aboutsummaryrefslogtreecommitdiffstats
path: root/net/unix/af_unix.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/unix/af_unix.c')
-rw-r--r--net/unix/af_unix.c236
1 files changed, 150 insertions, 86 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index f25511903115..dd419d286204 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -117,7 +117,7 @@
117 117
118static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1]; 118static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119static DEFINE_SPINLOCK(unix_table_lock); 119static DEFINE_SPINLOCK(unix_table_lock);
120static atomic_t unix_nr_socks = ATOMIC_INIT(0); 120static atomic_long_t unix_nr_socks;
121 121
122#define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE]) 122#define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
123 123
@@ -144,7 +144,7 @@ static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
144/* 144/*
145 * SMP locking strategy: 145 * SMP locking strategy:
146 * hash table is protected with spinlock unix_table_lock 146 * hash table is protected with spinlock unix_table_lock
147 * each socket state is protected by separate rwlock. 147 * each socket state is protected by separate spin lock.
148 */ 148 */
149 149
150static inline unsigned unix_hash_fold(__wsum n) 150static inline unsigned unix_hash_fold(__wsum n)
@@ -282,7 +282,7 @@ static inline struct sock *unix_find_socket_byname(struct net *net,
282 return s; 282 return s;
283} 283}
284 284
285static struct sock *unix_find_socket_byinode(struct net *net, struct inode *i) 285static struct sock *unix_find_socket_byinode(struct inode *i)
286{ 286{
287 struct sock *s; 287 struct sock *s;
288 struct hlist_node *node; 288 struct hlist_node *node;
@@ -292,9 +292,6 @@ static struct sock *unix_find_socket_byinode(struct net *net, struct inode *i)
292 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) { 292 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
293 struct dentry *dentry = unix_sk(s)->dentry; 293 struct dentry *dentry = unix_sk(s)->dentry;
294 294
295 if (!net_eq(sock_net(s), net))
296 continue;
297
298 if (dentry && dentry->d_inode == i) { 295 if (dentry && dentry->d_inode == i) {
299 sock_hold(s); 296 sock_hold(s);
300 goto found; 297 goto found;
@@ -313,13 +310,17 @@ static inline int unix_writable(struct sock *sk)
313 310
314static void unix_write_space(struct sock *sk) 311static void unix_write_space(struct sock *sk)
315{ 312{
316 read_lock(&sk->sk_callback_lock); 313 struct socket_wq *wq;
314
315 rcu_read_lock();
317 if (unix_writable(sk)) { 316 if (unix_writable(sk)) {
318 if (sk_has_sleeper(sk)) 317 wq = rcu_dereference(sk->sk_wq);
319 wake_up_interruptible_sync(sk->sk_sleep); 318 if (wq_has_sleeper(wq))
319 wake_up_interruptible_sync_poll(&wq->wait,
320 POLLOUT | POLLWRNORM | POLLWRBAND);
320 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 321 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
321 } 322 }
322 read_unlock(&sk->sk_callback_lock); 323 rcu_read_unlock();
323} 324}
324 325
325/* When dgram socket disconnects (or changes its peer), we clear its receive 326/* When dgram socket disconnects (or changes its peer), we clear its receive
@@ -360,13 +361,13 @@ static void unix_sock_destructor(struct sock *sk)
360 if (u->addr) 361 if (u->addr)
361 unix_release_addr(u->addr); 362 unix_release_addr(u->addr);
362 363
363 atomic_dec(&unix_nr_socks); 364 atomic_long_dec(&unix_nr_socks);
364 local_bh_disable(); 365 local_bh_disable();
365 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 366 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
366 local_bh_enable(); 367 local_bh_enable();
367#ifdef UNIX_REFCNT_DEBUG 368#ifdef UNIX_REFCNT_DEBUG
368 printk(KERN_DEBUG "UNIX %p is destroyed, %d are still alive.\n", sk, 369 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
369 atomic_read(&unix_nr_socks)); 370 atomic_long_read(&unix_nr_socks));
370#endif 371#endif
371} 372}
372 373
@@ -406,9 +407,7 @@ static int unix_release_sock(struct sock *sk, int embrion)
406 skpair->sk_err = ECONNRESET; 407 skpair->sk_err = ECONNRESET;
407 unix_state_unlock(skpair); 408 unix_state_unlock(skpair);
408 skpair->sk_state_change(skpair); 409 skpair->sk_state_change(skpair);
409 read_lock(&skpair->sk_callback_lock);
410 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP); 410 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
411 read_unlock(&skpair->sk_callback_lock);
412 } 411 }
413 sock_put(skpair); /* It may now die */ 412 sock_put(skpair); /* It may now die */
414 unix_peer(sk) = NULL; 413 unix_peer(sk) = NULL;
@@ -449,11 +448,31 @@ static int unix_release_sock(struct sock *sk, int embrion)
449 return 0; 448 return 0;
450} 449}
451 450
451static void init_peercred(struct sock *sk)
452{
453 put_pid(sk->sk_peer_pid);
454 if (sk->sk_peer_cred)
455 put_cred(sk->sk_peer_cred);
456 sk->sk_peer_pid = get_pid(task_tgid(current));
457 sk->sk_peer_cred = get_current_cred();
458}
459
460static void copy_peercred(struct sock *sk, struct sock *peersk)
461{
462 put_pid(sk->sk_peer_pid);
463 if (sk->sk_peer_cred)
464 put_cred(sk->sk_peer_cred);
465 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
466 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
467}
468
452static int unix_listen(struct socket *sock, int backlog) 469static int unix_listen(struct socket *sock, int backlog)
453{ 470{
454 int err; 471 int err;
455 struct sock *sk = sock->sk; 472 struct sock *sk = sock->sk;
456 struct unix_sock *u = unix_sk(sk); 473 struct unix_sock *u = unix_sk(sk);
474 struct pid *old_pid = NULL;
475 const struct cred *old_cred = NULL;
457 476
458 err = -EOPNOTSUPP; 477 err = -EOPNOTSUPP;
459 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET) 478 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
@@ -469,12 +488,14 @@ static int unix_listen(struct socket *sock, int backlog)
469 sk->sk_max_ack_backlog = backlog; 488 sk->sk_max_ack_backlog = backlog;
470 sk->sk_state = TCP_LISTEN; 489 sk->sk_state = TCP_LISTEN;
471 /* set credentials so connect can copy them */ 490 /* set credentials so connect can copy them */
472 sk->sk_peercred.pid = task_tgid_vnr(current); 491 init_peercred(sk);
473 current_euid_egid(&sk->sk_peercred.uid, &sk->sk_peercred.gid);
474 err = 0; 492 err = 0;
475 493
476out_unlock: 494out_unlock:
477 unix_state_unlock(sk); 495 unix_state_unlock(sk);
496 put_pid(old_pid);
497 if (old_cred)
498 put_cred(old_cred);
478out: 499out:
479 return err; 500 return err;
480} 501}
@@ -586,8 +607,8 @@ static struct sock *unix_create1(struct net *net, struct socket *sock)
586 struct sock *sk = NULL; 607 struct sock *sk = NULL;
587 struct unix_sock *u; 608 struct unix_sock *u;
588 609
589 atomic_inc(&unix_nr_socks); 610 atomic_long_inc(&unix_nr_socks);
590 if (atomic_read(&unix_nr_socks) > 2 * get_max_files()) 611 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
591 goto out; 612 goto out;
592 613
593 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto); 614 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
@@ -612,7 +633,7 @@ static struct sock *unix_create1(struct net *net, struct socket *sock)
612 unix_insert_socket(unix_sockets_unbound, sk); 633 unix_insert_socket(unix_sockets_unbound, sk);
613out: 634out:
614 if (sk == NULL) 635 if (sk == NULL)
615 atomic_dec(&unix_nr_socks); 636 atomic_long_dec(&unix_nr_socks);
616 else { 637 else {
617 local_bh_disable(); 638 local_bh_disable();
618 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 639 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
@@ -672,6 +693,7 @@ static int unix_autobind(struct socket *sock)
672 static u32 ordernum = 1; 693 static u32 ordernum = 1;
673 struct unix_address *addr; 694 struct unix_address *addr;
674 int err; 695 int err;
696 unsigned int retries = 0;
675 697
676 mutex_lock(&u->readlock); 698 mutex_lock(&u->readlock);
677 699
@@ -697,9 +719,17 @@ retry:
697 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type, 719 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
698 addr->hash)) { 720 addr->hash)) {
699 spin_unlock(&unix_table_lock); 721 spin_unlock(&unix_table_lock);
700 /* Sanity yield. It is unusual case, but yet... */ 722 /*
701 if (!(ordernum&0xFF)) 723 * __unix_find_socket_byname() may take long time if many names
702 yield(); 724 * are already in use.
725 */
726 cond_resched();
727 /* Give up if all names seems to be in use. */
728 if (retries++ == 0xFFFFF) {
729 err = -ENOSPC;
730 kfree(addr);
731 goto out;
732 }
703 goto retry; 733 goto retry;
704 } 734 }
705 addr->hash ^= sk->sk_type; 735 addr->hash ^= sk->sk_type;
@@ -735,7 +765,7 @@ static struct sock *unix_find_other(struct net *net,
735 err = -ECONNREFUSED; 765 err = -ECONNREFUSED;
736 if (!S_ISSOCK(inode->i_mode)) 766 if (!S_ISSOCK(inode->i_mode))
737 goto put_fail; 767 goto put_fail;
738 u = unix_find_socket_byinode(net, inode); 768 u = unix_find_socket_byinode(inode);
739 if (!u) 769 if (!u)
740 goto put_fail; 770 goto put_fail;
741 771
@@ -1127,7 +1157,7 @@ restart:
1127 goto restart; 1157 goto restart;
1128 } 1158 }
1129 1159
1130 err = security_unix_stream_connect(sock, other->sk_socket, newsk); 1160 err = security_unix_stream_connect(sk, other, newsk);
1131 if (err) { 1161 if (err) {
1132 unix_state_unlock(sk); 1162 unix_state_unlock(sk);
1133 goto out_unlock; 1163 goto out_unlock;
@@ -1139,10 +1169,9 @@ restart:
1139 unix_peer(newsk) = sk; 1169 unix_peer(newsk) = sk;
1140 newsk->sk_state = TCP_ESTABLISHED; 1170 newsk->sk_state = TCP_ESTABLISHED;
1141 newsk->sk_type = sk->sk_type; 1171 newsk->sk_type = sk->sk_type;
1142 newsk->sk_peercred.pid = task_tgid_vnr(current); 1172 init_peercred(newsk);
1143 current_euid_egid(&newsk->sk_peercred.uid, &newsk->sk_peercred.gid);
1144 newu = unix_sk(newsk); 1173 newu = unix_sk(newsk);
1145 newsk->sk_sleep = &newu->peer_wait; 1174 newsk->sk_wq = &newu->peer_wq;
1146 otheru = unix_sk(other); 1175 otheru = unix_sk(other);
1147 1176
1148 /* copy address information from listening to new sock*/ 1177 /* copy address information from listening to new sock*/
@@ -1156,7 +1185,7 @@ restart:
1156 } 1185 }
1157 1186
1158 /* Set credentials */ 1187 /* Set credentials */
1159 sk->sk_peercred = other->sk_peercred; 1188 copy_peercred(sk, other);
1160 1189
1161 sock->state = SS_CONNECTED; 1190 sock->state = SS_CONNECTED;
1162 sk->sk_state = TCP_ESTABLISHED; 1191 sk->sk_state = TCP_ESTABLISHED;
@@ -1198,10 +1227,8 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb)
1198 sock_hold(skb); 1227 sock_hold(skb);
1199 unix_peer(ska) = skb; 1228 unix_peer(ska) = skb;
1200 unix_peer(skb) = ska; 1229 unix_peer(skb) = ska;
1201 ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current); 1230 init_peercred(ska);
1202 current_euid_egid(&skb->sk_peercred.uid, &skb->sk_peercred.gid); 1231 init_peercred(skb);
1203 ska->sk_peercred.uid = skb->sk_peercred.uid;
1204 ska->sk_peercred.gid = skb->sk_peercred.gid;
1205 1232
1206 if (ska->sk_type != SOCK_DGRAM) { 1233 if (ska->sk_type != SOCK_DGRAM) {
1207 ska->sk_state = TCP_ESTABLISHED; 1234 ska->sk_state = TCP_ESTABLISHED;
@@ -1296,18 +1323,20 @@ static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1296 int i; 1323 int i;
1297 1324
1298 scm->fp = UNIXCB(skb).fp; 1325 scm->fp = UNIXCB(skb).fp;
1299 skb->destructor = sock_wfree;
1300 UNIXCB(skb).fp = NULL; 1326 UNIXCB(skb).fp = NULL;
1301 1327
1302 for (i = scm->fp->count-1; i >= 0; i--) 1328 for (i = scm->fp->count-1; i >= 0; i--)
1303 unix_notinflight(scm->fp->fp[i]); 1329 unix_notinflight(scm->fp->fp[i]);
1304} 1330}
1305 1331
1306static void unix_destruct_fds(struct sk_buff *skb) 1332static void unix_destruct_scm(struct sk_buff *skb)
1307{ 1333{
1308 struct scm_cookie scm; 1334 struct scm_cookie scm;
1309 memset(&scm, 0, sizeof(scm)); 1335 memset(&scm, 0, sizeof(scm));
1310 unix_detach_fds(&scm, skb); 1336 scm.pid = UNIXCB(skb).pid;
1337 scm.cred = UNIXCB(skb).cred;
1338 if (UNIXCB(skb).fp)
1339 unix_detach_fds(&scm, skb);
1311 1340
1312 /* Alas, it calls VFS */ 1341 /* Alas, it calls VFS */
1313 /* So fscking what? fput() had been SMP-safe since the last Summer */ 1342 /* So fscking what? fput() had been SMP-safe since the last Summer */
@@ -1315,9 +1344,25 @@ static void unix_destruct_fds(struct sk_buff *skb)
1315 sock_wfree(skb); 1344 sock_wfree(skb);
1316} 1345}
1317 1346
1347#define MAX_RECURSION_LEVEL 4
1348
1318static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb) 1349static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1319{ 1350{
1320 int i; 1351 int i;
1352 unsigned char max_level = 0;
1353 int unix_sock_count = 0;
1354
1355 for (i = scm->fp->count - 1; i >= 0; i--) {
1356 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1357
1358 if (sk) {
1359 unix_sock_count++;
1360 max_level = max(max_level,
1361 unix_sk(sk)->recursion_level);
1362 }
1363 }
1364 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1365 return -ETOOMANYREFS;
1321 1366
1322 /* 1367 /*
1323 * Need to duplicate file references for the sake of garbage 1368 * Need to duplicate file references for the sake of garbage
@@ -1328,10 +1373,24 @@ static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1328 if (!UNIXCB(skb).fp) 1373 if (!UNIXCB(skb).fp)
1329 return -ENOMEM; 1374 return -ENOMEM;
1330 1375
1331 for (i = scm->fp->count-1; i >= 0; i--) 1376 if (unix_sock_count) {
1332 unix_inflight(scm->fp->fp[i]); 1377 for (i = scm->fp->count - 1; i >= 0; i--)
1333 skb->destructor = unix_destruct_fds; 1378 unix_inflight(scm->fp->fp[i]);
1334 return 0; 1379 }
1380 return max_level;
1381}
1382
1383static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1384{
1385 int err = 0;
1386 UNIXCB(skb).pid = get_pid(scm->pid);
1387 UNIXCB(skb).cred = get_cred(scm->cred);
1388 UNIXCB(skb).fp = NULL;
1389 if (scm->fp && send_fds)
1390 err = unix_attach_fds(scm, skb);
1391
1392 skb->destructor = unix_destruct_scm;
1393 return err;
1335} 1394}
1336 1395
1337/* 1396/*
@@ -1353,6 +1412,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1353 struct sk_buff *skb; 1412 struct sk_buff *skb;
1354 long timeo; 1413 long timeo;
1355 struct scm_cookie tmp_scm; 1414 struct scm_cookie tmp_scm;
1415 int max_level;
1356 1416
1357 if (NULL == siocb->scm) 1417 if (NULL == siocb->scm)
1358 siocb->scm = &tmp_scm; 1418 siocb->scm = &tmp_scm;
@@ -1390,12 +1450,10 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1390 if (skb == NULL) 1450 if (skb == NULL)
1391 goto out; 1451 goto out;
1392 1452
1393 memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1453 err = unix_scm_to_skb(siocb->scm, skb, true);
1394 if (siocb->scm->fp) { 1454 if (err < 0)
1395 err = unix_attach_fds(siocb->scm, skb); 1455 goto out_free;
1396 if (err) 1456 max_level = err + 1;
1397 goto out_free;
1398 }
1399 unix_get_secdata(siocb->scm, skb); 1457 unix_get_secdata(siocb->scm, skb);
1400 1458
1401 skb_reset_transport_header(skb); 1459 skb_reset_transport_header(skb);
@@ -1474,7 +1532,11 @@ restart:
1474 goto restart; 1532 goto restart;
1475 } 1533 }
1476 1534
1535 if (sock_flag(other, SOCK_RCVTSTAMP))
1536 __net_timestamp(skb);
1477 skb_queue_tail(&other->sk_receive_queue, skb); 1537 skb_queue_tail(&other->sk_receive_queue, skb);
1538 if (max_level > unix_sk(other)->recursion_level)
1539 unix_sk(other)->recursion_level = max_level;
1478 unix_state_unlock(other); 1540 unix_state_unlock(other);
1479 other->sk_data_ready(other, len); 1541 other->sk_data_ready(other, len);
1480 sock_put(other); 1542 sock_put(other);
@@ -1505,6 +1567,7 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1505 int sent = 0; 1567 int sent = 0;
1506 struct scm_cookie tmp_scm; 1568 struct scm_cookie tmp_scm;
1507 bool fds_sent = false; 1569 bool fds_sent = false;
1570 int max_level;
1508 1571
1509 if (NULL == siocb->scm) 1572 if (NULL == siocb->scm)
1510 siocb->scm = &tmp_scm; 1573 siocb->scm = &tmp_scm;
@@ -1565,16 +1628,15 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1565 */ 1628 */
1566 size = min_t(int, size, skb_tailroom(skb)); 1629 size = min_t(int, size, skb_tailroom(skb));
1567 1630
1568 memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1631
1569 /* Only send the fds in the first buffer */ 1632 /* Only send the fds in the first buffer */
1570 if (siocb->scm->fp && !fds_sent) { 1633 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1571 err = unix_attach_fds(siocb->scm, skb); 1634 if (err < 0) {
1572 if (err) { 1635 kfree_skb(skb);
1573 kfree_skb(skb); 1636 goto out_err;
1574 goto out_err;
1575 }
1576 fds_sent = true;
1577 } 1637 }
1638 max_level = err + 1;
1639 fds_sent = true;
1578 1640
1579 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 1641 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1580 if (err) { 1642 if (err) {
@@ -1589,6 +1651,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1589 goto pipe_err_free; 1651 goto pipe_err_free;
1590 1652
1591 skb_queue_tail(&other->sk_receive_queue, skb); 1653 skb_queue_tail(&other->sk_receive_queue, skb);
1654 if (max_level > unix_sk(other)->recursion_level)
1655 unix_sk(other)->recursion_level = max_level;
1592 unix_state_unlock(other); 1656 unix_state_unlock(other);
1593 other->sk_data_ready(other, size); 1657 other->sk_data_ready(other, size);
1594 sent += size; 1658 sent += size;
@@ -1673,7 +1737,8 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1673 goto out_unlock; 1737 goto out_unlock;
1674 } 1738 }
1675 1739
1676 wake_up_interruptible_sync(&u->peer_wait); 1740 wake_up_interruptible_sync_poll(&u->peer_wait,
1741 POLLOUT | POLLWRNORM | POLLWRBAND);
1677 1742
1678 if (msg->msg_name) 1743 if (msg->msg_name)
1679 unix_copy_addr(msg, skb->sk); 1744 unix_copy_addr(msg, skb->sk);
@@ -1687,11 +1752,14 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1687 if (err) 1752 if (err)
1688 goto out_free; 1753 goto out_free;
1689 1754
1755 if (sock_flag(sk, SOCK_RCVTSTAMP))
1756 __sock_recv_timestamp(msg, sk, skb);
1757
1690 if (!siocb->scm) { 1758 if (!siocb->scm) {
1691 siocb->scm = &tmp_scm; 1759 siocb->scm = &tmp_scm;
1692 memset(&tmp_scm, 0, sizeof(tmp_scm)); 1760 memset(&tmp_scm, 0, sizeof(tmp_scm));
1693 } 1761 }
1694 siocb->scm->creds = *UNIXCREDS(skb); 1762 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1695 unix_set_secdata(siocb->scm, skb); 1763 unix_set_secdata(siocb->scm, skb);
1696 1764
1697 if (!(flags & MSG_PEEK)) { 1765 if (!(flags & MSG_PEEK)) {
@@ -1736,7 +1804,7 @@ static long unix_stream_data_wait(struct sock *sk, long timeo)
1736 unix_state_lock(sk); 1804 unix_state_lock(sk);
1737 1805
1738 for (;;) { 1806 for (;;) {
1739 prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); 1807 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1740 1808
1741 if (!skb_queue_empty(&sk->sk_receive_queue) || 1809 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1742 sk->sk_err || 1810 sk->sk_err ||
@@ -1752,7 +1820,7 @@ static long unix_stream_data_wait(struct sock *sk, long timeo)
1752 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 1820 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1753 } 1821 }
1754 1822
1755 finish_wait(sk->sk_sleep, &wait); 1823 finish_wait(sk_sleep(sk), &wait);
1756 unix_state_unlock(sk); 1824 unix_state_unlock(sk);
1757 return timeo; 1825 return timeo;
1758} 1826}
@@ -1805,6 +1873,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1805 unix_state_lock(sk); 1873 unix_state_lock(sk);
1806 skb = skb_dequeue(&sk->sk_receive_queue); 1874 skb = skb_dequeue(&sk->sk_receive_queue);
1807 if (skb == NULL) { 1875 if (skb == NULL) {
1876 unix_sk(sk)->recursion_level = 0;
1808 if (copied >= target) 1877 if (copied >= target)
1809 goto unlock; 1878 goto unlock;
1810 1879
@@ -1840,14 +1909,14 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1840 1909
1841 if (check_creds) { 1910 if (check_creds) {
1842 /* Never glue messages from different writers */ 1911 /* Never glue messages from different writers */
1843 if (memcmp(UNIXCREDS(skb), &siocb->scm->creds, 1912 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1844 sizeof(siocb->scm->creds)) != 0) { 1913 (UNIXCB(skb).cred != siocb->scm->cred)) {
1845 skb_queue_head(&sk->sk_receive_queue, skb); 1914 skb_queue_head(&sk->sk_receive_queue, skb);
1846 break; 1915 break;
1847 } 1916 }
1848 } else { 1917 } else {
1849 /* Copy credentials */ 1918 /* Copy credentials */
1850 siocb->scm->creds = *UNIXCREDS(skb); 1919 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1851 check_creds = 1; 1920 check_creds = 1;
1852 } 1921 }
1853 1922
@@ -1880,7 +1949,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1880 break; 1949 break;
1881 } 1950 }
1882 1951
1883 kfree_skb(skb); 1952 consume_skb(skb);
1884 1953
1885 if (siocb->scm->fp) 1954 if (siocb->scm->fp)
1886 break; 1955 break;
@@ -1931,12 +2000,10 @@ static int unix_shutdown(struct socket *sock, int mode)
1931 other->sk_shutdown |= peer_mode; 2000 other->sk_shutdown |= peer_mode;
1932 unix_state_unlock(other); 2001 unix_state_unlock(other);
1933 other->sk_state_change(other); 2002 other->sk_state_change(other);
1934 read_lock(&other->sk_callback_lock);
1935 if (peer_mode == SHUTDOWN_MASK) 2003 if (peer_mode == SHUTDOWN_MASK)
1936 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP); 2004 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
1937 else if (peer_mode & RCV_SHUTDOWN) 2005 else if (peer_mode & RCV_SHUTDOWN)
1938 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN); 2006 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
1939 read_unlock(&other->sk_callback_lock);
1940 } 2007 }
1941 if (other) 2008 if (other)
1942 sock_put(other); 2009 sock_put(other);
@@ -1991,7 +2058,7 @@ static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table
1991 struct sock *sk = sock->sk; 2058 struct sock *sk = sock->sk;
1992 unsigned int mask; 2059 unsigned int mask;
1993 2060
1994 sock_poll_wait(file, sk->sk_sleep, wait); 2061 sock_poll_wait(file, sk_sleep(sk), wait);
1995 mask = 0; 2062 mask = 0;
1996 2063
1997 /* exceptional events? */ 2064 /* exceptional events? */
@@ -2000,11 +2067,10 @@ static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table
2000 if (sk->sk_shutdown == SHUTDOWN_MASK) 2067 if (sk->sk_shutdown == SHUTDOWN_MASK)
2001 mask |= POLLHUP; 2068 mask |= POLLHUP;
2002 if (sk->sk_shutdown & RCV_SHUTDOWN) 2069 if (sk->sk_shutdown & RCV_SHUTDOWN)
2003 mask |= POLLRDHUP; 2070 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2004 2071
2005 /* readable? */ 2072 /* readable? */
2006 if (!skb_queue_empty(&sk->sk_receive_queue) || 2073 if (!skb_queue_empty(&sk->sk_receive_queue))
2007 (sk->sk_shutdown & RCV_SHUTDOWN))
2008 mask |= POLLIN | POLLRDNORM; 2074 mask |= POLLIN | POLLRDNORM;
2009 2075
2010 /* Connection-based need to check for termination and startup */ 2076 /* Connection-based need to check for termination and startup */
@@ -2028,20 +2094,19 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2028 struct sock *sk = sock->sk, *other; 2094 struct sock *sk = sock->sk, *other;
2029 unsigned int mask, writable; 2095 unsigned int mask, writable;
2030 2096
2031 sock_poll_wait(file, sk->sk_sleep, wait); 2097 sock_poll_wait(file, sk_sleep(sk), wait);
2032 mask = 0; 2098 mask = 0;
2033 2099
2034 /* exceptional events? */ 2100 /* exceptional events? */
2035 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue)) 2101 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2036 mask |= POLLERR; 2102 mask |= POLLERR;
2037 if (sk->sk_shutdown & RCV_SHUTDOWN) 2103 if (sk->sk_shutdown & RCV_SHUTDOWN)
2038 mask |= POLLRDHUP; 2104 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2039 if (sk->sk_shutdown == SHUTDOWN_MASK) 2105 if (sk->sk_shutdown == SHUTDOWN_MASK)
2040 mask |= POLLHUP; 2106 mask |= POLLHUP;
2041 2107
2042 /* readable? */ 2108 /* readable? */
2043 if (!skb_queue_empty(&sk->sk_receive_queue) || 2109 if (!skb_queue_empty(&sk->sk_receive_queue))
2044 (sk->sk_shutdown & RCV_SHUTDOWN))
2045 mask |= POLLIN | POLLRDNORM; 2110 mask |= POLLIN | POLLRDNORM;
2046 2111
2047 /* Connection-based need to check for termination and startup */ 2112 /* Connection-based need to check for termination and startup */
@@ -2053,20 +2118,19 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2053 return mask; 2118 return mask;
2054 } 2119 }
2055 2120
2056 /* writable? */ 2121 /* No write status requested, avoid expensive OUT tests. */
2057 writable = unix_writable(sk); 2122 if (wait && !(wait->key & (POLLWRBAND | POLLWRNORM | POLLOUT)))
2058 if (writable) { 2123 return mask;
2059 other = unix_peer_get(sk);
2060 if (other) {
2061 if (unix_peer(other) != sk) {
2062 sock_poll_wait(file, &unix_sk(other)->peer_wait,
2063 wait);
2064 if (unix_recvq_full(other))
2065 writable = 0;
2066 }
2067 2124
2068 sock_put(other); 2125 writable = unix_writable(sk);
2126 other = unix_peer_get(sk);
2127 if (other) {
2128 if (unix_peer(other) != sk) {
2129 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2130 if (unix_recvq_full(other))
2131 writable = 0;
2069 } 2132 }
2133 sock_put(other);
2070 } 2134 }
2071 2135
2072 if (writable) 2136 if (writable)
@@ -2224,7 +2288,7 @@ static const struct net_proto_family unix_family_ops = {
2224}; 2288};
2225 2289
2226 2290
2227static int unix_net_init(struct net *net) 2291static int __net_init unix_net_init(struct net *net)
2228{ 2292{
2229 int error = -ENOMEM; 2293 int error = -ENOMEM;
2230 2294
@@ -2243,7 +2307,7 @@ out:
2243 return error; 2307 return error;
2244} 2308}
2245 2309
2246static void unix_net_exit(struct net *net) 2310static void __net_exit unix_net_exit(struct net *net)
2247{ 2311{
2248 unix_sysctl_unregister(net); 2312 unix_sysctl_unregister(net);
2249 proc_net_remove(net, "unix"); 2313 proc_net_remove(net, "unix");
generated by cgit v1.2.2 (git 2.25.0) at 2025-05-11 04:34:01 -0400