]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - net/unix/af_unix.c
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:


74d1eed7cbd4ea1c641db2fa9a104cc648715d24
[mirror_ubuntu-jammy-kernel.git] / net / unix / af_unix.c
1 /*
2 * NET4: Implementation of BSD Unix domain sockets.
3 *
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 * Fixes:
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
21 * Mike Shaver's work.
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
28 * reference counting
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
31 * Lots of bug fixes.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
43 * dgram receiver.
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
51 *
52 *
53 * Known differences from reference BSD that was tested:
54 *
55 * [TO FIX]
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
60 * [NOT TO FIX]
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
68 *
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
73 *
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
80 * with BSD names.
81 */
82
83 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
84
85 #include <linux/module.h>
86 #include <linux/kernel.h>
87 #include <linux/signal.h>
88 #include <linux/sched/signal.h>
89 #include <linux/errno.h>
90 #include <linux/string.h>
91 #include <linux/stat.h>
92 #include <linux/dcache.h>
93 #include <linux/namei.h>
94 #include <linux/socket.h>
95 #include <linux/un.h>
96 #include <linux/fcntl.h>
97 #include <linux/termios.h>
98 #include <linux/sockios.h>
99 #include <linux/net.h>
100 #include <linux/in.h>
101 #include <linux/fs.h>
102 #include <linux/slab.h>
103 #include <linux/uaccess.h>
104 #include <linux/skbuff.h>
105 #include <linux/netdevice.h>
106 #include <net/net_namespace.h>
107 #include <net/sock.h>
108 #include <net/tcp_states.h>
109 #include <net/af_unix.h>
110 #include <linux/proc_fs.h>
111 #include <linux/seq_file.h>
112 #include <net/scm.h>
113 #include <linux/init.h>
114 #include <linux/poll.h>
115 #include <linux/rtnetlink.h>
116 #include <linux/mount.h>
117 #include <net/checksum.h>
118 #include <linux/security.h>
119 #include <linux/freezer.h>
120 #include <linux/file.h>
121
122 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
123 EXPORT_SYMBOL_GPL(unix_socket_table);
124 DEFINE_SPINLOCK(unix_table_lock);
125 EXPORT_SYMBOL_GPL(unix_table_lock);
126 static atomic_long_t unix_nr_socks;
127
128
129 static struct hlist_head *unix_sockets_unbound(void *addr)
130 {
131 unsigned long hash = (unsigned long)addr;
132
133 hash ^= hash >> 16;
134 hash ^= hash >> 8;
135 hash %= UNIX_HASH_SIZE;
136 return &unix_socket_table[UNIX_HASH_SIZE + hash];
137 }
138
139 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
140
141 #ifdef CONFIG_SECURITY_NETWORK
142 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
143 {
144 UNIXCB(skb).secid = scm->secid;
145 }
146
147 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
148 {
149 scm->secid = UNIXCB(skb).secid;
150 }
151
152 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
153 {
154 return (scm->secid == UNIXCB(skb).secid);
155 }
156 #else
157 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
158 { }
159
160 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
161 { }
162
163 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
164 {
165 return true;
166 }
167 #endif /* CONFIG_SECURITY_NETWORK */
168
169 /*
170 * SMP locking strategy:
171 * hash table is protected with spinlock unix_table_lock
172 * each socket state is protected by separate spin lock.
173 */
174
175 static inline unsigned int unix_hash_fold(__wsum n)
176 {
177 unsigned int hash = (__force unsigned int)csum_fold(n);
178
179 hash ^= hash>>8;
180 return hash&(UNIX_HASH_SIZE-1);
181 }
182
183 #define unix_peer(sk) (unix_sk(sk)->peer)
184
185 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
186 {
187 return unix_peer(osk) == sk;
188 }
189
190 static inline int unix_may_send(struct sock *sk, struct sock *osk)
191 {
192 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
193 }
194
195 static inline int unix_recvq_full(struct sock const *sk)
196 {
197 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
198 }
199
200 struct sock *unix_peer_get(struct sock *s)
201 {
202 struct sock *peer;
203
204 unix_state_lock(s);
205 peer = unix_peer(s);
206 if (peer)
207 sock_hold(peer);
208 unix_state_unlock(s);
209 return peer;
210 }
211 EXPORT_SYMBOL_GPL(unix_peer_get);
212
213 static inline void unix_release_addr(struct unix_address *addr)
214 {
215 if (refcount_dec_and_test(&addr->refcnt))
216 kfree(addr);
217 }
218
219 /*
220 * Check unix socket name:
221 * - should be not zero length.
222 * - if started by not zero, should be NULL terminated (FS object)
223 * - if started by zero, it is abstract name.
224 */
225
226 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
227 {
228 *hashp = 0;
229
230 if (len <= sizeof(short) || len > sizeof(*sunaddr))
231 return -EINVAL;
232 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
233 return -EINVAL;
234 if (sunaddr->sun_path[0]) {
235 /*
236 * This may look like an off by one error but it is a bit more
237 * subtle. 108 is the longest valid AF_UNIX path for a binding.
238 * sun_path[108] doesn't as such exist. However in kernel space
239 * we are guaranteed that it is a valid memory location in our
240 * kernel address buffer.
241 */
242 ((char *)sunaddr)[len] = 0;
243 len = strlen(sunaddr->sun_path)+1+sizeof(short);
244 return len;
245 }
246
247 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
248 return len;
249 }
250
251 static void __unix_remove_socket(struct sock *sk)
252 {
253 sk_del_node_init(sk);
254 }
255
256 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
257 {
258 WARN_ON(!sk_unhashed(sk));
259 sk_add_node(sk, list);
260 }
261
262 static inline void unix_remove_socket(struct sock *sk)
263 {
264 spin_lock(&unix_table_lock);
265 __unix_remove_socket(sk);
266 spin_unlock(&unix_table_lock);
267 }
268
269 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
270 {
271 spin_lock(&unix_table_lock);
272 __unix_insert_socket(list, sk);
273 spin_unlock(&unix_table_lock);
274 }
275
276 static struct sock *__unix_find_socket_byname(struct net *net,
277 struct sockaddr_un *sunname,
278 int len, int type, unsigned int hash)
279 {
280 struct sock *s;
281
282 sk_for_each(s, &unix_socket_table[hash ^ type]) {
283 struct unix_sock *u = unix_sk(s);
284
285 if (!net_eq(sock_net(s), net))
286 continue;
287
288 if (u->addr->len == len &&
289 !memcmp(u->addr->name, sunname, len))
290 goto found;
291 }
292 s = NULL;
293 found:
294 return s;
295 }
296
297 static inline struct sock *unix_find_socket_byname(struct net *net,
298 struct sockaddr_un *sunname,
299 int len, int type,
300 unsigned int hash)
301 {
302 struct sock *s;
303
304 spin_lock(&unix_table_lock);
305 s = __unix_find_socket_byname(net, sunname, len, type, hash);
306 if (s)
307 sock_hold(s);
308 spin_unlock(&unix_table_lock);
309 return s;
310 }
311
312 static struct sock *unix_find_socket_byinode(struct inode *i)
313 {
314 struct sock *s;
315
316 spin_lock(&unix_table_lock);
317 sk_for_each(s,
318 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
319 struct dentry *dentry = unix_sk(s)->path.dentry;
320
321 if (dentry && d_backing_inode(dentry) == i) {
322 sock_hold(s);
323 goto found;
324 }
325 }
326 s = NULL;
327 found:
328 spin_unlock(&unix_table_lock);
329 return s;
330 }
331
332 /* Support code for asymmetrically connected dgram sockets
333 *
334 * If a datagram socket is connected to a socket not itself connected
335 * to the first socket (eg, /dev/log), clients may only enqueue more
336 * messages if the present receive queue of the server socket is not
337 * "too large". This means there's a second writeability condition
338 * poll and sendmsg need to test. The dgram recv code will do a wake
339 * up on the peer_wait wait queue of a socket upon reception of a
340 * datagram which needs to be propagated to sleeping would-be writers
341 * since these might not have sent anything so far. This can't be
342 * accomplished via poll_wait because the lifetime of the server
343 * socket might be less than that of its clients if these break their
344 * association with it or if the server socket is closed while clients
345 * are still connected to it and there's no way to inform "a polling
346 * implementation" that it should let go of a certain wait queue
347 *
348 * In order to propagate a wake up, a wait_queue_entry_t of the client
349 * socket is enqueued on the peer_wait queue of the server socket
350 * whose wake function does a wake_up on the ordinary client socket
351 * wait queue. This connection is established whenever a write (or
352 * poll for write) hit the flow control condition and broken when the
353 * association to the server socket is dissolved or after a wake up
354 * was relayed.
355 */
356
357 static int unix_dgram_peer_wake_relay(wait_queue_entry_t *q, unsigned mode, int flags,
358 void *key)
359 {
360 struct unix_sock *u;
361 wait_queue_head_t *u_sleep;
362
363 u = container_of(q, struct unix_sock, peer_wake);
364
365 __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait,
366 q);
367 u->peer_wake.private = NULL;
368
369 /* relaying can only happen while the wq still exists */
370 u_sleep = sk_sleep(&u->sk);
371 if (u_sleep)
372 wake_up_interruptible_poll(u_sleep, key_to_poll(key));
373
374 return 0;
375 }
376
377 static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other)
378 {
379 struct unix_sock *u, *u_other;
380 int rc;
381
382 u = unix_sk(sk);
383 u_other = unix_sk(other);
384 rc = 0;
385 spin_lock(&u_other->peer_wait.lock);
386
387 if (!u->peer_wake.private) {
388 u->peer_wake.private = other;
389 __add_wait_queue(&u_other->peer_wait, &u->peer_wake);
390
391 rc = 1;
392 }
393
394 spin_unlock(&u_other->peer_wait.lock);
395 return rc;
396 }
397
398 static void unix_dgram_peer_wake_disconnect(struct sock *sk,
399 struct sock *other)
400 {
401 struct unix_sock *u, *u_other;
402
403 u = unix_sk(sk);
404 u_other = unix_sk(other);
405 spin_lock(&u_other->peer_wait.lock);
406
407 if (u->peer_wake.private == other) {
408 __remove_wait_queue(&u_other->peer_wait, &u->peer_wake);
409 u->peer_wake.private = NULL;
410 }
411
412 spin_unlock(&u_other->peer_wait.lock);
413 }
414
415 static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk,
416 struct sock *other)
417 {
418 unix_dgram_peer_wake_disconnect(sk, other);
419 wake_up_interruptible_poll(sk_sleep(sk),
420 EPOLLOUT |
421 EPOLLWRNORM |
422 EPOLLWRBAND);
423 }
424
425 /* preconditions:
426 * - unix_peer(sk) == other
427 * - association is stable
428 */
429 static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
430 {
431 int connected;
432
433 connected = unix_dgram_peer_wake_connect(sk, other);
434
435 /* If other is SOCK_DEAD, we want to make sure we signal
436 * POLLOUT, such that a subsequent write() can get a
437 * -ECONNREFUSED. Otherwise, if we haven't queued any skbs
438 * to other and its full, we will hang waiting for POLLOUT.
439 */
440 if (unix_recvq_full(other) && !sock_flag(other, SOCK_DEAD))
441 return 1;
442
443 if (connected)
444 unix_dgram_peer_wake_disconnect(sk, other);
445
446 return 0;
447 }
448
449 static int unix_writable(const struct sock *sk)
450 {
451 return sk->sk_state != TCP_LISTEN &&
452 (refcount_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
453 }
454
455 static void unix_write_space(struct sock *sk)
456 {
457 struct socket_wq *wq;
458
459 rcu_read_lock();
460 if (unix_writable(sk)) {
461 wq = rcu_dereference(sk->sk_wq);
462 if (skwq_has_sleeper(wq))
463 wake_up_interruptible_sync_poll(&wq->wait,
464 EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND);
465 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
466 }
467 rcu_read_unlock();
468 }
469
470 /* When dgram socket disconnects (or changes its peer), we clear its receive
471 * queue of packets arrived from previous peer. First, it allows to do
472 * flow control based only on wmem_alloc; second, sk connected to peer
473 * may receive messages only from that peer. */
474 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
475 {
476 if (!skb_queue_empty(&sk->sk_receive_queue)) {
477 skb_queue_purge(&sk->sk_receive_queue);
478 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
479
480 /* If one link of bidirectional dgram pipe is disconnected,
481 * we signal error. Messages are lost. Do not make this,
482 * when peer was not connected to us.
483 */
484 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
485 other->sk_err = ECONNRESET;
486 other->sk_error_report(other);
487 }
488 }
489 }
490
491 static void unix_sock_destructor(struct sock *sk)
492 {
493 struct unix_sock *u = unix_sk(sk);
494
495 skb_queue_purge(&sk->sk_receive_queue);
496
497 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
498 WARN_ON(!sk_unhashed(sk));
499 WARN_ON(sk->sk_socket);
500 if (!sock_flag(sk, SOCK_DEAD)) {
501 pr_info("Attempt to release alive unix socket: %p\n", sk);
502 return;
503 }
504
505 if (u->addr)
506 unix_release_addr(u->addr);
507
508 atomic_long_dec(&unix_nr_socks);
509 local_bh_disable();
510 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
511 local_bh_enable();
512 #ifdef UNIX_REFCNT_DEBUG
513 pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk,
514 atomic_long_read(&unix_nr_socks));
515 #endif
516 }
517
518 static void unix_release_sock(struct sock *sk, int embrion)
519 {
520 struct unix_sock *u = unix_sk(sk);
521 struct path path;
522 struct sock *skpair;
523 struct sk_buff *skb;
524 int state;
525
526 unix_remove_socket(sk);
527
528 /* Clear state */
529 unix_state_lock(sk);
530 sock_orphan(sk);
531 sk->sk_shutdown = SHUTDOWN_MASK;
532 path = u->path;
533 u->path.dentry = NULL;
534 u->path.mnt = NULL;
535 state = sk->sk_state;
536 sk->sk_state = TCP_CLOSE;
537 unix_state_unlock(sk);
538
539 wake_up_interruptible_all(&u->peer_wait);
540
541 skpair = unix_peer(sk);
542
543 if (skpair != NULL) {
544 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
545 unix_state_lock(skpair);
546 /* No more writes */
547 skpair->sk_shutdown = SHUTDOWN_MASK;
548 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
549 skpair->sk_err = ECONNRESET;
550 unix_state_unlock(skpair);
551 skpair->sk_state_change(skpair);
552 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
553 }
554
555 unix_dgram_peer_wake_disconnect(sk, skpair);
556 sock_put(skpair); /* It may now die */
557 unix_peer(sk) = NULL;
558 }
559
560 /* Try to flush out this socket. Throw out buffers at least */
561
562 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
563 if (state == TCP_LISTEN)
564 unix_release_sock(skb->sk, 1);
565 /* passed fds are erased in the kfree_skb hook */
566 UNIXCB(skb).consumed = skb->len;
567 kfree_skb(skb);
568 }
569
570 if (path.dentry)
571 path_put(&path);
572
573 sock_put(sk);
574
575 /* ---- Socket is dead now and most probably destroyed ---- */
576
577 /*
578 * Fixme: BSD difference: In BSD all sockets connected to us get
579 * ECONNRESET and we die on the spot. In Linux we behave
580 * like files and pipes do and wait for the last
581 * dereference.
582 *
583 * Can't we simply set sock->err?
584 *
585 * What the above comment does talk about? --ANK(980817)
586 */
587
588 if (unix_tot_inflight)
589 unix_gc(); /* Garbage collect fds */
590 }
591
592 static void init_peercred(struct sock *sk)
593 {
594 put_pid(sk->sk_peer_pid);
595 if (sk->sk_peer_cred)
596 put_cred(sk->sk_peer_cred);
597 sk->sk_peer_pid = get_pid(task_tgid(current));
598 sk->sk_peer_cred = get_current_cred();
599 }
600
601 static void copy_peercred(struct sock *sk, struct sock *peersk)
602 {
603 put_pid(sk->sk_peer_pid);
604 if (sk->sk_peer_cred)
605 put_cred(sk->sk_peer_cred);
606 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
607 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
608 }
609
610 static int unix_listen(struct socket *sock, int backlog)
611 {
612 int err;
613 struct sock *sk = sock->sk;
614 struct unix_sock *u = unix_sk(sk);
615 struct pid *old_pid = NULL;
616
617 err = -EOPNOTSUPP;
618 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
619 goto out; /* Only stream/seqpacket sockets accept */
620 err = -EINVAL;
621 if (!u->addr)
622 goto out; /* No listens on an unbound socket */
623 unix_state_lock(sk);
624 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
625 goto out_unlock;
626 if (backlog > sk->sk_max_ack_backlog)
627 wake_up_interruptible_all(&u->peer_wait);
628 sk->sk_max_ack_backlog = backlog;
629 sk->sk_state = TCP_LISTEN;
630 /* set credentials so connect can copy them */
631 init_peercred(sk);
632 err = 0;
633
634 out_unlock:
635 unix_state_unlock(sk);
636 put_pid(old_pid);
637 out:
638 return err;
639 }
640
641 static int unix_release(struct socket *);
642 static int unix_bind(struct socket *, struct sockaddr *, int);
643 static int unix_stream_connect(struct socket *, struct sockaddr *,
644 int addr_len, int flags);
645 static int unix_socketpair(struct socket *, struct socket *);
646 static int unix_accept(struct socket *, struct socket *, int, bool);
647 static int unix_getname(struct socket *, struct sockaddr *, int);
648 static __poll_t unix_poll(struct file *, struct socket *, poll_table *);
649 static __poll_t unix_dgram_poll(struct file *, struct socket *,
650 poll_table *);
651 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
652 static int unix_shutdown(struct socket *, int);
653 static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t);
654 static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int);
655 static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset,
656 size_t size, int flags);
657 static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos,
658 struct pipe_inode_info *, size_t size,
659 unsigned int flags);
660 static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t);
661 static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int);
662 static int unix_dgram_connect(struct socket *, struct sockaddr *,
663 int, int);
664 static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t);
665 static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t,
666 int);
667
668 static int unix_set_peek_off(struct sock *sk, int val)
669 {
670 struct unix_sock *u = unix_sk(sk);
671
672 if (mutex_lock_interruptible(&u->iolock))
673 return -EINTR;
674
675 sk->sk_peek_off = val;
676 mutex_unlock(&u->iolock);
677
678 return 0;
679 }
680
681
682 static const struct proto_ops unix_stream_ops = {
683 .family = PF_UNIX,
684 .owner = THIS_MODULE,
685 .release = unix_release,
686 .bind = unix_bind,
687 .connect = unix_stream_connect,
688 .socketpair = unix_socketpair,
689 .accept = unix_accept,
690 .getname = unix_getname,
691 .poll = unix_poll,
692 .ioctl = unix_ioctl,
693 .listen = unix_listen,
694 .shutdown = unix_shutdown,
695 .setsockopt = sock_no_setsockopt,
696 .getsockopt = sock_no_getsockopt,
697 .sendmsg = unix_stream_sendmsg,
698 .recvmsg = unix_stream_recvmsg,
699 .mmap = sock_no_mmap,
700 .sendpage = unix_stream_sendpage,
701 .splice_read = unix_stream_splice_read,
702 .set_peek_off = unix_set_peek_off,
703 };
704
705 static const struct proto_ops unix_dgram_ops = {
706 .family = PF_UNIX,
707 .owner = THIS_MODULE,
708 .release = unix_release,
709 .bind = unix_bind,
710 .connect = unix_dgram_connect,
711 .socketpair = unix_socketpair,
712 .accept = sock_no_accept,
713 .getname = unix_getname,
714 .poll = unix_dgram_poll,
715 .ioctl = unix_ioctl,
716 .listen = sock_no_listen,
717 .shutdown = unix_shutdown,
718 .setsockopt = sock_no_setsockopt,
719 .getsockopt = sock_no_getsockopt,
720 .sendmsg = unix_dgram_sendmsg,
721 .recvmsg = unix_dgram_recvmsg,
722 .mmap = sock_no_mmap,
723 .sendpage = sock_no_sendpage,
724 .set_peek_off = unix_set_peek_off,
725 };
726
727 static const struct proto_ops unix_seqpacket_ops = {
728 .family = PF_UNIX,
729 .owner = THIS_MODULE,
730 .release = unix_release,
731 .bind = unix_bind,
732 .connect = unix_stream_connect,
733 .socketpair = unix_socketpair,
734 .accept = unix_accept,
735 .getname = unix_getname,
736 .poll = unix_dgram_poll,
737 .ioctl = unix_ioctl,
738 .listen = unix_listen,
739 .shutdown = unix_shutdown,
740 .setsockopt = sock_no_setsockopt,
741 .getsockopt = sock_no_getsockopt,
742 .sendmsg = unix_seqpacket_sendmsg,
743 .recvmsg = unix_seqpacket_recvmsg,
744 .mmap = sock_no_mmap,
745 .sendpage = sock_no_sendpage,
746 .set_peek_off = unix_set_peek_off,
747 };
748
749 static struct proto unix_proto = {
750 .name = "UNIX",
751 .owner = THIS_MODULE,
752 .obj_size = sizeof(struct unix_sock),
753 };
754
755 static struct sock *unix_create1(struct net *net, struct socket *sock, int kern)
756 {
757 struct sock *sk = NULL;
758 struct unix_sock *u;
759
760 atomic_long_inc(&unix_nr_socks);
761 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
762 goto out;
763
764 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, kern);
765 if (!sk)
766 goto out;
767
768 sock_init_data(sock, sk);
769
770 sk->sk_allocation = GFP_KERNEL_ACCOUNT;
771 sk->sk_write_space = unix_write_space;
772 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
773 sk->sk_destruct = unix_sock_destructor;
774 u = unix_sk(sk);
775 u->path.dentry = NULL;
776 u->path.mnt = NULL;
777 spin_lock_init(&u->lock);
778 atomic_long_set(&u->inflight, 0);
779 INIT_LIST_HEAD(&u->link);
780 mutex_init(&u->iolock); /* single task reading lock */
781 mutex_init(&u->bindlock); /* single task binding lock */
782 init_waitqueue_head(&u->peer_wait);
783 init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);
784 unix_insert_socket(unix_sockets_unbound(sk), sk);
785 out:
786 if (sk == NULL)
787 atomic_long_dec(&unix_nr_socks);
788 else {
789 local_bh_disable();
790 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
791 local_bh_enable();
792 }
793 return sk;
794 }
795
796 static int unix_create(struct net *net, struct socket *sock, int protocol,
797 int kern)
798 {
799 if (protocol && protocol != PF_UNIX)
800 return -EPROTONOSUPPORT;
801
802 sock->state = SS_UNCONNECTED;
803
804 switch (sock->type) {
805 case SOCK_STREAM:
806 sock->ops = &unix_stream_ops;
807 break;
808 /*
809 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
810 * nothing uses it.
811 */
812 case SOCK_RAW:
813 sock->type = SOCK_DGRAM;
814 /* fall through */
815 case SOCK_DGRAM:
816 sock->ops = &unix_dgram_ops;
817 break;
818 case SOCK_SEQPACKET:
819 sock->ops = &unix_seqpacket_ops;
820 break;
821 default:
822 return -ESOCKTNOSUPPORT;
823 }
824
825 return unix_create1(net, sock, kern) ? 0 : -ENOMEM;
826 }
827
828 static int unix_release(struct socket *sock)
829 {
830 struct sock *sk = sock->sk;
831
832 if (!sk)
833 return 0;
834
835 unix_release_sock(sk, 0);
836 sock->sk = NULL;
837
838 return 0;
839 }
840
841 static int unix_autobind(struct socket *sock)
842 {
843 struct sock *sk = sock->sk;
844 struct net *net = sock_net(sk);
845 struct unix_sock *u = unix_sk(sk);
846 static u32 ordernum = 1;
847 struct unix_address *addr;
848 int err;
849 unsigned int retries = 0;
850
851 err = mutex_lock_interruptible(&u->bindlock);
852 if (err)
853 return err;
854
855 err = 0;
856 if (u->addr)
857 goto out;
858
859 err = -ENOMEM;
860 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
861 if (!addr)
862 goto out;
863
864 addr->name->sun_family = AF_UNIX;
865 refcount_set(&addr->refcnt, 1);
866
867 retry:
868 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
869 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
870
871 spin_lock(&unix_table_lock);
872 ordernum = (ordernum+1)&0xFFFFF;
873
874 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
875 addr->hash)) {
876 spin_unlock(&unix_table_lock);
877 /*
878 * __unix_find_socket_byname() may take long time if many names
879 * are already in use.
880 */
881 cond_resched();
882 /* Give up if all names seems to be in use. */
883 if (retries++ == 0xFFFFF) {
884 err = -ENOSPC;
885 kfree(addr);
886 goto out;
887 }
888 goto retry;
889 }
890 addr->hash ^= sk->sk_type;
891
892 __unix_remove_socket(sk);
893 u->addr = addr;
894 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
895 spin_unlock(&unix_table_lock);
896 err = 0;
897
898 out: mutex_unlock(&u->bindlock);
899 return err;
900 }
901
902 static struct sock *unix_find_other(struct net *net,
903 struct sockaddr_un *sunname, int len,
904 int type, unsigned int hash, int *error)
905 {
906 struct sock *u;
907 struct path path;
908 int err = 0;
909
910 if (sunname->sun_path[0]) {
911 struct inode *inode;
912 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
913 if (err)
914 goto fail;
915 inode = d_backing_inode(path.dentry);
916 err = inode_permission(inode, MAY_WRITE);
917 if (err)
918 goto put_fail;
919
920 err = -ECONNREFUSED;
921 if (!S_ISSOCK(inode->i_mode))
922 goto put_fail;
923 u = unix_find_socket_byinode(inode);
924 if (!u)
925 goto put_fail;
926
927 if (u->sk_type == type)
928 touch_atime(&path);
929
930 path_put(&path);
931
932 err = -EPROTOTYPE;
933 if (u->sk_type != type) {
934 sock_put(u);
935 goto fail;
936 }
937 } else {
938 err = -ECONNREFUSED;
939 u = unix_find_socket_byname(net, sunname, len, type, hash);
940 if (u) {
941 struct dentry *dentry;
942 dentry = unix_sk(u)->path.dentry;
943 if (dentry)
944 touch_atime(&unix_sk(u)->path);
945 } else
946 goto fail;
947 }
948 return u;
949
950 put_fail:
951 path_put(&path);
952 fail:
953 *error = err;
954 return NULL;
955 }
956
957 static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
958 {
959 struct dentry *dentry;
960 struct path path;
961 int err = 0;
962 /*
963 * Get the parent directory, calculate the hash for last
964 * component.
965 */
966 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
967 err = PTR_ERR(dentry);
968 if (IS_ERR(dentry))
969 return err;
970
971 /*
972 * All right, let's create it.
973 */
974 err = security_path_mknod(&path, dentry, mode, 0);
975 if (!err) {
976 err = vfs_mknod(d_inode(path.dentry), dentry, mode, 0);
977 if (!err) {
978 res->mnt = mntget(path.mnt);
979 res->dentry = dget(dentry);
980 }
981 }
982 done_path_create(&path, dentry);
983 return err;
984 }
985
986 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
987 {
988 struct sock *sk = sock->sk;
989 struct net *net = sock_net(sk);
990 struct unix_sock *u = unix_sk(sk);
991 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
992 char *sun_path = sunaddr->sun_path;
993 int err;
994 unsigned int hash;
995 struct unix_address *addr;
996 struct hlist_head *list;
997 struct path path = { };
998
999 err = -EINVAL;
1000 if (addr_len < offsetofend(struct sockaddr_un, sun_family) ||
1001 sunaddr->sun_family != AF_UNIX)
1002 goto out;
1003
1004 if (addr_len == sizeof(short)) {
1005 err = unix_autobind(sock);
1006 goto out;
1007 }
1008
1009 err = unix_mkname(sunaddr, addr_len, &hash);
1010 if (err < 0)
1011 goto out;
1012 addr_len = err;
1013
1014 if (sun_path[0]) {
1015 umode_t mode = S_IFSOCK |
1016 (SOCK_INODE(sock)->i_mode & ~current_umask());
1017 err = unix_mknod(sun_path, mode, &path);
1018 if (err) {
1019 if (err == -EEXIST)
1020 err = -EADDRINUSE;
1021 goto out;
1022 }
1023 }
1024
1025 err = mutex_lock_interruptible(&u->bindlock);
1026 if (err)
1027 goto out_put;
1028
1029 err = -EINVAL;
1030 if (u->addr)
1031 goto out_up;
1032
1033 err = -ENOMEM;
1034 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
1035 if (!addr)
1036 goto out_up;
1037
1038 memcpy(addr->name, sunaddr, addr_len);
1039 addr->len = addr_len;
1040 addr->hash = hash ^ sk->sk_type;
1041 refcount_set(&addr->refcnt, 1);
1042
1043 if (sun_path[0]) {
1044 addr->hash = UNIX_HASH_SIZE;
1045 hash = d_backing_inode(path.dentry)->i_ino & (UNIX_HASH_SIZE - 1);
1046 spin_lock(&unix_table_lock);
1047 u->path = path;
1048 list = &unix_socket_table[hash];
1049 } else {
1050 spin_lock(&unix_table_lock);
1051 err = -EADDRINUSE;
1052 if (__unix_find_socket_byname(net, sunaddr, addr_len,
1053 sk->sk_type, hash)) {
1054 unix_release_addr(addr);
1055 goto out_unlock;
1056 }
1057
1058 list = &unix_socket_table[addr->hash];
1059 }
1060
1061 err = 0;
1062 __unix_remove_socket(sk);
1063 u->addr = addr;
1064 __unix_insert_socket(list, sk);
1065
1066 out_unlock:
1067 spin_unlock(&unix_table_lock);
1068 out_up:
1069 mutex_unlock(&u->bindlock);
1070 out_put:
1071 if (err)
1072 path_put(&path);
1073 out:
1074 return err;
1075 }
1076
1077 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
1078 {
1079 if (unlikely(sk1 == sk2) || !sk2) {
1080 unix_state_lock(sk1);
1081 return;
1082 }
1083 if (sk1 < sk2) {
1084 unix_state_lock(sk1);
1085 unix_state_lock_nested(sk2);
1086 } else {
1087 unix_state_lock(sk2);
1088 unix_state_lock_nested(sk1);
1089 }
1090 }
1091
1092 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
1093 {
1094 if (unlikely(sk1 == sk2) || !sk2) {
1095 unix_state_unlock(sk1);
1096 return;
1097 }
1098 unix_state_unlock(sk1);
1099 unix_state_unlock(sk2);
1100 }
1101
1102 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
1103 int alen, int flags)
1104 {
1105 struct sock *sk = sock->sk;
1106 struct net *net = sock_net(sk);
1107 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
1108 struct sock *other;
1109 unsigned int hash;
1110 int err;
1111
1112 err = -EINVAL;
1113 if (alen < offsetofend(struct sockaddr, sa_family))
1114 goto out;
1115
1116 if (addr->sa_family != AF_UNSPEC) {
1117 err = unix_mkname(sunaddr, alen, &hash);
1118 if (err < 0)
1119 goto out;
1120 alen = err;
1121
1122 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
1123 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
1124 goto out;
1125
1126 restart:
1127 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
1128 if (!other)
1129 goto out;
1130
1131 unix_state_double_lock(sk, other);
1132
1133 /* Apparently VFS overslept socket death. Retry. */
1134 if (sock_flag(other, SOCK_DEAD)) {
1135 unix_state_double_unlock(sk, other);
1136 sock_put(other);
1137 goto restart;
1138 }
1139
1140 err = -EPERM;
1141 if (!unix_may_send(sk, other))
1142 goto out_unlock;
1143
1144 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1145 if (err)
1146 goto out_unlock;
1147
1148 } else {
1149 /*
1150 * 1003.1g breaking connected state with AF_UNSPEC
1151 */
1152 other = NULL;
1153 unix_state_double_lock(sk, other);
1154 }
1155
1156 /*
1157 * If it was connected, reconnect.
1158 */
1159 if (unix_peer(sk)) {
1160 struct sock *old_peer = unix_peer(sk);
1161 unix_peer(sk) = other;
1162 unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer);
1163
1164 unix_state_double_unlock(sk, other);
1165
1166 if (other != old_peer)
1167 unix_dgram_disconnected(sk, old_peer);
1168 sock_put(old_peer);
1169 } else {
1170 unix_peer(sk) = other;
1171 unix_state_double_unlock(sk, other);
1172 }
1173 return 0;
1174
1175 out_unlock:
1176 unix_state_double_unlock(sk, other);
1177 sock_put(other);
1178 out:
1179 return err;
1180 }
1181
1182 static long unix_wait_for_peer(struct sock *other, long timeo)
1183 {
1184 struct unix_sock *u = unix_sk(other);
1185 int sched;
1186 DEFINE_WAIT(wait);
1187
1188 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1189
1190 sched = !sock_flag(other, SOCK_DEAD) &&
1191 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1192 unix_recvq_full(other);
1193
1194 unix_state_unlock(other);
1195
1196 if (sched)
1197 timeo = schedule_timeout(timeo);
1198
1199 finish_wait(&u->peer_wait, &wait);
1200 return timeo;
1201 }
1202
1203 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1204 int addr_len, int flags)
1205 {
1206 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1207 struct sock *sk = sock->sk;
1208 struct net *net = sock_net(sk);
1209 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1210 struct sock *newsk = NULL;
1211 struct sock *other = NULL;
1212 struct sk_buff *skb = NULL;
1213 unsigned int hash;
1214 int st;
1215 int err;
1216 long timeo;
1217
1218 err = unix_mkname(sunaddr, addr_len, &hash);
1219 if (err < 0)
1220 goto out;
1221 addr_len = err;
1222
1223 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1224 (err = unix_autobind(sock)) != 0)
1225 goto out;
1226
1227 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1228
1229 /* First of all allocate resources.
1230 If we will make it after state is locked,
1231 we will have to recheck all again in any case.
1232 */
1233
1234 err = -ENOMEM;
1235
1236 /* create new sock for complete connection */
1237 newsk = unix_create1(sock_net(sk), NULL, 0);
1238 if (newsk == NULL)
1239 goto out;
1240
1241 /* Allocate skb for sending to listening sock */
1242 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1243 if (skb == NULL)
1244 goto out;
1245
1246 restart:
1247 /* Find listening sock. */
1248 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1249 if (!other)
1250 goto out;
1251
1252 /* Latch state of peer */
1253 unix_state_lock(other);
1254
1255 /* Apparently VFS overslept socket death. Retry. */
1256 if (sock_flag(other, SOCK_DEAD)) {
1257 unix_state_unlock(other);
1258 sock_put(other);
1259 goto restart;
1260 }
1261
1262 err = -ECONNREFUSED;
1263 if (other->sk_state != TCP_LISTEN)
1264 goto out_unlock;
1265 if (other->sk_shutdown & RCV_SHUTDOWN)
1266 goto out_unlock;
1267
1268 if (unix_recvq_full(other)) {
1269 err = -EAGAIN;
1270 if (!timeo)
1271 goto out_unlock;
1272
1273 timeo = unix_wait_for_peer(other, timeo);
1274
1275 err = sock_intr_errno(timeo);
1276 if (signal_pending(current))
1277 goto out;
1278 sock_put(other);
1279 goto restart;
1280 }
1281
1282 /* Latch our state.
1283
1284 It is tricky place. We need to grab our state lock and cannot
1285 drop lock on peer. It is dangerous because deadlock is
1286 possible. Connect to self case and simultaneous
1287 attempt to connect are eliminated by checking socket
1288 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1289 check this before attempt to grab lock.
1290
1291 Well, and we have to recheck the state after socket locked.
1292 */
1293 st = sk->sk_state;
1294
1295 switch (st) {
1296 case TCP_CLOSE:
1297 /* This is ok... continue with connect */
1298 break;
1299 case TCP_ESTABLISHED:
1300 /* Socket is already connected */
1301 err = -EISCONN;
1302 goto out_unlock;
1303 default:
1304 err = -EINVAL;
1305 goto out_unlock;
1306 }
1307
1308 unix_state_lock_nested(sk);
1309
1310 if (sk->sk_state != st) {
1311 unix_state_unlock(sk);
1312 unix_state_unlock(other);
1313 sock_put(other);
1314 goto restart;
1315 }
1316
1317 err = security_unix_stream_connect(sk, other, newsk);
1318 if (err) {
1319 unix_state_unlock(sk);
1320 goto out_unlock;
1321 }
1322
1323 /* The way is open! Fastly set all the necessary fields... */
1324
1325 sock_hold(sk);
1326 unix_peer(newsk) = sk;
1327 newsk->sk_state = TCP_ESTABLISHED;
1328 newsk->sk_type = sk->sk_type;
1329 init_peercred(newsk);
1330 newu = unix_sk(newsk);
1331 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1332 otheru = unix_sk(other);
1333
1334 /* copy address information from listening to new sock*/
1335 if (otheru->addr) {
1336 refcount_inc(&otheru->addr->refcnt);
1337 newu->addr = otheru->addr;
1338 }
1339 if (otheru->path.dentry) {
1340 path_get(&otheru->path);
1341 newu->path = otheru->path;
1342 }
1343
1344 /* Set credentials */
1345 copy_peercred(sk, other);
1346
1347 sock->state = SS_CONNECTED;
1348 sk->sk_state = TCP_ESTABLISHED;
1349 sock_hold(newsk);
1350
1351 smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */
1352 unix_peer(sk) = newsk;
1353
1354 unix_state_unlock(sk);
1355
1356 /* take ten and and send info to listening sock */
1357 spin_lock(&other->sk_receive_queue.lock);
1358 __skb_queue_tail(&other->sk_receive_queue, skb);
1359 spin_unlock(&other->sk_receive_queue.lock);
1360 unix_state_unlock(other);
1361 other->sk_data_ready(other);
1362 sock_put(other);
1363 return 0;
1364
1365 out_unlock:
1366 if (other)
1367 unix_state_unlock(other);
1368
1369 out:
1370 kfree_skb(skb);
1371 if (newsk)
1372 unix_release_sock(newsk, 0);
1373 if (other)
1374 sock_put(other);
1375 return err;
1376 }
1377
1378 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1379 {
1380 struct sock *ska = socka->sk, *skb = sockb->sk;
1381
1382 /* Join our sockets back to back */
1383 sock_hold(ska);
1384 sock_hold(skb);
1385 unix_peer(ska) = skb;
1386 unix_peer(skb) = ska;
1387 init_peercred(ska);
1388 init_peercred(skb);
1389
1390 if (ska->sk_type != SOCK_DGRAM) {
1391 ska->sk_state = TCP_ESTABLISHED;
1392 skb->sk_state = TCP_ESTABLISHED;
1393 socka->state = SS_CONNECTED;
1394 sockb->state = SS_CONNECTED;
1395 }
1396 return 0;
1397 }
1398
1399 static void unix_sock_inherit_flags(const struct socket *old,
1400 struct socket *new)
1401 {
1402 if (test_bit(SOCK_PASSCRED, &old->flags))
1403 set_bit(SOCK_PASSCRED, &new->flags);
1404 if (test_bit(SOCK_PASSSEC, &old->flags))
1405 set_bit(SOCK_PASSSEC, &new->flags);
1406 }
1407
1408 static int unix_accept(struct socket *sock, struct socket *newsock, int flags,
1409 bool kern)
1410 {
1411 struct sock *sk = sock->sk;
1412 struct sock *tsk;
1413 struct sk_buff *skb;
1414 int err;
1415
1416 err = -EOPNOTSUPP;
1417 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1418 goto out;
1419
1420 err = -EINVAL;
1421 if (sk->sk_state != TCP_LISTEN)
1422 goto out;
1423
1424 /* If socket state is TCP_LISTEN it cannot change (for now...),
1425 * so that no locks are necessary.
1426 */
1427
1428 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1429 if (!skb) {
1430 /* This means receive shutdown. */
1431 if (err == 0)
1432 err = -EINVAL;
1433 goto out;
1434 }
1435
1436 tsk = skb->sk;
1437 skb_free_datagram(sk, skb);
1438 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1439
1440 /* attach accepted sock to socket */
1441 unix_state_lock(tsk);
1442 newsock->state = SS_CONNECTED;
1443 unix_sock_inherit_flags(sock, newsock);
1444 sock_graft(tsk, newsock);
1445 unix_state_unlock(tsk);
1446 return 0;
1447
1448 out:
1449 return err;
1450 }
1451
1452
1453 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer)
1454 {
1455 struct sock *sk = sock->sk;
1456 struct unix_sock *u;
1457 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1458 int err = 0;
1459
1460 if (peer) {
1461 sk = unix_peer_get(sk);
1462
1463 err = -ENOTCONN;
1464 if (!sk)
1465 goto out;
1466 err = 0;
1467 } else {
1468 sock_hold(sk);
1469 }
1470
1471 u = unix_sk(sk);
1472 unix_state_lock(sk);
1473 if (!u->addr) {
1474 sunaddr->sun_family = AF_UNIX;
1475 sunaddr->sun_path[0] = 0;
1476 err = sizeof(short);
1477 } else {
1478 struct unix_address *addr = u->addr;
1479
1480 err = addr->len;
1481 memcpy(sunaddr, addr->name, addr->len);
1482 }
1483 unix_state_unlock(sk);
1484 sock_put(sk);
1485 out:
1486 return err;
1487 }
1488
1489 static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1490 {
1491 int i;
1492
1493 scm->fp = UNIXCB(skb).fp;
1494 UNIXCB(skb).fp = NULL;
1495
1496 for (i = scm->fp->count-1; i >= 0; i--)
1497 unix_notinflight(scm->fp->user, scm->fp->fp[i]);
1498 }
1499
1500 static void unix_destruct_scm(struct sk_buff *skb)
1501 {
1502 struct scm_cookie scm;
1503 memset(&scm, 0, sizeof(scm));
1504 scm.pid = UNIXCB(skb).pid;
1505 if (UNIXCB(skb).fp)
1506 unix_detach_fds(&scm, skb);
1507
1508 /* Alas, it calls VFS */
1509 /* So fscking what? fput() had been SMP-safe since the last Summer */
1510 scm_destroy(&scm);
1511 sock_wfree(skb);
1512 }
1513
1514 /*
1515 * The "user->unix_inflight" variable is protected by the garbage
1516 * collection lock, and we just read it locklessly here. If you go
1517 * over the limit, there might be a tiny race in actually noticing
1518 * it across threads. Tough.
1519 */
1520 static inline bool too_many_unix_fds(struct task_struct *p)
1521 {
1522 struct user_struct *user = current_user();
1523
1524 if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE)))
1525 return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN);
1526 return false;
1527 }
1528
1529 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1530 {
1531 int i;
1532
1533 if (too_many_unix_fds(current))
1534 return -ETOOMANYREFS;
1535
1536 /*
1537 * Need to duplicate file references for the sake of garbage
1538 * collection. Otherwise a socket in the fps might become a
1539 * candidate for GC while the skb is not yet queued.
1540 */
1541 UNIXCB(skb).fp = scm_fp_dup(scm->fp);
1542 if (!UNIXCB(skb).fp)
1543 return -ENOMEM;
1544
1545 for (i = scm->fp->count - 1; i >= 0; i--)
1546 unix_inflight(scm->fp->user, scm->fp->fp[i]);
1547 return 0;
1548 }
1549
1550 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1551 {
1552 int err = 0;
1553
1554 UNIXCB(skb).pid = get_pid(scm->pid);
1555 UNIXCB(skb).uid = scm->creds.uid;
1556 UNIXCB(skb).gid = scm->creds.gid;
1557 UNIXCB(skb).fp = NULL;
1558 unix_get_secdata(scm, skb);
1559 if (scm->fp && send_fds)
1560 err = unix_attach_fds(scm, skb);
1561
1562 skb->destructor = unix_destruct_scm;
1563 return err;
1564 }
1565
1566 static bool unix_passcred_enabled(const struct socket *sock,
1567 const struct sock *other)
1568 {
1569 return test_bit(SOCK_PASSCRED, &sock->flags) ||
1570 !other->sk_socket ||
1571 test_bit(SOCK_PASSCRED, &other->sk_socket->flags);
1572 }
1573
1574 /*
1575 * Some apps rely on write() giving SCM_CREDENTIALS
1576 * We include credentials if source or destination socket
1577 * asserted SOCK_PASSCRED.
1578 */
1579 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1580 const struct sock *other)
1581 {
1582 if (UNIXCB(skb).pid)
1583 return;
1584 if (unix_passcred_enabled(sock, other)) {
1585 UNIXCB(skb).pid = get_pid(task_tgid(current));
1586 current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid);
1587 }
1588 }
1589
1590 static int maybe_init_creds(struct scm_cookie *scm,
1591 struct socket *socket,
1592 const struct sock *other)
1593 {
1594 int err;
1595 struct msghdr msg = { .msg_controllen = 0 };
1596
1597 err = scm_send(socket, &msg, scm, false);
1598 if (err)
1599 return err;
1600
1601 if (unix_passcred_enabled(socket, other)) {
1602 scm->pid = get_pid(task_tgid(current));
1603 current_uid_gid(&scm->creds.uid, &scm->creds.gid);
1604 }
1605 return err;
1606 }
1607
1608 static bool unix_skb_scm_eq(struct sk_buff *skb,
1609 struct scm_cookie *scm)
1610 {
1611 const struct unix_skb_parms *u = &UNIXCB(skb);
1612
1613 return u->pid == scm->pid &&
1614 uid_eq(u->uid, scm->creds.uid) &&
1615 gid_eq(u->gid, scm->creds.gid) &&
1616 unix_secdata_eq(scm, skb);
1617 }
1618
1619 /*
1620 * Send AF_UNIX data.
1621 */
1622
1623 static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
1624 size_t len)
1625 {
1626 struct sock *sk = sock->sk;
1627 struct net *net = sock_net(sk);
1628 struct unix_sock *u = unix_sk(sk);
1629 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
1630 struct sock *other = NULL;
1631 int namelen = 0; /* fake GCC */
1632 int err;
1633 unsigned int hash;
1634 struct sk_buff *skb;
1635 long timeo;
1636 struct scm_cookie scm;
1637 int data_len = 0;
1638 int sk_locked;
1639
1640 wait_for_unix_gc();
1641 err = scm_send(sock, msg, &scm, false);
1642 if (err < 0)
1643 return err;
1644
1645 err = -EOPNOTSUPP;
1646 if (msg->msg_flags&MSG_OOB)
1647 goto out;
1648
1649 if (msg->msg_namelen) {
1650 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1651 if (err < 0)
1652 goto out;
1653 namelen = err;
1654 } else {
1655 sunaddr = NULL;
1656 err = -ENOTCONN;
1657 other = unix_peer_get(sk);
1658 if (!other)
1659 goto out;
1660 }
1661
1662 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1663 && (err = unix_autobind(sock)) != 0)
1664 goto out;
1665
1666 err = -EMSGSIZE;
1667 if (len > sk->sk_sndbuf - 32)
1668 goto out;
1669
1670 if (len > SKB_MAX_ALLOC) {
1671 data_len = min_t(size_t,
1672 len - SKB_MAX_ALLOC,
1673 MAX_SKB_FRAGS * PAGE_SIZE);
1674 data_len = PAGE_ALIGN(data_len);
1675
1676 BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE);
1677 }
1678
1679 skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1680 msg->msg_flags & MSG_DONTWAIT, &err,
1681 PAGE_ALLOC_COSTLY_ORDER);
1682 if (skb == NULL)
1683 goto out;
1684
1685 err = unix_scm_to_skb(&scm, skb, true);
1686 if (err < 0)
1687 goto out_free;
1688
1689 skb_put(skb, len - data_len);
1690 skb->data_len = data_len;
1691 skb->len = len;
1692 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len);
1693 if (err)
1694 goto out_free;
1695
1696 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1697
1698 restart:
1699 if (!other) {
1700 err = -ECONNRESET;
1701 if (sunaddr == NULL)
1702 goto out_free;
1703
1704 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1705 hash, &err);
1706 if (other == NULL)
1707 goto out_free;
1708 }
1709
1710 if (sk_filter(other, skb) < 0) {
1711 /* Toss the packet but do not return any error to the sender */
1712 err = len;
1713 goto out_free;
1714 }
1715
1716 sk_locked = 0;
1717 unix_state_lock(other);
1718 restart_locked:
1719 err = -EPERM;
1720 if (!unix_may_send(sk, other))
1721 goto out_unlock;
1722
1723 if (unlikely(sock_flag(other, SOCK_DEAD))) {
1724 /*
1725 * Check with 1003.1g - what should
1726 * datagram error
1727 */
1728 unix_state_unlock(other);
1729 sock_put(other);
1730
1731 if (!sk_locked)
1732 unix_state_lock(sk);
1733
1734 err = 0;
1735 if (unix_peer(sk) == other) {
1736 unix_peer(sk) = NULL;
1737 unix_dgram_peer_wake_disconnect_wakeup(sk, other);
1738
1739 unix_state_unlock(sk);
1740
1741 unix_dgram_disconnected(sk, other);
1742 sock_put(other);
1743 err = -ECONNREFUSED;
1744 } else {
1745 unix_state_unlock(sk);
1746 }
1747
1748 other = NULL;
1749 if (err)
1750 goto out_free;
1751 goto restart;
1752 }
1753
1754 err = -EPIPE;
1755 if (other->sk_shutdown & RCV_SHUTDOWN)
1756 goto out_unlock;
1757
1758 if (sk->sk_type != SOCK_SEQPACKET) {
1759 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1760 if (err)
1761 goto out_unlock;
1762 }
1763
1764 /* other == sk && unix_peer(other) != sk if
1765 * - unix_peer(sk) == NULL, destination address bound to sk
1766 * - unix_peer(sk) == sk by time of get but disconnected before lock
1767 */
1768 if (other != sk &&
1769 unlikely(unix_peer(other) != sk && unix_recvq_full(other))) {
1770 if (timeo) {
1771 timeo = unix_wait_for_peer(other, timeo);
1772
1773 err = sock_intr_errno(timeo);
1774 if (signal_pending(current))
1775 goto out_free;
1776
1777 goto restart;
1778 }
1779
1780 if (!sk_locked) {
1781 unix_state_unlock(other);
1782 unix_state_double_lock(sk, other);
1783 }
1784
1785 if (unix_peer(sk) != other ||
1786 unix_dgram_peer_wake_me(sk, other)) {
1787 err = -EAGAIN;
1788 sk_locked = 1;
1789 goto out_unlock;
1790 }
1791
1792 if (!sk_locked) {
1793 sk_locked = 1;
1794 goto restart_locked;
1795 }
1796 }
1797
1798 if (unlikely(sk_locked))
1799 unix_state_unlock(sk);
1800
1801 if (sock_flag(other, SOCK_RCVTSTAMP))
1802 __net_timestamp(skb);
1803 maybe_add_creds(skb, sock, other);
1804 skb_queue_tail(&other->sk_receive_queue, skb);
1805 unix_state_unlock(other);
1806 other->sk_data_ready(other);
1807 sock_put(other);
1808 scm_destroy(&scm);
1809 return len;
1810
1811 out_unlock:
1812 if (sk_locked)
1813 unix_state_unlock(sk);
1814 unix_state_unlock(other);
1815 out_free:
1816 kfree_skb(skb);
1817 out:
1818 if (other)
1819 sock_put(other);
1820 scm_destroy(&scm);
1821 return err;
1822 }
1823
1824 /* We use paged skbs for stream sockets, and limit occupancy to 32768
1825 * bytes, and a minimum of a full page.
1826 */
1827 #define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768))
1828
1829 static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
1830 size_t len)
1831 {
1832 struct sock *sk = sock->sk;
1833 struct sock *other = NULL;
1834 int err, size;
1835 struct sk_buff *skb;
1836 int sent = 0;
1837 struct scm_cookie scm;
1838 bool fds_sent = false;
1839 int data_len;
1840
1841 wait_for_unix_gc();
1842 err = scm_send(sock, msg, &scm, false);
1843 if (err < 0)
1844 return err;
1845
1846 err = -EOPNOTSUPP;
1847 if (msg->msg_flags&MSG_OOB)
1848 goto out_err;
1849
1850 if (msg->msg_namelen) {
1851 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1852 goto out_err;
1853 } else {
1854 err = -ENOTCONN;
1855 other = unix_peer(sk);
1856 if (!other)
1857 goto out_err;
1858 }
1859
1860 if (sk->sk_shutdown & SEND_SHUTDOWN)
1861 goto pipe_err;
1862
1863 while (sent < len) {
1864 size = len - sent;
1865
1866 /* Keep two messages in the pipe so it schedules better */
1867 size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64);
1868
1869 /* allow fallback to order-0 allocations */
1870 size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ);
1871
1872 data_len = max_t(int, 0, size - SKB_MAX_HEAD(0));
1873
1874 data_len = min_t(size_t, size, PAGE_ALIGN(data_len));
1875
1876 skb = sock_alloc_send_pskb(sk, size - data_len, data_len,
1877 msg->msg_flags & MSG_DONTWAIT, &err,
1878 get_order(UNIX_SKB_FRAGS_SZ));
1879 if (!skb)
1880 goto out_err;
1881
1882 /* Only send the fds in the first buffer */
1883 err = unix_scm_to_skb(&scm, skb, !fds_sent);
1884 if (err < 0) {
1885 kfree_skb(skb);
1886 goto out_err;
1887 }
1888 fds_sent = true;
1889
1890 skb_put(skb, size - data_len);
1891 skb->data_len = data_len;
1892 skb->len = size;
1893 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size);
1894 if (err) {
1895 kfree_skb(skb);
1896 goto out_err;
1897 }
1898
1899 unix_state_lock(other);
1900
1901 if (sock_flag(other, SOCK_DEAD) ||
1902 (other->sk_shutdown & RCV_SHUTDOWN))
1903 goto pipe_err_free;
1904
1905 maybe_add_creds(skb, sock, other);
1906 skb_queue_tail(&other->sk_receive_queue, skb);
1907 unix_state_unlock(other);
1908 other->sk_data_ready(other);
1909 sent += size;
1910 }
1911
1912 scm_destroy(&scm);
1913
1914 return sent;
1915
1916 pipe_err_free:
1917 unix_state_unlock(other);
1918 kfree_skb(skb);
1919 pipe_err:
1920 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1921 send_sig(SIGPIPE, current, 0);
1922 err = -EPIPE;
1923 out_err:
1924 scm_destroy(&scm);
1925 return sent ? : err;
1926 }
1927
1928 static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page,
1929 int offset, size_t size, int flags)
1930 {
1931 int err;
1932 bool send_sigpipe = false;
1933 bool init_scm = true;
1934 struct scm_cookie scm;
1935 struct sock *other, *sk = socket->sk;
1936 struct sk_buff *skb, *newskb = NULL, *tail = NULL;
1937
1938 if (flags & MSG_OOB)
1939 return -EOPNOTSUPP;
1940
1941 other = unix_peer(sk);
1942 if (!other || sk->sk_state != TCP_ESTABLISHED)
1943 return -ENOTCONN;
1944
1945 if (false) {
1946 alloc_skb:
1947 unix_state_unlock(other);
1948 mutex_unlock(&unix_sk(other)->iolock);
1949 newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT,
1950 &err, 0);
1951 if (!newskb)
1952 goto err;
1953 }
1954
1955 /* we must acquire iolock as we modify already present
1956 * skbs in the sk_receive_queue and mess with skb->len
1957 */
1958 err = mutex_lock_interruptible(&unix_sk(other)->iolock);
1959 if (err) {
1960 err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS;
1961 goto err;
1962 }
1963
1964 if (sk->sk_shutdown & SEND_SHUTDOWN) {
1965 err = -EPIPE;
1966 send_sigpipe = true;
1967 goto err_unlock;
1968 }
1969
1970 unix_state_lock(other);
1971
1972 if (sock_flag(other, SOCK_DEAD) ||
1973 other->sk_shutdown & RCV_SHUTDOWN) {
1974 err = -EPIPE;
1975 send_sigpipe = true;
1976 goto err_state_unlock;
1977 }
1978
1979 if (init_scm) {
1980 err = maybe_init_creds(&scm, socket, other);
1981 if (err)
1982 goto err_state_unlock;
1983 init_scm = false;
1984 }
1985
1986 skb = skb_peek_tail(&other->sk_receive_queue);
1987 if (tail && tail == skb) {
1988 skb = newskb;
1989 } else if (!skb || !unix_skb_scm_eq(skb, &scm)) {
1990 if (newskb) {
1991 skb = newskb;
1992 } else {
1993 tail = skb;
1994 goto alloc_skb;
1995 }
1996 } else if (newskb) {
1997 /* this is fast path, we don't necessarily need to
1998 * call to kfree_skb even though with newskb == NULL
1999 * this - does no harm
2000 */
2001 consume_skb(newskb);
2002 newskb = NULL;
2003 }
2004
2005 if (skb_append_pagefrags(skb, page, offset, size)) {
2006 tail = skb;
2007 goto alloc_skb;
2008 }
2009
2010 skb->len += size;
2011 skb->data_len += size;
2012 skb->truesize += size;
2013 refcount_add(size, &sk->sk_wmem_alloc);
2014
2015 if (newskb) {
2016 err = unix_scm_to_skb(&scm, skb, false);
2017 if (err)
2018 goto err_state_unlock;
2019 spin_lock(&other->sk_receive_queue.lock);
2020 __skb_queue_tail(&other->sk_receive_queue, newskb);
2021 spin_unlock(&other->sk_receive_queue.lock);
2022 }
2023
2024 unix_state_unlock(other);
2025 mutex_unlock(&unix_sk(other)->iolock);
2026
2027 other->sk_data_ready(other);
2028 scm_destroy(&scm);
2029 return size;
2030
2031 err_state_unlock:
2032 unix_state_unlock(other);
2033 err_unlock:
2034 mutex_unlock(&unix_sk(other)->iolock);
2035 err:
2036 kfree_skb(newskb);
2037 if (send_sigpipe && !(flags & MSG_NOSIGNAL))
2038 send_sig(SIGPIPE, current, 0);
2039 if (!init_scm)
2040 scm_destroy(&scm);
2041 return err;
2042 }
2043
2044 static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
2045 size_t len)
2046 {
2047 int err;
2048 struct sock *sk = sock->sk;
2049
2050 err = sock_error(sk);
2051 if (err)
2052 return err;
2053
2054 if (sk->sk_state != TCP_ESTABLISHED)
2055 return -ENOTCONN;
2056
2057 if (msg->msg_namelen)
2058 msg->msg_namelen = 0;
2059
2060 return unix_dgram_sendmsg(sock, msg, len);
2061 }
2062
2063 static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg,
2064 size_t size, int flags)
2065 {
2066 struct sock *sk = sock->sk;
2067
2068 if (sk->sk_state != TCP_ESTABLISHED)
2069 return -ENOTCONN;
2070
2071 return unix_dgram_recvmsg(sock, msg, size, flags);
2072 }
2073
2074 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
2075 {
2076 struct unix_sock *u = unix_sk(sk);
2077
2078 if (u->addr) {
2079 msg->msg_namelen = u->addr->len;
2080 memcpy(msg->msg_name, u->addr->name, u->addr->len);
2081 }
2082 }
2083
2084 static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg,
2085 size_t size, int flags)
2086 {
2087 struct scm_cookie scm;
2088 struct sock *sk = sock->sk;
2089 struct unix_sock *u = unix_sk(sk);
2090 struct sk_buff *skb, *last;
2091 long timeo;
2092 int err;
2093 int peeked, skip;
2094
2095 err = -EOPNOTSUPP;
2096 if (flags&MSG_OOB)
2097 goto out;
2098
2099 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
2100
2101 do {
2102 mutex_lock(&u->iolock);
2103
2104 skip = sk_peek_offset(sk, flags);
2105 skb = __skb_try_recv_datagram(sk, flags, NULL, &peeked, &skip,
2106 &err, &last);
2107 if (skb)
2108 break;
2109
2110 mutex_unlock(&u->iolock);
2111
2112 if (err != -EAGAIN)
2113 break;
2114 } while (timeo &&
2115 !__skb_wait_for_more_packets(sk, &err, &timeo, last));
2116
2117 if (!skb) { /* implies iolock unlocked */
2118 unix_state_lock(sk);
2119 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
2120 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
2121 (sk->sk_shutdown & RCV_SHUTDOWN))
2122 err = 0;
2123 unix_state_unlock(sk);
2124 goto out;
2125 }
2126
2127 if (wq_has_sleeper(&u->peer_wait))
2128 wake_up_interruptible_sync_poll(&u->peer_wait,
2129 EPOLLOUT | EPOLLWRNORM |
2130 EPOLLWRBAND);
2131
2132 if (msg->msg_name)
2133 unix_copy_addr(msg, skb->sk);
2134
2135 if (size > skb->len - skip)
2136 size = skb->len - skip;
2137 else if (size < skb->len - skip)
2138 msg->msg_flags |= MSG_TRUNC;
2139
2140 err = skb_copy_datagram_msg(skb, skip, msg, size);
2141 if (err)
2142 goto out_free;
2143
2144 if (sock_flag(sk, SOCK_RCVTSTAMP))
2145 __sock_recv_timestamp(msg, sk, skb);
2146
2147 memset(&scm, 0, sizeof(scm));
2148
2149 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2150 unix_set_secdata(&scm, skb);
2151
2152 if (!(flags & MSG_PEEK)) {
2153 if (UNIXCB(skb).fp)
2154 unix_detach_fds(&scm, skb);
2155
2156 sk_peek_offset_bwd(sk, skb->len);
2157 } else {
2158 /* It is questionable: on PEEK we could:
2159 - do not return fds - good, but too simple 8)
2160 - return fds, and do not return them on read (old strategy,
2161 apparently wrong)
2162 - clone fds (I chose it for now, it is the most universal
2163 solution)
2164
2165 POSIX 1003.1g does not actually define this clearly
2166 at all. POSIX 1003.1g doesn't define a lot of things
2167 clearly however!
2168
2169 */
2170
2171 sk_peek_offset_fwd(sk, size);
2172
2173 if (UNIXCB(skb).fp)
2174 scm.fp = scm_fp_dup(UNIXCB(skb).fp);
2175 }
2176 err = (flags & MSG_TRUNC) ? skb->len - skip : size;
2177
2178 scm_recv(sock, msg, &scm, flags);
2179
2180 out_free:
2181 skb_free_datagram(sk, skb);
2182 mutex_unlock(&u->iolock);
2183 out:
2184 return err;
2185 }
2186
2187 /*
2188 * Sleep until more data has arrived. But check for races..
2189 */
2190 static long unix_stream_data_wait(struct sock *sk, long timeo,
2191 struct sk_buff *last, unsigned int last_len,
2192 bool freezable)
2193 {
2194 struct sk_buff *tail;
2195 DEFINE_WAIT(wait);
2196
2197 unix_state_lock(sk);
2198
2199 for (;;) {
2200 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2201
2202 tail = skb_peek_tail(&sk->sk_receive_queue);
2203 if (tail != last ||
2204 (tail && tail->len != last_len) ||
2205 sk->sk_err ||
2206 (sk->sk_shutdown & RCV_SHUTDOWN) ||
2207 signal_pending(current) ||
2208 !timeo)
2209 break;
2210
2211 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2212 unix_state_unlock(sk);
2213 if (freezable)
2214 timeo = freezable_schedule_timeout(timeo);
2215 else
2216 timeo = schedule_timeout(timeo);
2217 unix_state_lock(sk);
2218
2219 if (sock_flag(sk, SOCK_DEAD))
2220 break;
2221
2222 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2223 }
2224
2225 finish_wait(sk_sleep(sk), &wait);
2226 unix_state_unlock(sk);
2227 return timeo;
2228 }
2229
2230 static unsigned int unix_skb_len(const struct sk_buff *skb)
2231 {
2232 return skb->len - UNIXCB(skb).consumed;
2233 }
2234
2235 struct unix_stream_read_state {
2236 int (*recv_actor)(struct sk_buff *, int, int,
2237 struct unix_stream_read_state *);
2238 struct socket *socket;
2239 struct msghdr *msg;
2240 struct pipe_inode_info *pipe;
2241 size_t size;
2242 int flags;
2243 unsigned int splice_flags;
2244 };
2245
2246 static int unix_stream_read_generic(struct unix_stream_read_state *state,
2247 bool freezable)
2248 {
2249 struct scm_cookie scm;
2250 struct socket *sock = state->socket;
2251 struct sock *sk = sock->sk;
2252 struct unix_sock *u = unix_sk(sk);
2253 int copied = 0;
2254 int flags = state->flags;
2255 int noblock = flags & MSG_DONTWAIT;
2256 bool check_creds = false;
2257 int target;
2258 int err = 0;
2259 long timeo;
2260 int skip;
2261 size_t size = state->size;
2262 unsigned int last_len;
2263
2264 if (unlikely(sk->sk_state != TCP_ESTABLISHED)) {
2265 err = -EINVAL;
2266 goto out;
2267 }
2268
2269 if (unlikely(flags & MSG_OOB)) {
2270 err = -EOPNOTSUPP;
2271 goto out;
2272 }
2273
2274 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
2275 timeo = sock_rcvtimeo(sk, noblock);
2276
2277 memset(&scm, 0, sizeof(scm));
2278
2279 /* Lock the socket to prevent queue disordering
2280 * while sleeps in memcpy_tomsg
2281 */
2282 mutex_lock(&u->iolock);
2283
2284 skip = max(sk_peek_offset(sk, flags), 0);
2285
2286 do {
2287 int chunk;
2288 bool drop_skb;
2289 struct sk_buff *skb, *last;
2290
2291 redo:
2292 unix_state_lock(sk);
2293 if (sock_flag(sk, SOCK_DEAD)) {
2294 err = -ECONNRESET;
2295 goto unlock;
2296 }
2297 last = skb = skb_peek(&sk->sk_receive_queue);
2298 last_len = last ? last->len : 0;
2299 again:
2300 if (skb == NULL) {
2301 if (copied >= target)
2302 goto unlock;
2303
2304 /*
2305 * POSIX 1003.1g mandates this order.
2306 */
2307
2308 err = sock_error(sk);
2309 if (err)
2310 goto unlock;
2311 if (sk->sk_shutdown & RCV_SHUTDOWN)
2312 goto unlock;
2313
2314 unix_state_unlock(sk);
2315 if (!timeo) {
2316 err = -EAGAIN;
2317 break;
2318 }
2319
2320 mutex_unlock(&u->iolock);
2321
2322 timeo = unix_stream_data_wait(sk, timeo, last,
2323 last_len, freezable);
2324
2325 if (signal_pending(current)) {
2326 err = sock_intr_errno(timeo);
2327 scm_destroy(&scm);
2328 goto out;
2329 }
2330
2331 mutex_lock(&u->iolock);
2332 goto redo;
2333 unlock:
2334 unix_state_unlock(sk);
2335 break;
2336 }
2337
2338 while (skip >= unix_skb_len(skb)) {
2339 skip -= unix_skb_len(skb);
2340 last = skb;
2341 last_len = skb->len;
2342 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2343 if (!skb)
2344 goto again;
2345 }
2346
2347 unix_state_unlock(sk);
2348
2349 if (check_creds) {
2350 /* Never glue messages from different writers */
2351 if (!unix_skb_scm_eq(skb, &scm))
2352 break;
2353 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
2354 /* Copy credentials */
2355 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2356 unix_set_secdata(&scm, skb);
2357 check_creds = true;
2358 }
2359
2360 /* Copy address just once */
2361 if (state->msg && state->msg->msg_name) {
2362 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
2363 state->msg->msg_name);
2364 unix_copy_addr(state->msg, skb->sk);
2365 sunaddr = NULL;
2366 }
2367
2368 chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
2369 skb_get(skb);
2370 chunk = state->recv_actor(skb, skip, chunk, state);
2371 drop_skb = !unix_skb_len(skb);
2372 /* skb is only safe to use if !drop_skb */
2373 consume_skb(skb);
2374 if (chunk < 0) {
2375 if (copied == 0)
2376 copied = -EFAULT;
2377 break;
2378 }
2379 copied += chunk;
2380 size -= chunk;
2381
2382 if (drop_skb) {
2383 /* the skb was touched by a concurrent reader;
2384 * we should not expect anything from this skb
2385 * anymore and assume it invalid - we can be
2386 * sure it was dropped from the socket queue
2387 *
2388 * let's report a short read
2389 */
2390 err = 0;
2391 break;
2392 }
2393
2394 /* Mark read part of skb as used */
2395 if (!(flags & MSG_PEEK)) {
2396 UNIXCB(skb).consumed += chunk;
2397
2398 sk_peek_offset_bwd(sk, chunk);
2399
2400 if (UNIXCB(skb).fp)
2401 unix_detach_fds(&scm, skb);
2402
2403 if (unix_skb_len(skb))
2404 break;
2405
2406 skb_unlink(skb, &sk->sk_receive_queue);
2407 consume_skb(skb);
2408
2409 if (scm.fp)
2410 break;
2411 } else {
2412 /* It is questionable, see note in unix_dgram_recvmsg.
2413 */
2414 if (UNIXCB(skb).fp)
2415 scm.fp = scm_fp_dup(UNIXCB(skb).fp);
2416
2417 sk_peek_offset_fwd(sk, chunk);
2418
2419 if (UNIXCB(skb).fp)
2420 break;
2421
2422 skip = 0;
2423 last = skb;
2424 last_len = skb->len;
2425 unix_state_lock(sk);
2426 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2427 if (skb)
2428 goto again;
2429 unix_state_unlock(sk);
2430 break;
2431 }
2432 } while (size);
2433
2434 mutex_unlock(&u->iolock);
2435 if (state->msg)
2436 scm_recv(sock, state->msg, &scm, flags);
2437 else
2438 scm_destroy(&scm);
2439 out:
2440 return copied ? : err;
2441 }
2442
2443 static int unix_stream_read_actor(struct sk_buff *skb,
2444 int skip, int chunk,
2445 struct unix_stream_read_state *state)
2446 {
2447 int ret;
2448
2449 ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
2450 state->msg, chunk);
2451 return ret ?: chunk;
2452 }
2453
2454 static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
2455 size_t size, int flags)
2456 {
2457 struct unix_stream_read_state state = {
2458 .recv_actor = unix_stream_read_actor,
2459 .socket = sock,
2460 .msg = msg,
2461 .size = size,
2462 .flags = flags
2463 };
2464
2465 return unix_stream_read_generic(&state, true);
2466 }
2467
2468 static int unix_stream_splice_actor(struct sk_buff *skb,
2469 int skip, int chunk,
2470 struct unix_stream_read_state *state)
2471 {
2472 return skb_splice_bits(skb, state->socket->sk,
2473 UNIXCB(skb).consumed + skip,
2474 state->pipe, chunk, state->splice_flags);
2475 }
2476
2477 static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos,
2478 struct pipe_inode_info *pipe,
2479 size_t size, unsigned int flags)
2480 {
2481 struct unix_stream_read_state state = {
2482 .recv_actor = unix_stream_splice_actor,
2483 .socket = sock,
2484 .pipe = pipe,
2485 .size = size,
2486 .splice_flags = flags,
2487 };
2488
2489 if (unlikely(*ppos))
2490 return -ESPIPE;
2491
2492 if (sock->file->f_flags & O_NONBLOCK ||
2493 flags & SPLICE_F_NONBLOCK)
2494 state.flags = MSG_DONTWAIT;
2495
2496 return unix_stream_read_generic(&state, false);
2497 }
2498
2499 static int unix_shutdown(struct socket *sock, int mode)
2500 {
2501 struct sock *sk = sock->sk;
2502 struct sock *other;
2503
2504 if (mode < SHUT_RD || mode > SHUT_RDWR)
2505 return -EINVAL;
2506 /* This maps:
2507 * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2508 * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2509 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2510 */
2511 ++mode;
2512
2513 unix_state_lock(sk);
2514 sk->sk_shutdown |= mode;
2515 other = unix_peer(sk);
2516 if (other)
2517 sock_hold(other);
2518 unix_state_unlock(sk);
2519 sk->sk_state_change(sk);
2520
2521 if (other &&
2522 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2523
2524 int peer_mode = 0;
2525
2526 if (mode&RCV_SHUTDOWN)
2527 peer_mode |= SEND_SHUTDOWN;
2528 if (mode&SEND_SHUTDOWN)
2529 peer_mode |= RCV_SHUTDOWN;
2530 unix_state_lock(other);
2531 other->sk_shutdown |= peer_mode;
2532 unix_state_unlock(other);
2533 other->sk_state_change(other);
2534 if (peer_mode == SHUTDOWN_MASK)
2535 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2536 else if (peer_mode & RCV_SHUTDOWN)
2537 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2538 }
2539 if (other)
2540 sock_put(other);
2541
2542 return 0;
2543 }
2544
2545 long unix_inq_len(struct sock *sk)
2546 {
2547 struct sk_buff *skb;
2548 long amount = 0;
2549
2550 if (sk->sk_state == TCP_LISTEN)
2551 return -EINVAL;
2552
2553 spin_lock(&sk->sk_receive_queue.lock);
2554 if (sk->sk_type == SOCK_STREAM ||
2555 sk->sk_type == SOCK_SEQPACKET) {
2556 skb_queue_walk(&sk->sk_receive_queue, skb)
2557 amount += unix_skb_len(skb);
2558 } else {
2559 skb = skb_peek(&sk->sk_receive_queue);
2560 if (skb)
2561 amount = skb->len;
2562 }
2563 spin_unlock(&sk->sk_receive_queue.lock);
2564
2565 return amount;
2566 }
2567 EXPORT_SYMBOL_GPL(unix_inq_len);
2568
2569 long unix_outq_len(struct sock *sk)
2570 {
2571 return sk_wmem_alloc_get(sk);
2572 }
2573 EXPORT_SYMBOL_GPL(unix_outq_len);
2574
2575 static int unix_open_file(struct sock *sk)
2576 {
2577 struct path path;
2578 struct file *f;
2579 int fd;
2580
2581 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2582 return -EPERM;
2583
2584 unix_state_lock(sk);
2585 path = unix_sk(sk)->path;
2586 if (!path.dentry) {
2587 unix_state_unlock(sk);
2588 return -ENOENT;
2589 }
2590
2591 path_get(&path);
2592 unix_state_unlock(sk);
2593
2594 fd = get_unused_fd_flags(O_CLOEXEC);
2595 if (fd < 0)
2596 goto out;
2597
2598 f = dentry_open(&path, O_PATH, current_cred());
2599 if (IS_ERR(f)) {
2600 put_unused_fd(fd);
2601 fd = PTR_ERR(f);
2602 goto out;
2603 }
2604
2605 fd_install(fd, f);
2606 out:
2607 path_put(&path);
2608
2609 return fd;
2610 }
2611
2612 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2613 {
2614 struct sock *sk = sock->sk;
2615 long amount = 0;
2616 int err;
2617
2618 switch (cmd) {
2619 case SIOCOUTQ:
2620 amount = unix_outq_len(sk);
2621 err = put_user(amount, (int __user *)arg);
2622 break;
2623 case SIOCINQ:
2624 amount = unix_inq_len(sk);
2625 if (amount < 0)
2626 err = amount;
2627 else
2628 err = put_user(amount, (int __user *)arg);
2629 break;
2630 case SIOCUNIXFILE:
2631 err = unix_open_file(sk);
2632 break;
2633 default:
2634 err = -ENOIOCTLCMD;
2635 break;
2636 }
2637 return err;
2638 }
2639
2640 static __poll_t unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2641 {
2642 struct sock *sk = sock->sk;
2643 __poll_t mask;
2644
2645 sock_poll_wait(file, sock, wait);
2646 mask = 0;
2647
2648 /* exceptional events? */
2649 if (sk->sk_err)
2650 mask |= EPOLLERR;
2651 if (sk->sk_shutdown == SHUTDOWN_MASK)
2652 mask |= EPOLLHUP;
2653 if (sk->sk_shutdown & RCV_SHUTDOWN)
2654 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2655
2656 /* readable? */
2657 if (!skb_queue_empty(&sk->sk_receive_queue))
2658 mask |= EPOLLIN | EPOLLRDNORM;
2659
2660 /* Connection-based need to check for termination and startup */
2661 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2662 sk->sk_state == TCP_CLOSE)
2663 mask |= EPOLLHUP;
2664
2665 /*
2666 * we set writable also when the other side has shut down the
2667 * connection. This prevents stuck sockets.
2668 */
2669 if (unix_writable(sk))
2670 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2671
2672 return mask;
2673 }
2674
2675 static __poll_t unix_dgram_poll(struct file *file, struct socket *sock,
2676 poll_table *wait)
2677 {
2678 struct sock *sk = sock->sk, *other;
2679 unsigned int writable;
2680 __poll_t mask;
2681
2682 sock_poll_wait(file, sock, wait);
2683 mask = 0;
2684
2685 /* exceptional events? */
2686 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2687 mask |= EPOLLERR |
2688 (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0);
2689
2690 if (sk->sk_shutdown & RCV_SHUTDOWN)
2691 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2692 if (sk->sk_shutdown == SHUTDOWN_MASK)
2693 mask |= EPOLLHUP;
2694
2695 /* readable? */
2696 if (!skb_queue_empty(&sk->sk_receive_queue))
2697 mask |= EPOLLIN | EPOLLRDNORM;
2698
2699 /* Connection-based need to check for termination and startup */
2700 if (sk->sk_type == SOCK_SEQPACKET) {
2701 if (sk->sk_state == TCP_CLOSE)
2702 mask |= EPOLLHUP;
2703 /* connection hasn't started yet? */
2704 if (sk->sk_state == TCP_SYN_SENT)
2705 return mask;
2706 }
2707
2708 /* No write status requested, avoid expensive OUT tests. */
2709 if (!(poll_requested_events(wait) & (EPOLLWRBAND|EPOLLWRNORM|EPOLLOUT)))
2710 return mask;
2711
2712 writable = unix_writable(sk);
2713 if (writable) {
2714 unix_state_lock(sk);
2715
2716 other = unix_peer(sk);
2717 if (other && unix_peer(other) != sk &&
2718 unix_recvq_full(other) &&
2719 unix_dgram_peer_wake_me(sk, other))
2720 writable = 0;
2721
2722 unix_state_unlock(sk);
2723 }
2724
2725 if (writable)
2726 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2727 else
2728 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2729
2730 return mask;
2731 }
2732
2733 #ifdef CONFIG_PROC_FS
2734
2735 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2736
2737 #define get_bucket(x) ((x) >> BUCKET_SPACE)
2738 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2739 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2740
2741 static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
2742 {
2743 unsigned long offset = get_offset(*pos);
2744 unsigned long bucket = get_bucket(*pos);
2745 struct sock *sk;
2746 unsigned long count = 0;
2747
2748 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
2749 if (sock_net(sk) != seq_file_net(seq))
2750 continue;
2751 if (++count == offset)
2752 break;
2753 }
2754
2755 return sk;
2756 }
2757
2758 static struct sock *unix_next_socket(struct seq_file *seq,
2759 struct sock *sk,
2760 loff_t *pos)
2761 {
2762 unsigned long bucket;
2763
2764 while (sk > (struct sock *)SEQ_START_TOKEN) {
2765 sk = sk_next(sk);
2766 if (!sk)
2767 goto next_bucket;
2768 if (sock_net(sk) == seq_file_net(seq))
2769 return sk;
2770 }
2771
2772 do {
2773 sk = unix_from_bucket(seq, pos);
2774 if (sk)
2775 return sk;
2776
2777 next_bucket:
2778 bucket = get_bucket(*pos) + 1;
2779 *pos = set_bucket_offset(bucket, 1);
2780 } while (bucket < ARRAY_SIZE(unix_socket_table));
2781
2782 return NULL;
2783 }
2784
2785 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2786 __acquires(unix_table_lock)
2787 {
2788 spin_lock(&unix_table_lock);
2789
2790 if (!*pos)
2791 return SEQ_START_TOKEN;
2792
2793 if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
2794 return NULL;
2795
2796 return unix_next_socket(seq, NULL, pos);
2797 }
2798
2799 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2800 {
2801 ++*pos;
2802 return unix_next_socket(seq, v, pos);
2803 }
2804
2805 static void unix_seq_stop(struct seq_file *seq, void *v)
2806 __releases(unix_table_lock)
2807 {
2808 spin_unlock(&unix_table_lock);
2809 }
2810
2811 static int unix_seq_show(struct seq_file *seq, void *v)
2812 {
2813
2814 if (v == SEQ_START_TOKEN)
2815 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2816 "Inode Path\n");
2817 else {
2818 struct sock *s = v;
2819 struct unix_sock *u = unix_sk(s);
2820 unix_state_lock(s);
2821
2822 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2823 s,
2824 refcount_read(&s->sk_refcnt),
2825 0,
2826 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2827 s->sk_type,
2828 s->sk_socket ?
2829 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2830 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2831 sock_i_ino(s));
2832
2833 if (u->addr) {
2834 int i, len;
2835 seq_putc(seq, ' ');
2836
2837 i = 0;
2838 len = u->addr->len - sizeof(short);
2839 if (!UNIX_ABSTRACT(s))
2840 len--;
2841 else {
2842 seq_putc(seq, '@');
2843 i++;
2844 }
2845 for ( ; i < len; i++)
2846 seq_putc(seq, u->addr->name->sun_path[i] ?:
2847 '@');
2848 }
2849 unix_state_unlock(s);
2850 seq_putc(seq, '\n');
2851 }
2852
2853 return 0;
2854 }
2855
2856 static const struct seq_operations unix_seq_ops = {
2857 .start = unix_seq_start,
2858 .next = unix_seq_next,
2859 .stop = unix_seq_stop,
2860 .show = unix_seq_show,
2861 };
2862 #endif
2863
2864 static const struct net_proto_family unix_family_ops = {
2865 .family = PF_UNIX,
2866 .create = unix_create,
2867 .owner = THIS_MODULE,
2868 };
2869
2870
2871 static int __net_init unix_net_init(struct net *net)
2872 {
2873 int error = -ENOMEM;
2874
2875 net->unx.sysctl_max_dgram_qlen = 10;
2876 if (unix_sysctl_register(net))
2877 goto out;
2878
2879 #ifdef CONFIG_PROC_FS
2880 if (!proc_create_net("unix", 0, net->proc_net, &unix_seq_ops,
2881 sizeof(struct seq_net_private))) {
2882 unix_sysctl_unregister(net);
2883 goto out;
2884 }
2885 #endif
2886 error = 0;
2887 out:
2888 return error;
2889 }
2890
2891 static void __net_exit unix_net_exit(struct net *net)
2892 {
2893 unix_sysctl_unregister(net);
2894 remove_proc_entry("unix", net->proc_net);
2895 }
2896
2897 static struct pernet_operations unix_net_ops = {
2898 .init = unix_net_init,
2899 .exit = unix_net_exit,
2900 };
2901
2902 static int __init af_unix_init(void)
2903 {
2904 int rc = -1;
2905
2906 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > FIELD_SIZEOF(struct sk_buff, cb));
2907
2908 rc = proto_register(&unix_proto, 1);
2909 if (rc != 0) {
2910 pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__);
2911 goto out;
2912 }
2913
2914 sock_register(&unix_family_ops);
2915 register_pernet_subsys(&unix_net_ops);
2916 out:
2917 return rc;
2918 }
2919
2920 static void __exit af_unix_exit(void)
2921 {
2922 sock_unregister(PF_UNIX);
2923 proto_unregister(&unix_proto);
2924 unregister_pernet_subsys(&unix_net_ops);
2925 }
2926
2927 /* Earlier than device_initcall() so that other drivers invoking
2928 request_module() don't end up in a loop when modprobe tries
2929 to use a UNIX socket. But later than subsys_initcall() because
2930 we depend on stuff initialised there */
2931 fs_initcall(af_unix_init);
2932 module_exit(af_unix_exit);
2933
2934 MODULE_LICENSE("GPL");
2935 MODULE_ALIAS_NETPROTO(PF_UNIX);
Ubuntu Jammy Linux kernel mirror