1 files changed, 221 insertions, 26 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 06430598cf51..f25e1675b865 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -518,6 +518,11 @@ static int unix_ioctl(struct socket *, unsigned int, unsigned long);
 static int unix_shutdown(struct socket *, int);
 static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t);
 static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int);
+static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset,
+                                    size_t size, int flags);
+static ssize_t unix_stream_splice_read(struct socket *,  loff_t *ppos,
+                                       struct pipe_inode_info *, size_t size,
+                                       unsigned int flags);
 static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t);
 static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int);
 static int unix_dgram_connect(struct socket *, struct sockaddr *,
@@ -558,7 +563,8 @@ static const struct proto_ops unix_stream_ops = {
        .sendmsg =      unix_stream_sendmsg,
        .recvmsg =      unix_stream_recvmsg,
        .mmap =         sock_no_mmap,
-        .sendpage =     sock_no_sendpage,
+        .sendpage =     unix_stream_sendpage,
+        .splice_read =  unix_stream_splice_read,
        .set_peek_off = unix_set_peek_off,
 };
@@ -620,7 +626,7 @@ static struct proto unix_proto = {
 */
 static struct lock_class_key af_unix_sk_receive_queue_lock_key;
-static struct sock *unix_create1(struct net *net, struct socket *sock)
+static struct sock *unix_create1(struct net *net, struct socket *sock, int kern)
 {
        struct sock *sk = NULL;
        struct unix_sock *u;
@@ -629,7 +635,7 @@ static struct sock *unix_create1(struct net *net, struct socket *sock)
        if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
                goto out;
-        sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
+        sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, kern);
        if (!sk)
                goto out;
@@ -688,7 +694,7 @@ static int unix_create(struct net *net, struct socket *sock, int protocol,
                return -ESOCKTNOSUPPORT;
        }
-        return unix_create1(net, sock) ? 0 : -ENOMEM;
+        return unix_create1(net, sock, kern) ? 0 : -ENOMEM;
 }
 static int unix_release(struct socket *sock)
@@ -1088,7 +1094,7 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
        err = -ENOMEM;
        /* create new sock for complete connection */
-        newsk = unix_create1(sock_net(sk), NULL);
+        newsk = unix_create1(sock_net(sk), NULL, 0);
        if (newsk == NULL)
                goto out;
@@ -1720,6 +1726,101 @@ out_err:
        return sent ? : err;
 }
+static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page,
+                                    int offset, size_t size, int flags)
+{
+        int err = 0;
+        bool send_sigpipe = true;
+        struct sock *other, *sk = socket->sk;
+        struct sk_buff *skb, *newskb = NULL, *tail = NULL;
+        if (flags & MSG_OOB)
+                return -EOPNOTSUPP;
+        other = unix_peer(sk);
+        if (!other || sk->sk_state != TCP_ESTABLISHED)
+                return -ENOTCONN;
+        if (false) {
+alloc_skb:
+                unix_state_unlock(other);
+                mutex_unlock(&unix_sk(other)->readlock);
+                newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT,
+                                              &err, 0);
+                if (!newskb)
+                        return err;
+        }
+        /* we must acquire readlock as we modify already present
+         * skbs in the sk_receive_queue and mess with skb->len
+         */
+        err = mutex_lock_interruptible(&unix_sk(other)->readlock);
+        if (err) {
+                err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS;
+                send_sigpipe = false;
+                goto err;
+        }
+        if (sk->sk_shutdown & SEND_SHUTDOWN) {
+                err = -EPIPE;
+                goto err_unlock;
+        }
+        unix_state_lock(other);
+        if (sock_flag(other, SOCK_DEAD) ||
+            other->sk_shutdown & RCV_SHUTDOWN) {
+                err = -EPIPE;
+                goto err_state_unlock;
+        }
+        skb = skb_peek_tail(&other->sk_receive_queue);
+        if (tail && tail == skb) {
+                skb = newskb;
+        } else if (!skb) {
+                if (newskb)
+                        skb = newskb;
+                else
+                        goto alloc_skb;
+        } else if (newskb) {
+                /* this is fast path, we don't necessarily need to
+                 * call to kfree_skb even though with newskb == NULL
+                 * this - does no harm
+                 */
+                consume_skb(newskb);
+        }
+        if (skb_append_pagefrags(skb, page, offset, size)) {
+                tail = skb;
+                goto alloc_skb;
+        }
+        skb->len += size;
+        skb->data_len += size;
+        skb->truesize += size;
+        atomic_add(size, &sk->sk_wmem_alloc);
+        if (newskb)
+                __skb_queue_tail(&other->sk_receive_queue, newskb);
+        unix_state_unlock(other);
+        mutex_unlock(&unix_sk(other)->readlock);
+        other->sk_data_ready(other);
+        return size;
+err_state_unlock:
+        unix_state_unlock(other);
+err_unlock:
+        mutex_unlock(&unix_sk(other)->readlock);
+err:
+        kfree_skb(newskb);
+        if (send_sigpipe && !(flags & MSG_NOSIGNAL))
+                send_sig(SIGPIPE, current, 0);
+        return err;
+}
 static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
                                  size_t len)
 {
@@ -1860,8 +1961,9 @@ out:
 *      Sleep until more data has arrived. But check for races..
 */
 static long unix_stream_data_wait(struct sock *sk, long timeo,
-                                  struct sk_buff *last)
+                                  struct sk_buff *last, unsigned int last_len)
 {
+        struct sk_buff *tail;
        DEFINE_WAIT(wait);
        unix_state_lock(sk);
@@ -1869,7 +1971,9 @@ static long unix_stream_data_wait(struct sock *sk, long timeo,
        for (;;) {
                prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
-                if (skb_peek_tail(&sk->sk_receive_queue) != last ||
+                tail = skb_peek_tail(&sk->sk_receive_queue);
+                if (tail != last ||
+                    (tail && tail->len != last_len) ||
                    sk->sk_err ||
                    (sk->sk_shutdown & RCV_SHUTDOWN) ||
                    signal_pending(current) ||
@@ -1897,38 +2001,50 @@ static unsigned int unix_skb_len(const struct sk_buff *skb)
        return skb->len - UNIXCB(skb).consumed;
 }
-static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
+struct unix_stream_read_state {
-                               size_t size, int flags)
+        int (*recv_actor)(struct sk_buff *, int, int,
+                          struct unix_stream_read_state *);
+        struct socket *socket;
+        struct msghdr *msg;
+        struct pipe_inode_info *pipe;
+        size_t size;
+        int flags;
+        unsigned int splice_flags;
+};
+static int unix_stream_read_generic(struct unix_stream_read_state *state)
 {
        struct scm_cookie scm;
+        struct socket *sock = state->socket;
        struct sock *sk = sock->sk;
        struct unix_sock *u = unix_sk(sk);
-        DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
        int copied = 0;
+        int flags = state->flags;
        int noblock = flags & MSG_DONTWAIT;
-        int check_creds = 0;
+        bool check_creds = false;
        int target;
        int err = 0;
        long timeo;
        int skip;
+        size_t size = state->size;
+        unsigned int last_len;
        err = -EINVAL;
        if (sk->sk_state != TCP_ESTABLISHED)
                goto out;
        err = -EOPNOTSUPP;
-        if (flags&MSG_OOB)
+        if (flags & MSG_OOB)
                goto out;
-        target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
+        target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
        timeo = sock_rcvtimeo(sk, noblock);
+        memset(&scm, 0, sizeof(scm));
        /* Lock the socket to prevent queue disordering
         * while sleeps in memcpy_tomsg
         */
-        memset(&scm, 0, sizeof(scm));
        err = mutex_lock_interruptible(&u->readlock);
        if (unlikely(err)) {
                /* recvmsg() in non blocking mode is supposed to return -EAGAIN
@@ -1948,6 +2064,7 @@ static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
                        goto unlock;
                }
                last = skb = skb_peek(&sk->sk_receive_queue);
+                last_len = last ? last->len : 0;
 again:
                if (skb == NULL) {
                        unix_sk(sk)->recursion_level = 0;
@@ -1970,16 +2087,17 @@ again:
                                break;
                        mutex_unlock(&u->readlock);
-                        timeo = unix_stream_data_wait(sk, timeo, last);
+                        timeo = unix_stream_data_wait(sk, timeo, last,
+                                                      last_len);
-                        if (signal_pending(current)
+                        if (signal_pending(current) ||
-                            ||  mutex_lock_interruptible(&u->readlock)) {
+                            mutex_lock_interruptible(&u->readlock)) {
                                err = sock_intr_errno(timeo);
                                goto out;
                        }
                        continue;
- unlock:
+unlock:
                        unix_state_unlock(sk);
                        break;
                }
@@ -1988,6 +2106,7 @@ again:
                while (skip >= unix_skb_len(skb)) {
                        skip -= unix_skb_len(skb);
                        last = skb;
+                        last_len = skb->len;
                        skb = skb_peek_next(skb, &sk->sk_receive_queue);
                        if (!skb)
                                goto again;
@@ -2004,18 +2123,20 @@ again:
                } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
                        /* Copy credentials */
                        scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
-                        check_creds = 1;
+                        check_creds = true;
                }
                /* Copy address just once */
-                if (sunaddr) {
+                if (state->msg && state->msg->msg_name) {
-                        unix_copy_addr(msg, skb->sk);
+                        DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
+                                         state->msg->msg_name);
+                        unix_copy_addr(state->msg, skb->sk);
                        sunaddr = NULL;
                }
                chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
-                if (skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
+                chunk = state->recv_actor(skb, skip, chunk, state);
-                                          msg, chunk)) {
+                if (chunk < 0) {
                        if (copied == 0)
                                copied = -EFAULT;
                        break;
@@ -2053,11 +2174,85 @@ again:
        } while (size);
        mutex_unlock(&u->readlock);
-        scm_recv(sock, msg, &scm, flags);
+        if (state->msg)
+                scm_recv(sock, state->msg, &scm, flags);
+        else
+                scm_destroy(&scm);
 out:
        return copied ? : err;
 }
+static int unix_stream_read_actor(struct sk_buff *skb,
+                                  int skip, int chunk,
+                                  struct unix_stream_read_state *state)
+{
+        int ret;
+        ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
+                                    state->msg, chunk);
+        return ret ?: chunk;
+}
+static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
+                               size_t size, int flags)
+{
+        struct unix_stream_read_state state = {
+                .recv_actor = unix_stream_read_actor,
+                .socket = sock,
+                .msg = msg,
+                .size = size,
+                .flags = flags
+        };
+        return unix_stream_read_generic(&state);
+}
+static ssize_t skb_unix_socket_splice(struct sock *sk,
+                                      struct pipe_inode_info *pipe,
+                                      struct splice_pipe_desc *spd)
+{
+        int ret;
+        struct unix_sock *u = unix_sk(sk);
+        mutex_unlock(&u->readlock);
+        ret = splice_to_pipe(pipe, spd);
+        mutex_lock(&u->readlock);
+        return ret;
+}
+static int unix_stream_splice_actor(struct sk_buff *skb,
+                                    int skip, int chunk,
+                                    struct unix_stream_read_state *state)
+{
+        return skb_splice_bits(skb, state->socket->sk,
+                               UNIXCB(skb).consumed + skip,
+                               state->pipe, chunk, state->splice_flags,
+                               skb_unix_socket_splice);
+}
+static ssize_t unix_stream_splice_read(struct socket *sock,  loff_t *ppos,
+                                       struct pipe_inode_info *pipe,
+                                       size_t size, unsigned int flags)
+{
+        struct unix_stream_read_state state = {
+                .recv_actor = unix_stream_splice_actor,
+                .socket = sock,
+                .pipe = pipe,
+                .size = size,
+                .splice_flags = flags,
+        };
+        if (unlikely(*ppos))
+                return -ESPIPE;
+        if (sock->file->f_flags & O_NONBLOCK ||
+            flags & SPLICE_F_NONBLOCK)
+                state.flags = MSG_DONTWAIT;
+        return unix_stream_read_generic(&state);
+}
 static int unix_shutdown(struct socket *sock, int mode)
 {
        struct sock *sk = sock->sk;

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 06430598cf51..f25e1675b865 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c
@@ -518,6 +518,11 @@ static int unix_ioctl(struct socket *, unsigned int, unsigned long);
518	static int unix_shutdown(struct socket *, int);	518	static int unix_shutdown(struct socket *, int);
519	static int unix_stream_sendmsg(struct socket , struct msghdr , size_t);	519	static int unix_stream_sendmsg(struct socket , struct msghdr , size_t);
520	static int unix_stream_recvmsg(struct socket , struct msghdr , size_t, int);	520	static int unix_stream_recvmsg(struct socket , struct msghdr , size_t, int);
		521	static ssize_t unix_stream_sendpage(struct socket , struct page , int offset,
		522	size_t size, int flags);
		523	static ssize_t unix_stream_splice_read(struct socket , loff_t ppos,
		524	struct pipe_inode_info *, size_t size,
		525	unsigned int flags);
521	static int unix_dgram_sendmsg(struct socket , struct msghdr , size_t);	526	static int unix_dgram_sendmsg(struct socket , struct msghdr , size_t);
522	static int unix_dgram_recvmsg(struct socket , struct msghdr , size_t, int);	527	static int unix_dgram_recvmsg(struct socket , struct msghdr , size_t, int);
523	static int unix_dgram_connect(struct socket , struct sockaddr ,	528	static int unix_dgram_connect(struct socket , struct sockaddr ,
@@ -558,7 +563,8 @@ static const struct proto_ops unix_stream_ops = {
558	.sendmsg = unix_stream_sendmsg,	563	.sendmsg = unix_stream_sendmsg,
559	.recvmsg = unix_stream_recvmsg,	564	.recvmsg = unix_stream_recvmsg,
560	.mmap = sock_no_mmap,	565	.mmap = sock_no_mmap,
561	.sendpage = sock_no_sendpage,	566	.sendpage = unix_stream_sendpage,
		567	.splice_read = unix_stream_splice_read,
562	.set_peek_off = unix_set_peek_off,	568	.set_peek_off = unix_set_peek_off,
563	};	569	};
564		570
@@ -620,7 +626,7 @@ static struct proto unix_proto = {
620	*/	626	*/
621	static struct lock_class_key af_unix_sk_receive_queue_lock_key;	627	static struct lock_class_key af_unix_sk_receive_queue_lock_key;
622		628
623	static struct sock unix_create1(struct net net, struct socket *sock)	629	static struct sock unix_create1(struct net net, struct socket *sock, int kern)
624	{	630	{
625	struct sock *sk = NULL;	631	struct sock *sk = NULL;
626	struct unix_sock *u;	632	struct unix_sock *u;
@@ -629,7 +635,7 @@ static struct sock unix_create1(struct net net, struct socket *sock)
629	if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())	635	if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
630	goto out;	636	goto out;
631		637
632	sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);	638	sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, kern);
633	if (!sk)	639	if (!sk)
634	goto out;	640	goto out;
635		641
@@ -688,7 +694,7 @@ static int unix_create(struct net net, struct socket sock, int protocol,
688	return -ESOCKTNOSUPPORT;	694	return -ESOCKTNOSUPPORT;
689	}	695	}
690		696
691	return unix_create1(net, sock) ? 0 : -ENOMEM;	697	return unix_create1(net, sock, kern) ? 0 : -ENOMEM;
692	}	698	}
693		699
694	static int unix_release(struct socket *sock)	700	static int unix_release(struct socket *sock)
@@ -1088,7 +1094,7 @@ static int unix_stream_connect(struct socket sock, struct sockaddr uaddr,
1088	err = -ENOMEM;	1094	err = -ENOMEM;
1089		1095
1090	/* create new sock for complete connection */	1096	/* create new sock for complete connection */
1091	newsk = unix_create1(sock_net(sk), NULL);	1097	newsk = unix_create1(sock_net(sk), NULL, 0);
1092	if (newsk == NULL)	1098	if (newsk == NULL)
1093	goto out;	1099	goto out;
1094		1100
@@ -1720,6 +1726,101 @@ out_err:
1720	return sent ? : err;	1726	return sent ? : err;
1721	}	1727	}
1722		1728
		1729	static ssize_t unix_stream_sendpage(struct socket socket, struct page page,
		1730	int offset, size_t size, int flags)
		1731	{
		1732	int err = 0;
		1733	bool send_sigpipe = true;
		1734	struct sock other, sk = socket->sk;
		1735	struct sk_buff skb, newskb = NULL, *tail = NULL;
		1736
		1737	if (flags & MSG_OOB)
		1738	return -EOPNOTSUPP;
		1739
		1740	other = unix_peer(sk);
		1741	if (!other \|\| sk->sk_state != TCP_ESTABLISHED)
		1742	return -ENOTCONN;
		1743
		1744	if (false) {
		1745	alloc_skb:
		1746	unix_state_unlock(other);
		1747	mutex_unlock(&unix_sk(other)->readlock);
		1748	newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT,
		1749	&err, 0);
		1750	if (!newskb)
		1751	return err;
		1752	}
		1753
		1754	/* we must acquire readlock as we modify already present
		1755	* skbs in the sk_receive_queue and mess with skb->len
		1756	*/
		1757	err = mutex_lock_interruptible(&unix_sk(other)->readlock);
		1758	if (err) {
		1759	err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS;
		1760	send_sigpipe = false;
		1761	goto err;
		1762	}
		1763
		1764	if (sk->sk_shutdown & SEND_SHUTDOWN) {
		1765	err = -EPIPE;
		1766	goto err_unlock;
		1767	}
		1768
		1769	unix_state_lock(other);
		1770
		1771	if (sock_flag(other, SOCK_DEAD) \|\|
		1772	other->sk_shutdown & RCV_SHUTDOWN) {
		1773	err = -EPIPE;
		1774	goto err_state_unlock;
		1775	}
		1776
		1777	skb = skb_peek_tail(&other->sk_receive_queue);
		1778	if (tail && tail == skb) {
		1779	skb = newskb;
		1780	} else if (!skb) {
		1781	if (newskb)
		1782	skb = newskb;
		1783	else
		1784	goto alloc_skb;
		1785	} else if (newskb) {
		1786	/* this is fast path, we don't necessarily need to
		1787	* call to kfree_skb even though with newskb == NULL
		1788	* this - does no harm
		1789	*/
		1790	consume_skb(newskb);
		1791	}
		1792
		1793	if (skb_append_pagefrags(skb, page, offset, size)) {
		1794	tail = skb;
		1795	goto alloc_skb;
		1796	}
		1797
		1798	skb->len += size;
		1799	skb->data_len += size;
		1800	skb->truesize += size;
		1801	atomic_add(size, &sk->sk_wmem_alloc);
		1802
		1803	if (newskb)
		1804	__skb_queue_tail(&other->sk_receive_queue, newskb);
		1805
		1806	unix_state_unlock(other);
		1807	mutex_unlock(&unix_sk(other)->readlock);
		1808
		1809	other->sk_data_ready(other);
		1810
		1811	return size;
		1812
		1813	err_state_unlock:
		1814	unix_state_unlock(other);
		1815	err_unlock:
		1816	mutex_unlock(&unix_sk(other)->readlock);
		1817	err:
		1818	kfree_skb(newskb);
		1819	if (send_sigpipe && !(flags & MSG_NOSIGNAL))
		1820	send_sig(SIGPIPE, current, 0);
		1821	return err;
		1822	}
		1823
1723	static int unix_seqpacket_sendmsg(struct socket sock, struct msghdr msg,	1824	static int unix_seqpacket_sendmsg(struct socket sock, struct msghdr msg,
1724	size_t len)	1825	size_t len)
1725	{	1826	{
@@ -1860,8 +1961,9 @@ out:
1860	* Sleep until more data has arrived. But check for races..	1961	* Sleep until more data has arrived. But check for races..
1861	*/	1962	*/
1862	static long unix_stream_data_wait(struct sock *sk, long timeo,	1963	static long unix_stream_data_wait(struct sock *sk, long timeo,
1863	struct sk_buff *last)	1964	struct sk_buff *last, unsigned int last_len)
1864	{	1965	{
		1966	struct sk_buff *tail;
1865	DEFINE_WAIT(wait);	1967	DEFINE_WAIT(wait);
1866		1968
1867	unix_state_lock(sk);	1969	unix_state_lock(sk);
@@ -1869,7 +1971,9 @@ static long unix_stream_data_wait(struct sock *sk, long timeo,
1869	for (;;) {	1971	for (;;) {
1870	prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);	1972	prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1871		1973
1872	if (skb_peek_tail(&sk->sk_receive_queue) != last \|\|	1974	tail = skb_peek_tail(&sk->sk_receive_queue);
		1975	if (tail != last \|\|
		1976	(tail && tail->len != last_len) \|\|
1873	sk->sk_err \|\|	1977	sk->sk_err \|\|
1874	(sk->sk_shutdown & RCV_SHUTDOWN) \|\|	1978	(sk->sk_shutdown & RCV_SHUTDOWN) \|\|
1875	signal_pending(current) \|\|	1979	signal_pending(current) \|\|
@@ -1897,38 +2001,50 @@ static unsigned int unix_skb_len(const struct sk_buff *skb)
1897	return skb->len - UNIXCB(skb).consumed;	2001	return skb->len - UNIXCB(skb).consumed;
1898	}	2002	}
1899		2003
1900	static int unix_stream_recvmsg(struct socket sock, struct msghdr msg,	2004	struct unix_stream_read_state {
1901	size_t size, int flags)	2005	int (recv_actor)(struct sk_buff , int, int,
		2006	struct unix_stream_read_state *);
		2007	struct socket *socket;
		2008	struct msghdr *msg;
		2009	struct pipe_inode_info *pipe;
		2010	size_t size;
		2011	int flags;
		2012	unsigned int splice_flags;
		2013	};
		2014
		2015	static int unix_stream_read_generic(struct unix_stream_read_state *state)
1902	{	2016	{
1903	struct scm_cookie scm;	2017	struct scm_cookie scm;
		2018	struct socket *sock = state->socket;
1904	struct sock *sk = sock->sk;	2019	struct sock *sk = sock->sk;
1905	struct unix_sock *u = unix_sk(sk);	2020	struct unix_sock *u = unix_sk(sk);
1906	DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
1907	int copied = 0;	2021	int copied = 0;
		2022	int flags = state->flags;
1908	int noblock = flags & MSG_DONTWAIT;	2023	int noblock = flags & MSG_DONTWAIT;
1909	int check_creds = 0;	2024	bool check_creds = false;
1910	int target;	2025	int target;
1911	int err = 0;	2026	int err = 0;
1912	long timeo;	2027	long timeo;
1913	int skip;	2028	int skip;
		2029	size_t size = state->size;
		2030	unsigned int last_len;
1914		2031
1915	err = -EINVAL;	2032	err = -EINVAL;
1916	if (sk->sk_state != TCP_ESTABLISHED)	2033	if (sk->sk_state != TCP_ESTABLISHED)
1917	goto out;	2034	goto out;
1918		2035
1919	err = -EOPNOTSUPP;	2036	err = -EOPNOTSUPP;
1920	if (flags&MSG_OOB)	2037	if (flags & MSG_OOB)
1921	goto out;	2038	goto out;
1922		2039
1923	target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);	2040	target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
1924	timeo = sock_rcvtimeo(sk, noblock);	2041	timeo = sock_rcvtimeo(sk, noblock);
1925		2042
		2043	memset(&scm, 0, sizeof(scm));
		2044
1926	/* Lock the socket to prevent queue disordering	2045	/* Lock the socket to prevent queue disordering
1927	* while sleeps in memcpy_tomsg	2046	* while sleeps in memcpy_tomsg
1928	*/	2047	*/
1929
1930	memset(&scm, 0, sizeof(scm));
1931
1932	err = mutex_lock_interruptible(&u->readlock);	2048	err = mutex_lock_interruptible(&u->readlock);
1933	if (unlikely(err)) {	2049	if (unlikely(err)) {
1934	/* recvmsg() in non blocking mode is supposed to return -EAGAIN	2050	/* recvmsg() in non blocking mode is supposed to return -EAGAIN
@@ -1948,6 +2064,7 @@ static int unix_stream_recvmsg(struct socket sock, struct msghdr msg,
1948	goto unlock;	2064	goto unlock;
1949	}	2065	}
1950	last = skb = skb_peek(&sk->sk_receive_queue);	2066	last = skb = skb_peek(&sk->sk_receive_queue);
		2067	last_len = last ? last->len : 0;
1951	again:	2068	again:
1952	if (skb == NULL) {	2069	if (skb == NULL) {
1953	unix_sk(sk)->recursion_level = 0;	2070	unix_sk(sk)->recursion_level = 0;
@@ -1970,16 +2087,17 @@ again:
1970	break;	2087	break;
1971	mutex_unlock(&u->readlock);	2088	mutex_unlock(&u->readlock);
1972		2089
1973	timeo = unix_stream_data_wait(sk, timeo, last);	2090	timeo = unix_stream_data_wait(sk, timeo, last,
		2091	last_len);
1974		2092
1975	if (signal_pending(current)	2093	if (signal_pending(current) \|\|
1976	\|\| mutex_lock_interruptible(&u->readlock)) {	2094	mutex_lock_interruptible(&u->readlock)) {
1977	err = sock_intr_errno(timeo);	2095	err = sock_intr_errno(timeo);
1978	goto out;	2096	goto out;
1979	}	2097	}
1980		2098
1981	continue;	2099	continue;
1982	unlock:	2100	unlock:
1983	unix_state_unlock(sk);	2101	unix_state_unlock(sk);
1984	break;	2102	break;
1985	}	2103	}
@@ -1988,6 +2106,7 @@ again:
1988	while (skip >= unix_skb_len(skb)) {	2106	while (skip >= unix_skb_len(skb)) {
1989	skip -= unix_skb_len(skb);	2107	skip -= unix_skb_len(skb);
1990	last = skb;	2108	last = skb;
		2109	last_len = skb->len;
1991	skb = skb_peek_next(skb, &sk->sk_receive_queue);	2110	skb = skb_peek_next(skb, &sk->sk_receive_queue);
1992	if (!skb)	2111	if (!skb)
1993	goto again;	2112	goto again;
@@ -2004,18 +2123,20 @@ again:
2004	} else if (test_bit(SOCK_PASSCRED, &sock->flags)) {	2123	} else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
2005	/* Copy credentials */	2124	/* Copy credentials */
2006	scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);	2125	scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2007	check_creds = 1;	2126	check_creds = true;
2008	}	2127	}
2009		2128
2010	/* Copy address just once */	2129	/* Copy address just once */
2011	if (sunaddr) {	2130	if (state->msg && state->msg->msg_name) {
2012	unix_copy_addr(msg, skb->sk);	2131	DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
		2132	state->msg->msg_name);
		2133	unix_copy_addr(state->msg, skb->sk);
2013	sunaddr = NULL;	2134	sunaddr = NULL;
2014	}	2135	}
2015		2136
2016	chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);	2137	chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
2017	if (skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,	2138	chunk = state->recv_actor(skb, skip, chunk, state);
2018	msg, chunk)) {	2139	if (chunk < 0) {
2019	if (copied == 0)	2140	if (copied == 0)
2020	copied = -EFAULT;	2141	copied = -EFAULT;
2021	break;	2142	break;
@@ -2053,11 +2174,85 @@ again:
2053	} while (size);	2174	} while (size);
2054		2175
2055	mutex_unlock(&u->readlock);	2176	mutex_unlock(&u->readlock);
2056	scm_recv(sock, msg, &scm, flags);	2177	if (state->msg)
		2178	scm_recv(sock, state->msg, &scm, flags);
		2179	else
		2180	scm_destroy(&scm);
2057	out:	2181	out:
2058	return copied ? : err;	2182	return copied ? : err;
2059	}	2183	}
2060		2184
		2185	static int unix_stream_read_actor(struct sk_buff *skb,
		2186	int skip, int chunk,
		2187	struct unix_stream_read_state *state)
		2188	{
		2189	int ret;
		2190
		2191	ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
		2192	state->msg, chunk);
		2193	return ret ?: chunk;
		2194	}
		2195
		2196	static int unix_stream_recvmsg(struct socket sock, struct msghdr msg,
		2197	size_t size, int flags)
		2198	{
		2199	struct unix_stream_read_state state = {
		2200	.recv_actor = unix_stream_read_actor,
		2201	.socket = sock,
		2202	.msg = msg,
		2203	.size = size,
		2204	.flags = flags
		2205	};
		2206
		2207	return unix_stream_read_generic(&state);
		2208	}
		2209
		2210	static ssize_t skb_unix_socket_splice(struct sock *sk,
		2211	struct pipe_inode_info *pipe,
		2212	struct splice_pipe_desc *spd)
		2213	{
		2214	int ret;
		2215	struct unix_sock *u = unix_sk(sk);
		2216
		2217	mutex_unlock(&u->readlock);
		2218	ret = splice_to_pipe(pipe, spd);
		2219	mutex_lock(&u->readlock);
		2220
		2221	return ret;
		2222	}
		2223
		2224	static int unix_stream_splice_actor(struct sk_buff *skb,
		2225	int skip, int chunk,
		2226	struct unix_stream_read_state *state)
		2227	{
		2228	return skb_splice_bits(skb, state->socket->sk,
		2229	UNIXCB(skb).consumed + skip,
		2230	state->pipe, chunk, state->splice_flags,
		2231	skb_unix_socket_splice);
		2232	}
		2233
		2234	static ssize_t unix_stream_splice_read(struct socket sock, loff_t ppos,
		2235	struct pipe_inode_info *pipe,
		2236	size_t size, unsigned int flags)
		2237	{
		2238	struct unix_stream_read_state state = {
		2239	.recv_actor = unix_stream_splice_actor,
		2240	.socket = sock,
		2241	.pipe = pipe,
		2242	.size = size,
		2243	.splice_flags = flags,
		2244	};
		2245
		2246	if (unlikely(*ppos))
		2247	return -ESPIPE;
		2248
		2249	if (sock->file->f_flags & O_NONBLOCK \|\|
		2250	flags & SPLICE_F_NONBLOCK)
		2251	state.flags = MSG_DONTWAIT;
		2252
		2253	return unix_stream_read_generic(&state);
		2254	}
		2255
2061	static int unix_shutdown(struct socket *sock, int mode)	2256	static int unix_shutdown(struct socket *sock, int mode)
2062	{	2257	{
2063	struct sock *sk = sock->sk;	2258	struct sock *sk = sock->sk;