1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * NET4: Implementation of BSD Unix domain sockets.
5 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
8 * Linus Torvalds : Assorted bug cures.
9 * Niibe Yutaka : async I/O support.
10 * Carsten Paeth : PF_UNIX check, address fixes.
11 * Alan Cox : Limit size of allocated blocks.
12 * Alan Cox : Fixed the stupid socketpair bug.
13 * Alan Cox : BSD compatibility fine tuning.
14 * Alan Cox : Fixed a bug in connect when interrupted.
15 * Alan Cox : Sorted out a proper draft version of
16 * file descriptor passing hacked up from
18 * Marty Leisner : Fixes to fd passing
19 * Nick Nevin : recvmsg bugfix.
20 * Alan Cox : Started proper garbage collector
21 * Heiko EiBfeldt : Missing verify_area check
22 * Alan Cox : Started POSIXisms
23 * Andreas Schwab : Replace inode by dentry for proper
25 * Kirk Petersen : Made this a module
26 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
28 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
29 * by above two patches.
30 * Andrea Arcangeli : If possible we block in connect(2)
31 * if the max backlog of the listen socket
32 * is been reached. This won't break
33 * old apps and it will avoid huge amount
34 * of socks hashed (this for unix_gc()
35 * performances reasons).
36 * Security fix that limits the max
37 * number of socks to 2*max_files and
38 * the number of skb queueable in the
40 * Artur Skawina : Hash function optimizations
41 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
42 * Malcolm Beattie : Set peercred for socketpair
43 * Michal Ostrowski : Module initialization cleanup.
44 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
45 * the core infrastructure is doing that
46 * for all net proto families now (2.5.69+)
48 * Known differences from reference BSD that was tested:
51 * ECONNREFUSED is not returned from one end of a connected() socket to the
52 * other the moment one end closes.
53 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
54 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
56 * accept() returns a path name even if the connecting socket has closed
57 * in the meantime (BSD loses the path and gives up).
58 * accept() returns 0 length path for an unbound connector. BSD returns 16
59 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
60 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
61 * BSD af_unix apparently has connect forgetting to block properly.
62 * (need to check this with the POSIX spec in detail)
64 * Differences from 2.0.0-11-... (ANK)
65 * Bug fixes and improvements.
66 * - client shutdown killed server socket.
67 * - removed all useless cli/sti pairs.
69 * Semantic changes/extensions.
70 * - generic control message passing.
71 * - SCM_CREDENTIALS control message.
72 * - "Abstract" (not FS based) socket bindings.
73 * Abstract names are sequences of bytes (not zero terminated)
74 * started by 0, so that this name space does not intersect
78 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
80 #include <linux/module.h>
81 #include <linux/kernel.h>
82 #include <linux/signal.h>
83 #include <linux/sched/signal.h>
84 #include <linux/errno.h>
85 #include <linux/string.h>
86 #include <linux/stat.h>
87 #include <linux/dcache.h>
88 #include <linux/namei.h>
89 #include <linux/socket.h>
91 #include <linux/fcntl.h>
92 #include <linux/termios.h>
93 #include <linux/sockios.h>
94 #include <linux/net.h>
97 #include <linux/slab.h>
98 #include <linux/uaccess.h>
99 #include <linux/skbuff.h>
100 #include <linux/netdevice.h>
101 #include <net/net_namespace.h>
102 #include <net/sock.h>
103 #include <net/tcp_states.h>
104 #include <net/af_unix.h>
105 #include <linux/proc_fs.h>
106 #include <linux/seq_file.h>
108 #include <linux/init.h>
109 #include <linux/poll.h>
110 #include <linux/rtnetlink.h>
111 #include <linux/mount.h>
112 #include <net/checksum.h>
113 #include <linux/security.h>
114 #include <linux/freezer.h>
115 #include <linux/file.h>
119 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
120 EXPORT_SYMBOL_GPL(unix_socket_table);
121 DEFINE_SPINLOCK(unix_table_lock);
122 EXPORT_SYMBOL_GPL(unix_table_lock);
123 static atomic_long_t unix_nr_socks;
126 static struct hlist_head *unix_sockets_unbound(void *addr)
128 unsigned long hash = (unsigned long)addr;
132 hash %= UNIX_HASH_SIZE;
133 return &unix_socket_table[UNIX_HASH_SIZE + hash];
136 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
138 #ifdef CONFIG_SECURITY_NETWORK
139 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
141 UNIXCB(skb).secid = scm->secid;
144 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
146 scm->secid = UNIXCB(skb).secid;
149 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
151 return (scm->secid == UNIXCB(skb).secid);
154 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
157 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
160 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
164 #endif /* CONFIG_SECURITY_NETWORK */
167 * SMP locking strategy:
168 * hash table is protected with spinlock unix_table_lock
169 * each socket state is protected by separate spin lock.
172 static inline unsigned int unix_hash_fold(__wsum n)
174 unsigned int hash = (__force unsigned int)csum_fold(n);
177 return hash&(UNIX_HASH_SIZE-1);
180 #define unix_peer(sk) (unix_sk(sk)->peer)
182 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
184 return unix_peer(osk) == sk;
187 static inline int unix_may_send(struct sock *sk, struct sock *osk)
189 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
192 static inline int unix_recvq_full(const struct sock *sk)
194 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
197 static inline int unix_recvq_full_lockless(const struct sock *sk)
199 return skb_queue_len_lockless(&sk->sk_receive_queue) >
200 READ_ONCE(sk->sk_max_ack_backlog);
203 struct sock *unix_peer_get(struct sock *s)
211 unix_state_unlock(s);
214 EXPORT_SYMBOL_GPL(unix_peer_get);
216 static inline void unix_release_addr(struct unix_address *addr)
218 if (refcount_dec_and_test(&addr->refcnt))
223 * Check unix socket name:
224 * - should be not zero length.
225 * - if started by not zero, should be NULL terminated (FS object)
226 * - if started by zero, it is abstract name.
229 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
233 if (len <= sizeof(short) || len > sizeof(*sunaddr))
235 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
237 if (sunaddr->sun_path[0]) {
239 * This may look like an off by one error but it is a bit more
240 * subtle. 108 is the longest valid AF_UNIX path for a binding.
241 * sun_path[108] doesn't as such exist. However in kernel space
242 * we are guaranteed that it is a valid memory location in our
243 * kernel address buffer.
245 ((char *)sunaddr)[len] = 0;
246 len = strlen(sunaddr->sun_path)+1+sizeof(short);
250 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
254 static void __unix_remove_socket(struct sock *sk)
256 sk_del_node_init(sk);
259 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
261 WARN_ON(!sk_unhashed(sk));
262 sk_add_node(sk, list);
265 static void __unix_set_addr(struct sock *sk, struct unix_address *addr,
268 __unix_remove_socket(sk);
269 smp_store_release(&unix_sk(sk)->addr, addr);
270 __unix_insert_socket(&unix_socket_table[hash], sk);
273 static inline void unix_remove_socket(struct sock *sk)
275 spin_lock(&unix_table_lock);
276 __unix_remove_socket(sk);
277 spin_unlock(&unix_table_lock);
280 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
282 spin_lock(&unix_table_lock);
283 __unix_insert_socket(list, sk);
284 spin_unlock(&unix_table_lock);
287 static struct sock *__unix_find_socket_byname(struct net *net,
288 struct sockaddr_un *sunname,
289 int len, unsigned int hash)
293 sk_for_each(s, &unix_socket_table[hash]) {
294 struct unix_sock *u = unix_sk(s);
296 if (!net_eq(sock_net(s), net))
299 if (u->addr->len == len &&
300 !memcmp(u->addr->name, sunname, len))
306 static inline struct sock *unix_find_socket_byname(struct net *net,
307 struct sockaddr_un *sunname,
308 int len, unsigned int hash)
312 spin_lock(&unix_table_lock);
313 s = __unix_find_socket_byname(net, sunname, len, hash);
316 spin_unlock(&unix_table_lock);
320 static struct sock *unix_find_socket_byinode(struct inode *i)
324 spin_lock(&unix_table_lock);
326 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
327 struct dentry *dentry = unix_sk(s)->path.dentry;
329 if (dentry && d_backing_inode(dentry) == i) {
336 spin_unlock(&unix_table_lock);
340 /* Support code for asymmetrically connected dgram sockets
342 * If a datagram socket is connected to a socket not itself connected
343 * to the first socket (eg, /dev/log), clients may only enqueue more
344 * messages if the present receive queue of the server socket is not
345 * "too large". This means there's a second writeability condition
346 * poll and sendmsg need to test. The dgram recv code will do a wake
347 * up on the peer_wait wait queue of a socket upon reception of a
348 * datagram which needs to be propagated to sleeping would-be writers
349 * since these might not have sent anything so far. This can't be
350 * accomplished via poll_wait because the lifetime of the server
351 * socket might be less than that of its clients if these break their
352 * association with it or if the server socket is closed while clients
353 * are still connected to it and there's no way to inform "a polling
354 * implementation" that it should let go of a certain wait queue
356 * In order to propagate a wake up, a wait_queue_entry_t of the client
357 * socket is enqueued on the peer_wait queue of the server socket
358 * whose wake function does a wake_up on the ordinary client socket
359 * wait queue. This connection is established whenever a write (or
360 * poll for write) hit the flow control condition and broken when the
361 * association to the server socket is dissolved or after a wake up
365 static int unix_dgram_peer_wake_relay(wait_queue_entry_t *q, unsigned mode, int flags,
369 wait_queue_head_t *u_sleep;
371 u = container_of(q, struct unix_sock, peer_wake);
373 __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait,
375 u->peer_wake.private = NULL;
377 /* relaying can only happen while the wq still exists */
378 u_sleep = sk_sleep(&u->sk);
380 wake_up_interruptible_poll(u_sleep, key_to_poll(key));
385 static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other)
387 struct unix_sock *u, *u_other;
391 u_other = unix_sk(other);
393 spin_lock(&u_other->peer_wait.lock);
395 if (!u->peer_wake.private) {
396 u->peer_wake.private = other;
397 __add_wait_queue(&u_other->peer_wait, &u->peer_wake);
402 spin_unlock(&u_other->peer_wait.lock);
406 static void unix_dgram_peer_wake_disconnect(struct sock *sk,
409 struct unix_sock *u, *u_other;
412 u_other = unix_sk(other);
413 spin_lock(&u_other->peer_wait.lock);
415 if (u->peer_wake.private == other) {
416 __remove_wait_queue(&u_other->peer_wait, &u->peer_wake);
417 u->peer_wake.private = NULL;
420 spin_unlock(&u_other->peer_wait.lock);
423 static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk,
426 unix_dgram_peer_wake_disconnect(sk, other);
427 wake_up_interruptible_poll(sk_sleep(sk),
434 * - unix_peer(sk) == other
435 * - association is stable
437 static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
441 connected = unix_dgram_peer_wake_connect(sk, other);
443 /* If other is SOCK_DEAD, we want to make sure we signal
444 * POLLOUT, such that a subsequent write() can get a
445 * -ECONNREFUSED. Otherwise, if we haven't queued any skbs
446 * to other and its full, we will hang waiting for POLLOUT.
448 if (unix_recvq_full(other) && !sock_flag(other, SOCK_DEAD))
452 unix_dgram_peer_wake_disconnect(sk, other);
457 static int unix_writable(const struct sock *sk)
459 return sk->sk_state != TCP_LISTEN &&
460 (refcount_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
463 static void unix_write_space(struct sock *sk)
465 struct socket_wq *wq;
468 if (unix_writable(sk)) {
469 wq = rcu_dereference(sk->sk_wq);
470 if (skwq_has_sleeper(wq))
471 wake_up_interruptible_sync_poll(&wq->wait,
472 EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND);
473 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
478 /* When dgram socket disconnects (or changes its peer), we clear its receive
479 * queue of packets arrived from previous peer. First, it allows to do
480 * flow control based only on wmem_alloc; second, sk connected to peer
481 * may receive messages only from that peer. */
482 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
484 if (!skb_queue_empty(&sk->sk_receive_queue)) {
485 skb_queue_purge(&sk->sk_receive_queue);
486 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
488 /* If one link of bidirectional dgram pipe is disconnected,
489 * we signal error. Messages are lost. Do not make this,
490 * when peer was not connected to us.
492 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
493 other->sk_err = ECONNRESET;
494 sk_error_report(other);
499 static void unix_sock_destructor(struct sock *sk)
501 struct unix_sock *u = unix_sk(sk);
503 skb_queue_purge(&sk->sk_receive_queue);
505 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
506 WARN_ON(!sk_unhashed(sk));
507 WARN_ON(sk->sk_socket);
508 if (!sock_flag(sk, SOCK_DEAD)) {
509 pr_info("Attempt to release alive unix socket: %p\n", sk);
514 unix_release_addr(u->addr);
516 atomic_long_dec(&unix_nr_socks);
518 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
520 #ifdef UNIX_REFCNT_DEBUG
521 pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk,
522 atomic_long_read(&unix_nr_socks));
526 static void unix_release_sock(struct sock *sk, int embrion)
528 struct unix_sock *u = unix_sk(sk);
534 unix_remove_socket(sk);
539 sk->sk_shutdown = SHUTDOWN_MASK;
541 u->path.dentry = NULL;
543 state = sk->sk_state;
544 sk->sk_state = TCP_CLOSE;
546 skpair = unix_peer(sk);
547 unix_peer(sk) = NULL;
549 unix_state_unlock(sk);
551 wake_up_interruptible_all(&u->peer_wait);
553 if (skpair != NULL) {
554 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
555 unix_state_lock(skpair);
557 skpair->sk_shutdown = SHUTDOWN_MASK;
558 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
559 skpair->sk_err = ECONNRESET;
560 unix_state_unlock(skpair);
561 skpair->sk_state_change(skpair);
562 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
565 unix_dgram_peer_wake_disconnect(sk, skpair);
566 sock_put(skpair); /* It may now die */
569 /* Try to flush out this socket. Throw out buffers at least */
571 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
572 if (state == TCP_LISTEN)
573 unix_release_sock(skb->sk, 1);
574 /* passed fds are erased in the kfree_skb hook */
575 UNIXCB(skb).consumed = skb->len;
584 /* ---- Socket is dead now and most probably destroyed ---- */
587 * Fixme: BSD difference: In BSD all sockets connected to us get
588 * ECONNRESET and we die on the spot. In Linux we behave
589 * like files and pipes do and wait for the last
592 * Can't we simply set sock->err?
594 * What the above comment does talk about? --ANK(980817)
597 if (unix_tot_inflight)
598 unix_gc(); /* Garbage collect fds */
601 static void init_peercred(struct sock *sk)
603 put_pid(sk->sk_peer_pid);
604 if (sk->sk_peer_cred)
605 put_cred(sk->sk_peer_cred);
606 sk->sk_peer_pid = get_pid(task_tgid(current));
607 sk->sk_peer_cred = get_current_cred();
610 static void copy_peercred(struct sock *sk, struct sock *peersk)
612 put_pid(sk->sk_peer_pid);
613 if (sk->sk_peer_cred)
614 put_cred(sk->sk_peer_cred);
615 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
616 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
619 static int unix_listen(struct socket *sock, int backlog)
622 struct sock *sk = sock->sk;
623 struct unix_sock *u = unix_sk(sk);
626 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
627 goto out; /* Only stream/seqpacket sockets accept */
630 goto out; /* No listens on an unbound socket */
632 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
634 if (backlog > sk->sk_max_ack_backlog)
635 wake_up_interruptible_all(&u->peer_wait);
636 sk->sk_max_ack_backlog = backlog;
637 sk->sk_state = TCP_LISTEN;
638 /* set credentials so connect can copy them */
643 unix_state_unlock(sk);
648 static int unix_release(struct socket *);
649 static int unix_bind(struct socket *, struct sockaddr *, int);
650 static int unix_stream_connect(struct socket *, struct sockaddr *,
651 int addr_len, int flags);
652 static int unix_socketpair(struct socket *, struct socket *);
653 static int unix_accept(struct socket *, struct socket *, int, bool);
654 static int unix_getname(struct socket *, struct sockaddr *, int);
655 static __poll_t unix_poll(struct file *, struct socket *, poll_table *);
656 static __poll_t unix_dgram_poll(struct file *, struct socket *,
658 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
660 static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
662 static int unix_shutdown(struct socket *, int);
663 static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t);
664 static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int);
665 static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset,
666 size_t size, int flags);
667 static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos,
668 struct pipe_inode_info *, size_t size,
670 static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t);
671 static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int);
672 static int unix_dgram_connect(struct socket *, struct sockaddr *,
674 static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t);
675 static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t,
678 static int unix_set_peek_off(struct sock *sk, int val)
680 struct unix_sock *u = unix_sk(sk);
682 if (mutex_lock_interruptible(&u->iolock))
685 sk->sk_peek_off = val;
686 mutex_unlock(&u->iolock);
691 #ifdef CONFIG_PROC_FS
692 static void unix_show_fdinfo(struct seq_file *m, struct socket *sock)
694 struct sock *sk = sock->sk;
698 u = unix_sk(sock->sk);
699 seq_printf(m, "scm_fds: %u\n",
700 atomic_read(&u->scm_stat.nr_fds));
704 #define unix_show_fdinfo NULL
707 static const struct proto_ops unix_stream_ops = {
709 .owner = THIS_MODULE,
710 .release = unix_release,
712 .connect = unix_stream_connect,
713 .socketpair = unix_socketpair,
714 .accept = unix_accept,
715 .getname = unix_getname,
719 .compat_ioctl = unix_compat_ioctl,
721 .listen = unix_listen,
722 .shutdown = unix_shutdown,
723 .sendmsg = unix_stream_sendmsg,
724 .recvmsg = unix_stream_recvmsg,
725 .mmap = sock_no_mmap,
726 .sendpage = unix_stream_sendpage,
727 .splice_read = unix_stream_splice_read,
728 .set_peek_off = unix_set_peek_off,
729 .show_fdinfo = unix_show_fdinfo,
732 static const struct proto_ops unix_dgram_ops = {
734 .owner = THIS_MODULE,
735 .release = unix_release,
737 .connect = unix_dgram_connect,
738 .socketpair = unix_socketpair,
739 .accept = sock_no_accept,
740 .getname = unix_getname,
741 .poll = unix_dgram_poll,
744 .compat_ioctl = unix_compat_ioctl,
746 .listen = sock_no_listen,
747 .shutdown = unix_shutdown,
748 .sendmsg = unix_dgram_sendmsg,
749 .recvmsg = unix_dgram_recvmsg,
750 .mmap = sock_no_mmap,
751 .sendpage = sock_no_sendpage,
752 .set_peek_off = unix_set_peek_off,
753 .show_fdinfo = unix_show_fdinfo,
756 static const struct proto_ops unix_seqpacket_ops = {
758 .owner = THIS_MODULE,
759 .release = unix_release,
761 .connect = unix_stream_connect,
762 .socketpair = unix_socketpair,
763 .accept = unix_accept,
764 .getname = unix_getname,
765 .poll = unix_dgram_poll,
768 .compat_ioctl = unix_compat_ioctl,
770 .listen = unix_listen,
771 .shutdown = unix_shutdown,
772 .sendmsg = unix_seqpacket_sendmsg,
773 .recvmsg = unix_seqpacket_recvmsg,
774 .mmap = sock_no_mmap,
775 .sendpage = sock_no_sendpage,
776 .set_peek_off = unix_set_peek_off,
777 .show_fdinfo = unix_show_fdinfo,
780 static struct proto unix_proto = {
782 .owner = THIS_MODULE,
783 .obj_size = sizeof(struct unix_sock),
786 static struct sock *unix_create1(struct net *net, struct socket *sock, int kern)
788 struct sock *sk = NULL;
791 atomic_long_inc(&unix_nr_socks);
792 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
795 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, kern);
799 sock_init_data(sock, sk);
801 sk->sk_allocation = GFP_KERNEL_ACCOUNT;
802 sk->sk_write_space = unix_write_space;
803 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
804 sk->sk_destruct = unix_sock_destructor;
806 u->path.dentry = NULL;
808 spin_lock_init(&u->lock);
809 atomic_long_set(&u->inflight, 0);
810 INIT_LIST_HEAD(&u->link);
811 mutex_init(&u->iolock); /* single task reading lock */
812 mutex_init(&u->bindlock); /* single task binding lock */
813 init_waitqueue_head(&u->peer_wait);
814 init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);
815 memset(&u->scm_stat, 0, sizeof(struct scm_stat));
816 unix_insert_socket(unix_sockets_unbound(sk), sk);
819 atomic_long_dec(&unix_nr_socks);
822 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
828 static int unix_create(struct net *net, struct socket *sock, int protocol,
831 if (protocol && protocol != PF_UNIX)
832 return -EPROTONOSUPPORT;
834 sock->state = SS_UNCONNECTED;
836 switch (sock->type) {
838 sock->ops = &unix_stream_ops;
841 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
845 sock->type = SOCK_DGRAM;
848 sock->ops = &unix_dgram_ops;
851 sock->ops = &unix_seqpacket_ops;
854 return -ESOCKTNOSUPPORT;
857 return unix_create1(net, sock, kern) ? 0 : -ENOMEM;
860 static int unix_release(struct socket *sock)
862 struct sock *sk = sock->sk;
867 unix_release_sock(sk, 0);
873 static int unix_autobind(struct socket *sock)
875 struct sock *sk = sock->sk;
876 struct net *net = sock_net(sk);
877 struct unix_sock *u = unix_sk(sk);
878 static u32 ordernum = 1;
879 struct unix_address *addr;
881 unsigned int retries = 0;
883 err = mutex_lock_interruptible(&u->bindlock);
891 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
895 addr->name->sun_family = AF_UNIX;
896 refcount_set(&addr->refcnt, 1);
899 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
900 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
901 addr->hash ^= sk->sk_type;
903 spin_lock(&unix_table_lock);
904 ordernum = (ordernum+1)&0xFFFFF;
906 if (__unix_find_socket_byname(net, addr->name, addr->len, addr->hash)) {
907 spin_unlock(&unix_table_lock);
909 * __unix_find_socket_byname() may take long time if many names
910 * are already in use.
913 /* Give up if all names seems to be in use. */
914 if (retries++ == 0xFFFFF) {
922 __unix_set_addr(sk, addr, addr->hash);
923 spin_unlock(&unix_table_lock);
926 out: mutex_unlock(&u->bindlock);
930 static struct sock *unix_find_other(struct net *net,
931 struct sockaddr_un *sunname, int len,
932 int type, unsigned int hash, int *error)
938 if (sunname->sun_path[0]) {
940 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
943 inode = d_backing_inode(path.dentry);
944 err = path_permission(&path, MAY_WRITE);
949 if (!S_ISSOCK(inode->i_mode))
951 u = unix_find_socket_byinode(inode);
955 if (u->sk_type == type)
961 if (u->sk_type != type) {
967 u = unix_find_socket_byname(net, sunname, len, type ^ hash);
969 struct dentry *dentry;
970 dentry = unix_sk(u)->path.dentry;
972 touch_atime(&unix_sk(u)->path);
985 static int unix_bind_bsd(struct sock *sk, struct unix_address *addr)
987 struct unix_sock *u = unix_sk(sk);
988 umode_t mode = S_IFSOCK |
989 (SOCK_INODE(sk->sk_socket)->i_mode & ~current_umask());
990 struct user_namespace *ns; // barf...
992 struct dentry *dentry;
997 * Get the parent directory, calculate the hash for last
1000 dentry = kern_path_create(AT_FDCWD, addr->name->sun_path, &parent, 0);
1002 return PTR_ERR(dentry);
1003 ns = mnt_user_ns(parent.mnt);
1006 * All right, let's create it.
1008 err = security_path_mknod(&parent, dentry, mode, 0);
1010 err = vfs_mknod(ns, d_inode(parent.dentry), dentry, mode, 0);
1013 err = mutex_lock_interruptible(&u->bindlock);
1019 addr->hash = UNIX_HASH_SIZE;
1020 hash = d_backing_inode(dentry)->i_ino & (UNIX_HASH_SIZE - 1);
1021 spin_lock(&unix_table_lock);
1022 u->path.mnt = mntget(parent.mnt);
1023 u->path.dentry = dget(dentry);
1024 __unix_set_addr(sk, addr, hash);
1025 spin_unlock(&unix_table_lock);
1026 mutex_unlock(&u->bindlock);
1027 done_path_create(&parent, dentry);
1031 mutex_unlock(&u->bindlock);
1034 /* failed after successful mknod? unlink what we'd created... */
1035 vfs_unlink(ns, d_inode(parent.dentry), dentry, NULL);
1037 done_path_create(&parent, dentry);
1041 static int unix_bind_abstract(struct sock *sk, struct unix_address *addr)
1043 struct unix_sock *u = unix_sk(sk);
1046 err = mutex_lock_interruptible(&u->bindlock);
1051 mutex_unlock(&u->bindlock);
1055 spin_lock(&unix_table_lock);
1056 if (__unix_find_socket_byname(sock_net(sk), addr->name, addr->len,
1058 spin_unlock(&unix_table_lock);
1059 mutex_unlock(&u->bindlock);
1062 __unix_set_addr(sk, addr, addr->hash);
1063 spin_unlock(&unix_table_lock);
1064 mutex_unlock(&u->bindlock);
1068 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1070 struct sock *sk = sock->sk;
1071 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1072 char *sun_path = sunaddr->sun_path;
1075 struct unix_address *addr;
1077 if (addr_len < offsetofend(struct sockaddr_un, sun_family) ||
1078 sunaddr->sun_family != AF_UNIX)
1081 if (addr_len == sizeof(short))
1082 return unix_autobind(sock);
1084 err = unix_mkname(sunaddr, addr_len, &hash);
1088 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
1092 memcpy(addr->name, sunaddr, addr_len);
1093 addr->len = addr_len;
1094 addr->hash = hash ^ sk->sk_type;
1095 refcount_set(&addr->refcnt, 1);
1098 err = unix_bind_bsd(sk, addr);
1100 err = unix_bind_abstract(sk, addr);
1102 unix_release_addr(addr);
1103 return err == -EEXIST ? -EADDRINUSE : err;
1106 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
1108 if (unlikely(sk1 == sk2) || !sk2) {
1109 unix_state_lock(sk1);
1113 unix_state_lock(sk1);
1114 unix_state_lock_nested(sk2);
1116 unix_state_lock(sk2);
1117 unix_state_lock_nested(sk1);
1121 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
1123 if (unlikely(sk1 == sk2) || !sk2) {
1124 unix_state_unlock(sk1);
1127 unix_state_unlock(sk1);
1128 unix_state_unlock(sk2);
1131 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
1132 int alen, int flags)
1134 struct sock *sk = sock->sk;
1135 struct net *net = sock_net(sk);
1136 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
1142 if (alen < offsetofend(struct sockaddr, sa_family))
1145 if (addr->sa_family != AF_UNSPEC) {
1146 err = unix_mkname(sunaddr, alen, &hash);
1151 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
1152 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
1156 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
1160 unix_state_double_lock(sk, other);
1162 /* Apparently VFS overslept socket death. Retry. */
1163 if (sock_flag(other, SOCK_DEAD)) {
1164 unix_state_double_unlock(sk, other);
1170 if (!unix_may_send(sk, other))
1173 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1179 * 1003.1g breaking connected state with AF_UNSPEC
1182 unix_state_double_lock(sk, other);
1186 * If it was connected, reconnect.
1188 if (unix_peer(sk)) {
1189 struct sock *old_peer = unix_peer(sk);
1190 unix_peer(sk) = other;
1191 unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer);
1193 unix_state_double_unlock(sk, other);
1195 if (other != old_peer)
1196 unix_dgram_disconnected(sk, old_peer);
1199 unix_peer(sk) = other;
1200 unix_state_double_unlock(sk, other);
1205 unix_state_double_unlock(sk, other);
1211 static long unix_wait_for_peer(struct sock *other, long timeo)
1212 __releases(&unix_sk(other)->lock)
1214 struct unix_sock *u = unix_sk(other);
1218 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1220 sched = !sock_flag(other, SOCK_DEAD) &&
1221 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1222 unix_recvq_full(other);
1224 unix_state_unlock(other);
1227 timeo = schedule_timeout(timeo);
1229 finish_wait(&u->peer_wait, &wait);
1233 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1234 int addr_len, int flags)
1236 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1237 struct sock *sk = sock->sk;
1238 struct net *net = sock_net(sk);
1239 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1240 struct sock *newsk = NULL;
1241 struct sock *other = NULL;
1242 struct sk_buff *skb = NULL;
1248 err = unix_mkname(sunaddr, addr_len, &hash);
1253 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1254 (err = unix_autobind(sock)) != 0)
1257 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1259 /* First of all allocate resources.
1260 If we will make it after state is locked,
1261 we will have to recheck all again in any case.
1266 /* create new sock for complete connection */
1267 newsk = unix_create1(sock_net(sk), NULL, 0);
1271 /* Allocate skb for sending to listening sock */
1272 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1277 /* Find listening sock. */
1278 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1282 /* Latch state of peer */
1283 unix_state_lock(other);
1285 /* Apparently VFS overslept socket death. Retry. */
1286 if (sock_flag(other, SOCK_DEAD)) {
1287 unix_state_unlock(other);
1292 err = -ECONNREFUSED;
1293 if (other->sk_state != TCP_LISTEN)
1295 if (other->sk_shutdown & RCV_SHUTDOWN)
1298 if (unix_recvq_full(other)) {
1303 timeo = unix_wait_for_peer(other, timeo);
1305 err = sock_intr_errno(timeo);
1306 if (signal_pending(current))
1314 It is tricky place. We need to grab our state lock and cannot
1315 drop lock on peer. It is dangerous because deadlock is
1316 possible. Connect to self case and simultaneous
1317 attempt to connect are eliminated by checking socket
1318 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1319 check this before attempt to grab lock.
1321 Well, and we have to recheck the state after socket locked.
1327 /* This is ok... continue with connect */
1329 case TCP_ESTABLISHED:
1330 /* Socket is already connected */
1338 unix_state_lock_nested(sk);
1340 if (sk->sk_state != st) {
1341 unix_state_unlock(sk);
1342 unix_state_unlock(other);
1347 err = security_unix_stream_connect(sk, other, newsk);
1349 unix_state_unlock(sk);
1353 /* The way is open! Fastly set all the necessary fields... */
1356 unix_peer(newsk) = sk;
1357 newsk->sk_state = TCP_ESTABLISHED;
1358 newsk->sk_type = sk->sk_type;
1359 init_peercred(newsk);
1360 newu = unix_sk(newsk);
1361 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1362 otheru = unix_sk(other);
1364 /* copy address information from listening to new sock
1366 * The contents of *(otheru->addr) and otheru->path
1367 * are seen fully set up here, since we have found
1368 * otheru in hash under unix_table_lock. Insertion
1369 * into the hash chain we'd found it in had been done
1370 * in an earlier critical area protected by unix_table_lock,
1371 * the same one where we'd set *(otheru->addr) contents,
1372 * as well as otheru->path and otheru->addr itself.
1374 * Using smp_store_release() here to set newu->addr
1375 * is enough to make those stores, as well as stores
1376 * to newu->path visible to anyone who gets newu->addr
1377 * by smp_load_acquire(). IOW, the same warranties
1378 * as for unix_sock instances bound in unix_bind() or
1379 * in unix_autobind().
1381 if (otheru->path.dentry) {
1382 path_get(&otheru->path);
1383 newu->path = otheru->path;
1385 refcount_inc(&otheru->addr->refcnt);
1386 smp_store_release(&newu->addr, otheru->addr);
1388 /* Set credentials */
1389 copy_peercred(sk, other);
1391 sock->state = SS_CONNECTED;
1392 sk->sk_state = TCP_ESTABLISHED;
1395 smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */
1396 unix_peer(sk) = newsk;
1398 unix_state_unlock(sk);
1400 /* take ten and send info to listening sock */
1401 spin_lock(&other->sk_receive_queue.lock);
1402 __skb_queue_tail(&other->sk_receive_queue, skb);
1403 spin_unlock(&other->sk_receive_queue.lock);
1404 unix_state_unlock(other);
1405 other->sk_data_ready(other);
1411 unix_state_unlock(other);
1416 unix_release_sock(newsk, 0);
1422 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1424 struct sock *ska = socka->sk, *skb = sockb->sk;
1426 /* Join our sockets back to back */
1429 unix_peer(ska) = skb;
1430 unix_peer(skb) = ska;
1434 if (ska->sk_type != SOCK_DGRAM) {
1435 ska->sk_state = TCP_ESTABLISHED;
1436 skb->sk_state = TCP_ESTABLISHED;
1437 socka->state = SS_CONNECTED;
1438 sockb->state = SS_CONNECTED;
1443 static void unix_sock_inherit_flags(const struct socket *old,
1446 if (test_bit(SOCK_PASSCRED, &old->flags))
1447 set_bit(SOCK_PASSCRED, &new->flags);
1448 if (test_bit(SOCK_PASSSEC, &old->flags))
1449 set_bit(SOCK_PASSSEC, &new->flags);
1452 static int unix_accept(struct socket *sock, struct socket *newsock, int flags,
1455 struct sock *sk = sock->sk;
1457 struct sk_buff *skb;
1461 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1465 if (sk->sk_state != TCP_LISTEN)
1468 /* If socket state is TCP_LISTEN it cannot change (for now...),
1469 * so that no locks are necessary.
1472 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1474 /* This means receive shutdown. */
1481 skb_free_datagram(sk, skb);
1482 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1484 /* attach accepted sock to socket */
1485 unix_state_lock(tsk);
1486 newsock->state = SS_CONNECTED;
1487 unix_sock_inherit_flags(sock, newsock);
1488 sock_graft(tsk, newsock);
1489 unix_state_unlock(tsk);
1497 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer)
1499 struct sock *sk = sock->sk;
1500 struct unix_address *addr;
1501 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1505 sk = unix_peer_get(sk);
1515 addr = smp_load_acquire(&unix_sk(sk)->addr);
1517 sunaddr->sun_family = AF_UNIX;
1518 sunaddr->sun_path[0] = 0;
1519 err = sizeof(short);
1522 memcpy(sunaddr, addr->name, addr->len);
1529 static void unix_peek_fds(struct scm_cookie *scm, struct sk_buff *skb)
1531 scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1534 * Garbage collection of unix sockets starts by selecting a set of
1535 * candidate sockets which have reference only from being in flight
1536 * (total_refs == inflight_refs). This condition is checked once during
1537 * the candidate collection phase, and candidates are marked as such, so
1538 * that non-candidates can later be ignored. While inflight_refs is
1539 * protected by unix_gc_lock, total_refs (file count) is not, hence this
1540 * is an instantaneous decision.
1542 * Once a candidate, however, the socket must not be reinstalled into a
1543 * file descriptor while the garbage collection is in progress.
1545 * If the above conditions are met, then the directed graph of
1546 * candidates (*) does not change while unix_gc_lock is held.
1548 * Any operations that changes the file count through file descriptors
1549 * (dup, close, sendmsg) does not change the graph since candidates are
1550 * not installed in fds.
1552 * Dequeing a candidate via recvmsg would install it into an fd, but
1553 * that takes unix_gc_lock to decrement the inflight count, so it's
1554 * serialized with garbage collection.
1556 * MSG_PEEK is special in that it does not change the inflight count,
1557 * yet does install the socket into an fd. The following lock/unlock
1558 * pair is to ensure serialization with garbage collection. It must be
1559 * done between incrementing the file count and installing the file into
1562 * If garbage collection starts after the barrier provided by the
1563 * lock/unlock, then it will see the elevated refcount and not mark this
1564 * as a candidate. If a garbage collection is already in progress
1565 * before the file count was incremented, then the lock/unlock pair will
1566 * ensure that garbage collection is finished before progressing to
1567 * installing the fd.
1569 * (*) A -> B where B is on the queue of A or B is on the queue of C
1570 * which is on the queue of listening socket A.
1572 spin_lock(&unix_gc_lock);
1573 spin_unlock(&unix_gc_lock);
1576 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1580 UNIXCB(skb).pid = get_pid(scm->pid);
1581 UNIXCB(skb).uid = scm->creds.uid;
1582 UNIXCB(skb).gid = scm->creds.gid;
1583 UNIXCB(skb).fp = NULL;
1584 unix_get_secdata(scm, skb);
1585 if (scm->fp && send_fds)
1586 err = unix_attach_fds(scm, skb);
1588 skb->destructor = unix_destruct_scm;
1592 static bool unix_passcred_enabled(const struct socket *sock,
1593 const struct sock *other)
1595 return test_bit(SOCK_PASSCRED, &sock->flags) ||
1596 !other->sk_socket ||
1597 test_bit(SOCK_PASSCRED, &other->sk_socket->flags);
1601 * Some apps rely on write() giving SCM_CREDENTIALS
1602 * We include credentials if source or destination socket
1603 * asserted SOCK_PASSCRED.
1605 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1606 const struct sock *other)
1608 if (UNIXCB(skb).pid)
1610 if (unix_passcred_enabled(sock, other)) {
1611 UNIXCB(skb).pid = get_pid(task_tgid(current));
1612 current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid);
1616 static int maybe_init_creds(struct scm_cookie *scm,
1617 struct socket *socket,
1618 const struct sock *other)
1621 struct msghdr msg = { .msg_controllen = 0 };
1623 err = scm_send(socket, &msg, scm, false);
1627 if (unix_passcred_enabled(socket, other)) {
1628 scm->pid = get_pid(task_tgid(current));
1629 current_uid_gid(&scm->creds.uid, &scm->creds.gid);
1634 static bool unix_skb_scm_eq(struct sk_buff *skb,
1635 struct scm_cookie *scm)
1637 const struct unix_skb_parms *u = &UNIXCB(skb);
1639 return u->pid == scm->pid &&
1640 uid_eq(u->uid, scm->creds.uid) &&
1641 gid_eq(u->gid, scm->creds.gid) &&
1642 unix_secdata_eq(scm, skb);
1645 static void scm_stat_add(struct sock *sk, struct sk_buff *skb)
1647 struct scm_fp_list *fp = UNIXCB(skb).fp;
1648 struct unix_sock *u = unix_sk(sk);
1650 if (unlikely(fp && fp->count))
1651 atomic_add(fp->count, &u->scm_stat.nr_fds);
1654 static void scm_stat_del(struct sock *sk, struct sk_buff *skb)
1656 struct scm_fp_list *fp = UNIXCB(skb).fp;
1657 struct unix_sock *u = unix_sk(sk);
1659 if (unlikely(fp && fp->count))
1660 atomic_sub(fp->count, &u->scm_stat.nr_fds);
1664 * Send AF_UNIX data.
1667 static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
1670 struct sock *sk = sock->sk;
1671 struct net *net = sock_net(sk);
1672 struct unix_sock *u = unix_sk(sk);
1673 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
1674 struct sock *other = NULL;
1675 int namelen = 0; /* fake GCC */
1678 struct sk_buff *skb;
1680 struct scm_cookie scm;
1685 err = scm_send(sock, msg, &scm, false);
1690 if (msg->msg_flags&MSG_OOB)
1693 if (msg->msg_namelen) {
1694 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1701 other = unix_peer_get(sk);
1706 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1707 && (err = unix_autobind(sock)) != 0)
1711 if (len > sk->sk_sndbuf - 32)
1714 if (len > SKB_MAX_ALLOC) {
1715 data_len = min_t(size_t,
1716 len - SKB_MAX_ALLOC,
1717 MAX_SKB_FRAGS * PAGE_SIZE);
1718 data_len = PAGE_ALIGN(data_len);
1720 BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE);
1723 skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1724 msg->msg_flags & MSG_DONTWAIT, &err,
1725 PAGE_ALLOC_COSTLY_ORDER);
1729 err = unix_scm_to_skb(&scm, skb, true);
1733 skb_put(skb, len - data_len);
1734 skb->data_len = data_len;
1736 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len);
1740 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1745 if (sunaddr == NULL)
1748 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1754 if (sk_filter(other, skb) < 0) {
1755 /* Toss the packet but do not return any error to the sender */
1761 unix_state_lock(other);
1764 if (!unix_may_send(sk, other))
1767 if (unlikely(sock_flag(other, SOCK_DEAD))) {
1769 * Check with 1003.1g - what should
1772 unix_state_unlock(other);
1776 unix_state_lock(sk);
1779 if (unix_peer(sk) == other) {
1780 unix_peer(sk) = NULL;
1781 unix_dgram_peer_wake_disconnect_wakeup(sk, other);
1783 unix_state_unlock(sk);
1785 unix_dgram_disconnected(sk, other);
1787 err = -ECONNREFUSED;
1789 unix_state_unlock(sk);
1799 if (other->sk_shutdown & RCV_SHUTDOWN)
1802 if (sk->sk_type != SOCK_SEQPACKET) {
1803 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1808 /* other == sk && unix_peer(other) != sk if
1809 * - unix_peer(sk) == NULL, destination address bound to sk
1810 * - unix_peer(sk) == sk by time of get but disconnected before lock
1813 unlikely(unix_peer(other) != sk &&
1814 unix_recvq_full_lockless(other))) {
1816 timeo = unix_wait_for_peer(other, timeo);
1818 err = sock_intr_errno(timeo);
1819 if (signal_pending(current))
1826 unix_state_unlock(other);
1827 unix_state_double_lock(sk, other);
1830 if (unix_peer(sk) != other ||
1831 unix_dgram_peer_wake_me(sk, other)) {
1839 goto restart_locked;
1843 if (unlikely(sk_locked))
1844 unix_state_unlock(sk);
1846 if (sock_flag(other, SOCK_RCVTSTAMP))
1847 __net_timestamp(skb);
1848 maybe_add_creds(skb, sock, other);
1849 scm_stat_add(other, skb);
1850 skb_queue_tail(&other->sk_receive_queue, skb);
1851 unix_state_unlock(other);
1852 other->sk_data_ready(other);
1859 unix_state_unlock(sk);
1860 unix_state_unlock(other);
1870 /* We use paged skbs for stream sockets, and limit occupancy to 32768
1871 * bytes, and a minimum of a full page.
1873 #define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768))
1875 static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
1878 struct sock *sk = sock->sk;
1879 struct sock *other = NULL;
1881 struct sk_buff *skb;
1883 struct scm_cookie scm;
1884 bool fds_sent = false;
1888 err = scm_send(sock, msg, &scm, false);
1893 if (msg->msg_flags&MSG_OOB)
1896 if (msg->msg_namelen) {
1897 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1901 other = unix_peer(sk);
1906 if (sk->sk_shutdown & SEND_SHUTDOWN)
1909 while (sent < len) {
1912 /* Keep two messages in the pipe so it schedules better */
1913 size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64);
1915 /* allow fallback to order-0 allocations */
1916 size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ);
1918 data_len = max_t(int, 0, size - SKB_MAX_HEAD(0));
1920 data_len = min_t(size_t, size, PAGE_ALIGN(data_len));
1922 skb = sock_alloc_send_pskb(sk, size - data_len, data_len,
1923 msg->msg_flags & MSG_DONTWAIT, &err,
1924 get_order(UNIX_SKB_FRAGS_SZ));
1928 /* Only send the fds in the first buffer */
1929 err = unix_scm_to_skb(&scm, skb, !fds_sent);
1936 skb_put(skb, size - data_len);
1937 skb->data_len = data_len;
1939 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size);
1945 unix_state_lock(other);
1947 if (sock_flag(other, SOCK_DEAD) ||
1948 (other->sk_shutdown & RCV_SHUTDOWN))
1951 maybe_add_creds(skb, sock, other);
1952 scm_stat_add(other, skb);
1953 skb_queue_tail(&other->sk_receive_queue, skb);
1954 unix_state_unlock(other);
1955 other->sk_data_ready(other);
1964 unix_state_unlock(other);
1967 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1968 send_sig(SIGPIPE, current, 0);
1972 return sent ? : err;
1975 static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page,
1976 int offset, size_t size, int flags)
1979 bool send_sigpipe = false;
1980 bool init_scm = true;
1981 struct scm_cookie scm;
1982 struct sock *other, *sk = socket->sk;
1983 struct sk_buff *skb, *newskb = NULL, *tail = NULL;
1985 if (flags & MSG_OOB)
1988 other = unix_peer(sk);
1989 if (!other || sk->sk_state != TCP_ESTABLISHED)
1994 unix_state_unlock(other);
1995 mutex_unlock(&unix_sk(other)->iolock);
1996 newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT,
2002 /* we must acquire iolock as we modify already present
2003 * skbs in the sk_receive_queue and mess with skb->len
2005 err = mutex_lock_interruptible(&unix_sk(other)->iolock);
2007 err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS;
2011 if (sk->sk_shutdown & SEND_SHUTDOWN) {
2013 send_sigpipe = true;
2017 unix_state_lock(other);
2019 if (sock_flag(other, SOCK_DEAD) ||
2020 other->sk_shutdown & RCV_SHUTDOWN) {
2022 send_sigpipe = true;
2023 goto err_state_unlock;
2027 err = maybe_init_creds(&scm, socket, other);
2029 goto err_state_unlock;
2033 skb = skb_peek_tail(&other->sk_receive_queue);
2034 if (tail && tail == skb) {
2036 } else if (!skb || !unix_skb_scm_eq(skb, &scm)) {
2043 } else if (newskb) {
2044 /* this is fast path, we don't necessarily need to
2045 * call to kfree_skb even though with newskb == NULL
2046 * this - does no harm
2048 consume_skb(newskb);
2052 if (skb_append_pagefrags(skb, page, offset, size)) {
2058 skb->data_len += size;
2059 skb->truesize += size;
2060 refcount_add(size, &sk->sk_wmem_alloc);
2063 err = unix_scm_to_skb(&scm, skb, false);
2065 goto err_state_unlock;
2066 spin_lock(&other->sk_receive_queue.lock);
2067 __skb_queue_tail(&other->sk_receive_queue, newskb);
2068 spin_unlock(&other->sk_receive_queue.lock);
2071 unix_state_unlock(other);
2072 mutex_unlock(&unix_sk(other)->iolock);
2074 other->sk_data_ready(other);
2079 unix_state_unlock(other);
2081 mutex_unlock(&unix_sk(other)->iolock);
2084 if (send_sigpipe && !(flags & MSG_NOSIGNAL))
2085 send_sig(SIGPIPE, current, 0);
2091 static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
2095 struct sock *sk = sock->sk;
2097 err = sock_error(sk);
2101 if (sk->sk_state != TCP_ESTABLISHED)
2104 if (msg->msg_namelen)
2105 msg->msg_namelen = 0;
2107 return unix_dgram_sendmsg(sock, msg, len);
2110 static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg,
2111 size_t size, int flags)
2113 struct sock *sk = sock->sk;
2115 if (sk->sk_state != TCP_ESTABLISHED)
2118 return unix_dgram_recvmsg(sock, msg, size, flags);
2121 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
2123 struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr);
2126 msg->msg_namelen = addr->len;
2127 memcpy(msg->msg_name, addr->name, addr->len);
2131 static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg,
2132 size_t size, int flags)
2134 struct scm_cookie scm;
2135 struct sock *sk = sock->sk;
2136 struct unix_sock *u = unix_sk(sk);
2137 struct sk_buff *skb, *last;
2146 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
2149 mutex_lock(&u->iolock);
2151 skip = sk_peek_offset(sk, flags);
2152 skb = __skb_try_recv_datagram(sk, &sk->sk_receive_queue, flags,
2153 &skip, &err, &last);
2155 if (!(flags & MSG_PEEK))
2156 scm_stat_del(sk, skb);
2160 mutex_unlock(&u->iolock);
2165 !__skb_wait_for_more_packets(sk, &sk->sk_receive_queue,
2166 &err, &timeo, last));
2168 if (!skb) { /* implies iolock unlocked */
2169 unix_state_lock(sk);
2170 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
2171 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
2172 (sk->sk_shutdown & RCV_SHUTDOWN))
2174 unix_state_unlock(sk);
2178 if (wq_has_sleeper(&u->peer_wait))
2179 wake_up_interruptible_sync_poll(&u->peer_wait,
2180 EPOLLOUT | EPOLLWRNORM |
2184 unix_copy_addr(msg, skb->sk);
2186 if (size > skb->len - skip)
2187 size = skb->len - skip;
2188 else if (size < skb->len - skip)
2189 msg->msg_flags |= MSG_TRUNC;
2191 err = skb_copy_datagram_msg(skb, skip, msg, size);
2195 if (sock_flag(sk, SOCK_RCVTSTAMP))
2196 __sock_recv_timestamp(msg, sk, skb);
2198 memset(&scm, 0, sizeof(scm));
2200 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2201 unix_set_secdata(&scm, skb);
2203 if (!(flags & MSG_PEEK)) {
2205 unix_detach_fds(&scm, skb);
2207 sk_peek_offset_bwd(sk, skb->len);
2209 /* It is questionable: on PEEK we could:
2210 - do not return fds - good, but too simple 8)
2211 - return fds, and do not return them on read (old strategy,
2213 - clone fds (I chose it for now, it is the most universal
2216 POSIX 1003.1g does not actually define this clearly
2217 at all. POSIX 1003.1g doesn't define a lot of things
2222 sk_peek_offset_fwd(sk, size);
2225 unix_peek_fds(&scm, skb);
2227 err = (flags & MSG_TRUNC) ? skb->len - skip : size;
2229 scm_recv(sock, msg, &scm, flags);
2232 skb_free_datagram(sk, skb);
2233 mutex_unlock(&u->iolock);
2239 * Sleep until more data has arrived. But check for races..
2241 static long unix_stream_data_wait(struct sock *sk, long timeo,
2242 struct sk_buff *last, unsigned int last_len,
2245 struct sk_buff *tail;
2248 unix_state_lock(sk);
2251 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2253 tail = skb_peek_tail(&sk->sk_receive_queue);
2255 (tail && tail->len != last_len) ||
2257 (sk->sk_shutdown & RCV_SHUTDOWN) ||
2258 signal_pending(current) ||
2262 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2263 unix_state_unlock(sk);
2265 timeo = freezable_schedule_timeout(timeo);
2267 timeo = schedule_timeout(timeo);
2268 unix_state_lock(sk);
2270 if (sock_flag(sk, SOCK_DEAD))
2273 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2276 finish_wait(sk_sleep(sk), &wait);
2277 unix_state_unlock(sk);
2281 static unsigned int unix_skb_len(const struct sk_buff *skb)
2283 return skb->len - UNIXCB(skb).consumed;
2286 struct unix_stream_read_state {
2287 int (*recv_actor)(struct sk_buff *, int, int,
2288 struct unix_stream_read_state *);
2289 struct socket *socket;
2291 struct pipe_inode_info *pipe;
2294 unsigned int splice_flags;
2297 static int unix_stream_read_generic(struct unix_stream_read_state *state,
2300 struct scm_cookie scm;
2301 struct socket *sock = state->socket;
2302 struct sock *sk = sock->sk;
2303 struct unix_sock *u = unix_sk(sk);
2305 int flags = state->flags;
2306 int noblock = flags & MSG_DONTWAIT;
2307 bool check_creds = false;
2312 size_t size = state->size;
2313 unsigned int last_len;
2315 if (unlikely(sk->sk_state != TCP_ESTABLISHED)) {
2320 if (unlikely(flags & MSG_OOB)) {
2325 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
2326 timeo = sock_rcvtimeo(sk, noblock);
2328 memset(&scm, 0, sizeof(scm));
2330 /* Lock the socket to prevent queue disordering
2331 * while sleeps in memcpy_tomsg
2333 mutex_lock(&u->iolock);
2335 skip = max(sk_peek_offset(sk, flags), 0);
2340 struct sk_buff *skb, *last;
2343 unix_state_lock(sk);
2344 if (sock_flag(sk, SOCK_DEAD)) {
2348 last = skb = skb_peek(&sk->sk_receive_queue);
2349 last_len = last ? last->len : 0;
2352 if (copied >= target)
2356 * POSIX 1003.1g mandates this order.
2359 err = sock_error(sk);
2362 if (sk->sk_shutdown & RCV_SHUTDOWN)
2365 unix_state_unlock(sk);
2371 mutex_unlock(&u->iolock);
2373 timeo = unix_stream_data_wait(sk, timeo, last,
2374 last_len, freezable);
2376 if (signal_pending(current)) {
2377 err = sock_intr_errno(timeo);
2382 mutex_lock(&u->iolock);
2385 unix_state_unlock(sk);
2389 while (skip >= unix_skb_len(skb)) {
2390 skip -= unix_skb_len(skb);
2392 last_len = skb->len;
2393 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2398 unix_state_unlock(sk);
2401 /* Never glue messages from different writers */
2402 if (!unix_skb_scm_eq(skb, &scm))
2404 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
2405 /* Copy credentials */
2406 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2407 unix_set_secdata(&scm, skb);
2411 /* Copy address just once */
2412 if (state->msg && state->msg->msg_name) {
2413 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
2414 state->msg->msg_name);
2415 unix_copy_addr(state->msg, skb->sk);
2419 chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
2421 chunk = state->recv_actor(skb, skip, chunk, state);
2422 drop_skb = !unix_skb_len(skb);
2423 /* skb is only safe to use if !drop_skb */
2434 /* the skb was touched by a concurrent reader;
2435 * we should not expect anything from this skb
2436 * anymore and assume it invalid - we can be
2437 * sure it was dropped from the socket queue
2439 * let's report a short read
2445 /* Mark read part of skb as used */
2446 if (!(flags & MSG_PEEK)) {
2447 UNIXCB(skb).consumed += chunk;
2449 sk_peek_offset_bwd(sk, chunk);
2451 if (UNIXCB(skb).fp) {
2452 scm_stat_del(sk, skb);
2453 unix_detach_fds(&scm, skb);
2456 if (unix_skb_len(skb))
2459 skb_unlink(skb, &sk->sk_receive_queue);
2465 /* It is questionable, see note in unix_dgram_recvmsg.
2468 unix_peek_fds(&scm, skb);
2470 sk_peek_offset_fwd(sk, chunk);
2477 last_len = skb->len;
2478 unix_state_lock(sk);
2479 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2482 unix_state_unlock(sk);
2487 mutex_unlock(&u->iolock);
2489 scm_recv(sock, state->msg, &scm, flags);
2493 return copied ? : err;
2496 static int unix_stream_read_actor(struct sk_buff *skb,
2497 int skip, int chunk,
2498 struct unix_stream_read_state *state)
2502 ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
2504 return ret ?: chunk;
2507 static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
2508 size_t size, int flags)
2510 struct unix_stream_read_state state = {
2511 .recv_actor = unix_stream_read_actor,
2518 return unix_stream_read_generic(&state, true);
2521 static int unix_stream_splice_actor(struct sk_buff *skb,
2522 int skip, int chunk,
2523 struct unix_stream_read_state *state)
2525 return skb_splice_bits(skb, state->socket->sk,
2526 UNIXCB(skb).consumed + skip,
2527 state->pipe, chunk, state->splice_flags);
2530 static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos,
2531 struct pipe_inode_info *pipe,
2532 size_t size, unsigned int flags)
2534 struct unix_stream_read_state state = {
2535 .recv_actor = unix_stream_splice_actor,
2539 .splice_flags = flags,
2542 if (unlikely(*ppos))
2545 if (sock->file->f_flags & O_NONBLOCK ||
2546 flags & SPLICE_F_NONBLOCK)
2547 state.flags = MSG_DONTWAIT;
2549 return unix_stream_read_generic(&state, false);
2552 static int unix_shutdown(struct socket *sock, int mode)
2554 struct sock *sk = sock->sk;
2557 if (mode < SHUT_RD || mode > SHUT_RDWR)
2560 * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2561 * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2562 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2566 unix_state_lock(sk);
2567 sk->sk_shutdown |= mode;
2568 other = unix_peer(sk);
2571 unix_state_unlock(sk);
2572 sk->sk_state_change(sk);
2575 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2579 if (mode&RCV_SHUTDOWN)
2580 peer_mode |= SEND_SHUTDOWN;
2581 if (mode&SEND_SHUTDOWN)
2582 peer_mode |= RCV_SHUTDOWN;
2583 unix_state_lock(other);
2584 other->sk_shutdown |= peer_mode;
2585 unix_state_unlock(other);
2586 other->sk_state_change(other);
2587 if (peer_mode == SHUTDOWN_MASK)
2588 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2589 else if (peer_mode & RCV_SHUTDOWN)
2590 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2598 long unix_inq_len(struct sock *sk)
2600 struct sk_buff *skb;
2603 if (sk->sk_state == TCP_LISTEN)
2606 spin_lock(&sk->sk_receive_queue.lock);
2607 if (sk->sk_type == SOCK_STREAM ||
2608 sk->sk_type == SOCK_SEQPACKET) {
2609 skb_queue_walk(&sk->sk_receive_queue, skb)
2610 amount += unix_skb_len(skb);
2612 skb = skb_peek(&sk->sk_receive_queue);
2616 spin_unlock(&sk->sk_receive_queue.lock);
2620 EXPORT_SYMBOL_GPL(unix_inq_len);
2622 long unix_outq_len(struct sock *sk)
2624 return sk_wmem_alloc_get(sk);
2626 EXPORT_SYMBOL_GPL(unix_outq_len);
2628 static int unix_open_file(struct sock *sk)
2634 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2637 if (!smp_load_acquire(&unix_sk(sk)->addr))
2640 path = unix_sk(sk)->path;
2646 fd = get_unused_fd_flags(O_CLOEXEC);
2650 f = dentry_open(&path, O_PATH, current_cred());
2664 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2666 struct sock *sk = sock->sk;
2672 amount = unix_outq_len(sk);
2673 err = put_user(amount, (int __user *)arg);
2676 amount = unix_inq_len(sk);
2680 err = put_user(amount, (int __user *)arg);
2683 err = unix_open_file(sk);
2692 #ifdef CONFIG_COMPAT
2693 static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2695 return unix_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
2699 static __poll_t unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2701 struct sock *sk = sock->sk;
2704 sock_poll_wait(file, sock, wait);
2707 /* exceptional events? */
2710 if (sk->sk_shutdown == SHUTDOWN_MASK)
2712 if (sk->sk_shutdown & RCV_SHUTDOWN)
2713 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2716 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
2717 mask |= EPOLLIN | EPOLLRDNORM;
2719 /* Connection-based need to check for termination and startup */
2720 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2721 sk->sk_state == TCP_CLOSE)
2725 * we set writable also when the other side has shut down the
2726 * connection. This prevents stuck sockets.
2728 if (unix_writable(sk))
2729 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2734 static __poll_t unix_dgram_poll(struct file *file, struct socket *sock,
2737 struct sock *sk = sock->sk, *other;
2738 unsigned int writable;
2741 sock_poll_wait(file, sock, wait);
2744 /* exceptional events? */
2745 if (sk->sk_err || !skb_queue_empty_lockless(&sk->sk_error_queue))
2747 (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0);
2749 if (sk->sk_shutdown & RCV_SHUTDOWN)
2750 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2751 if (sk->sk_shutdown == SHUTDOWN_MASK)
2755 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
2756 mask |= EPOLLIN | EPOLLRDNORM;
2758 /* Connection-based need to check for termination and startup */
2759 if (sk->sk_type == SOCK_SEQPACKET) {
2760 if (sk->sk_state == TCP_CLOSE)
2762 /* connection hasn't started yet? */
2763 if (sk->sk_state == TCP_SYN_SENT)
2767 /* No write status requested, avoid expensive OUT tests. */
2768 if (!(poll_requested_events(wait) & (EPOLLWRBAND|EPOLLWRNORM|EPOLLOUT)))
2771 writable = unix_writable(sk);
2773 unix_state_lock(sk);
2775 other = unix_peer(sk);
2776 if (other && unix_peer(other) != sk &&
2777 unix_recvq_full(other) &&
2778 unix_dgram_peer_wake_me(sk, other))
2781 unix_state_unlock(sk);
2785 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2787 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2792 #ifdef CONFIG_PROC_FS
2794 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2796 #define get_bucket(x) ((x) >> BUCKET_SPACE)
2797 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2798 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2800 static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
2802 unsigned long offset = get_offset(*pos);
2803 unsigned long bucket = get_bucket(*pos);
2805 unsigned long count = 0;
2807 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
2808 if (sock_net(sk) != seq_file_net(seq))
2810 if (++count == offset)
2817 static struct sock *unix_next_socket(struct seq_file *seq,
2821 unsigned long bucket;
2823 while (sk > (struct sock *)SEQ_START_TOKEN) {
2827 if (sock_net(sk) == seq_file_net(seq))
2832 sk = unix_from_bucket(seq, pos);
2837 bucket = get_bucket(*pos) + 1;
2838 *pos = set_bucket_offset(bucket, 1);
2839 } while (bucket < ARRAY_SIZE(unix_socket_table));
2844 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2845 __acquires(unix_table_lock)
2847 spin_lock(&unix_table_lock);
2850 return SEQ_START_TOKEN;
2852 if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
2855 return unix_next_socket(seq, NULL, pos);
2858 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2861 return unix_next_socket(seq, v, pos);
2864 static void unix_seq_stop(struct seq_file *seq, void *v)
2865 __releases(unix_table_lock)
2867 spin_unlock(&unix_table_lock);
2870 static int unix_seq_show(struct seq_file *seq, void *v)
2873 if (v == SEQ_START_TOKEN)
2874 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2878 struct unix_sock *u = unix_sk(s);
2881 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2883 refcount_read(&s->sk_refcnt),
2885 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2888 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2889 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2892 if (u->addr) { // under unix_table_lock here
2897 len = u->addr->len - sizeof(short);
2898 if (!UNIX_ABSTRACT(s))
2904 for ( ; i < len; i++)
2905 seq_putc(seq, u->addr->name->sun_path[i] ?:
2908 unix_state_unlock(s);
2909 seq_putc(seq, '\n');
2915 static const struct seq_operations unix_seq_ops = {
2916 .start = unix_seq_start,
2917 .next = unix_seq_next,
2918 .stop = unix_seq_stop,
2919 .show = unix_seq_show,
2923 static const struct net_proto_family unix_family_ops = {
2925 .create = unix_create,
2926 .owner = THIS_MODULE,
2930 static int __net_init unix_net_init(struct net *net)
2932 int error = -ENOMEM;
2934 net->unx.sysctl_max_dgram_qlen = 10;
2935 if (unix_sysctl_register(net))
2938 #ifdef CONFIG_PROC_FS
2939 if (!proc_create_net("unix", 0, net->proc_net, &unix_seq_ops,
2940 sizeof(struct seq_net_private))) {
2941 unix_sysctl_unregister(net);
2950 static void __net_exit unix_net_exit(struct net *net)
2952 unix_sysctl_unregister(net);
2953 remove_proc_entry("unix", net->proc_net);
2956 static struct pernet_operations unix_net_ops = {
2957 .init = unix_net_init,
2958 .exit = unix_net_exit,
2961 static int __init af_unix_init(void)
2965 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof_field(struct sk_buff, cb));
2967 rc = proto_register(&unix_proto, 1);
2969 pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__);
2973 sock_register(&unix_family_ops);
2974 register_pernet_subsys(&unix_net_ops);
2979 static void __exit af_unix_exit(void)
2981 sock_unregister(PF_UNIX);
2982 proto_unregister(&unix_proto);
2983 unregister_pernet_subsys(&unix_net_ops);
2986 /* Earlier than device_initcall() so that other drivers invoking
2987 request_module() don't end up in a loop when modprobe tries
2988 to use a UNIX socket. But later than subsys_initcall() because
2989 we depend on stuff initialised there */
2990 fs_initcall(af_unix_init);
2991 module_exit(af_unix_exit);
2993 MODULE_LICENSE("GPL");
2994 MODULE_ALIAS_NETPROTO(PF_UNIX);