aboutsummaryrefslogtreecommitdiffstats
path: root/net/unix/af_unix.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/unix/af_unix.c')
-rw-r--r--net/unix/af_unix.c97
1 files changed, 64 insertions, 33 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 0b39b2451ea5..dd419d286204 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -117,7 +117,7 @@
117 117
118static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1]; 118static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119static DEFINE_SPINLOCK(unix_table_lock); 119static DEFINE_SPINLOCK(unix_table_lock);
120static atomic_t unix_nr_socks = ATOMIC_INIT(0); 120static atomic_long_t unix_nr_socks;
121 121
122#define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE]) 122#define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
123 123
@@ -316,7 +316,8 @@ static void unix_write_space(struct sock *sk)
316 if (unix_writable(sk)) { 316 if (unix_writable(sk)) {
317 wq = rcu_dereference(sk->sk_wq); 317 wq = rcu_dereference(sk->sk_wq);
318 if (wq_has_sleeper(wq)) 318 if (wq_has_sleeper(wq))
319 wake_up_interruptible_sync(&wq->wait); 319 wake_up_interruptible_sync_poll(&wq->wait,
320 POLLOUT | POLLWRNORM | POLLWRBAND);
320 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 321 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
321 } 322 }
322 rcu_read_unlock(); 323 rcu_read_unlock();
@@ -360,13 +361,13 @@ static void unix_sock_destructor(struct sock *sk)
360 if (u->addr) 361 if (u->addr)
361 unix_release_addr(u->addr); 362 unix_release_addr(u->addr);
362 363
363 atomic_dec(&unix_nr_socks); 364 atomic_long_dec(&unix_nr_socks);
364 local_bh_disable(); 365 local_bh_disable();
365 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 366 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
366 local_bh_enable(); 367 local_bh_enable();
367#ifdef UNIX_REFCNT_DEBUG 368#ifdef UNIX_REFCNT_DEBUG
368 printk(KERN_DEBUG "UNIX %p is destroyed, %d are still alive.\n", sk, 369 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
369 atomic_read(&unix_nr_socks)); 370 atomic_long_read(&unix_nr_socks));
370#endif 371#endif
371} 372}
372 373
@@ -606,8 +607,8 @@ static struct sock *unix_create1(struct net *net, struct socket *sock)
606 struct sock *sk = NULL; 607 struct sock *sk = NULL;
607 struct unix_sock *u; 608 struct unix_sock *u;
608 609
609 atomic_inc(&unix_nr_socks); 610 atomic_long_inc(&unix_nr_socks);
610 if (atomic_read(&unix_nr_socks) > 2 * get_max_files()) 611 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
611 goto out; 612 goto out;
612 613
613 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto); 614 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
@@ -632,7 +633,7 @@ static struct sock *unix_create1(struct net *net, struct socket *sock)
632 unix_insert_socket(unix_sockets_unbound, sk); 633 unix_insert_socket(unix_sockets_unbound, sk);
633out: 634out:
634 if (sk == NULL) 635 if (sk == NULL)
635 atomic_dec(&unix_nr_socks); 636 atomic_long_dec(&unix_nr_socks);
636 else { 637 else {
637 local_bh_disable(); 638 local_bh_disable();
638 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 639 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
@@ -1156,7 +1157,7 @@ restart:
1156 goto restart; 1157 goto restart;
1157 } 1158 }
1158 1159
1159 err = security_unix_stream_connect(sock, other->sk_socket, newsk); 1160 err = security_unix_stream_connect(sk, other, newsk);
1160 if (err) { 1161 if (err) {
1161 unix_state_unlock(sk); 1162 unix_state_unlock(sk);
1162 goto out_unlock; 1163 goto out_unlock;
@@ -1343,9 +1344,25 @@ static void unix_destruct_scm(struct sk_buff *skb)
1343 sock_wfree(skb); 1344 sock_wfree(skb);
1344} 1345}
1345 1346
1347#define MAX_RECURSION_LEVEL 4
1348
1346static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb) 1349static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1347{ 1350{
1348 int i; 1351 int i;
1352 unsigned char max_level = 0;
1353 int unix_sock_count = 0;
1354
1355 for (i = scm->fp->count - 1; i >= 0; i--) {
1356 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1357
1358 if (sk) {
1359 unix_sock_count++;
1360 max_level = max(max_level,
1361 unix_sk(sk)->recursion_level);
1362 }
1363 }
1364 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1365 return -ETOOMANYREFS;
1349 1366
1350 /* 1367 /*
1351 * Need to duplicate file references for the sake of garbage 1368 * Need to duplicate file references for the sake of garbage
@@ -1356,9 +1373,11 @@ static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1356 if (!UNIXCB(skb).fp) 1373 if (!UNIXCB(skb).fp)
1357 return -ENOMEM; 1374 return -ENOMEM;
1358 1375
1359 for (i = scm->fp->count-1; i >= 0; i--) 1376 if (unix_sock_count) {
1360 unix_inflight(scm->fp->fp[i]); 1377 for (i = scm->fp->count - 1; i >= 0; i--)
1361 return 0; 1378 unix_inflight(scm->fp->fp[i]);
1379 }
1380 return max_level;
1362} 1381}
1363 1382
1364static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds) 1383static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
@@ -1393,6 +1412,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1393 struct sk_buff *skb; 1412 struct sk_buff *skb;
1394 long timeo; 1413 long timeo;
1395 struct scm_cookie tmp_scm; 1414 struct scm_cookie tmp_scm;
1415 int max_level;
1396 1416
1397 if (NULL == siocb->scm) 1417 if (NULL == siocb->scm)
1398 siocb->scm = &tmp_scm; 1418 siocb->scm = &tmp_scm;
@@ -1431,8 +1451,9 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1431 goto out; 1451 goto out;
1432 1452
1433 err = unix_scm_to_skb(siocb->scm, skb, true); 1453 err = unix_scm_to_skb(siocb->scm, skb, true);
1434 if (err) 1454 if (err < 0)
1435 goto out_free; 1455 goto out_free;
1456 max_level = err + 1;
1436 unix_get_secdata(siocb->scm, skb); 1457 unix_get_secdata(siocb->scm, skb);
1437 1458
1438 skb_reset_transport_header(skb); 1459 skb_reset_transport_header(skb);
@@ -1511,7 +1532,11 @@ restart:
1511 goto restart; 1532 goto restart;
1512 } 1533 }
1513 1534
1535 if (sock_flag(other, SOCK_RCVTSTAMP))
1536 __net_timestamp(skb);
1514 skb_queue_tail(&other->sk_receive_queue, skb); 1537 skb_queue_tail(&other->sk_receive_queue, skb);
1538 if (max_level > unix_sk(other)->recursion_level)
1539 unix_sk(other)->recursion_level = max_level;
1515 unix_state_unlock(other); 1540 unix_state_unlock(other);
1516 other->sk_data_ready(other, len); 1541 other->sk_data_ready(other, len);
1517 sock_put(other); 1542 sock_put(other);
@@ -1542,6 +1567,7 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1542 int sent = 0; 1567 int sent = 0;
1543 struct scm_cookie tmp_scm; 1568 struct scm_cookie tmp_scm;
1544 bool fds_sent = false; 1569 bool fds_sent = false;
1570 int max_level;
1545 1571
1546 if (NULL == siocb->scm) 1572 if (NULL == siocb->scm)
1547 siocb->scm = &tmp_scm; 1573 siocb->scm = &tmp_scm;
@@ -1605,10 +1631,11 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1605 1631
1606 /* Only send the fds in the first buffer */ 1632 /* Only send the fds in the first buffer */
1607 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent); 1633 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1608 if (err) { 1634 if (err < 0) {
1609 kfree_skb(skb); 1635 kfree_skb(skb);
1610 goto out_err; 1636 goto out_err;
1611 } 1637 }
1638 max_level = err + 1;
1612 fds_sent = true; 1639 fds_sent = true;
1613 1640
1614 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 1641 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
@@ -1624,6 +1651,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1624 goto pipe_err_free; 1651 goto pipe_err_free;
1625 1652
1626 skb_queue_tail(&other->sk_receive_queue, skb); 1653 skb_queue_tail(&other->sk_receive_queue, skb);
1654 if (max_level > unix_sk(other)->recursion_level)
1655 unix_sk(other)->recursion_level = max_level;
1627 unix_state_unlock(other); 1656 unix_state_unlock(other);
1628 other->sk_data_ready(other, size); 1657 other->sk_data_ready(other, size);
1629 sent += size; 1658 sent += size;
@@ -1708,7 +1737,8 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1708 goto out_unlock; 1737 goto out_unlock;
1709 } 1738 }
1710 1739
1711 wake_up_interruptible_sync(&u->peer_wait); 1740 wake_up_interruptible_sync_poll(&u->peer_wait,
1741 POLLOUT | POLLWRNORM | POLLWRBAND);
1712 1742
1713 if (msg->msg_name) 1743 if (msg->msg_name)
1714 unix_copy_addr(msg, skb->sk); 1744 unix_copy_addr(msg, skb->sk);
@@ -1722,6 +1752,9 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1722 if (err) 1752 if (err)
1723 goto out_free; 1753 goto out_free;
1724 1754
1755 if (sock_flag(sk, SOCK_RCVTSTAMP))
1756 __sock_recv_timestamp(msg, sk, skb);
1757
1725 if (!siocb->scm) { 1758 if (!siocb->scm) {
1726 siocb->scm = &tmp_scm; 1759 siocb->scm = &tmp_scm;
1727 memset(&tmp_scm, 0, sizeof(tmp_scm)); 1760 memset(&tmp_scm, 0, sizeof(tmp_scm));
@@ -1840,6 +1873,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1840 unix_state_lock(sk); 1873 unix_state_lock(sk);
1841 skb = skb_dequeue(&sk->sk_receive_queue); 1874 skb = skb_dequeue(&sk->sk_receive_queue);
1842 if (skb == NULL) { 1875 if (skb == NULL) {
1876 unix_sk(sk)->recursion_level = 0;
1843 if (copied >= target) 1877 if (copied >= target)
1844 goto unlock; 1878 goto unlock;
1845 1879
@@ -2033,11 +2067,10 @@ static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table
2033 if (sk->sk_shutdown == SHUTDOWN_MASK) 2067 if (sk->sk_shutdown == SHUTDOWN_MASK)
2034 mask |= POLLHUP; 2068 mask |= POLLHUP;
2035 if (sk->sk_shutdown & RCV_SHUTDOWN) 2069 if (sk->sk_shutdown & RCV_SHUTDOWN)
2036 mask |= POLLRDHUP; 2070 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2037 2071
2038 /* readable? */ 2072 /* readable? */
2039 if (!skb_queue_empty(&sk->sk_receive_queue) || 2073 if (!skb_queue_empty(&sk->sk_receive_queue))
2040 (sk->sk_shutdown & RCV_SHUTDOWN))
2041 mask |= POLLIN | POLLRDNORM; 2074 mask |= POLLIN | POLLRDNORM;
2042 2075
2043 /* Connection-based need to check for termination and startup */ 2076 /* Connection-based need to check for termination and startup */
@@ -2068,13 +2101,12 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2068 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue)) 2101 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2069 mask |= POLLERR; 2102 mask |= POLLERR;
2070 if (sk->sk_shutdown & RCV_SHUTDOWN) 2103 if (sk->sk_shutdown & RCV_SHUTDOWN)
2071 mask |= POLLRDHUP; 2104 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2072 if (sk->sk_shutdown == SHUTDOWN_MASK) 2105 if (sk->sk_shutdown == SHUTDOWN_MASK)
2073 mask |= POLLHUP; 2106 mask |= POLLHUP;
2074 2107
2075 /* readable? */ 2108 /* readable? */
2076 if (!skb_queue_empty(&sk->sk_receive_queue) || 2109 if (!skb_queue_empty(&sk->sk_receive_queue))
2077 (sk->sk_shutdown & RCV_SHUTDOWN))
2078 mask |= POLLIN | POLLRDNORM; 2110 mask |= POLLIN | POLLRDNORM;
2079 2111
2080 /* Connection-based need to check for termination and startup */ 2112 /* Connection-based need to check for termination and startup */
@@ -2086,20 +2118,19 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2086 return mask; 2118 return mask;
2087 } 2119 }
2088 2120
2089 /* writable? */ 2121 /* No write status requested, avoid expensive OUT tests. */
2090 writable = unix_writable(sk); 2122 if (wait && !(wait->key & (POLLWRBAND | POLLWRNORM | POLLOUT)))
2091 if (writable) { 2123 return mask;
2092 other = unix_peer_get(sk);
2093 if (other) {
2094 if (unix_peer(other) != sk) {
2095 sock_poll_wait(file, &unix_sk(other)->peer_wait,
2096 wait);
2097 if (unix_recvq_full(other))
2098 writable = 0;
2099 }
2100 2124
2101 sock_put(other); 2125 writable = unix_writable(sk);
2126 other = unix_peer_get(sk);
2127 if (other) {
2128 if (unix_peer(other) != sk) {
2129 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2130 if (unix_recvq_full(other))
2131 writable = 0;
2102 } 2132 }
2133 sock_put(other);
2103 } 2134 }
2104 2135
2105 if (writable) 2136 if (writable)
generated by cgit v1.2.2 (git 2.25.0) at 2025-05-07 17:13:19 -0400