1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * NET4: Implementation of BSD Unix domain sockets.
5 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
8 * Linus Torvalds : Assorted bug cures.
9 * Niibe Yutaka : async I/O support.
10 * Carsten Paeth : PF_UNIX check, address fixes.
11 * Alan Cox : Limit size of allocated blocks.
12 * Alan Cox : Fixed the stupid socketpair bug.
13 * Alan Cox : BSD compatibility fine tuning.
14 * Alan Cox : Fixed a bug in connect when interrupted.
15 * Alan Cox : Sorted out a proper draft version of
16 * file descriptor passing hacked up from
18 * Marty Leisner : Fixes to fd passing
19 * Nick Nevin : recvmsg bugfix.
20 * Alan Cox : Started proper garbage collector
21 * Heiko EiBfeldt : Missing verify_area check
22 * Alan Cox : Started POSIXisms
23 * Andreas Schwab : Replace inode by dentry for proper
25 * Kirk Petersen : Made this a module
26 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
28 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
29 * by above two patches.
30 * Andrea Arcangeli : If possible we block in connect(2)
31 * if the max backlog of the listen socket
32 * is been reached. This won't break
33 * old apps and it will avoid huge amount
34 * of socks hashed (this for unix_gc()
35 * performances reasons).
36 * Security fix that limits the max
37 * number of socks to 2*max_files and
38 * the number of skb queueable in the
40 * Artur Skawina : Hash function optimizations
41 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
42 * Malcolm Beattie : Set peercred for socketpair
43 * Michal Ostrowski : Module initialization cleanup.
44 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
45 * the core infrastructure is doing that
46 * for all net proto families now (2.5.69+)
48 * Known differences from reference BSD that was tested:
51 * ECONNREFUSED is not returned from one end of a connected() socket to the
52 * other the moment one end closes.
53 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
54 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
56 * accept() returns a path name even if the connecting socket has closed
57 * in the meantime (BSD loses the path and gives up).
58 * accept() returns 0 length path for an unbound connector. BSD returns 16
59 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
60 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
61 * BSD af_unix apparently has connect forgetting to block properly.
62 * (need to check this with the POSIX spec in detail)
64 * Differences from 2.0.0-11-... (ANK)
65 * Bug fixes and improvements.
66 * - client shutdown killed server socket.
67 * - removed all useless cli/sti pairs.
69 * Semantic changes/extensions.
70 * - generic control message passing.
71 * - SCM_CREDENTIALS control message.
72 * - "Abstract" (not FS based) socket bindings.
73 * Abstract names are sequences of bytes (not zero terminated)
74 * started by 0, so that this name space does not intersect
78 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
80 #include <linux/module.h>
81 #include <linux/kernel.h>
82 #include <linux/signal.h>
83 #include <linux/sched/signal.h>
84 #include <linux/errno.h>
85 #include <linux/string.h>
86 #include <linux/stat.h>
87 #include <linux/dcache.h>
88 #include <linux/namei.h>
89 #include <linux/socket.h>
91 #include <linux/fcntl.h>
92 #include <linux/termios.h>
93 #include <linux/sockios.h>
94 #include <linux/net.h>
97 #include <linux/slab.h>
98 #include <linux/uaccess.h>
99 #include <linux/skbuff.h>
100 #include <linux/netdevice.h>
101 #include <net/net_namespace.h>
102 #include <net/sock.h>
103 #include <net/tcp_states.h>
104 #include <net/af_unix.h>
105 #include <linux/proc_fs.h>
106 #include <linux/seq_file.h>
108 #include <linux/init.h>
109 #include <linux/poll.h>
110 #include <linux/rtnetlink.h>
111 #include <linux/mount.h>
112 #include <net/checksum.h>
113 #include <linux/security.h>
114 #include <linux/freezer.h>
115 #include <linux/file.h>
119 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
120 EXPORT_SYMBOL_GPL(unix_socket_table);
121 DEFINE_SPINLOCK(unix_table_lock);
122 EXPORT_SYMBOL_GPL(unix_table_lock);
123 static atomic_long_t unix_nr_socks;
126 static struct hlist_head *unix_sockets_unbound(void *addr)
128 unsigned long hash = (unsigned long)addr;
132 hash %= UNIX_HASH_SIZE;
133 return &unix_socket_table[UNIX_HASH_SIZE + hash];
136 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
138 #ifdef CONFIG_SECURITY_NETWORK
139 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
141 UNIXCB(skb).secid = scm->secid;
144 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
146 scm->secid = UNIXCB(skb).secid;
149 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
151 return (scm->secid == UNIXCB(skb).secid);
154 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
157 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
160 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
164 #endif /* CONFIG_SECURITY_NETWORK */
167 * SMP locking strategy:
168 * hash table is protected with spinlock unix_table_lock
169 * each socket state is protected by separate spin lock.
172 static inline unsigned int unix_hash_fold(__wsum n)
174 unsigned int hash = (__force unsigned int)csum_fold(n);
177 return hash&(UNIX_HASH_SIZE-1);
180 #define unix_peer(sk) (unix_sk(sk)->peer)
182 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
184 return unix_peer(osk) == sk;
187 static inline int unix_may_send(struct sock *sk, struct sock *osk)
189 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
192 static inline int unix_recvq_full(struct sock const *sk)
194 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
197 struct sock *unix_peer_get(struct sock *s)
205 unix_state_unlock(s);
208 EXPORT_SYMBOL_GPL(unix_peer_get);
210 static inline void unix_release_addr(struct unix_address *addr)
212 if (refcount_dec_and_test(&addr->refcnt))
217 * Check unix socket name:
218 * - should be not zero length.
219 * - if started by not zero, should be NULL terminated (FS object)
220 * - if started by zero, it is abstract name.
223 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
227 if (len <= sizeof(short) || len > sizeof(*sunaddr))
229 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
231 if (sunaddr->sun_path[0]) {
233 * This may look like an off by one error but it is a bit more
234 * subtle. 108 is the longest valid AF_UNIX path for a binding.
235 * sun_path[108] doesn't as such exist. However in kernel space
236 * we are guaranteed that it is a valid memory location in our
237 * kernel address buffer.
239 ((char *)sunaddr)[len] = 0;
240 len = strlen(sunaddr->sun_path)+1+sizeof(short);
244 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
248 static void __unix_remove_socket(struct sock *sk)
250 sk_del_node_init(sk);
253 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
255 WARN_ON(!sk_unhashed(sk));
256 sk_add_node(sk, list);
259 static inline void unix_remove_socket(struct sock *sk)
261 spin_lock(&unix_table_lock);
262 __unix_remove_socket(sk);
263 spin_unlock(&unix_table_lock);
266 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
268 spin_lock(&unix_table_lock);
269 __unix_insert_socket(list, sk);
270 spin_unlock(&unix_table_lock);
273 static struct sock *__unix_find_socket_byname(struct net *net,
274 struct sockaddr_un *sunname,
275 int len, int type, unsigned int hash)
279 sk_for_each(s, &unix_socket_table[hash ^ type]) {
280 struct unix_sock *u = unix_sk(s);
282 if (!net_eq(sock_net(s), net))
285 if (u->addr->len == len &&
286 !memcmp(u->addr->name, sunname, len))
292 static inline struct sock *unix_find_socket_byname(struct net *net,
293 struct sockaddr_un *sunname,
299 spin_lock(&unix_table_lock);
300 s = __unix_find_socket_byname(net, sunname, len, type, hash);
303 spin_unlock(&unix_table_lock);
307 static struct sock *unix_find_socket_byinode(struct inode *i)
311 spin_lock(&unix_table_lock);
313 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
314 struct dentry *dentry = unix_sk(s)->path.dentry;
316 if (dentry && d_backing_inode(dentry) == i) {
323 spin_unlock(&unix_table_lock);
327 /* Support code for asymmetrically connected dgram sockets
329 * If a datagram socket is connected to a socket not itself connected
330 * to the first socket (eg, /dev/log), clients may only enqueue more
331 * messages if the present receive queue of the server socket is not
332 * "too large". This means there's a second writeability condition
333 * poll and sendmsg need to test. The dgram recv code will do a wake
334 * up on the peer_wait wait queue of a socket upon reception of a
335 * datagram which needs to be propagated to sleeping would-be writers
336 * since these might not have sent anything so far. This can't be
337 * accomplished via poll_wait because the lifetime of the server
338 * socket might be less than that of its clients if these break their
339 * association with it or if the server socket is closed while clients
340 * are still connected to it and there's no way to inform "a polling
341 * implementation" that it should let go of a certain wait queue
343 * In order to propagate a wake up, a wait_queue_entry_t of the client
344 * socket is enqueued on the peer_wait queue of the server socket
345 * whose wake function does a wake_up on the ordinary client socket
346 * wait queue. This connection is established whenever a write (or
347 * poll for write) hit the flow control condition and broken when the
348 * association to the server socket is dissolved or after a wake up
352 static int unix_dgram_peer_wake_relay(wait_queue_entry_t *q, unsigned mode, int flags,
356 wait_queue_head_t *u_sleep;
358 u = container_of(q, struct unix_sock, peer_wake);
360 __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait,
362 u->peer_wake.private = NULL;
364 /* relaying can only happen while the wq still exists */
365 u_sleep = sk_sleep(&u->sk);
367 wake_up_interruptible_poll(u_sleep, key_to_poll(key));
372 static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other)
374 struct unix_sock *u, *u_other;
378 u_other = unix_sk(other);
380 spin_lock(&u_other->peer_wait.lock);
382 if (!u->peer_wake.private) {
383 u->peer_wake.private = other;
384 __add_wait_queue(&u_other->peer_wait, &u->peer_wake);
389 spin_unlock(&u_other->peer_wait.lock);
393 static void unix_dgram_peer_wake_disconnect(struct sock *sk,
396 struct unix_sock *u, *u_other;
399 u_other = unix_sk(other);
400 spin_lock(&u_other->peer_wait.lock);
402 if (u->peer_wake.private == other) {
403 __remove_wait_queue(&u_other->peer_wait, &u->peer_wake);
404 u->peer_wake.private = NULL;
407 spin_unlock(&u_other->peer_wait.lock);
410 static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk,
413 unix_dgram_peer_wake_disconnect(sk, other);
414 wake_up_interruptible_poll(sk_sleep(sk),
421 * - unix_peer(sk) == other
422 * - association is stable
424 static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
428 connected = unix_dgram_peer_wake_connect(sk, other);
430 /* If other is SOCK_DEAD, we want to make sure we signal
431 * POLLOUT, such that a subsequent write() can get a
432 * -ECONNREFUSED. Otherwise, if we haven't queued any skbs
433 * to other and its full, we will hang waiting for POLLOUT.
435 if (unix_recvq_full(other) && !sock_flag(other, SOCK_DEAD))
439 unix_dgram_peer_wake_disconnect(sk, other);
444 static int unix_writable(const struct sock *sk)
446 return sk->sk_state != TCP_LISTEN &&
447 (refcount_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
450 static void unix_write_space(struct sock *sk)
452 struct socket_wq *wq;
455 if (unix_writable(sk)) {
456 wq = rcu_dereference(sk->sk_wq);
457 if (skwq_has_sleeper(wq))
458 wake_up_interruptible_sync_poll(&wq->wait,
459 EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND);
460 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
465 /* When dgram socket disconnects (or changes its peer), we clear its receive
466 * queue of packets arrived from previous peer. First, it allows to do
467 * flow control based only on wmem_alloc; second, sk connected to peer
468 * may receive messages only from that peer. */
469 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
471 if (!skb_queue_empty(&sk->sk_receive_queue)) {
472 skb_queue_purge(&sk->sk_receive_queue);
473 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
475 /* If one link of bidirectional dgram pipe is disconnected,
476 * we signal error. Messages are lost. Do not make this,
477 * when peer was not connected to us.
479 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
480 other->sk_err = ECONNRESET;
481 other->sk_error_report(other);
486 static void unix_sock_destructor(struct sock *sk)
488 struct unix_sock *u = unix_sk(sk);
490 skb_queue_purge(&sk->sk_receive_queue);
492 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
493 WARN_ON(!sk_unhashed(sk));
494 WARN_ON(sk->sk_socket);
495 if (!sock_flag(sk, SOCK_DEAD)) {
496 pr_info("Attempt to release alive unix socket: %p\n", sk);
501 unix_release_addr(u->addr);
503 atomic_long_dec(&unix_nr_socks);
505 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
507 #ifdef UNIX_REFCNT_DEBUG
508 pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk,
509 atomic_long_read(&unix_nr_socks));
513 static void unix_release_sock(struct sock *sk, int embrion)
515 struct unix_sock *u = unix_sk(sk);
521 unix_remove_socket(sk);
526 sk->sk_shutdown = SHUTDOWN_MASK;
528 u->path.dentry = NULL;
530 state = sk->sk_state;
531 sk->sk_state = TCP_CLOSE;
532 unix_state_unlock(sk);
534 wake_up_interruptible_all(&u->peer_wait);
536 skpair = unix_peer(sk);
538 if (skpair != NULL) {
539 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
540 unix_state_lock(skpair);
542 skpair->sk_shutdown = SHUTDOWN_MASK;
543 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
544 skpair->sk_err = ECONNRESET;
545 unix_state_unlock(skpair);
546 skpair->sk_state_change(skpair);
547 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
550 unix_dgram_peer_wake_disconnect(sk, skpair);
551 sock_put(skpair); /* It may now die */
552 unix_peer(sk) = NULL;
555 /* Try to flush out this socket. Throw out buffers at least */
557 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
558 if (state == TCP_LISTEN)
559 unix_release_sock(skb->sk, 1);
560 /* passed fds are erased in the kfree_skb hook */
561 UNIXCB(skb).consumed = skb->len;
570 /* ---- Socket is dead now and most probably destroyed ---- */
573 * Fixme: BSD difference: In BSD all sockets connected to us get
574 * ECONNRESET and we die on the spot. In Linux we behave
575 * like files and pipes do and wait for the last
578 * Can't we simply set sock->err?
580 * What the above comment does talk about? --ANK(980817)
583 if (unix_tot_inflight)
584 unix_gc(); /* Garbage collect fds */
587 static void init_peercred(struct sock *sk)
589 put_pid(sk->sk_peer_pid);
590 if (sk->sk_peer_cred)
591 put_cred(sk->sk_peer_cred);
592 sk->sk_peer_pid = get_pid(task_tgid(current));
593 sk->sk_peer_cred = get_current_cred();
596 static void copy_peercred(struct sock *sk, struct sock *peersk)
598 put_pid(sk->sk_peer_pid);
599 if (sk->sk_peer_cred)
600 put_cred(sk->sk_peer_cred);
601 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
602 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
605 static int unix_listen(struct socket *sock, int backlog)
608 struct sock *sk = sock->sk;
609 struct unix_sock *u = unix_sk(sk);
610 struct pid *old_pid = NULL;
613 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
614 goto out; /* Only stream/seqpacket sockets accept */
617 goto out; /* No listens on an unbound socket */
619 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
621 if (backlog > sk->sk_max_ack_backlog)
622 wake_up_interruptible_all(&u->peer_wait);
623 sk->sk_max_ack_backlog = backlog;
624 sk->sk_state = TCP_LISTEN;
625 /* set credentials so connect can copy them */
630 unix_state_unlock(sk);
636 static int unix_release(struct socket *);
637 static int unix_bind(struct socket *, struct sockaddr *, int);
638 static int unix_stream_connect(struct socket *, struct sockaddr *,
639 int addr_len, int flags);
640 static int unix_socketpair(struct socket *, struct socket *);
641 static int unix_accept(struct socket *, struct socket *, int, bool);
642 static int unix_getname(struct socket *, struct sockaddr *, int);
643 static __poll_t unix_poll(struct file *, struct socket *, poll_table *);
644 static __poll_t unix_dgram_poll(struct file *, struct socket *,
646 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
647 static int unix_shutdown(struct socket *, int);
648 static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t);
649 static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int);
650 static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset,
651 size_t size, int flags);
652 static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos,
653 struct pipe_inode_info *, size_t size,
655 static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t);
656 static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int);
657 static int unix_dgram_connect(struct socket *, struct sockaddr *,
659 static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t);
660 static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t,
663 static int unix_set_peek_off(struct sock *sk, int val)
665 struct unix_sock *u = unix_sk(sk);
667 if (mutex_lock_interruptible(&u->iolock))
670 sk->sk_peek_off = val;
671 mutex_unlock(&u->iolock);
677 static const struct proto_ops unix_stream_ops = {
679 .owner = THIS_MODULE,
680 .release = unix_release,
682 .connect = unix_stream_connect,
683 .socketpair = unix_socketpair,
684 .accept = unix_accept,
685 .getname = unix_getname,
688 .listen = unix_listen,
689 .shutdown = unix_shutdown,
690 .setsockopt = sock_no_setsockopt,
691 .getsockopt = sock_no_getsockopt,
692 .sendmsg = unix_stream_sendmsg,
693 .recvmsg = unix_stream_recvmsg,
694 .mmap = sock_no_mmap,
695 .sendpage = unix_stream_sendpage,
696 .splice_read = unix_stream_splice_read,
697 .set_peek_off = unix_set_peek_off,
700 static const struct proto_ops unix_dgram_ops = {
702 .owner = THIS_MODULE,
703 .release = unix_release,
705 .connect = unix_dgram_connect,
706 .socketpair = unix_socketpair,
707 .accept = sock_no_accept,
708 .getname = unix_getname,
709 .poll = unix_dgram_poll,
711 .listen = sock_no_listen,
712 .shutdown = unix_shutdown,
713 .setsockopt = sock_no_setsockopt,
714 .getsockopt = sock_no_getsockopt,
715 .sendmsg = unix_dgram_sendmsg,
716 .recvmsg = unix_dgram_recvmsg,
717 .mmap = sock_no_mmap,
718 .sendpage = sock_no_sendpage,
719 .set_peek_off = unix_set_peek_off,
722 static const struct proto_ops unix_seqpacket_ops = {
724 .owner = THIS_MODULE,
725 .release = unix_release,
727 .connect = unix_stream_connect,
728 .socketpair = unix_socketpair,
729 .accept = unix_accept,
730 .getname = unix_getname,
731 .poll = unix_dgram_poll,
733 .listen = unix_listen,
734 .shutdown = unix_shutdown,
735 .setsockopt = sock_no_setsockopt,
736 .getsockopt = sock_no_getsockopt,
737 .sendmsg = unix_seqpacket_sendmsg,
738 .recvmsg = unix_seqpacket_recvmsg,
739 .mmap = sock_no_mmap,
740 .sendpage = sock_no_sendpage,
741 .set_peek_off = unix_set_peek_off,
744 static struct proto unix_proto = {
746 .owner = THIS_MODULE,
747 .obj_size = sizeof(struct unix_sock),
750 static struct sock *unix_create1(struct net *net, struct socket *sock, int kern)
752 struct sock *sk = NULL;
755 atomic_long_inc(&unix_nr_socks);
756 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
759 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, kern);
763 sock_init_data(sock, sk);
765 sk->sk_allocation = GFP_KERNEL_ACCOUNT;
766 sk->sk_write_space = unix_write_space;
767 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
768 sk->sk_destruct = unix_sock_destructor;
770 u->path.dentry = NULL;
772 spin_lock_init(&u->lock);
773 atomic_long_set(&u->inflight, 0);
774 INIT_LIST_HEAD(&u->link);
775 mutex_init(&u->iolock); /* single task reading lock */
776 mutex_init(&u->bindlock); /* single task binding lock */
777 init_waitqueue_head(&u->peer_wait);
778 init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);
779 unix_insert_socket(unix_sockets_unbound(sk), sk);
782 atomic_long_dec(&unix_nr_socks);
785 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
791 static int unix_create(struct net *net, struct socket *sock, int protocol,
794 if (protocol && protocol != PF_UNIX)
795 return -EPROTONOSUPPORT;
797 sock->state = SS_UNCONNECTED;
799 switch (sock->type) {
801 sock->ops = &unix_stream_ops;
804 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
808 sock->type = SOCK_DGRAM;
811 sock->ops = &unix_dgram_ops;
814 sock->ops = &unix_seqpacket_ops;
817 return -ESOCKTNOSUPPORT;
820 return unix_create1(net, sock, kern) ? 0 : -ENOMEM;
823 static int unix_release(struct socket *sock)
825 struct sock *sk = sock->sk;
830 unix_release_sock(sk, 0);
836 static int unix_autobind(struct socket *sock)
838 struct sock *sk = sock->sk;
839 struct net *net = sock_net(sk);
840 struct unix_sock *u = unix_sk(sk);
841 static u32 ordernum = 1;
842 struct unix_address *addr;
844 unsigned int retries = 0;
846 err = mutex_lock_interruptible(&u->bindlock);
855 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
859 addr->name->sun_family = AF_UNIX;
860 refcount_set(&addr->refcnt, 1);
863 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
864 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
866 spin_lock(&unix_table_lock);
867 ordernum = (ordernum+1)&0xFFFFF;
869 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
871 spin_unlock(&unix_table_lock);
873 * __unix_find_socket_byname() may take long time if many names
874 * are already in use.
877 /* Give up if all names seems to be in use. */
878 if (retries++ == 0xFFFFF) {
885 addr->hash ^= sk->sk_type;
887 __unix_remove_socket(sk);
888 smp_store_release(&u->addr, addr);
889 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
890 spin_unlock(&unix_table_lock);
893 out: mutex_unlock(&u->bindlock);
897 static struct sock *unix_find_other(struct net *net,
898 struct sockaddr_un *sunname, int len,
899 int type, unsigned int hash, int *error)
905 if (sunname->sun_path[0]) {
907 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
910 inode = d_backing_inode(path.dentry);
911 err = inode_permission(inode, MAY_WRITE);
916 if (!S_ISSOCK(inode->i_mode))
918 u = unix_find_socket_byinode(inode);
922 if (u->sk_type == type)
928 if (u->sk_type != type) {
934 u = unix_find_socket_byname(net, sunname, len, type, hash);
936 struct dentry *dentry;
937 dentry = unix_sk(u)->path.dentry;
939 touch_atime(&unix_sk(u)->path);
952 static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
954 struct dentry *dentry;
958 * Get the parent directory, calculate the hash for last
961 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
962 err = PTR_ERR(dentry);
967 * All right, let's create it.
969 err = security_path_mknod(&path, dentry, mode, 0);
971 err = vfs_mknod(d_inode(path.dentry), dentry, mode, 0);
973 res->mnt = mntget(path.mnt);
974 res->dentry = dget(dentry);
977 done_path_create(&path, dentry);
981 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
983 struct sock *sk = sock->sk;
984 struct net *net = sock_net(sk);
985 struct unix_sock *u = unix_sk(sk);
986 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
987 char *sun_path = sunaddr->sun_path;
990 struct unix_address *addr;
991 struct hlist_head *list;
992 struct path path = { };
995 if (addr_len < offsetofend(struct sockaddr_un, sun_family) ||
996 sunaddr->sun_family != AF_UNIX)
999 if (addr_len == sizeof(short)) {
1000 err = unix_autobind(sock);
1004 err = unix_mkname(sunaddr, addr_len, &hash);
1010 umode_t mode = S_IFSOCK |
1011 (SOCK_INODE(sock)->i_mode & ~current_umask());
1012 err = unix_mknod(sun_path, mode, &path);
1020 err = mutex_lock_interruptible(&u->bindlock);
1029 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
1033 memcpy(addr->name, sunaddr, addr_len);
1034 addr->len = addr_len;
1035 addr->hash = hash ^ sk->sk_type;
1036 refcount_set(&addr->refcnt, 1);
1039 addr->hash = UNIX_HASH_SIZE;
1040 hash = d_backing_inode(path.dentry)->i_ino & (UNIX_HASH_SIZE - 1);
1041 spin_lock(&unix_table_lock);
1043 list = &unix_socket_table[hash];
1045 spin_lock(&unix_table_lock);
1047 if (__unix_find_socket_byname(net, sunaddr, addr_len,
1048 sk->sk_type, hash)) {
1049 unix_release_addr(addr);
1053 list = &unix_socket_table[addr->hash];
1057 __unix_remove_socket(sk);
1058 smp_store_release(&u->addr, addr);
1059 __unix_insert_socket(list, sk);
1062 spin_unlock(&unix_table_lock);
1064 mutex_unlock(&u->bindlock);
1072 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
1074 if (unlikely(sk1 == sk2) || !sk2) {
1075 unix_state_lock(sk1);
1079 unix_state_lock(sk1);
1080 unix_state_lock_nested(sk2);
1082 unix_state_lock(sk2);
1083 unix_state_lock_nested(sk1);
1087 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
1089 if (unlikely(sk1 == sk2) || !sk2) {
1090 unix_state_unlock(sk1);
1093 unix_state_unlock(sk1);
1094 unix_state_unlock(sk2);
1097 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
1098 int alen, int flags)
1100 struct sock *sk = sock->sk;
1101 struct net *net = sock_net(sk);
1102 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
1108 if (alen < offsetofend(struct sockaddr, sa_family))
1111 if (addr->sa_family != AF_UNSPEC) {
1112 err = unix_mkname(sunaddr, alen, &hash);
1117 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
1118 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
1122 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
1126 unix_state_double_lock(sk, other);
1128 /* Apparently VFS overslept socket death. Retry. */
1129 if (sock_flag(other, SOCK_DEAD)) {
1130 unix_state_double_unlock(sk, other);
1136 if (!unix_may_send(sk, other))
1139 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1145 * 1003.1g breaking connected state with AF_UNSPEC
1148 unix_state_double_lock(sk, other);
1152 * If it was connected, reconnect.
1154 if (unix_peer(sk)) {
1155 struct sock *old_peer = unix_peer(sk);
1156 unix_peer(sk) = other;
1157 unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer);
1159 unix_state_double_unlock(sk, other);
1161 if (other != old_peer)
1162 unix_dgram_disconnected(sk, old_peer);
1165 unix_peer(sk) = other;
1166 unix_state_double_unlock(sk, other);
1171 unix_state_double_unlock(sk, other);
1177 static long unix_wait_for_peer(struct sock *other, long timeo)
1179 struct unix_sock *u = unix_sk(other);
1183 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1185 sched = !sock_flag(other, SOCK_DEAD) &&
1186 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1187 unix_recvq_full(other);
1189 unix_state_unlock(other);
1192 timeo = schedule_timeout(timeo);
1194 finish_wait(&u->peer_wait, &wait);
1198 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1199 int addr_len, int flags)
1201 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1202 struct sock *sk = sock->sk;
1203 struct net *net = sock_net(sk);
1204 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1205 struct sock *newsk = NULL;
1206 struct sock *other = NULL;
1207 struct sk_buff *skb = NULL;
1213 err = unix_mkname(sunaddr, addr_len, &hash);
1218 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1219 (err = unix_autobind(sock)) != 0)
1222 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1224 /* First of all allocate resources.
1225 If we will make it after state is locked,
1226 we will have to recheck all again in any case.
1231 /* create new sock for complete connection */
1232 newsk = unix_create1(sock_net(sk), NULL, 0);
1236 /* Allocate skb for sending to listening sock */
1237 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1242 /* Find listening sock. */
1243 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1247 /* Latch state of peer */
1248 unix_state_lock(other);
1250 /* Apparently VFS overslept socket death. Retry. */
1251 if (sock_flag(other, SOCK_DEAD)) {
1252 unix_state_unlock(other);
1257 err = -ECONNREFUSED;
1258 if (other->sk_state != TCP_LISTEN)
1260 if (other->sk_shutdown & RCV_SHUTDOWN)
1263 if (unix_recvq_full(other)) {
1268 timeo = unix_wait_for_peer(other, timeo);
1270 err = sock_intr_errno(timeo);
1271 if (signal_pending(current))
1279 It is tricky place. We need to grab our state lock and cannot
1280 drop lock on peer. It is dangerous because deadlock is
1281 possible. Connect to self case and simultaneous
1282 attempt to connect are eliminated by checking socket
1283 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1284 check this before attempt to grab lock.
1286 Well, and we have to recheck the state after socket locked.
1292 /* This is ok... continue with connect */
1294 case TCP_ESTABLISHED:
1295 /* Socket is already connected */
1303 unix_state_lock_nested(sk);
1305 if (sk->sk_state != st) {
1306 unix_state_unlock(sk);
1307 unix_state_unlock(other);
1312 err = security_unix_stream_connect(sk, other, newsk);
1314 unix_state_unlock(sk);
1318 /* The way is open! Fastly set all the necessary fields... */
1321 unix_peer(newsk) = sk;
1322 newsk->sk_state = TCP_ESTABLISHED;
1323 newsk->sk_type = sk->sk_type;
1324 init_peercred(newsk);
1325 newu = unix_sk(newsk);
1326 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1327 otheru = unix_sk(other);
1329 /* copy address information from listening to new sock
1331 * The contents of *(otheru->addr) and otheru->path
1332 * are seen fully set up here, since we have found
1333 * otheru in hash under unix_table_lock. Insertion
1334 * into the hash chain we'd found it in had been done
1335 * in an earlier critical area protected by unix_table_lock,
1336 * the same one where we'd set *(otheru->addr) contents,
1337 * as well as otheru->path and otheru->addr itself.
1339 * Using smp_store_release() here to set newu->addr
1340 * is enough to make those stores, as well as stores
1341 * to newu->path visible to anyone who gets newu->addr
1342 * by smp_load_acquire(). IOW, the same warranties
1343 * as for unix_sock instances bound in unix_bind() or
1344 * in unix_autobind().
1346 if (otheru->path.dentry) {
1347 path_get(&otheru->path);
1348 newu->path = otheru->path;
1350 refcount_inc(&otheru->addr->refcnt);
1351 smp_store_release(&newu->addr, otheru->addr);
1353 /* Set credentials */
1354 copy_peercred(sk, other);
1356 sock->state = SS_CONNECTED;
1357 sk->sk_state = TCP_ESTABLISHED;
1360 smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */
1361 unix_peer(sk) = newsk;
1363 unix_state_unlock(sk);
1365 /* take ten and and send info to listening sock */
1366 spin_lock(&other->sk_receive_queue.lock);
1367 __skb_queue_tail(&other->sk_receive_queue, skb);
1368 spin_unlock(&other->sk_receive_queue.lock);
1369 unix_state_unlock(other);
1370 other->sk_data_ready(other);
1376 unix_state_unlock(other);
1381 unix_release_sock(newsk, 0);
1387 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1389 struct sock *ska = socka->sk, *skb = sockb->sk;
1391 /* Join our sockets back to back */
1394 unix_peer(ska) = skb;
1395 unix_peer(skb) = ska;
1399 if (ska->sk_type != SOCK_DGRAM) {
1400 ska->sk_state = TCP_ESTABLISHED;
1401 skb->sk_state = TCP_ESTABLISHED;
1402 socka->state = SS_CONNECTED;
1403 sockb->state = SS_CONNECTED;
1408 static void unix_sock_inherit_flags(const struct socket *old,
1411 if (test_bit(SOCK_PASSCRED, &old->flags))
1412 set_bit(SOCK_PASSCRED, &new->flags);
1413 if (test_bit(SOCK_PASSSEC, &old->flags))
1414 set_bit(SOCK_PASSSEC, &new->flags);
1417 static int unix_accept(struct socket *sock, struct socket *newsock, int flags,
1420 struct sock *sk = sock->sk;
1422 struct sk_buff *skb;
1426 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1430 if (sk->sk_state != TCP_LISTEN)
1433 /* If socket state is TCP_LISTEN it cannot change (for now...),
1434 * so that no locks are necessary.
1437 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1439 /* This means receive shutdown. */
1446 skb_free_datagram(sk, skb);
1447 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1449 /* attach accepted sock to socket */
1450 unix_state_lock(tsk);
1451 newsock->state = SS_CONNECTED;
1452 unix_sock_inherit_flags(sock, newsock);
1453 sock_graft(tsk, newsock);
1454 unix_state_unlock(tsk);
1462 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer)
1464 struct sock *sk = sock->sk;
1465 struct unix_address *addr;
1466 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1470 sk = unix_peer_get(sk);
1480 addr = smp_load_acquire(&unix_sk(sk)->addr);
1482 sunaddr->sun_family = AF_UNIX;
1483 sunaddr->sun_path[0] = 0;
1484 err = sizeof(short);
1487 memcpy(sunaddr, addr->name, addr->len);
1494 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1498 UNIXCB(skb).pid = get_pid(scm->pid);
1499 UNIXCB(skb).uid = scm->creds.uid;
1500 UNIXCB(skb).gid = scm->creds.gid;
1501 UNIXCB(skb).fp = NULL;
1502 unix_get_secdata(scm, skb);
1503 if (scm->fp && send_fds)
1504 err = unix_attach_fds(scm, skb);
1506 skb->destructor = unix_destruct_scm;
1510 static bool unix_passcred_enabled(const struct socket *sock,
1511 const struct sock *other)
1513 return test_bit(SOCK_PASSCRED, &sock->flags) ||
1514 !other->sk_socket ||
1515 test_bit(SOCK_PASSCRED, &other->sk_socket->flags);
1519 * Some apps rely on write() giving SCM_CREDENTIALS
1520 * We include credentials if source or destination socket
1521 * asserted SOCK_PASSCRED.
1523 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1524 const struct sock *other)
1526 if (UNIXCB(skb).pid)
1528 if (unix_passcred_enabled(sock, other)) {
1529 UNIXCB(skb).pid = get_pid(task_tgid(current));
1530 current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid);
1534 static int maybe_init_creds(struct scm_cookie *scm,
1535 struct socket *socket,
1536 const struct sock *other)
1539 struct msghdr msg = { .msg_controllen = 0 };
1541 err = scm_send(socket, &msg, scm, false);
1545 if (unix_passcred_enabled(socket, other)) {
1546 scm->pid = get_pid(task_tgid(current));
1547 current_uid_gid(&scm->creds.uid, &scm->creds.gid);
1552 static bool unix_skb_scm_eq(struct sk_buff *skb,
1553 struct scm_cookie *scm)
1555 const struct unix_skb_parms *u = &UNIXCB(skb);
1557 return u->pid == scm->pid &&
1558 uid_eq(u->uid, scm->creds.uid) &&
1559 gid_eq(u->gid, scm->creds.gid) &&
1560 unix_secdata_eq(scm, skb);
1564 * Send AF_UNIX data.
1567 static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
1570 struct sock *sk = sock->sk;
1571 struct net *net = sock_net(sk);
1572 struct unix_sock *u = unix_sk(sk);
1573 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
1574 struct sock *other = NULL;
1575 int namelen = 0; /* fake GCC */
1578 struct sk_buff *skb;
1580 struct scm_cookie scm;
1585 err = scm_send(sock, msg, &scm, false);
1590 if (msg->msg_flags&MSG_OOB)
1593 if (msg->msg_namelen) {
1594 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1601 other = unix_peer_get(sk);
1606 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1607 && (err = unix_autobind(sock)) != 0)
1611 if (len > sk->sk_sndbuf - 32)
1614 if (len > SKB_MAX_ALLOC) {
1615 data_len = min_t(size_t,
1616 len - SKB_MAX_ALLOC,
1617 MAX_SKB_FRAGS * PAGE_SIZE);
1618 data_len = PAGE_ALIGN(data_len);
1620 BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE);
1623 skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1624 msg->msg_flags & MSG_DONTWAIT, &err,
1625 PAGE_ALLOC_COSTLY_ORDER);
1629 err = unix_scm_to_skb(&scm, skb, true);
1633 skb_put(skb, len - data_len);
1634 skb->data_len = data_len;
1636 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len);
1640 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1645 if (sunaddr == NULL)
1648 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1654 if (sk_filter(other, skb) < 0) {
1655 /* Toss the packet but do not return any error to the sender */
1661 unix_state_lock(other);
1664 if (!unix_may_send(sk, other))
1667 if (unlikely(sock_flag(other, SOCK_DEAD))) {
1669 * Check with 1003.1g - what should
1672 unix_state_unlock(other);
1676 unix_state_lock(sk);
1679 if (unix_peer(sk) == other) {
1680 unix_peer(sk) = NULL;
1681 unix_dgram_peer_wake_disconnect_wakeup(sk, other);
1683 unix_state_unlock(sk);
1685 unix_dgram_disconnected(sk, other);
1687 err = -ECONNREFUSED;
1689 unix_state_unlock(sk);
1699 if (other->sk_shutdown & RCV_SHUTDOWN)
1702 if (sk->sk_type != SOCK_SEQPACKET) {
1703 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1708 /* other == sk && unix_peer(other) != sk if
1709 * - unix_peer(sk) == NULL, destination address bound to sk
1710 * - unix_peer(sk) == sk by time of get but disconnected before lock
1713 unlikely(unix_peer(other) != sk && unix_recvq_full(other))) {
1715 timeo = unix_wait_for_peer(other, timeo);
1717 err = sock_intr_errno(timeo);
1718 if (signal_pending(current))
1725 unix_state_unlock(other);
1726 unix_state_double_lock(sk, other);
1729 if (unix_peer(sk) != other ||
1730 unix_dgram_peer_wake_me(sk, other)) {
1738 goto restart_locked;
1742 if (unlikely(sk_locked))
1743 unix_state_unlock(sk);
1745 if (sock_flag(other, SOCK_RCVTSTAMP))
1746 __net_timestamp(skb);
1747 maybe_add_creds(skb, sock, other);
1748 skb_queue_tail(&other->sk_receive_queue, skb);
1749 unix_state_unlock(other);
1750 other->sk_data_ready(other);
1757 unix_state_unlock(sk);
1758 unix_state_unlock(other);
1768 /* We use paged skbs for stream sockets, and limit occupancy to 32768
1769 * bytes, and a minimum of a full page.
1771 #define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768))
1773 static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
1776 struct sock *sk = sock->sk;
1777 struct sock *other = NULL;
1779 struct sk_buff *skb;
1781 struct scm_cookie scm;
1782 bool fds_sent = false;
1786 err = scm_send(sock, msg, &scm, false);
1791 if (msg->msg_flags&MSG_OOB)
1794 if (msg->msg_namelen) {
1795 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1799 other = unix_peer(sk);
1804 if (sk->sk_shutdown & SEND_SHUTDOWN)
1807 while (sent < len) {
1810 /* Keep two messages in the pipe so it schedules better */
1811 size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64);
1813 /* allow fallback to order-0 allocations */
1814 size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ);
1816 data_len = max_t(int, 0, size - SKB_MAX_HEAD(0));
1818 data_len = min_t(size_t, size, PAGE_ALIGN(data_len));
1820 skb = sock_alloc_send_pskb(sk, size - data_len, data_len,
1821 msg->msg_flags & MSG_DONTWAIT, &err,
1822 get_order(UNIX_SKB_FRAGS_SZ));
1826 /* Only send the fds in the first buffer */
1827 err = unix_scm_to_skb(&scm, skb, !fds_sent);
1834 skb_put(skb, size - data_len);
1835 skb->data_len = data_len;
1837 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size);
1843 unix_state_lock(other);
1845 if (sock_flag(other, SOCK_DEAD) ||
1846 (other->sk_shutdown & RCV_SHUTDOWN))
1849 maybe_add_creds(skb, sock, other);
1850 skb_queue_tail(&other->sk_receive_queue, skb);
1851 unix_state_unlock(other);
1852 other->sk_data_ready(other);
1861 unix_state_unlock(other);
1864 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1865 send_sig(SIGPIPE, current, 0);
1869 return sent ? : err;
1872 static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page,
1873 int offset, size_t size, int flags)
1876 bool send_sigpipe = false;
1877 bool init_scm = true;
1878 struct scm_cookie scm;
1879 struct sock *other, *sk = socket->sk;
1880 struct sk_buff *skb, *newskb = NULL, *tail = NULL;
1882 if (flags & MSG_OOB)
1885 other = unix_peer(sk);
1886 if (!other || sk->sk_state != TCP_ESTABLISHED)
1891 unix_state_unlock(other);
1892 mutex_unlock(&unix_sk(other)->iolock);
1893 newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT,
1899 /* we must acquire iolock as we modify already present
1900 * skbs in the sk_receive_queue and mess with skb->len
1902 err = mutex_lock_interruptible(&unix_sk(other)->iolock);
1904 err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS;
1908 if (sk->sk_shutdown & SEND_SHUTDOWN) {
1910 send_sigpipe = true;
1914 unix_state_lock(other);
1916 if (sock_flag(other, SOCK_DEAD) ||
1917 other->sk_shutdown & RCV_SHUTDOWN) {
1919 send_sigpipe = true;
1920 goto err_state_unlock;
1924 err = maybe_init_creds(&scm, socket, other);
1926 goto err_state_unlock;
1930 skb = skb_peek_tail(&other->sk_receive_queue);
1931 if (tail && tail == skb) {
1933 } else if (!skb || !unix_skb_scm_eq(skb, &scm)) {
1940 } else if (newskb) {
1941 /* this is fast path, we don't necessarily need to
1942 * call to kfree_skb even though with newskb == NULL
1943 * this - does no harm
1945 consume_skb(newskb);
1949 if (skb_append_pagefrags(skb, page, offset, size)) {
1955 skb->data_len += size;
1956 skb->truesize += size;
1957 refcount_add(size, &sk->sk_wmem_alloc);
1960 err = unix_scm_to_skb(&scm, skb, false);
1962 goto err_state_unlock;
1963 spin_lock(&other->sk_receive_queue.lock);
1964 __skb_queue_tail(&other->sk_receive_queue, newskb);
1965 spin_unlock(&other->sk_receive_queue.lock);
1968 unix_state_unlock(other);
1969 mutex_unlock(&unix_sk(other)->iolock);
1971 other->sk_data_ready(other);
1976 unix_state_unlock(other);
1978 mutex_unlock(&unix_sk(other)->iolock);
1981 if (send_sigpipe && !(flags & MSG_NOSIGNAL))
1982 send_sig(SIGPIPE, current, 0);
1988 static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
1992 struct sock *sk = sock->sk;
1994 err = sock_error(sk);
1998 if (sk->sk_state != TCP_ESTABLISHED)
2001 if (msg->msg_namelen)
2002 msg->msg_namelen = 0;
2004 return unix_dgram_sendmsg(sock, msg, len);
2007 static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg,
2008 size_t size, int flags)
2010 struct sock *sk = sock->sk;
2012 if (sk->sk_state != TCP_ESTABLISHED)
2015 return unix_dgram_recvmsg(sock, msg, size, flags);
2018 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
2020 struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr);
2023 msg->msg_namelen = addr->len;
2024 memcpy(msg->msg_name, addr->name, addr->len);
2028 static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg,
2029 size_t size, int flags)
2031 struct scm_cookie scm;
2032 struct sock *sk = sock->sk;
2033 struct unix_sock *u = unix_sk(sk);
2034 struct sk_buff *skb, *last;
2043 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
2046 mutex_lock(&u->iolock);
2048 skip = sk_peek_offset(sk, flags);
2049 skb = __skb_try_recv_datagram(sk, flags, NULL, &skip, &err,
2054 mutex_unlock(&u->iolock);
2059 !__skb_wait_for_more_packets(sk, &err, &timeo, last));
2061 if (!skb) { /* implies iolock unlocked */
2062 unix_state_lock(sk);
2063 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
2064 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
2065 (sk->sk_shutdown & RCV_SHUTDOWN))
2067 unix_state_unlock(sk);
2071 if (wq_has_sleeper(&u->peer_wait))
2072 wake_up_interruptible_sync_poll(&u->peer_wait,
2073 EPOLLOUT | EPOLLWRNORM |
2077 unix_copy_addr(msg, skb->sk);
2079 if (size > skb->len - skip)
2080 size = skb->len - skip;
2081 else if (size < skb->len - skip)
2082 msg->msg_flags |= MSG_TRUNC;
2084 err = skb_copy_datagram_msg(skb, skip, msg, size);
2088 if (sock_flag(sk, SOCK_RCVTSTAMP))
2089 __sock_recv_timestamp(msg, sk, skb);
2091 memset(&scm, 0, sizeof(scm));
2093 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2094 unix_set_secdata(&scm, skb);
2096 if (!(flags & MSG_PEEK)) {
2098 unix_detach_fds(&scm, skb);
2100 sk_peek_offset_bwd(sk, skb->len);
2102 /* It is questionable: on PEEK we could:
2103 - do not return fds - good, but too simple 8)
2104 - return fds, and do not return them on read (old strategy,
2106 - clone fds (I chose it for now, it is the most universal
2109 POSIX 1003.1g does not actually define this clearly
2110 at all. POSIX 1003.1g doesn't define a lot of things
2115 sk_peek_offset_fwd(sk, size);
2118 scm.fp = scm_fp_dup(UNIXCB(skb).fp);
2120 err = (flags & MSG_TRUNC) ? skb->len - skip : size;
2122 scm_recv(sock, msg, &scm, flags);
2125 skb_free_datagram(sk, skb);
2126 mutex_unlock(&u->iolock);
2132 * Sleep until more data has arrived. But check for races..
2134 static long unix_stream_data_wait(struct sock *sk, long timeo,
2135 struct sk_buff *last, unsigned int last_len,
2138 struct sk_buff *tail;
2141 unix_state_lock(sk);
2144 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2146 tail = skb_peek_tail(&sk->sk_receive_queue);
2148 (tail && tail->len != last_len) ||
2150 (sk->sk_shutdown & RCV_SHUTDOWN) ||
2151 signal_pending(current) ||
2155 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2156 unix_state_unlock(sk);
2158 timeo = freezable_schedule_timeout(timeo);
2160 timeo = schedule_timeout(timeo);
2161 unix_state_lock(sk);
2163 if (sock_flag(sk, SOCK_DEAD))
2166 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2169 finish_wait(sk_sleep(sk), &wait);
2170 unix_state_unlock(sk);
2174 static unsigned int unix_skb_len(const struct sk_buff *skb)
2176 return skb->len - UNIXCB(skb).consumed;
2179 struct unix_stream_read_state {
2180 int (*recv_actor)(struct sk_buff *, int, int,
2181 struct unix_stream_read_state *);
2182 struct socket *socket;
2184 struct pipe_inode_info *pipe;
2187 unsigned int splice_flags;
2190 static int unix_stream_read_generic(struct unix_stream_read_state *state,
2193 struct scm_cookie scm;
2194 struct socket *sock = state->socket;
2195 struct sock *sk = sock->sk;
2196 struct unix_sock *u = unix_sk(sk);
2198 int flags = state->flags;
2199 int noblock = flags & MSG_DONTWAIT;
2200 bool check_creds = false;
2205 size_t size = state->size;
2206 unsigned int last_len;
2208 if (unlikely(sk->sk_state != TCP_ESTABLISHED)) {
2213 if (unlikely(flags & MSG_OOB)) {
2218 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
2219 timeo = sock_rcvtimeo(sk, noblock);
2221 memset(&scm, 0, sizeof(scm));
2223 /* Lock the socket to prevent queue disordering
2224 * while sleeps in memcpy_tomsg
2226 mutex_lock(&u->iolock);
2228 skip = max(sk_peek_offset(sk, flags), 0);
2233 struct sk_buff *skb, *last;
2236 unix_state_lock(sk);
2237 if (sock_flag(sk, SOCK_DEAD)) {
2241 last = skb = skb_peek(&sk->sk_receive_queue);
2242 last_len = last ? last->len : 0;
2245 if (copied >= target)
2249 * POSIX 1003.1g mandates this order.
2252 err = sock_error(sk);
2255 if (sk->sk_shutdown & RCV_SHUTDOWN)
2258 unix_state_unlock(sk);
2264 mutex_unlock(&u->iolock);
2266 timeo = unix_stream_data_wait(sk, timeo, last,
2267 last_len, freezable);
2269 if (signal_pending(current)) {
2270 err = sock_intr_errno(timeo);
2275 mutex_lock(&u->iolock);
2278 unix_state_unlock(sk);
2282 while (skip >= unix_skb_len(skb)) {
2283 skip -= unix_skb_len(skb);
2285 last_len = skb->len;
2286 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2291 unix_state_unlock(sk);
2294 /* Never glue messages from different writers */
2295 if (!unix_skb_scm_eq(skb, &scm))
2297 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
2298 /* Copy credentials */
2299 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2300 unix_set_secdata(&scm, skb);
2304 /* Copy address just once */
2305 if (state->msg && state->msg->msg_name) {
2306 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
2307 state->msg->msg_name);
2308 unix_copy_addr(state->msg, skb->sk);
2312 chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
2314 chunk = state->recv_actor(skb, skip, chunk, state);
2315 drop_skb = !unix_skb_len(skb);
2316 /* skb is only safe to use if !drop_skb */
2327 /* the skb was touched by a concurrent reader;
2328 * we should not expect anything from this skb
2329 * anymore and assume it invalid - we can be
2330 * sure it was dropped from the socket queue
2332 * let's report a short read
2338 /* Mark read part of skb as used */
2339 if (!(flags & MSG_PEEK)) {
2340 UNIXCB(skb).consumed += chunk;
2342 sk_peek_offset_bwd(sk, chunk);
2345 unix_detach_fds(&scm, skb);
2347 if (unix_skb_len(skb))
2350 skb_unlink(skb, &sk->sk_receive_queue);
2356 /* It is questionable, see note in unix_dgram_recvmsg.
2359 scm.fp = scm_fp_dup(UNIXCB(skb).fp);
2361 sk_peek_offset_fwd(sk, chunk);
2368 last_len = skb->len;
2369 unix_state_lock(sk);
2370 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2373 unix_state_unlock(sk);
2378 mutex_unlock(&u->iolock);
2380 scm_recv(sock, state->msg, &scm, flags);
2384 return copied ? : err;
2387 static int unix_stream_read_actor(struct sk_buff *skb,
2388 int skip, int chunk,
2389 struct unix_stream_read_state *state)
2393 ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
2395 return ret ?: chunk;
2398 static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
2399 size_t size, int flags)
2401 struct unix_stream_read_state state = {
2402 .recv_actor = unix_stream_read_actor,
2409 return unix_stream_read_generic(&state, true);
2412 static int unix_stream_splice_actor(struct sk_buff *skb,
2413 int skip, int chunk,
2414 struct unix_stream_read_state *state)
2416 return skb_splice_bits(skb, state->socket->sk,
2417 UNIXCB(skb).consumed + skip,
2418 state->pipe, chunk, state->splice_flags);
2421 static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos,
2422 struct pipe_inode_info *pipe,
2423 size_t size, unsigned int flags)
2425 struct unix_stream_read_state state = {
2426 .recv_actor = unix_stream_splice_actor,
2430 .splice_flags = flags,
2433 if (unlikely(*ppos))
2436 if (sock->file->f_flags & O_NONBLOCK ||
2437 flags & SPLICE_F_NONBLOCK)
2438 state.flags = MSG_DONTWAIT;
2440 return unix_stream_read_generic(&state, false);
2443 static int unix_shutdown(struct socket *sock, int mode)
2445 struct sock *sk = sock->sk;
2448 if (mode < SHUT_RD || mode > SHUT_RDWR)
2451 * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2452 * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2453 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2457 unix_state_lock(sk);
2458 sk->sk_shutdown |= mode;
2459 other = unix_peer(sk);
2462 unix_state_unlock(sk);
2463 sk->sk_state_change(sk);
2466 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2470 if (mode&RCV_SHUTDOWN)
2471 peer_mode |= SEND_SHUTDOWN;
2472 if (mode&SEND_SHUTDOWN)
2473 peer_mode |= RCV_SHUTDOWN;
2474 unix_state_lock(other);
2475 other->sk_shutdown |= peer_mode;
2476 unix_state_unlock(other);
2477 other->sk_state_change(other);
2478 if (peer_mode == SHUTDOWN_MASK)
2479 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2480 else if (peer_mode & RCV_SHUTDOWN)
2481 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2489 long unix_inq_len(struct sock *sk)
2491 struct sk_buff *skb;
2494 if (sk->sk_state == TCP_LISTEN)
2497 spin_lock(&sk->sk_receive_queue.lock);
2498 if (sk->sk_type == SOCK_STREAM ||
2499 sk->sk_type == SOCK_SEQPACKET) {
2500 skb_queue_walk(&sk->sk_receive_queue, skb)
2501 amount += unix_skb_len(skb);
2503 skb = skb_peek(&sk->sk_receive_queue);
2507 spin_unlock(&sk->sk_receive_queue.lock);
2511 EXPORT_SYMBOL_GPL(unix_inq_len);
2513 long unix_outq_len(struct sock *sk)
2515 return sk_wmem_alloc_get(sk);
2517 EXPORT_SYMBOL_GPL(unix_outq_len);
2519 static int unix_open_file(struct sock *sk)
2525 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2528 if (!smp_load_acquire(&unix_sk(sk)->addr))
2531 path = unix_sk(sk)->path;
2537 fd = get_unused_fd_flags(O_CLOEXEC);
2541 f = dentry_open(&path, O_PATH, current_cred());
2555 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2557 struct sock *sk = sock->sk;
2563 amount = unix_outq_len(sk);
2564 err = put_user(amount, (int __user *)arg);
2567 amount = unix_inq_len(sk);
2571 err = put_user(amount, (int __user *)arg);
2574 err = unix_open_file(sk);
2583 static __poll_t unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2585 struct sock *sk = sock->sk;
2588 sock_poll_wait(file, sock, wait);
2591 /* exceptional events? */
2594 if (sk->sk_shutdown == SHUTDOWN_MASK)
2596 if (sk->sk_shutdown & RCV_SHUTDOWN)
2597 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2600 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
2601 mask |= EPOLLIN | EPOLLRDNORM;
2603 /* Connection-based need to check for termination and startup */
2604 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2605 sk->sk_state == TCP_CLOSE)
2609 * we set writable also when the other side has shut down the
2610 * connection. This prevents stuck sockets.
2612 if (unix_writable(sk))
2613 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2618 static __poll_t unix_dgram_poll(struct file *file, struct socket *sock,
2621 struct sock *sk = sock->sk, *other;
2622 unsigned int writable;
2625 sock_poll_wait(file, sock, wait);
2628 /* exceptional events? */
2629 if (sk->sk_err || !skb_queue_empty_lockless(&sk->sk_error_queue))
2631 (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0);
2633 if (sk->sk_shutdown & RCV_SHUTDOWN)
2634 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2635 if (sk->sk_shutdown == SHUTDOWN_MASK)
2639 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
2640 mask |= EPOLLIN | EPOLLRDNORM;
2642 /* Connection-based need to check for termination and startup */
2643 if (sk->sk_type == SOCK_SEQPACKET) {
2644 if (sk->sk_state == TCP_CLOSE)
2646 /* connection hasn't started yet? */
2647 if (sk->sk_state == TCP_SYN_SENT)
2651 /* No write status requested, avoid expensive OUT tests. */
2652 if (!(poll_requested_events(wait) & (EPOLLWRBAND|EPOLLWRNORM|EPOLLOUT)))
2655 writable = unix_writable(sk);
2657 unix_state_lock(sk);
2659 other = unix_peer(sk);
2660 if (other && unix_peer(other) != sk &&
2661 unix_recvq_full(other) &&
2662 unix_dgram_peer_wake_me(sk, other))
2665 unix_state_unlock(sk);
2669 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2671 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2676 #ifdef CONFIG_PROC_FS
2678 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2680 #define get_bucket(x) ((x) >> BUCKET_SPACE)
2681 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2682 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2684 static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
2686 unsigned long offset = get_offset(*pos);
2687 unsigned long bucket = get_bucket(*pos);
2689 unsigned long count = 0;
2691 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
2692 if (sock_net(sk) != seq_file_net(seq))
2694 if (++count == offset)
2701 static struct sock *unix_next_socket(struct seq_file *seq,
2705 unsigned long bucket;
2707 while (sk > (struct sock *)SEQ_START_TOKEN) {
2711 if (sock_net(sk) == seq_file_net(seq))
2716 sk = unix_from_bucket(seq, pos);
2721 bucket = get_bucket(*pos) + 1;
2722 *pos = set_bucket_offset(bucket, 1);
2723 } while (bucket < ARRAY_SIZE(unix_socket_table));
2728 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2729 __acquires(unix_table_lock)
2731 spin_lock(&unix_table_lock);
2734 return SEQ_START_TOKEN;
2736 if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
2739 return unix_next_socket(seq, NULL, pos);
2742 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2745 return unix_next_socket(seq, v, pos);
2748 static void unix_seq_stop(struct seq_file *seq, void *v)
2749 __releases(unix_table_lock)
2751 spin_unlock(&unix_table_lock);
2754 static int unix_seq_show(struct seq_file *seq, void *v)
2757 if (v == SEQ_START_TOKEN)
2758 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2762 struct unix_sock *u = unix_sk(s);
2765 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2767 refcount_read(&s->sk_refcnt),
2769 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2772 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2773 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2776 if (u->addr) { // under unix_table_lock here
2781 len = u->addr->len - sizeof(short);
2782 if (!UNIX_ABSTRACT(s))
2788 for ( ; i < len; i++)
2789 seq_putc(seq, u->addr->name->sun_path[i] ?:
2792 unix_state_unlock(s);
2793 seq_putc(seq, '\n');
2799 static const struct seq_operations unix_seq_ops = {
2800 .start = unix_seq_start,
2801 .next = unix_seq_next,
2802 .stop = unix_seq_stop,
2803 .show = unix_seq_show,
2807 static const struct net_proto_family unix_family_ops = {
2809 .create = unix_create,
2810 .owner = THIS_MODULE,
2814 static int __net_init unix_net_init(struct net *net)
2816 int error = -ENOMEM;
2818 net->unx.sysctl_max_dgram_qlen = 10;
2819 if (unix_sysctl_register(net))
2822 #ifdef CONFIG_PROC_FS
2823 if (!proc_create_net("unix", 0, net->proc_net, &unix_seq_ops,
2824 sizeof(struct seq_net_private))) {
2825 unix_sysctl_unregister(net);
2834 static void __net_exit unix_net_exit(struct net *net)
2836 unix_sysctl_unregister(net);
2837 remove_proc_entry("unix", net->proc_net);
2840 static struct pernet_operations unix_net_ops = {
2841 .init = unix_net_init,
2842 .exit = unix_net_exit,
2845 static int __init af_unix_init(void)
2849 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > FIELD_SIZEOF(struct sk_buff, cb));
2851 rc = proto_register(&unix_proto, 1);
2853 pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__);
2857 sock_register(&unix_family_ops);
2858 register_pernet_subsys(&unix_net_ops);
2863 static void __exit af_unix_exit(void)
2865 sock_unregister(PF_UNIX);
2866 proto_unregister(&unix_proto);
2867 unregister_pernet_subsys(&unix_net_ops);
2870 /* Earlier than device_initcall() so that other drivers invoking
2871 request_module() don't end up in a loop when modprobe tries
2872 to use a UNIX socket. But later than subsys_initcall() because
2873 we depend on stuff initialised there */
2874 fs_initcall(af_unix_init);
2875 module_exit(af_unix_exit);
2877 MODULE_LICENSE("GPL");
2878 MODULE_ALIAS_NETPROTO(PF_UNIX);
projects / linux-2.6-microblaze.git / blob