aboutsummaryrefslogtreecommitdiffstats
path: root/net/unix/af_unix.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/unix/af_unix.c')
-rw-r--r--net/unix/af_unix.c254
1 files changed, 162 insertions, 92 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 36d4e44d6233..dd419d286204 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -117,7 +117,7 @@
117 117
118static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1]; 118static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
119static DEFINE_SPINLOCK(unix_table_lock); 119static DEFINE_SPINLOCK(unix_table_lock);
120static atomic_t unix_nr_socks = ATOMIC_INIT(0); 120static atomic_long_t unix_nr_socks;
121 121
122#define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE]) 122#define unix_sockets_unbound (&unix_socket_table[UNIX_HASH_SIZE])
123 123
@@ -144,7 +144,7 @@ static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
144/* 144/*
145 * SMP locking strategy: 145 * SMP locking strategy:
146 * hash table is protected with spinlock unix_table_lock 146 * hash table is protected with spinlock unix_table_lock
147 * each socket state is protected by separate rwlock. 147 * each socket state is protected by separate spin lock.
148 */ 148 */
149 149
150static inline unsigned unix_hash_fold(__wsum n) 150static inline unsigned unix_hash_fold(__wsum n)
@@ -282,7 +282,7 @@ static inline struct sock *unix_find_socket_byname(struct net *net,
282 return s; 282 return s;
283} 283}
284 284
285static struct sock *unix_find_socket_byinode(struct net *net, struct inode *i) 285static struct sock *unix_find_socket_byinode(struct inode *i)
286{ 286{
287 struct sock *s; 287 struct sock *s;
288 struct hlist_node *node; 288 struct hlist_node *node;
@@ -292,9 +292,6 @@ static struct sock *unix_find_socket_byinode(struct net *net, struct inode *i)
292 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) { 292 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
293 struct dentry *dentry = unix_sk(s)->dentry; 293 struct dentry *dentry = unix_sk(s)->dentry;
294 294
295 if (!net_eq(sock_net(s), net))
296 continue;
297
298 if (dentry && dentry->d_inode == i) { 295 if (dentry && dentry->d_inode == i) {
299 sock_hold(s); 296 sock_hold(s);
300 goto found; 297 goto found;
@@ -313,13 +310,17 @@ static inline int unix_writable(struct sock *sk)
313 310
314static void unix_write_space(struct sock *sk) 311static void unix_write_space(struct sock *sk)
315{ 312{
316 read_lock(&sk->sk_callback_lock); 313 struct socket_wq *wq;
314
315 rcu_read_lock();
317 if (unix_writable(sk)) { 316 if (unix_writable(sk)) {
318 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 317 wq = rcu_dereference(sk->sk_wq);
319 wake_up_interruptible_sync(sk->sk_sleep); 318 if (wq_has_sleeper(wq))
319 wake_up_interruptible_sync_poll(&wq->wait,
320 POLLOUT | POLLWRNORM | POLLWRBAND);
320 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 321 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
321 } 322 }
322 read_unlock(&sk->sk_callback_lock); 323 rcu_read_unlock();
323} 324}
324 325
325/* When dgram socket disconnects (or changes its peer), we clear its receive 326/* When dgram socket disconnects (or changes its peer), we clear its receive
@@ -360,13 +361,13 @@ static void unix_sock_destructor(struct sock *sk)
360 if (u->addr) 361 if (u->addr)
361 unix_release_addr(u->addr); 362 unix_release_addr(u->addr);
362 363
363 atomic_dec(&unix_nr_socks); 364 atomic_long_dec(&unix_nr_socks);
364 local_bh_disable(); 365 local_bh_disable();
365 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 366 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
366 local_bh_enable(); 367 local_bh_enable();
367#ifdef UNIX_REFCNT_DEBUG 368#ifdef UNIX_REFCNT_DEBUG
368 printk(KERN_DEBUG "UNIX %p is destroyed, %d are still alive.\n", sk, 369 printk(KERN_DEBUG "UNIX %p is destroyed, %ld are still alive.\n", sk,
369 atomic_read(&unix_nr_socks)); 370 atomic_long_read(&unix_nr_socks));
370#endif 371#endif
371} 372}
372 373
@@ -406,9 +407,7 @@ static int unix_release_sock(struct sock *sk, int embrion)
406 skpair->sk_err = ECONNRESET; 407 skpair->sk_err = ECONNRESET;
407 unix_state_unlock(skpair); 408 unix_state_unlock(skpair);
408 skpair->sk_state_change(skpair); 409 skpair->sk_state_change(skpair);
409 read_lock(&skpair->sk_callback_lock);
410 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP); 410 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
411 read_unlock(&skpair->sk_callback_lock);
412 } 411 }
413 sock_put(skpair); /* It may now die */ 412 sock_put(skpair); /* It may now die */
414 unix_peer(sk) = NULL; 413 unix_peer(sk) = NULL;
@@ -449,11 +448,31 @@ static int unix_release_sock(struct sock *sk, int embrion)
449 return 0; 448 return 0;
450} 449}
451 450
451static void init_peercred(struct sock *sk)
452{
453 put_pid(sk->sk_peer_pid);
454 if (sk->sk_peer_cred)
455 put_cred(sk->sk_peer_cred);
456 sk->sk_peer_pid = get_pid(task_tgid(current));
457 sk->sk_peer_cred = get_current_cred();
458}
459
460static void copy_peercred(struct sock *sk, struct sock *peersk)
461{
462 put_pid(sk->sk_peer_pid);
463 if (sk->sk_peer_cred)
464 put_cred(sk->sk_peer_cred);
465 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
466 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
467}
468
452static int unix_listen(struct socket *sock, int backlog) 469static int unix_listen(struct socket *sock, int backlog)
453{ 470{
454 int err; 471 int err;
455 struct sock *sk = sock->sk; 472 struct sock *sk = sock->sk;
456 struct unix_sock *u = unix_sk(sk); 473 struct unix_sock *u = unix_sk(sk);
474 struct pid *old_pid = NULL;
475 const struct cred *old_cred = NULL;
457 476
458 err = -EOPNOTSUPP; 477 err = -EOPNOTSUPP;
459 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET) 478 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
@@ -469,12 +488,14 @@ static int unix_listen(struct socket *sock, int backlog)
469 sk->sk_max_ack_backlog = backlog; 488 sk->sk_max_ack_backlog = backlog;
470 sk->sk_state = TCP_LISTEN; 489 sk->sk_state = TCP_LISTEN;
471 /* set credentials so connect can copy them */ 490 /* set credentials so connect can copy them */
472 sk->sk_peercred.pid = task_tgid_vnr(current); 491 init_peercred(sk);
473 current_euid_egid(&sk->sk_peercred.uid, &sk->sk_peercred.gid);
474 err = 0; 492 err = 0;
475 493
476out_unlock: 494out_unlock:
477 unix_state_unlock(sk); 495 unix_state_unlock(sk);
496 put_pid(old_pid);
497 if (old_cred)
498 put_cred(old_cred);
478out: 499out:
479 return err; 500 return err;
480} 501}
@@ -586,8 +607,8 @@ static struct sock *unix_create1(struct net *net, struct socket *sock)
586 struct sock *sk = NULL; 607 struct sock *sk = NULL;
587 struct unix_sock *u; 608 struct unix_sock *u;
588 609
589 atomic_inc(&unix_nr_socks); 610 atomic_long_inc(&unix_nr_socks);
590 if (atomic_read(&unix_nr_socks) > 2 * get_max_files()) 611 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
591 goto out; 612 goto out;
592 613
593 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto); 614 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
@@ -612,7 +633,7 @@ static struct sock *unix_create1(struct net *net, struct socket *sock)
612 unix_insert_socket(unix_sockets_unbound, sk); 633 unix_insert_socket(unix_sockets_unbound, sk);
613out: 634out:
614 if (sk == NULL) 635 if (sk == NULL)
615 atomic_dec(&unix_nr_socks); 636 atomic_long_dec(&unix_nr_socks);
616 else { 637 else {
617 local_bh_disable(); 638 local_bh_disable();
618 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 639 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
@@ -621,7 +642,8 @@ out:
621 return sk; 642 return sk;
622} 643}
623 644
624static int unix_create(struct net *net, struct socket *sock, int protocol) 645static int unix_create(struct net *net, struct socket *sock, int protocol,
646 int kern)
625{ 647{
626 if (protocol && protocol != PF_UNIX) 648 if (protocol && protocol != PF_UNIX)
627 return -EPROTONOSUPPORT; 649 return -EPROTONOSUPPORT;
@@ -671,6 +693,7 @@ static int unix_autobind(struct socket *sock)
671 static u32 ordernum = 1; 693 static u32 ordernum = 1;
672 struct unix_address *addr; 694 struct unix_address *addr;
673 int err; 695 int err;
696 unsigned int retries = 0;
674 697
675 mutex_lock(&u->readlock); 698 mutex_lock(&u->readlock);
676 699
@@ -696,9 +719,17 @@ retry:
696 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type, 719 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
697 addr->hash)) { 720 addr->hash)) {
698 spin_unlock(&unix_table_lock); 721 spin_unlock(&unix_table_lock);
699 /* Sanity yield. It is unusual case, but yet... */ 722 /*
700 if (!(ordernum&0xFF)) 723 * __unix_find_socket_byname() may take long time if many names
701 yield(); 724 * are already in use.
725 */
726 cond_resched();
727 /* Give up if all names seems to be in use. */
728 if (retries++ == 0xFFFFF) {
729 err = -ENOSPC;
730 kfree(addr);
731 goto out;
732 }
702 goto retry; 733 goto retry;
703 } 734 }
704 addr->hash ^= sk->sk_type; 735 addr->hash ^= sk->sk_type;
@@ -734,7 +765,7 @@ static struct sock *unix_find_other(struct net *net,
734 err = -ECONNREFUSED; 765 err = -ECONNREFUSED;
735 if (!S_ISSOCK(inode->i_mode)) 766 if (!S_ISSOCK(inode->i_mode))
736 goto put_fail; 767 goto put_fail;
737 u = unix_find_socket_byinode(net, inode); 768 u = unix_find_socket_byinode(inode);
738 if (!u) 769 if (!u)
739 goto put_fail; 770 goto put_fail;
740 771
@@ -1032,8 +1063,8 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1032 goto out; 1063 goto out;
1033 addr_len = err; 1064 addr_len = err;
1034 1065
1035 if (test_bit(SOCK_PASSCRED, &sock->flags) 1066 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1036 && !u->addr && (err = unix_autobind(sock)) != 0) 1067 (err = unix_autobind(sock)) != 0)
1037 goto out; 1068 goto out;
1038 1069
1039 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK); 1070 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
@@ -1074,6 +1105,8 @@ restart:
1074 err = -ECONNREFUSED; 1105 err = -ECONNREFUSED;
1075 if (other->sk_state != TCP_LISTEN) 1106 if (other->sk_state != TCP_LISTEN)
1076 goto out_unlock; 1107 goto out_unlock;
1108 if (other->sk_shutdown & RCV_SHUTDOWN)
1109 goto out_unlock;
1077 1110
1078 if (unix_recvq_full(other)) { 1111 if (unix_recvq_full(other)) {
1079 err = -EAGAIN; 1112 err = -EAGAIN;
@@ -1124,7 +1157,7 @@ restart:
1124 goto restart; 1157 goto restart;
1125 } 1158 }
1126 1159
1127 err = security_unix_stream_connect(sock, other->sk_socket, newsk); 1160 err = security_unix_stream_connect(sk, other, newsk);
1128 if (err) { 1161 if (err) {
1129 unix_state_unlock(sk); 1162 unix_state_unlock(sk);
1130 goto out_unlock; 1163 goto out_unlock;
@@ -1136,10 +1169,9 @@ restart:
1136 unix_peer(newsk) = sk; 1169 unix_peer(newsk) = sk;
1137 newsk->sk_state = TCP_ESTABLISHED; 1170 newsk->sk_state = TCP_ESTABLISHED;
1138 newsk->sk_type = sk->sk_type; 1171 newsk->sk_type = sk->sk_type;
1139 newsk->sk_peercred.pid = task_tgid_vnr(current); 1172 init_peercred(newsk);
1140 current_euid_egid(&newsk->sk_peercred.uid, &newsk->sk_peercred.gid);
1141 newu = unix_sk(newsk); 1173 newu = unix_sk(newsk);
1142 newsk->sk_sleep = &newu->peer_wait; 1174 newsk->sk_wq = &newu->peer_wq;
1143 otheru = unix_sk(other); 1175 otheru = unix_sk(other);
1144 1176
1145 /* copy address information from listening to new sock*/ 1177 /* copy address information from listening to new sock*/
@@ -1153,7 +1185,7 @@ restart:
1153 } 1185 }
1154 1186
1155 /* Set credentials */ 1187 /* Set credentials */
1156 sk->sk_peercred = other->sk_peercred; 1188 copy_peercred(sk, other);
1157 1189
1158 sock->state = SS_CONNECTED; 1190 sock->state = SS_CONNECTED;
1159 sk->sk_state = TCP_ESTABLISHED; 1191 sk->sk_state = TCP_ESTABLISHED;
@@ -1195,10 +1227,8 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb)
1195 sock_hold(skb); 1227 sock_hold(skb);
1196 unix_peer(ska) = skb; 1228 unix_peer(ska) = skb;
1197 unix_peer(skb) = ska; 1229 unix_peer(skb) = ska;
1198 ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current); 1230 init_peercred(ska);
1199 current_euid_egid(&skb->sk_peercred.uid, &skb->sk_peercred.gid); 1231 init_peercred(skb);
1200 ska->sk_peercred.uid = skb->sk_peercred.uid;
1201 ska->sk_peercred.gid = skb->sk_peercred.gid;
1202 1232
1203 if (ska->sk_type != SOCK_DGRAM) { 1233 if (ska->sk_type != SOCK_DGRAM) {
1204 ska->sk_state = TCP_ESTABLISHED; 1234 ska->sk_state = TCP_ESTABLISHED;
@@ -1256,7 +1286,7 @@ static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_
1256{ 1286{
1257 struct sock *sk = sock->sk; 1287 struct sock *sk = sock->sk;
1258 struct unix_sock *u; 1288 struct unix_sock *u;
1259 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr; 1289 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1260 int err = 0; 1290 int err = 0;
1261 1291
1262 if (peer) { 1292 if (peer) {
@@ -1293,18 +1323,20 @@ static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1293 int i; 1323 int i;
1294 1324
1295 scm->fp = UNIXCB(skb).fp; 1325 scm->fp = UNIXCB(skb).fp;
1296 skb->destructor = sock_wfree;
1297 UNIXCB(skb).fp = NULL; 1326 UNIXCB(skb).fp = NULL;
1298 1327
1299 for (i = scm->fp->count-1; i >= 0; i--) 1328 for (i = scm->fp->count-1; i >= 0; i--)
1300 unix_notinflight(scm->fp->fp[i]); 1329 unix_notinflight(scm->fp->fp[i]);
1301} 1330}
1302 1331
1303static void unix_destruct_fds(struct sk_buff *skb) 1332static void unix_destruct_scm(struct sk_buff *skb)
1304{ 1333{
1305 struct scm_cookie scm; 1334 struct scm_cookie scm;
1306 memset(&scm, 0, sizeof(scm)); 1335 memset(&scm, 0, sizeof(scm));
1307 unix_detach_fds(&scm, skb); 1336 scm.pid = UNIXCB(skb).pid;
1337 scm.cred = UNIXCB(skb).cred;
1338 if (UNIXCB(skb).fp)
1339 unix_detach_fds(&scm, skb);
1308 1340
1309 /* Alas, it calls VFS */ 1341 /* Alas, it calls VFS */
1310 /* So fscking what? fput() had been SMP-safe since the last Summer */ 1342 /* So fscking what? fput() had been SMP-safe since the last Summer */
@@ -1312,9 +1344,25 @@ static void unix_destruct_fds(struct sk_buff *skb)
1312 sock_wfree(skb); 1344 sock_wfree(skb);
1313} 1345}
1314 1346
1347#define MAX_RECURSION_LEVEL 4
1348
1315static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb) 1349static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1316{ 1350{
1317 int i; 1351 int i;
1352 unsigned char max_level = 0;
1353 int unix_sock_count = 0;
1354
1355 for (i = scm->fp->count - 1; i >= 0; i--) {
1356 struct sock *sk = unix_get_socket(scm->fp->fp[i]);
1357
1358 if (sk) {
1359 unix_sock_count++;
1360 max_level = max(max_level,
1361 unix_sk(sk)->recursion_level);
1362 }
1363 }
1364 if (unlikely(max_level > MAX_RECURSION_LEVEL))
1365 return -ETOOMANYREFS;
1318 1366
1319 /* 1367 /*
1320 * Need to duplicate file references for the sake of garbage 1368 * Need to duplicate file references for the sake of garbage
@@ -1325,10 +1373,24 @@ static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1325 if (!UNIXCB(skb).fp) 1373 if (!UNIXCB(skb).fp)
1326 return -ENOMEM; 1374 return -ENOMEM;
1327 1375
1328 for (i = scm->fp->count-1; i >= 0; i--) 1376 if (unix_sock_count) {
1329 unix_inflight(scm->fp->fp[i]); 1377 for (i = scm->fp->count - 1; i >= 0; i--)
1330 skb->destructor = unix_destruct_fds; 1378 unix_inflight(scm->fp->fp[i]);
1331 return 0; 1379 }
1380 return max_level;
1381}
1382
1383static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1384{
1385 int err = 0;
1386 UNIXCB(skb).pid = get_pid(scm->pid);
1387 UNIXCB(skb).cred = get_cred(scm->cred);
1388 UNIXCB(skb).fp = NULL;
1389 if (scm->fp && send_fds)
1390 err = unix_attach_fds(scm, skb);
1391
1392 skb->destructor = unix_destruct_scm;
1393 return err;
1332} 1394}
1333 1395
1334/* 1396/*
@@ -1350,6 +1412,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1350 struct sk_buff *skb; 1412 struct sk_buff *skb;
1351 long timeo; 1413 long timeo;
1352 struct scm_cookie tmp_scm; 1414 struct scm_cookie tmp_scm;
1415 int max_level;
1353 1416
1354 if (NULL == siocb->scm) 1417 if (NULL == siocb->scm)
1355 siocb->scm = &tmp_scm; 1418 siocb->scm = &tmp_scm;
@@ -1375,8 +1438,8 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1375 goto out; 1438 goto out;
1376 } 1439 }
1377 1440
1378 if (test_bit(SOCK_PASSCRED, &sock->flags) 1441 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1379 && !u->addr && (err = unix_autobind(sock)) != 0) 1442 && (err = unix_autobind(sock)) != 0)
1380 goto out; 1443 goto out;
1381 1444
1382 err = -EMSGSIZE; 1445 err = -EMSGSIZE;
@@ -1387,12 +1450,10 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1387 if (skb == NULL) 1450 if (skb == NULL)
1388 goto out; 1451 goto out;
1389 1452
1390 memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1453 err = unix_scm_to_skb(siocb->scm, skb, true);
1391 if (siocb->scm->fp) { 1454 if (err < 0)
1392 err = unix_attach_fds(siocb->scm, skb); 1455 goto out_free;
1393 if (err) 1456 max_level = err + 1;
1394 goto out_free;
1395 }
1396 unix_get_secdata(siocb->scm, skb); 1457 unix_get_secdata(siocb->scm, skb);
1397 1458
1398 skb_reset_transport_header(skb); 1459 skb_reset_transport_header(skb);
@@ -1471,7 +1532,11 @@ restart:
1471 goto restart; 1532 goto restart;
1472 } 1533 }
1473 1534
1535 if (sock_flag(other, SOCK_RCVTSTAMP))
1536 __net_timestamp(skb);
1474 skb_queue_tail(&other->sk_receive_queue, skb); 1537 skb_queue_tail(&other->sk_receive_queue, skb);
1538 if (max_level > unix_sk(other)->recursion_level)
1539 unix_sk(other)->recursion_level = max_level;
1475 unix_state_unlock(other); 1540 unix_state_unlock(other);
1476 other->sk_data_ready(other, len); 1541 other->sk_data_ready(other, len);
1477 sock_put(other); 1542 sock_put(other);
@@ -1501,6 +1566,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1501 struct sk_buff *skb; 1566 struct sk_buff *skb;
1502 int sent = 0; 1567 int sent = 0;
1503 struct scm_cookie tmp_scm; 1568 struct scm_cookie tmp_scm;
1569 bool fds_sent = false;
1570 int max_level;
1504 1571
1505 if (NULL == siocb->scm) 1572 if (NULL == siocb->scm)
1506 siocb->scm = &tmp_scm; 1573 siocb->scm = &tmp_scm;
@@ -1561,14 +1628,15 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1561 */ 1628 */
1562 size = min_t(int, size, skb_tailroom(skb)); 1629 size = min_t(int, size, skb_tailroom(skb));
1563 1630
1564 memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1631
1565 if (siocb->scm->fp) { 1632 /* Only send the fds in the first buffer */
1566 err = unix_attach_fds(siocb->scm, skb); 1633 err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1567 if (err) { 1634 if (err < 0) {
1568 kfree_skb(skb); 1635 kfree_skb(skb);
1569 goto out_err; 1636 goto out_err;
1570 }
1571 } 1637 }
1638 max_level = err + 1;
1639 fds_sent = true;
1572 1640
1573 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 1641 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1574 if (err) { 1642 if (err) {
@@ -1583,6 +1651,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1583 goto pipe_err_free; 1651 goto pipe_err_free;
1584 1652
1585 skb_queue_tail(&other->sk_receive_queue, skb); 1653 skb_queue_tail(&other->sk_receive_queue, skb);
1654 if (max_level > unix_sk(other)->recursion_level)
1655 unix_sk(other)->recursion_level = max_level;
1586 unix_state_unlock(other); 1656 unix_state_unlock(other);
1587 other->sk_data_ready(other, size); 1657 other->sk_data_ready(other, size);
1588 sent += size; 1658 sent += size;
@@ -1667,7 +1737,8 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1667 goto out_unlock; 1737 goto out_unlock;
1668 } 1738 }
1669 1739
1670 wake_up_interruptible_sync(&u->peer_wait); 1740 wake_up_interruptible_sync_poll(&u->peer_wait,
1741 POLLOUT | POLLWRNORM | POLLWRBAND);
1671 1742
1672 if (msg->msg_name) 1743 if (msg->msg_name)
1673 unix_copy_addr(msg, skb->sk); 1744 unix_copy_addr(msg, skb->sk);
@@ -1681,11 +1752,14 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1681 if (err) 1752 if (err)
1682 goto out_free; 1753 goto out_free;
1683 1754
1755 if (sock_flag(sk, SOCK_RCVTSTAMP))
1756 __sock_recv_timestamp(msg, sk, skb);
1757
1684 if (!siocb->scm) { 1758 if (!siocb->scm) {
1685 siocb->scm = &tmp_scm; 1759 siocb->scm = &tmp_scm;
1686 memset(&tmp_scm, 0, sizeof(tmp_scm)); 1760 memset(&tmp_scm, 0, sizeof(tmp_scm));
1687 } 1761 }
1688 siocb->scm->creds = *UNIXCREDS(skb); 1762 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1689 unix_set_secdata(siocb->scm, skb); 1763 unix_set_secdata(siocb->scm, skb);
1690 1764
1691 if (!(flags & MSG_PEEK)) { 1765 if (!(flags & MSG_PEEK)) {
@@ -1730,7 +1804,7 @@ static long unix_stream_data_wait(struct sock *sk, long timeo)
1730 unix_state_lock(sk); 1804 unix_state_lock(sk);
1731 1805
1732 for (;;) { 1806 for (;;) {
1733 prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); 1807 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1734 1808
1735 if (!skb_queue_empty(&sk->sk_receive_queue) || 1809 if (!skb_queue_empty(&sk->sk_receive_queue) ||
1736 sk->sk_err || 1810 sk->sk_err ||
@@ -1746,7 +1820,7 @@ static long unix_stream_data_wait(struct sock *sk, long timeo)
1746 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 1820 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1747 } 1821 }
1748 1822
1749 finish_wait(sk->sk_sleep, &wait); 1823 finish_wait(sk_sleep(sk), &wait);
1750 unix_state_unlock(sk); 1824 unix_state_unlock(sk);
1751 return timeo; 1825 return timeo;
1752} 1826}
@@ -1799,6 +1873,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1799 unix_state_lock(sk); 1873 unix_state_lock(sk);
1800 skb = skb_dequeue(&sk->sk_receive_queue); 1874 skb = skb_dequeue(&sk->sk_receive_queue);
1801 if (skb == NULL) { 1875 if (skb == NULL) {
1876 unix_sk(sk)->recursion_level = 0;
1802 if (copied >= target) 1877 if (copied >= target)
1803 goto unlock; 1878 goto unlock;
1804 1879
@@ -1834,14 +1909,14 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1834 1909
1835 if (check_creds) { 1910 if (check_creds) {
1836 /* Never glue messages from different writers */ 1911 /* Never glue messages from different writers */
1837 if (memcmp(UNIXCREDS(skb), &siocb->scm->creds, 1912 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1838 sizeof(siocb->scm->creds)) != 0) { 1913 (UNIXCB(skb).cred != siocb->scm->cred)) {
1839 skb_queue_head(&sk->sk_receive_queue, skb); 1914 skb_queue_head(&sk->sk_receive_queue, skb);
1840 break; 1915 break;
1841 } 1916 }
1842 } else { 1917 } else {
1843 /* Copy credentials */ 1918 /* Copy credentials */
1844 siocb->scm->creds = *UNIXCREDS(skb); 1919 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1845 check_creds = 1; 1920 check_creds = 1;
1846 } 1921 }
1847 1922
@@ -1874,7 +1949,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1874 break; 1949 break;
1875 } 1950 }
1876 1951
1877 kfree_skb(skb); 1952 consume_skb(skb);
1878 1953
1879 if (siocb->scm->fp) 1954 if (siocb->scm->fp)
1880 break; 1955 break;
@@ -1925,12 +2000,10 @@ static int unix_shutdown(struct socket *sock, int mode)
1925 other->sk_shutdown |= peer_mode; 2000 other->sk_shutdown |= peer_mode;
1926 unix_state_unlock(other); 2001 unix_state_unlock(other);
1927 other->sk_state_change(other); 2002 other->sk_state_change(other);
1928 read_lock(&other->sk_callback_lock);
1929 if (peer_mode == SHUTDOWN_MASK) 2003 if (peer_mode == SHUTDOWN_MASK)
1930 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP); 2004 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
1931 else if (peer_mode & RCV_SHUTDOWN) 2005 else if (peer_mode & RCV_SHUTDOWN)
1932 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN); 2006 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
1933 read_unlock(&other->sk_callback_lock);
1934 } 2007 }
1935 if (other) 2008 if (other)
1936 sock_put(other); 2009 sock_put(other);
@@ -1985,7 +2058,7 @@ static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table
1985 struct sock *sk = sock->sk; 2058 struct sock *sk = sock->sk;
1986 unsigned int mask; 2059 unsigned int mask;
1987 2060
1988 poll_wait(file, sk->sk_sleep, wait); 2061 sock_poll_wait(file, sk_sleep(sk), wait);
1989 mask = 0; 2062 mask = 0;
1990 2063
1991 /* exceptional events? */ 2064 /* exceptional events? */
@@ -1994,11 +2067,10 @@ static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table
1994 if (sk->sk_shutdown == SHUTDOWN_MASK) 2067 if (sk->sk_shutdown == SHUTDOWN_MASK)
1995 mask |= POLLHUP; 2068 mask |= POLLHUP;
1996 if (sk->sk_shutdown & RCV_SHUTDOWN) 2069 if (sk->sk_shutdown & RCV_SHUTDOWN)
1997 mask |= POLLRDHUP; 2070 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
1998 2071
1999 /* readable? */ 2072 /* readable? */
2000 if (!skb_queue_empty(&sk->sk_receive_queue) || 2073 if (!skb_queue_empty(&sk->sk_receive_queue))
2001 (sk->sk_shutdown & RCV_SHUTDOWN))
2002 mask |= POLLIN | POLLRDNORM; 2074 mask |= POLLIN | POLLRDNORM;
2003 2075
2004 /* Connection-based need to check for termination and startup */ 2076 /* Connection-based need to check for termination and startup */
@@ -2022,20 +2094,19 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2022 struct sock *sk = sock->sk, *other; 2094 struct sock *sk = sock->sk, *other;
2023 unsigned int mask, writable; 2095 unsigned int mask, writable;
2024 2096
2025 poll_wait(file, sk->sk_sleep, wait); 2097 sock_poll_wait(file, sk_sleep(sk), wait);
2026 mask = 0; 2098 mask = 0;
2027 2099
2028 /* exceptional events? */ 2100 /* exceptional events? */
2029 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue)) 2101 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2030 mask |= POLLERR; 2102 mask |= POLLERR;
2031 if (sk->sk_shutdown & RCV_SHUTDOWN) 2103 if (sk->sk_shutdown & RCV_SHUTDOWN)
2032 mask |= POLLRDHUP; 2104 mask |= POLLRDHUP | POLLIN | POLLRDNORM;
2033 if (sk->sk_shutdown == SHUTDOWN_MASK) 2105 if (sk->sk_shutdown == SHUTDOWN_MASK)
2034 mask |= POLLHUP; 2106 mask |= POLLHUP;
2035 2107
2036 /* readable? */ 2108 /* readable? */
2037 if (!skb_queue_empty(&sk->sk_receive_queue) || 2109 if (!skb_queue_empty(&sk->sk_receive_queue))
2038 (sk->sk_shutdown & RCV_SHUTDOWN))
2039 mask |= POLLIN | POLLRDNORM; 2110 mask |= POLLIN | POLLRDNORM;
2040 2111
2041 /* Connection-based need to check for termination and startup */ 2112 /* Connection-based need to check for termination and startup */
@@ -2047,20 +2118,19 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2047 return mask; 2118 return mask;
2048 } 2119 }
2049 2120
2050 /* writable? */ 2121 /* No write status requested, avoid expensive OUT tests. */
2051 writable = unix_writable(sk); 2122 if (wait && !(wait->key & (POLLWRBAND | POLLWRNORM | POLLOUT)))
2052 if (writable) { 2123 return mask;
2053 other = unix_peer_get(sk);
2054 if (other) {
2055 if (unix_peer(other) != sk) {
2056 poll_wait(file, &unix_sk(other)->peer_wait,
2057 wait);
2058 if (unix_recvq_full(other))
2059 writable = 0;
2060 }
2061 2124
2062 sock_put(other); 2125 writable = unix_writable(sk);
2126 other = unix_peer_get(sk);
2127 if (other) {
2128 if (unix_peer(other) != sk) {
2129 sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
2130 if (unix_recvq_full(other))
2131 writable = 0;
2063 } 2132 }
2133 sock_put(other);
2064 } 2134 }
2065 2135
2066 if (writable) 2136 if (writable)
@@ -2211,14 +2281,14 @@ static const struct file_operations unix_seq_fops = {
2211 2281
2212#endif 2282#endif
2213 2283
2214static struct net_proto_family unix_family_ops = { 2284static const struct net_proto_family unix_family_ops = {
2215 .family = PF_UNIX, 2285 .family = PF_UNIX,
2216 .create = unix_create, 2286 .create = unix_create,
2217 .owner = THIS_MODULE, 2287 .owner = THIS_MODULE,
2218}; 2288};
2219 2289
2220 2290
2221static int unix_net_init(struct net *net) 2291static int __net_init unix_net_init(struct net *net)
2222{ 2292{
2223 int error = -ENOMEM; 2293 int error = -ENOMEM;
2224 2294
@@ -2237,7 +2307,7 @@ out:
2237 return error; 2307 return error;
2238} 2308}
2239 2309
2240static void unix_net_exit(struct net *net) 2310static void __net_exit unix_net_exit(struct net *net)
2241{ 2311{
2242 unix_sysctl_unregister(net); 2312 unix_sysctl_unregister(net);
2243 proc_net_remove(net, "unix"); 2313 proc_net_remove(net, "unix");
generated by cgit v1.2.2 (git 2.25.0) at 2025-06-09 23:34:53 -0400