current, 0);
1876 return sent ? : err;
1879 static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page,
1880 int offset, size_t size, int flags)
1883 bool send_sigpipe = false;
1884 bool init_scm = true;
1885 struct scm_cookie scm;
1886 struct sock *other, *sk = socket->sk;
1887 struct sk_buff *skb, *newskb = NULL, *tail = NULL;
1889 if (flags & MSG_OOB)
1892 other = unix_peer(sk);
1893 if (!other || sk->sk_state != TCP_ESTABLISHED)
1898 unix_state_unlock(other);
1899 mutex_unlock(&unix_sk(other)->iolock);
1900 newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT,
1906 /* we must acquire iolock as we modify already present
1907 * skbs in the sk_receive_queue and mess with skb->len
1909 err = mutex_lock_interruptible(&unix_sk(other)->iolock);
1911 err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS;
1915 if (sk->sk_shutdown & SEND_SHUTDOWN) {
1917 send_sigpipe = true;
1921 unix_state_lock(other);
1923 if (sock_flag(other, SOCK_DEAD) ||
1924 other->sk_shutdown & RCV_SHUTDOWN) {
1926 send_sigpipe = true;
1927 goto err_state_unlock;
1931 err = maybe_init_creds(&scm, socket, other);
1933 goto err_state_unlock;
1937 skb = skb_peek_tail(&other->sk_receive_queue);
1938 if (tail && tail == skb) {
1940 } else if (!skb || !unix_skb_scm_eq(skb, &scm)) {
1947 } else if (newskb) {
1948 /* this is fast path, we don't necessarily need to
1949 * call to kfree_skb even though with newskb == NULL
1950 * this - does no harm
1952 consume_skb(newskb);
1956 if (skb_append_pagefrags(skb, page, offset, size)) {
1962 skb->data_len += size;
1963 skb->truesize += size;
1964 refcount_add(size, &sk->sk_wmem_alloc);
1967 err = unix_scm_to_skb(&scm, skb, false);
1969 goto err_state_unlock;
1970 spin_lock(&other->sk_receive_queue.lock);
1971 __skb_queue_tail(&other->sk_receive_queue, newskb);
1972 spin_unlock(&other->sk_receive_queue.lock);
1975 unix_state_unlock(other);
1976 mutex_unlock(&unix_sk(other)->iolock);
1978 other->sk_data_ready(other);
1983 unix_state_unlock(other);
1985 mutex_unlock(&unix_sk(other)->iolock);
1988 if (send_sigpipe && !(flags & MSG_NOSIGNAL))
1989 send_sig(SIGPIPE, current, 0);
1995 static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
1999 struct sock *sk = sock->sk;
2001 err = sock_error(sk);
2005 if (sk->sk_state != TCP_ESTABLISHED)
2008 if (msg->msg_namelen)
2009 msg->msg_namelen = 0;
2011 return unix_dgram_sendmsg(sock, msg, len);
2014 static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg,
2015 size_t size, int flags)
2017 struct sock *sk = sock->sk;
2019 if (sk->sk_state != TCP_ESTABLISHED)
2022 return unix_dgram_recvmsg(sock, msg, size, flags);
2025 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
2027 struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr);
2030 msg->msg_namelen = addr->len;
2031 memcpy(msg->msg_name, addr->name, addr->len);
2035 static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg,
2036 size_t size, int flags)
2038 struct scm_cookie scm;
2039 struct sock *sk = sock->sk;
2040 struct unix_sock *u = unix_sk(sk);
2041 struct sk_buff *skb, *last;
2050 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
2053 mutex_lock(&u->iolock);
2055 skip = sk_peek_offset(sk, flags);
2056 skb = __skb_try_recv_datagram(sk, flags, NULL, &skip, &err,
2061 mutex_unlock(&u->iolock);
2066 !__skb_wait_for_more_packets(sk, &err, &timeo, last));
2068 if (!skb) { /* implies iolock unlocked */
2069 unix_state_lock(sk);
2070 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
2071 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
2072 (sk->sk_shutdown & RCV_SHUTDOWN))
2074 unix_state_unlock(sk);
2078 if (wq_has_sleeper(&u->peer_wait))
2079 wake_up_interruptible_sync_poll(&u->peer_wait,
2080 EPOLLOUT | EPOLLWRNORM |
2084 unix_copy_addr(msg, skb->sk);
2086 if (size > skb->len - skip)
2087 size = skb->len - skip;
2088 else if (size < skb->len - skip)
2089 msg->msg_flags |= MSG_TRUNC;
2091 err = skb_copy_datagram_msg(skb, skip, msg, size);
2095 if (sock_flag(sk, SOCK_RCVTSTAMP))
2096 __sock_recv_timestamp(msg, sk, skb);
2098 memset(&scm, 0, sizeof(scm));
2100 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2101 unix_set_secdata(&scm, skb);
2103 if (!(flags & MSG_PEEK)) {
2105 unix_detach_fds(&scm, skb);
2107 sk_peek_offset_bwd(sk, skb->len);
2109 /* It is questionable: on PEEK we could:
2110 - do not return fds - good, but too simple 8)
2111 - return fds, and do not return them on read (old strategy,
2113 - clone fds (I chose it for now, it is the most universal
2116 POSIX 1003.1g does not actually define this clearly
2117 at all. POSIX 1003.1g doesn't define a lot of things
2122 sk_peek_offset_fwd(sk, size);
2125 scm.fp = scm_fp_dup(UNIXCB(skb).fp);
2127 err = (flags & MSG_TRUNC) ? skb->len - skip : size;
2129 scm_recv(sock, msg, &scm, flags);
2132 skb_free_datagram(sk, skb);
2133 mutex_unlock(&u->iolock);
2139 * Sleep until more data has arrived. But check for races..
2141 static long unix_stream_data_wait(struct sock *sk, long timeo,
2142 struct sk_buff *last, unsigned int last_len,
2145 struct sk_buff *tail;
2148 unix_state_lock(sk);
2151 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2153 tail = skb_peek_tail(&sk->sk_receive_queue);
2155 (tail && tail->len != last_len) ||
2157 (sk->sk_shutdown & RCV_SHUTDOWN) ||
2158 signal_pending(current) ||
2162 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2163 unix_state_unlock(sk);
2165 timeo = freezable_schedule_timeout(timeo);
2167 timeo = schedule_timeout(timeo);
2168 unix_state_lock(sk);
2170 if (sock_flag(sk, SOCK_DEAD))
2173 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2176 finish_wait(sk_sleep(sk), &wait);
2177 unix_state_unlock(sk);
2181 static unsigned int unix_skb_len(const struct sk_buff *skb)
2183 return skb->len - UNIXCB(skb).consumed;
2186 struct unix_stream_read_state {
2187 int (*recv_actor)(struct sk_buff *, int, int,
2188 struct unix_stream_read_state *);
2189 struct socket *socket;
2191 struct pipe_inode_info *pipe;
2194 unsigned int splice_flags;
2197 static int unix_stream_read_generic(struct unix_stream_read_state *state,
2200 struct scm_cookie scm;
2201 struct socket *sock = state->socket;
2202 struct sock *sk = sock->sk;
2203 struct unix_sock *u = unix_sk(sk);
2205 int flags = state->flags;
2206 int noblock = flags & MSG_DONTWAIT;
2207 bool check_creds = false;
2212 size_t size = state->size;
2213 unsigned int last_len;
2215 if (unlikely(sk->sk_state != TCP_ESTABLISHED)) {
2220 if (unlikely(flags & MSG_OOB)) {
2225 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
2226 timeo = sock_rcvtimeo(sk, noblock);
2228 memset(&scm, 0, sizeof(scm));
2230 /* Lock the socket to prevent queue disordering
2231 * while sleeps in memcpy_tomsg
2233 mutex_lock(&u->iolock);
2235 skip = max(sk_peek_offset(sk, flags), 0);
2240 struct sk_buff *skb, *last;
2243 unix_state_lock(sk);
2244 if (sock_flag(sk, SOCK_DEAD)) {
2248 last = skb = skb_peek(&sk->sk_receive_queue);
2249 last_len = last ? last->len : 0;
2252 if (copied >= target)
2256 * POSIX 1003.1g mandates this order.
2259 err = sock_error(sk);
2262 if (sk->sk_shutdown & RCV_SHUTDOWN)
2265 unix_state_unlock(sk);
2271 mutex_unlock(&u->iolock);
2273 timeo = unix_stream_data_wait(sk, timeo, last,
2274 last_len, freezable);
2276 if (signal_pending(current)) {
2277 err = sock_intr_errno(timeo);
2282 mutex_lock(&u->iolock);
2285 unix_state_unlock(sk);
2289 while (skip >= unix_skb_len(skb)) {
2290 skip -= unix_skb_len(skb);
2292 last_len = skb->len;
2293 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2298 unix_state_unlock(sk);
2301 /* Never glue messages from different writers */
2302 if (!unix_skb_scm_eq(skb, &scm))
2304 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
2305 /* Copy credentials */
2306 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2307 unix_set_secdata(&scm, skb);
2311 /* Copy address just once */
2312 if (state->msg && state->msg->msg_name) {
2313 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
2314 state->msg->msg_name);
2315 unix_copy_addr(state->msg, skb->sk);
2319 chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
2321 chunk = state->recv_actor(skb, skip, chunk, state);
2322 drop_skb = !unix_skb_len(skb);
2323 /* skb is only safe to use if !drop_skb */
2334 /* the skb was touched by a concurrent reader;
2335 * we should not expect anything from this skb
2336 * anymore and assume it invalid - we can be
2337 * sure it was dropped from the socket queue
2339 * let's report a short read
2345 /* Mark read part of skb as used */
2346 if (!(flags & MSG_PEEK)) {
2347 UNIXCB(skb).consumed += chunk;
2349 sk_peek_offset_bwd(sk, chunk);
2352 unix_detach_fds(&scm, skb);
2354 if (unix_skb_len(skb))
2357 skb_unlink(skb, &sk->sk_receive_queue);
2363 /* It is questionable, see note in unix_dgram_recvmsg.
2366 scm.fp = scm_fp_dup(UNIXCB(skb).fp);
2368 sk_peek_offset_fwd(sk, chunk);
2375 last_len = skb->len;
2376 unix_state_lock(sk);
2377 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2380 unix_state_unlock(sk);
2385 mutex_unlock(&u->iolock);
2387 scm_recv(sock, state->msg, &scm, flags);
2391 return copied ? : err;
2394 static int unix_stream_read_actor(struct sk_buff *skb,
2395 int skip, int chunk,
2396 struct unix_stream_read_state *state)
2400 ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
2402 return ret ?: chunk;
2405 static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
2406 size_t size, int flags)
2408 struct unix_stream_read_state state = {
2409 .recv_actor = unix_stream_read_actor,
2416 return unix_stream_read_generic(&state, true);
2419 static int unix_stream_splice_actor(struct sk_buff *skb,
2420 int skip, int chunk,
2421 struct unix_stream_read_state *state)
2423 return skb_splice_bits(skb, state->socket->sk,
2424 UNIXCB(skb).consumed + skip,
2425 state->pipe, chunk, state->splice_flags);
2428 static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos,
2429 struct pipe_inode_info *pipe,
2430 size_t size, unsigned int flags)
2432 struct unix_stream_read_state state = {
2433 .recv_actor = unix_stream_splice_actor,
2437 .splice_flags = flags,
2440 if (unlikely(*ppos))
2443 if (sock->file->f_flags & O_NONBLOCK ||
2444 flags & SPLICE_F_NONBLOCK)
2445 state.flags = MSG_DONTWAIT;
2447 return unix_stream_read_generic(&state, false);
2450 static int unix_shutdown(struct socket *sock, int mode)
2452 struct sock *sk = sock->sk;
2455 if (mode < SHUT_RD || mode > SHUT_RDWR)
2458 * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2459 * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2460 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2464 unix_state_lock(sk);
2465 sk->sk_shutdown |= mode;
2466 other = unix_peer(sk);
2469 unix_state_unlock(sk);
2470 sk->sk_state_change(sk);
2473 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2477 if (mode&RCV_SHUTDOWN)
2478 peer_mode |= SEND_SHUTDOWN;
2479 if (mode&SEND_SHUTDOWN)
2480 peer_mode |= RCV_SHUTDOWN;
2481 unix_state_lock(other);
2482 other->sk_shutdown |= peer_mode;
2483 unix_state_unlock(other);
2484 other->sk_state_change(other);
2485 if (peer_mode == SHUTDOWN_MASK)
2486 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2487 else if (peer_mode & RCV_SHUTDOWN)
2488 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2496 long unix_inq_len(struct sock *sk)
2498 struct sk_buff *skb;
2501 if (sk->sk_state == TCP_LISTEN)
2504 spin_lock(&sk->sk_receive_queue.lock);
2505 if (sk->sk_type == SOCK_STREAM ||
2506 sk->sk_type == SOCK_SEQPACKET) {
2507 skb_queue_walk(&sk->sk_receive_queue, skb)
2508 amount += unix_skb_len(skb);
2510 skb = skb_peek(&sk->sk_receive_queue);
2514 spin_unlock(&sk->sk_receive_queue.lock);
2518 EXPORT_SYMBOL_GPL(unix_inq_len);
2520 long unix_outq_len(struct sock *sk)
2522 return sk_wmem_alloc_get(sk);
2524 EXPORT_SYMBOL_GPL(unix_outq_len);
2526 static int unix_open_file(struct sock *sk)
2532 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2535 if (!smp_load_acquire(&unix_sk(sk)->addr))
2538 path = unix_sk(sk)->path;
2544 fd = get_unused_fd_flags(O_CLOEXEC);
2548 f = dentry_open(&path, O_PATH, current_cred());
2562 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2564 struct sock *sk = sock->sk;
2570 amount = unix_outq_len(sk);
2571 err = put_user(amount, (int __user *)arg);
2574 amount = unix_inq_len(sk);
2578 err = put_user(amount, (int __user *)arg);
2581 err = unix_open_file(sk);
2590 static __poll_t unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2592 struct sock *sk = sock->sk;
2595 sock_poll_wait(file, sock, wait);
2598 /* exceptional events? */
2601 if (sk->sk_shutdown == SHUTDOWN_MASK)
2603 if (sk->sk_shutdown & RCV_SHUTDOWN)
2604 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2607 if (!skb_queue_empty(&sk->sk_receive_queue))
2608 mask |= EPOLLIN | EPOLLRDNORM;
2610 /* Connection-based need to check for termination and startup */
2611 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2612 sk->sk_state == TCP_CLOSE)
2616 * we set writable also when the other side has shut down the
2617 * connection. This prevents stuck sockets.
2619 if (unix_writable(sk))
2620 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2625 static __poll_t unix_dgram_poll(struct file *file, struct socket *sock,
2628 struct sock *sk = sock->sk, *other;
2629 unsigned int writable;
2632 sock_poll_wait(file, sock, wait);
2635 /* exceptional events? */
2636 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2638 (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0);
2640 if (sk->sk_shutdown & RCV_SHUTDOWN)
2641 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2642 if (sk->sk_shutdown == SHUTDOWN_MASK)
2646 if (!skb_queue_empty(&sk->sk_receive_queue))
2647 mask |= EPOLLIN | EPOLLRDNORM;
2649 /* Connection-based need to check for termination and startup */
2650 if (sk->sk_type == SOCK_SEQPACKET) {
2651 if (sk->sk_state == TCP_CLOSE)
2653 /* connection hasn't started yet? */
2654 if (sk->sk_state == TCP_SYN_SENT)
2658 /* No write status requested, avoid expensive OUT tests. */
2659 if (!(poll_requested_events(wait) & (EPOLLWRBAND|EPOLLWRNORM|EPOLLOUT)))
2662 writable = unix_writable(sk);
2664 unix_state_lock(sk);
2666 other = unix_peer(sk);
2667 if (other && unix_peer(other) != sk &&
2668 unix_recvq_full(other) &&
2669 unix_dgram_peer_wake_me(sk, other))
2672 unix_state_unlock(sk);
2676 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2678 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2683 #ifdef CONFIG_PROC_FS
2685 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2687 #define get_bucket(x) ((x) >> BUCKET_SPACE)
2688 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2689 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2691 static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
2693 unsigned long offset = get_offset(*pos);
2694 unsigned long bucket = get_bucket(*pos);
2696 unsigned long count = 0;
2698 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
2699 if (sock_net(sk) != seq_file_net(seq))
2701 if (++count == offset)
2708 static struct sock *unix_next_socket(struct seq_file *seq,
2712 unsigned long bucket;
2714 while (sk > (struct sock *)SEQ_START_TOKEN) {
2718 if (sock_net(sk) == seq_file_net(seq))
2723 sk = unix_from_bucket(seq, pos);
2728 bucket = get_bucket(*pos) + 1;
2729 *pos = set_bucket_offset(bucket, 1);
2730 } while (bucket < ARRAY_SIZE(unix_socket_table));
2735 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2736 __acquires(unix_table_lock)
2738 spin_lock(&unix_table_lock);
2741 return SEQ_START_TOKEN;
2743 if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
2746 return unix_next_socket(seq, NULL, pos);
2749 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2752 return unix_next_socket(seq, v, pos);
2755 static void unix_seq_stop(struct seq_file *seq, void *v)
2756 __releases(unix_table_lock)
2758 spin_unlock(&unix_table_lock);
2761 static int unix_seq_show(struct seq_file *seq, void *v)
2764 if (v == SEQ_START_TOKEN)
2765 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2769 struct unix_sock *u = unix_sk(s);
2772 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2774 refcount_read(&s->sk_refcnt),
2776 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2779 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2780 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2783 if (u->addr) { // under unix_table_lock here
2788 len = u->addr->len - sizeof(short);
2789 if (!UNIX_ABSTRACT(s))
2795 for ( ; i < len; i++)
2796 seq_putc(seq, u->addr->name->sun_path[i] ?:
2799 unix_state_unlock(s);
2800 seq_putc(seq, '\n');
2806 static const struct seq_operations unix_seq_ops = {
2807 .start = unix_seq_start,
2808 .next = unix_seq_next,
2809 .stop = unix_seq_stop,
2810 .show = unix_seq_show,
2814 static const struct net_proto_family unix_family_ops = {
2816 .create = unix_create,
2817 .owner = THIS_MODULE,
2821 static int __net_init unix_net_init(struct net *net)
2823 int error = -ENOMEM;
2825 net->unx.sysctl_max_dgram_qlen = 10;
2826 if (unix_sysctl_register(net))
2829 #ifdef CONFIG_PROC_FS
2830 if (!proc_create_net("unix", 0, net->proc_net, &unix_seq_ops,
2831 sizeof(struct seq_net_private))) {
2832 unix_sysctl_unregister(net);
2841 static void __net_exit unix_net_exit(struct net *net)
2843 unix_sysctl_unregister(net);
2844 remove_proc_entry("unix", net->proc_net);
2847 static struct pernet_operations unix_net_ops = {
2848 .init = unix_net_init,
2849 .exit = unix_net_exit,
2852 static int __init af_unix_init(void)
2856 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > FIELD_SIZEOF(struct sk_buff, cb));
2858 rc = proto_register(&unix_proto, 1);
2860 pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__);
2864 sock_register(&unix_family_ops);
2865 register_pernet_subsys(&unix_net_ops);
2870 static void __exit af_unix_exit(void)
2872 sock_unregister(PF_UNIX);
2873 proto_unregister(&unix_proto);
2874 unregister_pernet_subsys(&unix_net_ops);
2877 /* Earlier than device_initcall() so that other drivers invoking
2878 request_module() don't end up in a loop when modprobe tries
2879 to use a UNIX socket. But later than subsys_initcall() because
2880 we depend on stuff initialised there */
2881 fs_initcall(af_unix_init);
2882 module_exit(af_unix_exit);
2884 MODULE_LICENSE("GPL");
2885 MODULE_ALIAS_NETPROTO(PF_UNIX);
projects / linux-2.6-microblaze.git / blob