1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * NET4: Implementation of BSD Unix domain sockets.
5 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
8 * Linus Torvalds : Assorted bug cures.
9 * Niibe Yutaka : async I/O support.
10 * Carsten Paeth : PF_UNIX check, address fixes.
11 * Alan Cox : Limit size of allocated blocks.
12 * Alan Cox : Fixed the stupid socketpair bug.
13 * Alan Cox : BSD compatibility fine tuning.
14 * Alan Cox : Fixed a bug in connect when interrupted.
15 * Alan Cox : Sorted out a proper draft version of
16 * file descriptor passing hacked up from
18 * Marty Leisner : Fixes to fd passing
19 * Nick Nevin : recvmsg bugfix.
20 * Alan Cox : Started proper garbage collector
21 * Heiko EiBfeldt : Missing verify_area check
22 * Alan Cox : Started POSIXisms
23 * Andreas Schwab : Replace inode by dentry for proper
25 * Kirk Petersen : Made this a module
26 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
28 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
29 * by above two patches.
30 * Andrea Arcangeli : If possible we block in connect(2)
31 * if the max backlog of the listen socket
32 * is been reached. This won't break
33 * old apps and it will avoid huge amount
34 * of socks hashed (this for unix_gc()
35 * performances reasons).
36 * Security fix that limits the max
37 * number of socks to 2*max_files and
38 * the number of skb queueable in the
40 * Artur Skawina : Hash function optimizations
41 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
42 * Malcolm Beattie : Set peercred for socketpair
43 * Michal Ostrowski : Module initialization cleanup.
44 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
45 * the core infrastructure is doing that
46 * for all net proto families now (2.5.69+)
48 * Known differences from reference BSD that was tested:
51 * ECONNREFUSED is not returned from one end of a connected() socket to the
52 * other the moment one end closes.
53 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
54 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
56 * accept() returns a path name even if the connecting socket has closed
57 * in the meantime (BSD loses the path and gives up).
58 * accept() returns 0 length path for an unbound connector. BSD returns 16
59 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
60 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
61 * BSD af_unix apparently has connect forgetting to block properly.
62 * (need to check this with the POSIX spec in detail)
64 * Differences from 2.0.0-11-... (ANK)
65 * Bug fixes and improvements.
66 * - client shutdown killed server socket.
67 * - removed all useless cli/sti pairs.
69 * Semantic changes/extensions.
70 * - generic control message passing.
71 * - SCM_CREDENTIALS control message.
72 * - "Abstract" (not FS based) socket bindings.
73 * Abstract names are sequences of bytes (not zero terminated)
74 * started by 0, so that this name space does not intersect
78 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
80 #include <linux/module.h>
81 #include <linux/kernel.h>
82 #include <linux/signal.h>
83 #include <linux/sched/signal.h>
84 #include <linux/errno.h>
85 #include <linux/string.h>
86 #include <linux/stat.h>
87 #include <linux/dcache.h>
88 #include <linux/namei.h>
89 #include <linux/socket.h>
91 #include <linux/fcntl.h>
92 #include <linux/termios.h>
93 #include <linux/sockios.h>
94 #include <linux/net.h>
97 #include <linux/slab.h>
98 #include <linux/uaccess.h>
99 #include <linux/skbuff.h>
100 #include <linux/netdevice.h>
101 #include <net/net_namespace.h>
102 #include <net/sock.h>
103 #include <net/tcp_states.h>
104 #include <net/af_unix.h>
105 #include <linux/proc_fs.h>
106 #include <linux/seq_file.h>
108 #include <linux/init.h>
109 #include <linux/poll.h>
110 #include <linux/rtnetlink.h>
111 #include <linux/mount.h>
112 #include <net/checksum.h>
113 #include <linux/security.h>
114 #include <linux/freezer.h>
115 #include <linux/file.h>
116 #include <linux/btf_ids.h>
120 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
121 EXPORT_SYMBOL_GPL(unix_socket_table);
122 DEFINE_SPINLOCK(unix_table_lock);
123 EXPORT_SYMBOL_GPL(unix_table_lock);
124 static atomic_long_t unix_nr_socks;
127 static struct hlist_head *unix_sockets_unbound(void *addr)
129 unsigned long hash = (unsigned long)addr;
133 hash %= UNIX_HASH_SIZE;
134 return &unix_socket_table[UNIX_HASH_SIZE + hash];
137 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
139 #ifdef CONFIG_SECURITY_NETWORK
140 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
142 UNIXCB(skb).secid = scm->secid;
145 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
147 scm->secid = UNIXCB(skb).secid;
150 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
152 return (scm->secid == UNIXCB(skb).secid);
155 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
158 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
161 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
165 #endif /* CONFIG_SECURITY_NETWORK */
168 * SMP locking strategy:
169 * hash table is protected with spinlock unix_table_lock
170 * each socket state is protected by separate spin lock.
173 static inline unsigned int unix_hash_fold(__wsum n)
175 unsigned int hash = (__force unsigned int)csum_fold(n);
178 return hash&(UNIX_HASH_SIZE-1);
181 #define unix_peer(sk) (unix_sk(sk)->peer)
183 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
185 return unix_peer(osk) == sk;
188 static inline int unix_may_send(struct sock *sk, struct sock *osk)
190 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
193 static inline int unix_recvq_full(const struct sock *sk)
195 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
198 static inline int unix_recvq_full_lockless(const struct sock *sk)
200 return skb_queue_len_lockless(&sk->sk_receive_queue) >
201 READ_ONCE(sk->sk_max_ack_backlog);
204 struct sock *unix_peer_get(struct sock *s)
212 unix_state_unlock(s);
215 EXPORT_SYMBOL_GPL(unix_peer_get);
217 static inline void unix_release_addr(struct unix_address *addr)
219 if (refcount_dec_and_test(&addr->refcnt))
224 * Check unix socket name:
225 * - should be not zero length.
226 * - if started by not zero, should be NULL terminated (FS object)
227 * - if started by zero, it is abstract name.
230 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
234 if (len <= sizeof(short) || len > sizeof(*sunaddr))
236 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
238 if (sunaddr->sun_path[0]) {
240 * This may look like an off by one error but it is a bit more
241 * subtle. 108 is the longest valid AF_UNIX path for a binding.
242 * sun_path[108] doesn't as such exist. However in kernel space
243 * we are guaranteed that it is a valid memory location in our
244 * kernel address buffer.
246 ((char *)sunaddr)[len] = 0;
247 len = strlen(sunaddr->sun_path)+1+sizeof(short);
251 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
255 static void __unix_remove_socket(struct sock *sk)
257 sk_del_node_init(sk);
260 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
262 WARN_ON(!sk_unhashed(sk));
263 sk_add_node(sk, list);
266 static void __unix_set_addr(struct sock *sk, struct unix_address *addr,
269 __unix_remove_socket(sk);
270 smp_store_release(&unix_sk(sk)->addr, addr);
271 __unix_insert_socket(&unix_socket_table[hash], sk);
274 static inline void unix_remove_socket(struct sock *sk)
276 spin_lock(&unix_table_lock);
277 __unix_remove_socket(sk);
278 spin_unlock(&unix_table_lock);
281 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
283 spin_lock(&unix_table_lock);
284 __unix_insert_socket(list, sk);
285 spin_unlock(&unix_table_lock);
288 static struct sock *__unix_find_socket_byname(struct net *net,
289 struct sockaddr_un *sunname,
290 int len, unsigned int hash)
294 sk_for_each(s, &unix_socket_table[hash]) {
295 struct unix_sock *u = unix_sk(s);
297 if (!net_eq(sock_net(s), net))
300 if (u->addr->len == len &&
301 !memcmp(u->addr->name, sunname, len))
307 static inline struct sock *unix_find_socket_byname(struct net *net,
308 struct sockaddr_un *sunname,
309 int len, unsigned int hash)
313 spin_lock(&unix_table_lock);
314 s = __unix_find_socket_byname(net, sunname, len, hash);
317 spin_unlock(&unix_table_lock);
321 static struct sock *unix_find_socket_byinode(struct inode *i)
325 spin_lock(&unix_table_lock);
327 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
328 struct dentry *dentry = unix_sk(s)->path.dentry;
330 if (dentry && d_backing_inode(dentry) == i) {
337 spin_unlock(&unix_table_lock);
341 /* Support code for asymmetrically connected dgram sockets
343 * If a datagram socket is connected to a socket not itself connected
344 * to the first socket (eg, /dev/log), clients may only enqueue more
345 * messages if the present receive queue of the server socket is not
346 * "too large". This means there's a second writeability condition
347 * poll and sendmsg need to test. The dgram recv code will do a wake
348 * up on the peer_wait wait queue of a socket upon reception of a
349 * datagram which needs to be propagated to sleeping would-be writers
350 * since these might not have sent anything so far. This can't be
351 * accomplished via poll_wait because the lifetime of the server
352 * socket might be less than that of its clients if these break their
353 * association with it or if the server socket is closed while clients
354 * are still connected to it and there's no way to inform "a polling
355 * implementation" that it should let go of a certain wait queue
357 * In order to propagate a wake up, a wait_queue_entry_t of the client
358 * socket is enqueued on the peer_wait queue of the server socket
359 * whose wake function does a wake_up on the ordinary client socket
360 * wait queue. This connection is established whenever a write (or
361 * poll for write) hit the flow control condition and broken when the
362 * association to the server socket is dissolved or after a wake up
366 static int unix_dgram_peer_wake_relay(wait_queue_entry_t *q, unsigned mode, int flags,
370 wait_queue_head_t *u_sleep;
372 u = container_of(q, struct unix_sock, peer_wake);
374 __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait,
376 u->peer_wake.private = NULL;
378 /* relaying can only happen while the wq still exists */
379 u_sleep = sk_sleep(&u->sk);
381 wake_up_interruptible_poll(u_sleep, key_to_poll(key));
386 static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other)
388 struct unix_sock *u, *u_other;
392 u_other = unix_sk(other);
394 spin_lock(&u_other->peer_wait.lock);
396 if (!u->peer_wake.private) {
397 u->peer_wake.private = other;
398 __add_wait_queue(&u_other->peer_wait, &u->peer_wake);
403 spin_unlock(&u_other->peer_wait.lock);
407 static void unix_dgram_peer_wake_disconnect(struct sock *sk,
410 struct unix_sock *u, *u_other;
413 u_other = unix_sk(other);
414 spin_lock(&u_other->peer_wait.lock);
416 if (u->peer_wake.private == other) {
417 __remove_wait_queue(&u_other->peer_wait, &u->peer_wake);
418 u->peer_wake.private = NULL;
421 spin_unlock(&u_other->peer_wait.lock);
424 static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk,
427 unix_dgram_peer_wake_disconnect(sk, other);
428 wake_up_interruptible_poll(sk_sleep(sk),
435 * - unix_peer(sk) == other
436 * - association is stable
438 static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
442 connected = unix_dgram_peer_wake_connect(sk, other);
444 /* If other is SOCK_DEAD, we want to make sure we signal
445 * POLLOUT, such that a subsequent write() can get a
446 * -ECONNREFUSED. Otherwise, if we haven't queued any skbs
447 * to other and its full, we will hang waiting for POLLOUT.
449 if (unix_recvq_full(other) && !sock_flag(other, SOCK_DEAD))
453 unix_dgram_peer_wake_disconnect(sk, other);
458 static int unix_writable(const struct sock *sk)
460 return sk->sk_state != TCP_LISTEN &&
461 (refcount_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
464 static void unix_write_space(struct sock *sk)
466 struct socket_wq *wq;
469 if (unix_writable(sk)) {
470 wq = rcu_dereference(sk->sk_wq);
471 if (skwq_has_sleeper(wq))
472 wake_up_interruptible_sync_poll(&wq->wait,
473 EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND);
474 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
479 /* When dgram socket disconnects (or changes its peer), we clear its receive
480 * queue of packets arrived from previous peer. First, it allows to do
481 * flow control based only on wmem_alloc; second, sk connected to peer
482 * may receive messages only from that peer. */
483 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
485 if (!skb_queue_empty(&sk->sk_receive_queue)) {
486 skb_queue_purge(&sk->sk_receive_queue);
487 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
489 /* If one link of bidirectional dgram pipe is disconnected,
490 * we signal error. Messages are lost. Do not make this,
491 * when peer was not connected to us.
493 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
494 other->sk_err = ECONNRESET;
495 sk_error_report(other);
498 other->sk_state = TCP_CLOSE;
501 static void unix_sock_destructor(struct sock *sk)
503 struct unix_sock *u = unix_sk(sk);
505 skb_queue_purge(&sk->sk_receive_queue);
507 #if IS_ENABLED(CONFIG_AF_UNIX_OOB)
509 kfree_skb(u->oob_skb);
513 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
514 WARN_ON(!sk_unhashed(sk));
515 WARN_ON(sk->sk_socket);
516 if (!sock_flag(sk, SOCK_DEAD)) {
517 pr_info("Attempt to release alive unix socket: %p\n", sk);
522 unix_release_addr(u->addr);
524 atomic_long_dec(&unix_nr_socks);
526 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
528 #ifdef UNIX_REFCNT_DEBUG
529 pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk,
530 atomic_long_read(&unix_nr_socks));
534 static void unix_release_sock(struct sock *sk, int embrion)
536 struct unix_sock *u = unix_sk(sk);
542 unix_remove_socket(sk);
547 sk->sk_shutdown = SHUTDOWN_MASK;
549 u->path.dentry = NULL;
551 state = sk->sk_state;
552 sk->sk_state = TCP_CLOSE;
554 skpair = unix_peer(sk);
555 unix_peer(sk) = NULL;
557 unix_state_unlock(sk);
559 wake_up_interruptible_all(&u->peer_wait);
561 if (skpair != NULL) {
562 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
563 unix_state_lock(skpair);
565 skpair->sk_shutdown = SHUTDOWN_MASK;
566 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
567 skpair->sk_err = ECONNRESET;
568 unix_state_unlock(skpair);
569 skpair->sk_state_change(skpair);
570 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
573 unix_dgram_peer_wake_disconnect(sk, skpair);
574 sock_put(skpair); /* It may now die */
577 /* Try to flush out this socket. Throw out buffers at least */
579 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
580 if (state == TCP_LISTEN)
581 unix_release_sock(skb->sk, 1);
582 /* passed fds are erased in the kfree_skb hook */
583 UNIXCB(skb).consumed = skb->len;
592 /* ---- Socket is dead now and most probably destroyed ---- */
595 * Fixme: BSD difference: In BSD all sockets connected to us get
596 * ECONNRESET and we die on the spot. In Linux we behave
597 * like files and pipes do and wait for the last
600 * Can't we simply set sock->err?
602 * What the above comment does talk about? --ANK(980817)
605 if (unix_tot_inflight)
606 unix_gc(); /* Garbage collect fds */
609 static void init_peercred(struct sock *sk)
611 const struct cred *old_cred;
614 spin_lock(&sk->sk_peer_lock);
615 old_pid = sk->sk_peer_pid;
616 old_cred = sk->sk_peer_cred;
617 sk->sk_peer_pid = get_pid(task_tgid(current));
618 sk->sk_peer_cred = get_current_cred();
619 spin_unlock(&sk->sk_peer_lock);
625 static void copy_peercred(struct sock *sk, struct sock *peersk)
627 const struct cred *old_cred;
631 spin_lock(&sk->sk_peer_lock);
632 spin_lock_nested(&peersk->sk_peer_lock, SINGLE_DEPTH_NESTING);
634 spin_lock(&peersk->sk_peer_lock);
635 spin_lock_nested(&sk->sk_peer_lock, SINGLE_DEPTH_NESTING);
637 old_pid = sk->sk_peer_pid;
638 old_cred = sk->sk_peer_cred;
639 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
640 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
642 spin_unlock(&sk->sk_peer_lock);
643 spin_unlock(&peersk->sk_peer_lock);
649 static int unix_listen(struct socket *sock, int backlog)
652 struct sock *sk = sock->sk;
653 struct unix_sock *u = unix_sk(sk);
656 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
657 goto out; /* Only stream/seqpacket sockets accept */
660 goto out; /* No listens on an unbound socket */
662 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
664 if (backlog > sk->sk_max_ack_backlog)
665 wake_up_interruptible_all(&u->peer_wait);
666 sk->sk_max_ack_backlog = backlog;
667 sk->sk_state = TCP_LISTEN;
668 /* set credentials so connect can copy them */
673 unix_state_unlock(sk);
678 static int unix_release(struct socket *);
679 static int unix_bind(struct socket *, struct sockaddr *, int);
680 static int unix_stream_connect(struct socket *, struct sockaddr *,
681 int addr_len, int flags);
682 static int unix_socketpair(struct socket *, struct socket *);
683 static int unix_accept(struct socket *, struct socket *, int, bool);
684 static int unix_getname(struct socket *, struct sockaddr *, int);
685 static __poll_t unix_poll(struct file *, struct socket *, poll_table *);
686 static __poll_t unix_dgram_poll(struct file *, struct socket *,
688 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
690 static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
692 static int unix_shutdown(struct socket *, int);
693 static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t);
694 static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int);
695 static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset,
696 size_t size, int flags);
697 static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos,
698 struct pipe_inode_info *, size_t size,
700 static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t);
701 static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int);
702 static int unix_read_sock(struct sock *sk, read_descriptor_t *desc,
703 sk_read_actor_t recv_actor);
704 static int unix_stream_read_sock(struct sock *sk, read_descriptor_t *desc,
705 sk_read_actor_t recv_actor);
706 static int unix_dgram_connect(struct socket *, struct sockaddr *,
708 static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t);
709 static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t,
712 static int unix_set_peek_off(struct sock *sk, int val)
714 struct unix_sock *u = unix_sk(sk);
716 if (mutex_lock_interruptible(&u->iolock))
719 sk->sk_peek_off = val;
720 mutex_unlock(&u->iolock);
725 #ifdef CONFIG_PROC_FS
726 static void unix_show_fdinfo(struct seq_file *m, struct socket *sock)
728 struct sock *sk = sock->sk;
732 u = unix_sk(sock->sk);
733 seq_printf(m, "scm_fds: %u\n",
734 atomic_read(&u->scm_stat.nr_fds));
738 #define unix_show_fdinfo NULL
741 static const struct proto_ops unix_stream_ops = {
743 .owner = THIS_MODULE,
744 .release = unix_release,
746 .connect = unix_stream_connect,
747 .socketpair = unix_socketpair,
748 .accept = unix_accept,
749 .getname = unix_getname,
753 .compat_ioctl = unix_compat_ioctl,
755 .listen = unix_listen,
756 .shutdown = unix_shutdown,
757 .sendmsg = unix_stream_sendmsg,
758 .recvmsg = unix_stream_recvmsg,
759 .read_sock = unix_stream_read_sock,
760 .mmap = sock_no_mmap,
761 .sendpage = unix_stream_sendpage,
762 .splice_read = unix_stream_splice_read,
763 .set_peek_off = unix_set_peek_off,
764 .show_fdinfo = unix_show_fdinfo,
767 static const struct proto_ops unix_dgram_ops = {
769 .owner = THIS_MODULE,
770 .release = unix_release,
772 .connect = unix_dgram_connect,
773 .socketpair = unix_socketpair,
774 .accept = sock_no_accept,
775 .getname = unix_getname,
776 .poll = unix_dgram_poll,
779 .compat_ioctl = unix_compat_ioctl,
781 .listen = sock_no_listen,
782 .shutdown = unix_shutdown,
783 .sendmsg = unix_dgram_sendmsg,
784 .read_sock = unix_read_sock,
785 .recvmsg = unix_dgram_recvmsg,
786 .mmap = sock_no_mmap,
787 .sendpage = sock_no_sendpage,
788 .set_peek_off = unix_set_peek_off,
789 .show_fdinfo = unix_show_fdinfo,
792 static const struct proto_ops unix_seqpacket_ops = {
794 .owner = THIS_MODULE,
795 .release = unix_release,
797 .connect = unix_stream_connect,
798 .socketpair = unix_socketpair,
799 .accept = unix_accept,
800 .getname = unix_getname,
801 .poll = unix_dgram_poll,
804 .compat_ioctl = unix_compat_ioctl,
806 .listen = unix_listen,
807 .shutdown = unix_shutdown,
808 .sendmsg = unix_seqpacket_sendmsg,
809 .recvmsg = unix_seqpacket_recvmsg,
810 .mmap = sock_no_mmap,
811 .sendpage = sock_no_sendpage,
812 .set_peek_off = unix_set_peek_off,
813 .show_fdinfo = unix_show_fdinfo,
816 static void unix_close(struct sock *sk, long timeout)
818 /* Nothing to do here, unix socket does not need a ->close().
819 * This is merely for sockmap.
823 static void unix_unhash(struct sock *sk)
825 /* Nothing to do here, unix socket does not need a ->unhash().
826 * This is merely for sockmap.
830 struct proto unix_dgram_proto = {
831 .name = "UNIX-DGRAM",
832 .owner = THIS_MODULE,
833 .obj_size = sizeof(struct unix_sock),
835 #ifdef CONFIG_BPF_SYSCALL
836 .psock_update_sk_prot = unix_dgram_bpf_update_proto,
840 struct proto unix_stream_proto = {
841 .name = "UNIX-STREAM",
842 .owner = THIS_MODULE,
843 .obj_size = sizeof(struct unix_sock),
845 .unhash = unix_unhash,
846 #ifdef CONFIG_BPF_SYSCALL
847 .psock_update_sk_prot = unix_stream_bpf_update_proto,
851 static struct sock *unix_create1(struct net *net, struct socket *sock, int kern, int type)
857 atomic_long_inc(&unix_nr_socks);
858 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files()) {
863 if (type == SOCK_STREAM)
864 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_stream_proto, kern);
865 else /*dgram and seqpacket */
866 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_dgram_proto, kern);
873 sock_init_data(sock, sk);
875 sk->sk_allocation = GFP_KERNEL_ACCOUNT;
876 sk->sk_write_space = unix_write_space;
877 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
878 sk->sk_destruct = unix_sock_destructor;
880 u->path.dentry = NULL;
882 spin_lock_init(&u->lock);
883 atomic_long_set(&u->inflight, 0);
884 INIT_LIST_HEAD(&u->link);
885 mutex_init(&u->iolock); /* single task reading lock */
886 mutex_init(&u->bindlock); /* single task binding lock */
887 init_waitqueue_head(&u->peer_wait);
888 init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);
889 memset(&u->scm_stat, 0, sizeof(struct scm_stat));
890 unix_insert_socket(unix_sockets_unbound(sk), sk);
893 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
899 atomic_long_dec(&unix_nr_socks);
903 static int unix_create(struct net *net, struct socket *sock, int protocol,
908 if (protocol && protocol != PF_UNIX)
909 return -EPROTONOSUPPORT;
911 sock->state = SS_UNCONNECTED;
913 switch (sock->type) {
915 sock->ops = &unix_stream_ops;
918 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
922 sock->type = SOCK_DGRAM;
925 sock->ops = &unix_dgram_ops;
928 sock->ops = &unix_seqpacket_ops;
931 return -ESOCKTNOSUPPORT;
934 sk = unix_create1(net, sock, kern, sock->type);
941 static int unix_release(struct socket *sock)
943 struct sock *sk = sock->sk;
948 sk->sk_prot->close(sk, 0);
949 unix_release_sock(sk, 0);
955 static int unix_autobind(struct socket *sock)
957 struct sock *sk = sock->sk;
958 struct net *net = sock_net(sk);
959 struct unix_sock *u = unix_sk(sk);
960 static u32 ordernum = 1;
961 struct unix_address *addr;
963 unsigned int retries = 0;
965 err = mutex_lock_interruptible(&u->bindlock);
973 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
977 addr->name->sun_family = AF_UNIX;
978 refcount_set(&addr->refcnt, 1);
981 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
982 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
983 addr->hash ^= sk->sk_type;
985 spin_lock(&unix_table_lock);
986 ordernum = (ordernum+1)&0xFFFFF;
988 if (__unix_find_socket_byname(net, addr->name, addr->len, addr->hash)) {
989 spin_unlock(&unix_table_lock);
991 * __unix_find_socket_byname() may take long time if many names
992 * are already in use.
995 /* Give up if all names seems to be in use. */
996 if (retries++ == 0xFFFFF) {
1004 __unix_set_addr(sk, addr, addr->hash);
1005 spin_unlock(&unix_table_lock);
1008 out: mutex_unlock(&u->bindlock);
1012 static struct sock *unix_find_other(struct net *net,
1013 struct sockaddr_un *sunname, int len,
1014 int type, unsigned int hash, int *error)
1020 if (sunname->sun_path[0]) {
1021 struct inode *inode;
1022 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
1025 inode = d_backing_inode(path.dentry);
1026 err = path_permission(&path, MAY_WRITE);
1030 err = -ECONNREFUSED;
1031 if (!S_ISSOCK(inode->i_mode))
1033 u = unix_find_socket_byinode(inode);
1037 if (u->sk_type == type)
1043 if (u->sk_type != type) {
1048 err = -ECONNREFUSED;
1049 u = unix_find_socket_byname(net, sunname, len, type ^ hash);
1051 struct dentry *dentry;
1052 dentry = unix_sk(u)->path.dentry;
1054 touch_atime(&unix_sk(u)->path);
1067 static int unix_bind_bsd(struct sock *sk, struct unix_address *addr)
1069 struct unix_sock *u = unix_sk(sk);
1070 umode_t mode = S_IFSOCK |
1071 (SOCK_INODE(sk->sk_socket)->i_mode & ~current_umask());
1072 struct user_namespace *ns; // barf...
1074 struct dentry *dentry;
1079 * Get the parent directory, calculate the hash for last
1082 dentry = kern_path_create(AT_FDCWD, addr->name->sun_path, &parent, 0);
1084 return PTR_ERR(dentry);
1085 ns = mnt_user_ns(parent.mnt);
1088 * All right, let's create it.
1090 err = security_path_mknod(&parent, dentry, mode, 0);
1092 err = vfs_mknod(ns, d_inode(parent.dentry), dentry, mode, 0);
1095 err = mutex_lock_interruptible(&u->bindlock);
1101 addr->hash = UNIX_HASH_SIZE;
1102 hash = d_backing_inode(dentry)->i_ino & (UNIX_HASH_SIZE - 1);
1103 spin_lock(&unix_table_lock);
1104 u->path.mnt = mntget(parent.mnt);
1105 u->path.dentry = dget(dentry);
1106 __unix_set_addr(sk, addr, hash);
1107 spin_unlock(&unix_table_lock);
1108 mutex_unlock(&u->bindlock);
1109 done_path_create(&parent, dentry);
1113 mutex_unlock(&u->bindlock);
1116 /* failed after successful mknod? unlink what we'd created... */
1117 vfs_unlink(ns, d_inode(parent.dentry), dentry, NULL);
1119 done_path_create(&parent, dentry);
1123 static int unix_bind_abstract(struct sock *sk, struct unix_address *addr)
1125 struct unix_sock *u = unix_sk(sk);
1128 err = mutex_lock_interruptible(&u->bindlock);
1133 mutex_unlock(&u->bindlock);
1137 spin_lock(&unix_table_lock);
1138 if (__unix_find_socket_byname(sock_net(sk), addr->name, addr->len,
1140 spin_unlock(&unix_table_lock);
1141 mutex_unlock(&u->bindlock);
1144 __unix_set_addr(sk, addr, addr->hash);
1145 spin_unlock(&unix_table_lock);
1146 mutex_unlock(&u->bindlock);
1150 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1152 struct sock *sk = sock->sk;
1153 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1154 char *sun_path = sunaddr->sun_path;
1157 struct unix_address *addr;
1159 if (addr_len < offsetofend(struct sockaddr_un, sun_family) ||
1160 sunaddr->sun_family != AF_UNIX)
1163 if (addr_len == sizeof(short))
1164 return unix_autobind(sock);
1166 err = unix_mkname(sunaddr, addr_len, &hash);
1170 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
1174 memcpy(addr->name, sunaddr, addr_len);
1175 addr->len = addr_len;
1176 addr->hash = hash ^ sk->sk_type;
1177 refcount_set(&addr->refcnt, 1);
1180 err = unix_bind_bsd(sk, addr);
1182 err = unix_bind_abstract(sk, addr);
1184 unix_release_addr(addr);
1185 return err == -EEXIST ? -EADDRINUSE : err;
1188 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
1190 if (unlikely(sk1 == sk2) || !sk2) {
1191 unix_state_lock(sk1);
1195 unix_state_lock(sk1);
1196 unix_state_lock_nested(sk2);
1198 unix_state_lock(sk2);
1199 unix_state_lock_nested(sk1);
1203 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
1205 if (unlikely(sk1 == sk2) || !sk2) {
1206 unix_state_unlock(sk1);
1209 unix_state_unlock(sk1);
1210 unix_state_unlock(sk2);
1213 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
1214 int alen, int flags)
1216 struct sock *sk = sock->sk;
1217 struct net *net = sock_net(sk);
1218 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
1224 if (alen < offsetofend(struct sockaddr, sa_family))
1227 if (addr->sa_family != AF_UNSPEC) {
1228 err = unix_mkname(sunaddr, alen, &hash);
1233 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
1234 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
1238 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
1242 unix_state_double_lock(sk, other);
1244 /* Apparently VFS overslept socket death. Retry. */
1245 if (sock_flag(other, SOCK_DEAD)) {
1246 unix_state_double_unlock(sk, other);
1252 if (!unix_may_send(sk, other))
1255 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1259 sk->sk_state = other->sk_state = TCP_ESTABLISHED;
1262 * 1003.1g breaking connected state with AF_UNSPEC
1265 unix_state_double_lock(sk, other);
1269 * If it was connected, reconnect.
1271 if (unix_peer(sk)) {
1272 struct sock *old_peer = unix_peer(sk);
1274 unix_peer(sk) = other;
1276 sk->sk_state = TCP_CLOSE;
1277 unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer);
1279 unix_state_double_unlock(sk, other);
1281 if (other != old_peer)
1282 unix_dgram_disconnected(sk, old_peer);
1285 unix_peer(sk) = other;
1286 unix_state_double_unlock(sk, other);
1292 unix_state_double_unlock(sk, other);
1298 static long unix_wait_for_peer(struct sock *other, long timeo)
1299 __releases(&unix_sk(other)->lock)
1301 struct unix_sock *u = unix_sk(other);
1305 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1307 sched = !sock_flag(other, SOCK_DEAD) &&
1308 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1309 unix_recvq_full(other);
1311 unix_state_unlock(other);
1314 timeo = schedule_timeout(timeo);
1316 finish_wait(&u->peer_wait, &wait);
1320 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1321 int addr_len, int flags)
1323 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1324 struct sock *sk = sock->sk;
1325 struct net *net = sock_net(sk);
1326 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1327 struct sock *newsk = NULL;
1328 struct sock *other = NULL;
1329 struct sk_buff *skb = NULL;
1335 err = unix_mkname(sunaddr, addr_len, &hash);
1340 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1341 (err = unix_autobind(sock)) != 0)
1344 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1346 /* First of all allocate resources.
1347 If we will make it after state is locked,
1348 we will have to recheck all again in any case.
1351 /* create new sock for complete connection */
1352 newsk = unix_create1(sock_net(sk), NULL, 0, sock->type);
1353 if (IS_ERR(newsk)) {
1354 err = PTR_ERR(newsk);
1361 /* Allocate skb for sending to listening sock */
1362 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1367 /* Find listening sock. */
1368 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1372 /* Latch state of peer */
1373 unix_state_lock(other);
1375 /* Apparently VFS overslept socket death. Retry. */
1376 if (sock_flag(other, SOCK_DEAD)) {
1377 unix_state_unlock(other);
1382 err = -ECONNREFUSED;
1383 if (other->sk_state != TCP_LISTEN)
1385 if (other->sk_shutdown & RCV_SHUTDOWN)
1388 if (unix_recvq_full(other)) {
1393 timeo = unix_wait_for_peer(other, timeo);
1395 err = sock_intr_errno(timeo);
1396 if (signal_pending(current))
1404 It is tricky place. We need to grab our state lock and cannot
1405 drop lock on peer. It is dangerous because deadlock is
1406 possible. Connect to self case and simultaneous
1407 attempt to connect are eliminated by checking socket
1408 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1409 check this before attempt to grab lock.
1411 Well, and we have to recheck the state after socket locked.
1417 /* This is ok... continue with connect */
1419 case TCP_ESTABLISHED:
1420 /* Socket is already connected */
1428 unix_state_lock_nested(sk);
1430 if (sk->sk_state != st) {
1431 unix_state_unlock(sk);
1432 unix_state_unlock(other);
1437 err = security_unix_stream_connect(sk, other, newsk);
1439 unix_state_unlock(sk);
1443 /* The way is open! Fastly set all the necessary fields... */
1446 unix_peer(newsk) = sk;
1447 newsk->sk_state = TCP_ESTABLISHED;
1448 newsk->sk_type = sk->sk_type;
1449 init_peercred(newsk);
1450 newu = unix_sk(newsk);
1451 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1452 otheru = unix_sk(other);
1454 /* copy address information from listening to new sock
1456 * The contents of *(otheru->addr) and otheru->path
1457 * are seen fully set up here, since we have found
1458 * otheru in hash under unix_table_lock. Insertion
1459 * into the hash chain we'd found it in had been done
1460 * in an earlier critical area protected by unix_table_lock,
1461 * the same one where we'd set *(otheru->addr) contents,
1462 * as well as otheru->path and otheru->addr itself.
1464 * Using smp_store_release() here to set newu->addr
1465 * is enough to make those stores, as well as stores
1466 * to newu->path visible to anyone who gets newu->addr
1467 * by smp_load_acquire(). IOW, the same warranties
1468 * as for unix_sock instances bound in unix_bind() or
1469 * in unix_autobind().
1471 if (otheru->path.dentry) {
1472 path_get(&otheru->path);
1473 newu->path = otheru->path;
1475 refcount_inc(&otheru->addr->refcnt);
1476 smp_store_release(&newu->addr, otheru->addr);
1478 /* Set credentials */
1479 copy_peercred(sk, other);
1481 sock->state = SS_CONNECTED;
1482 sk->sk_state = TCP_ESTABLISHED;
1485 smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */
1486 unix_peer(sk) = newsk;
1488 unix_state_unlock(sk);
1490 /* take ten and send info to listening sock */
1491 spin_lock(&other->sk_receive_queue.lock);
1492 __skb_queue_tail(&other->sk_receive_queue, skb);
1493 spin_unlock(&other->sk_receive_queue.lock);
1494 unix_state_unlock(other);
1495 other->sk_data_ready(other);
1501 unix_state_unlock(other);
1506 unix_release_sock(newsk, 0);
1512 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1514 struct sock *ska = socka->sk, *skb = sockb->sk;
1516 /* Join our sockets back to back */
1519 unix_peer(ska) = skb;
1520 unix_peer(skb) = ska;
1524 ska->sk_state = TCP_ESTABLISHED;
1525 skb->sk_state = TCP_ESTABLISHED;
1526 socka->state = SS_CONNECTED;
1527 sockb->state = SS_CONNECTED;
1531 static void unix_sock_inherit_flags(const struct socket *old,
1534 if (test_bit(SOCK_PASSCRED, &old->flags))
1535 set_bit(SOCK_PASSCRED, &new->flags);
1536 if (test_bit(SOCK_PASSSEC, &old->flags))
1537 set_bit(SOCK_PASSSEC, &new->flags);
1540 static int unix_accept(struct socket *sock, struct socket *newsock, int flags,
1543 struct sock *sk = sock->sk;
1545 struct sk_buff *skb;
1549 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1553 if (sk->sk_state != TCP_LISTEN)
1556 /* If socket state is TCP_LISTEN it cannot change (for now...),
1557 * so that no locks are necessary.
1560 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1562 /* This means receive shutdown. */
1569 skb_free_datagram(sk, skb);
1570 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1572 /* attach accepted sock to socket */
1573 unix_state_lock(tsk);
1574 newsock->state = SS_CONNECTED;
1575 unix_sock_inherit_flags(sock, newsock);
1576 sock_graft(tsk, newsock);
1577 unix_state_unlock(tsk);
1585 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer)
1587 struct sock *sk = sock->sk;
1588 struct unix_address *addr;
1589 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1593 sk = unix_peer_get(sk);
1603 addr = smp_load_acquire(&unix_sk(sk)->addr);
1605 sunaddr->sun_family = AF_UNIX;
1606 sunaddr->sun_path[0] = 0;
1607 err = sizeof(short);
1610 memcpy(sunaddr, addr->name, addr->len);
1617 static void unix_peek_fds(struct scm_cookie *scm, struct sk_buff *skb)
1619 scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1622 * Garbage collection of unix sockets starts by selecting a set of
1623 * candidate sockets which have reference only from being in flight
1624 * (total_refs == inflight_refs). This condition is checked once during
1625 * the candidate collection phase, and candidates are marked as such, so
1626 * that non-candidates can later be ignored. While inflight_refs is
1627 * protected by unix_gc_lock, total_refs (file count) is not, hence this
1628 * is an instantaneous decision.
1630 * Once a candidate, however, the socket must not be reinstalled into a
1631 * file descriptor while the garbage collection is in progress.
1633 * If the above conditions are met, then the directed graph of
1634 * candidates (*) does not change while unix_gc_lock is held.
1636 * Any operations that changes the file count through file descriptors
1637 * (dup, close, sendmsg) does not change the graph since candidates are
1638 * not installed in fds.
1640 * Dequeing a candidate via recvmsg would install it into an fd, but
1641 * that takes unix_gc_lock to decrement the inflight count, so it's
1642 * serialized with garbage collection.
1644 * MSG_PEEK is special in that it does not change the inflight count,
1645 * yet does install the socket into an fd. The following lock/unlock
1646 * pair is to ensure serialization with garbage collection. It must be
1647 * done between incrementing the file count and installing the file into
1650 * If garbage collection starts after the barrier provided by the
1651 * lock/unlock, then it will see the elevated refcount and not mark this
1652 * as a candidate. If a garbage collection is already in progress
1653 * before the file count was incremented, then the lock/unlock pair will
1654 * ensure that garbage collection is finished before progressing to
1655 * installing the fd.
1657 * (*) A -> B where B is on the queue of A or B is on the queue of C
1658 * which is on the queue of listening socket A.
1660 spin_lock(&unix_gc_lock);
1661 spin_unlock(&unix_gc_lock);
1664 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1668 UNIXCB(skb).pid = get_pid(scm->pid);
1669 UNIXCB(skb).uid = scm->creds.uid;
1670 UNIXCB(skb).gid = scm->creds.gid;
1671 UNIXCB(skb).fp = NULL;
1672 unix_get_secdata(scm, skb);
1673 if (scm->fp && send_fds)
1674 err = unix_attach_fds(scm, skb);
1676 skb->destructor = unix_destruct_scm;
1680 static bool unix_passcred_enabled(const struct socket *sock,
1681 const struct sock *other)
1683 return test_bit(SOCK_PASSCRED, &sock->flags) ||
1684 !other->sk_socket ||
1685 test_bit(SOCK_PASSCRED, &other->sk_socket->flags);
1689 * Some apps rely on write() giving SCM_CREDENTIALS
1690 * We include credentials if source or destination socket
1691 * asserted SOCK_PASSCRED.
1693 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1694 const struct sock *other)
1696 if (UNIXCB(skb).pid)
1698 if (unix_passcred_enabled(sock, other)) {
1699 UNIXCB(skb).pid = get_pid(task_tgid(current));
1700 current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid);
1704 static int maybe_init_creds(struct scm_cookie *scm,
1705 struct socket *socket,
1706 const struct sock *other)
1709 struct msghdr msg = { .msg_controllen = 0 };
1711 err = scm_send(socket, &msg, scm, false);
1715 if (unix_passcred_enabled(socket, other)) {
1716 scm->pid = get_pid(task_tgid(current));
1717 current_uid_gid(&scm->creds.uid, &scm->creds.gid);
1722 static bool unix_skb_scm_eq(struct sk_buff *skb,
1723 struct scm_cookie *scm)
1725 const struct unix_skb_parms *u = &UNIXCB(skb);
1727 return u->pid == scm->pid &&
1728 uid_eq(u->uid, scm->creds.uid) &&
1729 gid_eq(u->gid, scm->creds.gid) &&
1730 unix_secdata_eq(scm, skb);
1733 static void scm_stat_add(struct sock *sk, struct sk_buff *skb)
1735 struct scm_fp_list *fp = UNIXCB(skb).fp;
1736 struct unix_sock *u = unix_sk(sk);
1738 if (unlikely(fp && fp->count))
1739 atomic_add(fp->count, &u->scm_stat.nr_fds);
1742 static void scm_stat_del(struct sock *sk, struct sk_buff *skb)
1744 struct scm_fp_list *fp = UNIXCB(skb).fp;
1745 struct unix_sock *u = unix_sk(sk);
1747 if (unlikely(fp && fp->count))
1748 atomic_sub(fp->count, &u->scm_stat.nr_fds);
1752 * Send AF_UNIX data.
1755 static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
1758 struct sock *sk = sock->sk;
1759 struct net *net = sock_net(sk);
1760 struct unix_sock *u = unix_sk(sk);
1761 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
1762 struct sock *other = NULL;
1763 int namelen = 0; /* fake GCC */
1766 struct sk_buff *skb;
1768 struct scm_cookie scm;
1773 err = scm_send(sock, msg, &scm, false);
1778 if (msg->msg_flags&MSG_OOB)
1781 if (msg->msg_namelen) {
1782 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1789 other = unix_peer_get(sk);
1794 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1795 && (err = unix_autobind(sock)) != 0)
1799 if (len > sk->sk_sndbuf - 32)
1802 if (len > SKB_MAX_ALLOC) {
1803 data_len = min_t(size_t,
1804 len - SKB_MAX_ALLOC,
1805 MAX_SKB_FRAGS * PAGE_SIZE);
1806 data_len = PAGE_ALIGN(data_len);
1808 BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE);
1811 skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1812 msg->msg_flags & MSG_DONTWAIT, &err,
1813 PAGE_ALLOC_COSTLY_ORDER);
1817 err = unix_scm_to_skb(&scm, skb, true);
1821 skb_put(skb, len - data_len);
1822 skb->data_len = data_len;
1824 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len);
1828 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1833 if (sunaddr == NULL)
1836 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1842 if (sk_filter(other, skb) < 0) {
1843 /* Toss the packet but do not return any error to the sender */
1849 unix_state_lock(other);
1852 if (!unix_may_send(sk, other))
1855 if (unlikely(sock_flag(other, SOCK_DEAD))) {
1857 * Check with 1003.1g - what should
1860 unix_state_unlock(other);
1864 unix_state_lock(sk);
1867 if (unix_peer(sk) == other) {
1868 unix_peer(sk) = NULL;
1869 unix_dgram_peer_wake_disconnect_wakeup(sk, other);
1871 unix_state_unlock(sk);
1873 sk->sk_state = TCP_CLOSE;
1874 unix_dgram_disconnected(sk, other);
1876 err = -ECONNREFUSED;
1878 unix_state_unlock(sk);
1888 if (other->sk_shutdown & RCV_SHUTDOWN)
1891 if (sk->sk_type != SOCK_SEQPACKET) {
1892 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1897 /* other == sk && unix_peer(other) != sk if
1898 * - unix_peer(sk) == NULL, destination address bound to sk
1899 * - unix_peer(sk) == sk by time of get but disconnected before lock
1902 unlikely(unix_peer(other) != sk &&
1903 unix_recvq_full_lockless(other))) {
1905 timeo = unix_wait_for_peer(other, timeo);
1907 err = sock_intr_errno(timeo);
1908 if (signal_pending(current))
1915 unix_state_unlock(other);
1916 unix_state_double_lock(sk, other);
1919 if (unix_peer(sk) != other ||
1920 unix_dgram_peer_wake_me(sk, other)) {
1928 goto restart_locked;
1932 if (unlikely(sk_locked))
1933 unix_state_unlock(sk);
1935 if (sock_flag(other, SOCK_RCVTSTAMP))
1936 __net_timestamp(skb);
1937 maybe_add_creds(skb, sock, other);
1938 scm_stat_add(other, skb);
1939 skb_queue_tail(&other->sk_receive_queue, skb);
1940 unix_state_unlock(other);
1941 other->sk_data_ready(other);
1948 unix_state_unlock(sk);
1949 unix_state_unlock(other);
1959 /* We use paged skbs for stream sockets, and limit occupancy to 32768
1960 * bytes, and a minimum of a full page.
1962 #define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768))
1964 #if (IS_ENABLED(CONFIG_AF_UNIX_OOB))
1965 static int queue_oob(struct socket *sock, struct msghdr *msg, struct sock *other)
1967 struct unix_sock *ousk = unix_sk(other);
1968 struct sk_buff *skb;
1971 skb = sock_alloc_send_skb(sock->sk, 1, msg->msg_flags & MSG_DONTWAIT, &err);
1977 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, 1);
1984 unix_state_lock(other);
1986 if (sock_flag(other, SOCK_DEAD) ||
1987 (other->sk_shutdown & RCV_SHUTDOWN)) {
1988 unix_state_unlock(other);
1993 maybe_add_creds(skb, sock, other);
1997 consume_skb(ousk->oob_skb);
1999 ousk->oob_skb = skb;
2001 scm_stat_add(other, skb);
2002 skb_queue_tail(&other->sk_receive_queue, skb);
2003 sk_send_sigurg(other);
2004 unix_state_unlock(other);
2005 other->sk_data_ready(other);
2011 static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
2014 struct sock *sk = sock->sk;
2015 struct sock *other = NULL;
2017 struct sk_buff *skb;
2019 struct scm_cookie scm;
2020 bool fds_sent = false;
2024 err = scm_send(sock, msg, &scm, false);
2029 if (msg->msg_flags & MSG_OOB) {
2030 #if (IS_ENABLED(CONFIG_AF_UNIX_OOB))
2038 if (msg->msg_namelen) {
2039 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
2043 other = unix_peer(sk);
2048 if (sk->sk_shutdown & SEND_SHUTDOWN)
2051 while (sent < len) {
2054 /* Keep two messages in the pipe so it schedules better */
2055 size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64);
2057 /* allow fallback to order-0 allocations */
2058 size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ);
2060 data_len = max_t(int, 0, size - SKB_MAX_HEAD(0));
2062 data_len = min_t(size_t, size, PAGE_ALIGN(data_len));
2064 skb = sock_alloc_send_pskb(sk, size - data_len, data_len,
2065 msg->msg_flags & MSG_DONTWAIT, &err,
2066 get_order(UNIX_SKB_FRAGS_SZ));
2070 /* Only send the fds in the first buffer */
2071 err = unix_scm_to_skb(&scm, skb, !fds_sent);
2078 skb_put(skb, size - data_len);
2079 skb->data_len = data_len;
2081 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size);
2087 unix_state_lock(other);
2089 if (sock_flag(other, SOCK_DEAD) ||
2090 (other->sk_shutdown & RCV_SHUTDOWN))
2093 maybe_add_creds(skb, sock, other);
2094 scm_stat_add(other, skb);
2095 skb_queue_tail(&other->sk_receive_queue, skb);
2096 unix_state_unlock(other);
2097 other->sk_data_ready(other);
2101 #if (IS_ENABLED(CONFIG_AF_UNIX_OOB))
2102 if (msg->msg_flags & MSG_OOB) {
2103 err = queue_oob(sock, msg, other);
2115 unix_state_unlock(other);
2118 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
2119 send_sig(SIGPIPE, current, 0);
2123 return sent ? : err;
2126 static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page,
2127 int offset, size_t size, int flags)
2130 bool send_sigpipe = false;
2131 bool init_scm = true;
2132 struct scm_cookie scm;
2133 struct sock *other, *sk = socket->sk;
2134 struct sk_buff *skb, *newskb = NULL, *tail = NULL;
2136 if (flags & MSG_OOB)
2139 other = unix_peer(sk);
2140 if (!other || sk->sk_state != TCP_ESTABLISHED)
2145 unix_state_unlock(other);
2146 mutex_unlock(&unix_sk(other)->iolock);
2147 newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT,
2153 /* we must acquire iolock as we modify already present
2154 * skbs in the sk_receive_queue and mess with skb->len
2156 err = mutex_lock_interruptible(&unix_sk(other)->iolock);
2158 err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS;
2162 if (sk->sk_shutdown & SEND_SHUTDOWN) {
2164 send_sigpipe = true;
2168 unix_state_lock(other);
2170 if (sock_flag(other, SOCK_DEAD) ||
2171 other->sk_shutdown & RCV_SHUTDOWN) {
2173 send_sigpipe = true;
2174 goto err_state_unlock;
2178 err = maybe_init_creds(&scm, socket, other);
2180 goto err_state_unlock;
2184 skb = skb_peek_tail(&other->sk_receive_queue);
2185 if (tail && tail == skb) {
2187 } else if (!skb || !unix_skb_scm_eq(skb, &scm)) {
2194 } else if (newskb) {
2195 /* this is fast path, we don't necessarily need to
2196 * call to kfree_skb even though with newskb == NULL
2197 * this - does no harm
2199 consume_skb(newskb);
2203 if (skb_append_pagefrags(skb, page, offset, size)) {
2209 skb->data_len += size;
2210 skb->truesize += size;
2211 refcount_add(size, &sk->sk_wmem_alloc);
2214 err = unix_scm_to_skb(&scm, skb, false);
2216 goto err_state_unlock;
2217 spin_lock(&other->sk_receive_queue.lock);
2218 __skb_queue_tail(&other->sk_receive_queue, newskb);
2219 spin_unlock(&other->sk_receive_queue.lock);
2222 unix_state_unlock(other);
2223 mutex_unlock(&unix_sk(other)->iolock);
2225 other->sk_data_ready(other);
2230 unix_state_unlock(other);
2232 mutex_unlock(&unix_sk(other)->iolock);
2235 if (send_sigpipe && !(flags & MSG_NOSIGNAL))
2236 send_sig(SIGPIPE, current, 0);
2242 static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
2246 struct sock *sk = sock->sk;
2248 err = sock_error(sk);
2252 if (sk->sk_state != TCP_ESTABLISHED)
2255 if (msg->msg_namelen)
2256 msg->msg_namelen = 0;
2258 return unix_dgram_sendmsg(sock, msg, len);
2261 static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg,
2262 size_t size, int flags)
2264 struct sock *sk = sock->sk;
2266 if (sk->sk_state != TCP_ESTABLISHED)
2269 return unix_dgram_recvmsg(sock, msg, size, flags);
2272 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
2274 struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr);
2277 msg->msg_namelen = addr->len;
2278 memcpy(msg->msg_name, addr->name, addr->len);
2282 int __unix_dgram_recvmsg(struct sock *sk, struct msghdr *msg, size_t size,
2285 struct scm_cookie scm;
2286 struct socket *sock = sk->sk_socket;
2287 struct unix_sock *u = unix_sk(sk);
2288 struct sk_buff *skb, *last;
2297 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
2300 mutex_lock(&u->iolock);
2302 skip = sk_peek_offset(sk, flags);
2303 skb = __skb_try_recv_datagram(sk, &sk->sk_receive_queue, flags,
2304 &skip, &err, &last);
2306 if (!(flags & MSG_PEEK))
2307 scm_stat_del(sk, skb);
2311 mutex_unlock(&u->iolock);
2316 !__skb_wait_for_more_packets(sk, &sk->sk_receive_queue,
2317 &err, &timeo, last));
2319 if (!skb) { /* implies iolock unlocked */
2320 unix_state_lock(sk);
2321 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
2322 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
2323 (sk->sk_shutdown & RCV_SHUTDOWN))
2325 unix_state_unlock(sk);
2329 if (wq_has_sleeper(&u->peer_wait))
2330 wake_up_interruptible_sync_poll(&u->peer_wait,
2331 EPOLLOUT | EPOLLWRNORM |
2335 unix_copy_addr(msg, skb->sk);
2337 if (size > skb->len - skip)
2338 size = skb->len - skip;
2339 else if (size < skb->len - skip)
2340 msg->msg_flags |= MSG_TRUNC;
2342 err = skb_copy_datagram_msg(skb, skip, msg, size);
2346 if (sock_flag(sk, SOCK_RCVTSTAMP))
2347 __sock_recv_timestamp(msg, sk, skb);
2349 memset(&scm, 0, sizeof(scm));
2351 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2352 unix_set_secdata(&scm, skb);
2354 if (!(flags & MSG_PEEK)) {
2356 unix_detach_fds(&scm, skb);
2358 sk_peek_offset_bwd(sk, skb->len);
2360 /* It is questionable: on PEEK we could:
2361 - do not return fds - good, but too simple 8)
2362 - return fds, and do not return them on read (old strategy,
2364 - clone fds (I chose it for now, it is the most universal
2367 POSIX 1003.1g does not actually define this clearly
2368 at all. POSIX 1003.1g doesn't define a lot of things
2373 sk_peek_offset_fwd(sk, size);
2376 unix_peek_fds(&scm, skb);
2378 err = (flags & MSG_TRUNC) ? skb->len - skip : size;
2380 scm_recv(sock, msg, &scm, flags);
2383 skb_free_datagram(sk, skb);
2384 mutex_unlock(&u->iolock);
2389 static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
2392 struct sock *sk = sock->sk;
2394 #ifdef CONFIG_BPF_SYSCALL
2395 const struct proto *prot = READ_ONCE(sk->sk_prot);
2397 if (prot != &unix_dgram_proto)
2398 return prot->recvmsg(sk, msg, size, flags & MSG_DONTWAIT,
2399 flags & ~MSG_DONTWAIT, NULL);
2401 return __unix_dgram_recvmsg(sk, msg, size, flags);
2404 static int unix_read_sock(struct sock *sk, read_descriptor_t *desc,
2405 sk_read_actor_t recv_actor)
2410 struct unix_sock *u = unix_sk(sk);
2411 struct sk_buff *skb;
2414 mutex_lock(&u->iolock);
2415 skb = skb_recv_datagram(sk, 0, 1, &err);
2416 mutex_unlock(&u->iolock);
2420 used = recv_actor(desc, skb, 0, skb->len);
2426 } else if (used <= skb->len) {
2439 * Sleep until more data has arrived. But check for races..
2441 static long unix_stream_data_wait(struct sock *sk, long timeo,
2442 struct sk_buff *last, unsigned int last_len,
2445 struct sk_buff *tail;
2448 unix_state_lock(sk);
2451 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2453 tail = skb_peek_tail(&sk->sk_receive_queue);
2455 (tail && tail->len != last_len) ||
2457 (sk->sk_shutdown & RCV_SHUTDOWN) ||
2458 signal_pending(current) ||
2462 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2463 unix_state_unlock(sk);
2465 timeo = freezable_schedule_timeout(timeo);
2467 timeo = schedule_timeout(timeo);
2468 unix_state_lock(sk);
2470 if (sock_flag(sk, SOCK_DEAD))
2473 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2476 finish_wait(sk_sleep(sk), &wait);
2477 unix_state_unlock(sk);
2481 static unsigned int unix_skb_len(const struct sk_buff *skb)
2483 return skb->len - UNIXCB(skb).consumed;
2486 struct unix_stream_read_state {
2487 int (*recv_actor)(struct sk_buff *, int, int,
2488 struct unix_stream_read_state *);
2489 struct socket *socket;
2491 struct pipe_inode_info *pipe;
2494 unsigned int splice_flags;
2497 #if IS_ENABLED(CONFIG_AF_UNIX_OOB)
2498 static int unix_stream_recv_urg(struct unix_stream_read_state *state)
2500 struct socket *sock = state->socket;
2501 struct sock *sk = sock->sk;
2502 struct unix_sock *u = unix_sk(sk);
2504 struct sk_buff *oob_skb;
2506 mutex_lock(&u->iolock);
2507 unix_state_lock(sk);
2509 if (sock_flag(sk, SOCK_URGINLINE) || !u->oob_skb) {
2510 unix_state_unlock(sk);
2511 mutex_unlock(&u->iolock);
2515 oob_skb = u->oob_skb;
2517 if (!(state->flags & MSG_PEEK)) {
2521 unix_state_unlock(sk);
2523 chunk = state->recv_actor(oob_skb, 0, chunk, state);
2525 if (!(state->flags & MSG_PEEK)) {
2526 UNIXCB(oob_skb).consumed += 1;
2530 mutex_unlock(&u->iolock);
2535 state->msg->msg_flags |= MSG_OOB;
2539 static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk,
2540 int flags, int copied)
2542 struct unix_sock *u = unix_sk(sk);
2544 if (!unix_skb_len(skb) && !(flags & MSG_PEEK)) {
2545 skb_unlink(skb, &sk->sk_receive_queue);
2549 if (skb == u->oob_skb) {
2552 } else if (sock_flag(sk, SOCK_URGINLINE)) {
2553 if (!(flags & MSG_PEEK)) {
2557 } else if (!(flags & MSG_PEEK)) {
2558 skb_unlink(skb, &sk->sk_receive_queue);
2560 skb = skb_peek(&sk->sk_receive_queue);
2568 static int unix_stream_read_sock(struct sock *sk, read_descriptor_t *desc,
2569 sk_read_actor_t recv_actor)
2571 if (unlikely(sk->sk_state != TCP_ESTABLISHED))
2574 return unix_read_sock(sk, desc, recv_actor);
2577 static int unix_stream_read_generic(struct unix_stream_read_state *state,
2580 struct scm_cookie scm;
2581 struct socket *sock = state->socket;
2582 struct sock *sk = sock->sk;
2583 struct unix_sock *u = unix_sk(sk);
2585 int flags = state->flags;
2586 int noblock = flags & MSG_DONTWAIT;
2587 bool check_creds = false;
2592 size_t size = state->size;
2593 unsigned int last_len;
2595 if (unlikely(sk->sk_state != TCP_ESTABLISHED)) {
2600 if (unlikely(flags & MSG_OOB)) {
2602 #if IS_ENABLED(CONFIG_AF_UNIX_OOB)
2603 err = unix_stream_recv_urg(state);
2608 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
2609 timeo = sock_rcvtimeo(sk, noblock);
2611 memset(&scm, 0, sizeof(scm));
2613 /* Lock the socket to prevent queue disordering
2614 * while sleeps in memcpy_tomsg
2616 mutex_lock(&u->iolock);
2618 skip = max(sk_peek_offset(sk, flags), 0);
2623 struct sk_buff *skb, *last;
2626 unix_state_lock(sk);
2627 if (sock_flag(sk, SOCK_DEAD)) {
2631 last = skb = skb_peek(&sk->sk_receive_queue);
2632 last_len = last ? last->len : 0;
2634 #if IS_ENABLED(CONFIG_AF_UNIX_OOB)
2636 skb = manage_oob(skb, sk, flags, copied);
2638 unix_state_unlock(sk);
2647 if (copied >= target)
2651 * POSIX 1003.1g mandates this order.
2654 err = sock_error(sk);
2657 if (sk->sk_shutdown & RCV_SHUTDOWN)
2660 unix_state_unlock(sk);
2666 mutex_unlock(&u->iolock);
2668 timeo = unix_stream_data_wait(sk, timeo, last,
2669 last_len, freezable);
2671 if (signal_pending(current)) {
2672 err = sock_intr_errno(timeo);
2677 mutex_lock(&u->iolock);
2680 unix_state_unlock(sk);
2684 while (skip >= unix_skb_len(skb)) {
2685 skip -= unix_skb_len(skb);
2687 last_len = skb->len;
2688 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2693 unix_state_unlock(sk);
2696 /* Never glue messages from different writers */
2697 if (!unix_skb_scm_eq(skb, &scm))
2699 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
2700 /* Copy credentials */
2701 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2702 unix_set_secdata(&scm, skb);
2706 /* Copy address just once */
2707 if (state->msg && state->msg->msg_name) {
2708 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
2709 state->msg->msg_name);
2710 unix_copy_addr(state->msg, skb->sk);
2714 chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
2716 chunk = state->recv_actor(skb, skip, chunk, state);
2717 drop_skb = !unix_skb_len(skb);
2718 /* skb is only safe to use if !drop_skb */
2729 /* the skb was touched by a concurrent reader;
2730 * we should not expect anything from this skb
2731 * anymore and assume it invalid - we can be
2732 * sure it was dropped from the socket queue
2734 * let's report a short read
2740 /* Mark read part of skb as used */
2741 if (!(flags & MSG_PEEK)) {
2742 UNIXCB(skb).consumed += chunk;
2744 sk_peek_offset_bwd(sk, chunk);
2746 if (UNIXCB(skb).fp) {
2747 scm_stat_del(sk, skb);
2748 unix_detach_fds(&scm, skb);
2751 if (unix_skb_len(skb))
2754 skb_unlink(skb, &sk->sk_receive_queue);
2760 /* It is questionable, see note in unix_dgram_recvmsg.
2763 unix_peek_fds(&scm, skb);
2765 sk_peek_offset_fwd(sk, chunk);
2772 last_len = skb->len;
2773 unix_state_lock(sk);
2774 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2777 unix_state_unlock(sk);
2782 mutex_unlock(&u->iolock);
2784 scm_recv(sock, state->msg, &scm, flags);
2788 return copied ? : err;
2791 static int unix_stream_read_actor(struct sk_buff *skb,
2792 int skip, int chunk,
2793 struct unix_stream_read_state *state)
2797 ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
2799 return ret ?: chunk;
2802 int __unix_stream_recvmsg(struct sock *sk, struct msghdr *msg,
2803 size_t size, int flags)
2805 struct unix_stream_read_state state = {
2806 .recv_actor = unix_stream_read_actor,
2807 .socket = sk->sk_socket,
2813 return unix_stream_read_generic(&state, true);
2816 static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
2817 size_t size, int flags)
2819 struct unix_stream_read_state state = {
2820 .recv_actor = unix_stream_read_actor,
2827 #ifdef CONFIG_BPF_SYSCALL
2828 struct sock *sk = sock->sk;
2829 const struct proto *prot = READ_ONCE(sk->sk_prot);
2831 if (prot != &unix_stream_proto)
2832 return prot->recvmsg(sk, msg, size, flags & MSG_DONTWAIT,
2833 flags & ~MSG_DONTWAIT, NULL);
2835 return unix_stream_read_generic(&state, true);
2838 static int unix_stream_splice_actor(struct sk_buff *skb,
2839 int skip, int chunk,
2840 struct unix_stream_read_state *state)
2842 return skb_splice_bits(skb, state->socket->sk,
2843 UNIXCB(skb).consumed + skip,
2844 state->pipe, chunk, state->splice_flags);
2847 static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos,
2848 struct pipe_inode_info *pipe,
2849 size_t size, unsigned int flags)
2851 struct unix_stream_read_state state = {
2852 .recv_actor = unix_stream_splice_actor,
2856 .splice_flags = flags,
2859 if (unlikely(*ppos))
2862 if (sock->file->f_flags & O_NONBLOCK ||
2863 flags & SPLICE_F_NONBLOCK)
2864 state.flags = MSG_DONTWAIT;
2866 return unix_stream_read_generic(&state, false);
2869 static int unix_shutdown(struct socket *sock, int mode)
2871 struct sock *sk = sock->sk;
2874 if (mode < SHUT_RD || mode > SHUT_RDWR)
2877 * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2878 * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2879 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2883 unix_state_lock(sk);
2884 sk->sk_shutdown |= mode;
2885 other = unix_peer(sk);
2888 unix_state_unlock(sk);
2889 sk->sk_state_change(sk);
2892 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2895 const struct proto *prot = READ_ONCE(other->sk_prot);
2898 prot->unhash(other);
2899 if (mode&RCV_SHUTDOWN)
2900 peer_mode |= SEND_SHUTDOWN;
2901 if (mode&SEND_SHUTDOWN)
2902 peer_mode |= RCV_SHUTDOWN;
2903 unix_state_lock(other);
2904 other->sk_shutdown |= peer_mode;
2905 unix_state_unlock(other);
2906 other->sk_state_change(other);
2907 if (peer_mode == SHUTDOWN_MASK) {
2908 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2909 other->sk_state = TCP_CLOSE;
2910 } else if (peer_mode & RCV_SHUTDOWN) {
2911 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2920 long unix_inq_len(struct sock *sk)
2922 struct sk_buff *skb;
2925 if (sk->sk_state == TCP_LISTEN)
2928 spin_lock(&sk->sk_receive_queue.lock);
2929 if (sk->sk_type == SOCK_STREAM ||
2930 sk->sk_type == SOCK_SEQPACKET) {
2931 skb_queue_walk(&sk->sk_receive_queue, skb)
2932 amount += unix_skb_len(skb);
2934 skb = skb_peek(&sk->sk_receive_queue);
2938 spin_unlock(&sk->sk_receive_queue.lock);
2942 EXPORT_SYMBOL_GPL(unix_inq_len);
2944 long unix_outq_len(struct sock *sk)
2946 return sk_wmem_alloc_get(sk);
2948 EXPORT_SYMBOL_GPL(unix_outq_len);
2950 static int unix_open_file(struct sock *sk)
2956 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2959 if (!smp_load_acquire(&unix_sk(sk)->addr))
2962 path = unix_sk(sk)->path;
2968 fd = get_unused_fd_flags(O_CLOEXEC);
2972 f = dentry_open(&path, O_PATH, current_cred());
2986 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2988 struct sock *sk = sock->sk;
2994 amount = unix_outq_len(sk);
2995 err = put_user(amount, (int __user *)arg);
2998 amount = unix_inq_len(sk);
3002 err = put_user(amount, (int __user *)arg);
3005 err = unix_open_file(sk);
3007 #if IS_ENABLED(CONFIG_AF_UNIX_OOB)
3010 struct sk_buff *skb;
3011 struct unix_sock *u = unix_sk(sk);
3014 skb = skb_peek(&sk->sk_receive_queue);
3015 if (skb && skb == u->oob_skb)
3017 err = put_user(answ, (int __user *)arg);
3028 #ifdef CONFIG_COMPAT
3029 static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
3031 return unix_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
3035 static __poll_t unix_poll(struct file *file, struct socket *sock, poll_table *wait)
3037 struct sock *sk = sock->sk;
3040 sock_poll_wait(file, sock, wait);
3043 /* exceptional events? */
3046 if (sk->sk_shutdown == SHUTDOWN_MASK)
3048 if (sk->sk_shutdown & RCV_SHUTDOWN)
3049 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
3052 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
3053 mask |= EPOLLIN | EPOLLRDNORM;
3055 /* Connection-based need to check for termination and startup */
3056 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
3057 sk->sk_state == TCP_CLOSE)
3061 * we set writable also when the other side has shut down the
3062 * connection. This prevents stuck sockets.
3064 if (unix_writable(sk))
3065 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
3070 static __poll_t unix_dgram_poll(struct file *file, struct socket *sock,
3073 struct sock *sk = sock->sk, *other;
3074 unsigned int writable;
3077 sock_poll_wait(file, sock, wait);
3080 /* exceptional events? */
3081 if (sk->sk_err || !skb_queue_empty_lockless(&sk->sk_error_queue))
3083 (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0);
3085 if (sk->sk_shutdown & RCV_SHUTDOWN)
3086 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
3087 if (sk->sk_shutdown == SHUTDOWN_MASK)
3091 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
3092 mask |= EPOLLIN | EPOLLRDNORM;
3094 /* Connection-based need to check for termination and startup */
3095 if (sk->sk_type == SOCK_SEQPACKET) {
3096 if (sk->sk_state == TCP_CLOSE)
3098 /* connection hasn't started yet? */
3099 if (sk->sk_state == TCP_SYN_SENT)
3103 /* No write status requested, avoid expensive OUT tests. */
3104 if (!(poll_requested_events(wait) & (EPOLLWRBAND|EPOLLWRNORM|EPOLLOUT)))
3107 writable = unix_writable(sk);
3109 unix_state_lock(sk);
3111 other = unix_peer(sk);
3112 if (other && unix_peer(other) != sk &&
3113 unix_recvq_full_lockless(other) &&
3114 unix_dgram_peer_wake_me(sk, other))
3117 unix_state_unlock(sk);
3121 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
3123 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
3128 #ifdef CONFIG_PROC_FS
3130 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
3132 #define get_bucket(x) ((x) >> BUCKET_SPACE)
3133 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
3134 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
3136 static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
3138 unsigned long offset = get_offset(*pos);
3139 unsigned long bucket = get_bucket(*pos);
3141 unsigned long count = 0;
3143 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
3144 if (sock_net(sk) != seq_file_net(seq))
3146 if (++count == offset)
3153 static struct sock *unix_next_socket(struct seq_file *seq,
3157 unsigned long bucket;
3159 while (sk > (struct sock *)SEQ_START_TOKEN) {
3163 if (sock_net(sk) == seq_file_net(seq))
3168 sk = unix_from_bucket(seq, pos);
3173 bucket = get_bucket(*pos) + 1;
3174 *pos = set_bucket_offset(bucket, 1);
3175 } while (bucket < ARRAY_SIZE(unix_socket_table));
3180 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
3181 __acquires(unix_table_lock)
3183 spin_lock(&unix_table_lock);
3186 return SEQ_START_TOKEN;
3188 if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
3191 return unix_next_socket(seq, NULL, pos);
3194 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3197 return unix_next_socket(seq, v, pos);
3200 static void unix_seq_stop(struct seq_file *seq, void *v)
3201 __releases(unix_table_lock)
3203 spin_unlock(&unix_table_lock);
3206 static int unix_seq_show(struct seq_file *seq, void *v)
3209 if (v == SEQ_START_TOKEN)
3210 seq_puts(seq, "Num RefCount Protocol Flags Type St "
3214 struct unix_sock *u = unix_sk(s);
3217 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
3219 refcount_read(&s->sk_refcnt),
3221 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
3224 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
3225 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
3228 if (u->addr) { // under unix_table_lock here
3233 len = u->addr->len - sizeof(short);
3234 if (!UNIX_ABSTRACT(s))
3240 for ( ; i < len; i++)
3241 seq_putc(seq, u->addr->name->sun_path[i] ?:
3244 unix_state_unlock(s);
3245 seq_putc(seq, '\n');
3251 static const struct seq_operations unix_seq_ops = {
3252 .start = unix_seq_start,
3253 .next = unix_seq_next,
3254 .stop = unix_seq_stop,
3255 .show = unix_seq_show,
3258 #if IS_BUILTIN(CONFIG_UNIX) && defined(CONFIG_BPF_SYSCALL)
3259 struct bpf_iter__unix {
3260 __bpf_md_ptr(struct bpf_iter_meta *, meta);
3261 __bpf_md_ptr(struct unix_sock *, unix_sk);
3262 uid_t uid __aligned(8);
3265 static int unix_prog_seq_show(struct bpf_prog *prog, struct bpf_iter_meta *meta,
3266 struct unix_sock *unix_sk, uid_t uid)
3268 struct bpf_iter__unix ctx;
3270 meta->seq_num--; /* skip SEQ_START_TOKEN */
3272 ctx.unix_sk = unix_sk;
3274 return bpf_iter_run_prog(prog, &ctx);
3277 static int bpf_iter_unix_seq_show(struct seq_file *seq, void *v)
3279 struct bpf_iter_meta meta;
3280 struct bpf_prog *prog;
3281 struct sock *sk = v;
3284 if (v == SEQ_START_TOKEN)
3287 uid = from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk));
3289 prog = bpf_iter_get_info(&meta, false);
3290 return unix_prog_seq_show(prog, &meta, v, uid);
3293 static void bpf_iter_unix_seq_stop(struct seq_file *seq, void *v)
3295 struct bpf_iter_meta meta;
3296 struct bpf_prog *prog;
3300 prog = bpf_iter_get_info(&meta, true);
3302 (void)unix_prog_seq_show(prog, &meta, v, 0);
3305 unix_seq_stop(seq, v);
3308 static const struct seq_operations bpf_iter_unix_seq_ops = {
3309 .start = unix_seq_start,
3310 .next = unix_seq_next,
3311 .stop = bpf_iter_unix_seq_stop,
3312 .show = bpf_iter_unix_seq_show,
3317 static const struct net_proto_family unix_family_ops = {
3319 .create = unix_create,
3320 .owner = THIS_MODULE,
3324 static int __net_init unix_net_init(struct net *net)
3326 int error = -ENOMEM;
3328 net->unx.sysctl_max_dgram_qlen = 10;
3329 if (unix_sysctl_register(net))
3332 #ifdef CONFIG_PROC_FS
3333 if (!proc_create_net("unix", 0, net->proc_net, &unix_seq_ops,
3334 sizeof(struct seq_net_private))) {
3335 unix_sysctl_unregister(net);
3344 static void __net_exit unix_net_exit(struct net *net)
3346 unix_sysctl_unregister(net);
3347 remove_proc_entry("unix", net->proc_net);
3350 static struct pernet_operations unix_net_ops = {
3351 .init = unix_net_init,
3352 .exit = unix_net_exit,
3355 #if IS_BUILTIN(CONFIG_UNIX) && defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS)
3356 DEFINE_BPF_ITER_FUNC(unix, struct bpf_iter_meta *meta,
3357 struct unix_sock *unix_sk, uid_t uid)
3359 static const struct bpf_iter_seq_info unix_seq_info = {
3360 .seq_ops = &bpf_iter_unix_seq_ops,
3361 .init_seq_private = bpf_iter_init_seq_net,
3362 .fini_seq_private = bpf_iter_fini_seq_net,
3363 .seq_priv_size = sizeof(struct seq_net_private),
3366 static struct bpf_iter_reg unix_reg_info = {
3368 .ctx_arg_info_size = 1,
3370 { offsetof(struct bpf_iter__unix, unix_sk),
3371 PTR_TO_BTF_ID_OR_NULL },
3373 .seq_info = &unix_seq_info,
3376 static void __init bpf_iter_register(void)
3378 unix_reg_info.ctx_arg_info[0].btf_id = btf_sock_ids[BTF_SOCK_TYPE_UNIX];
3379 if (bpf_iter_reg_target(&unix_reg_info))
3380 pr_warn("Warning: could not register bpf iterator unix\n");
3384 static int __init af_unix_init(void)
3388 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof_field(struct sk_buff, cb));
3390 rc = proto_register(&unix_dgram_proto, 1);
3392 pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__);
3396 rc = proto_register(&unix_stream_proto, 1);
3398 pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__);
3402 sock_register(&unix_family_ops);
3403 register_pernet_subsys(&unix_net_ops);
3404 unix_bpf_build_proto();
3406 #if IS_BUILTIN(CONFIG_UNIX) && defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS)
3407 bpf_iter_register();
3414 static void __exit af_unix_exit(void)
3416 sock_unregister(PF_UNIX);
3417 proto_unregister(&unix_dgram_proto);
3418 proto_unregister(&unix_stream_proto);
3419 unregister_pernet_subsys(&unix_net_ops);
3422 /* Earlier than device_initcall() so that other drivers invoking
3423 request_module() don't end up in a loop when modprobe tries
3424 to use a UNIX socket. But later than subsys_initcall() because
3425 we depend on stuff initialised there */
3426 fs_initcall(af_unix_init);
3427 module_exit(af_unix_exit);
3429 MODULE_LICENSE("GPL");
3430 MODULE_ALIAS_NETPROTO(PF_UNIX);
projects / platform / kernel / linux-rpi.git / blob