3 files changed, 81 insertions, 66 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index f25511903115..4414a18c63b4 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -144,7 +144,7 @@ static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
 /*
 *  SMP locking strategy:
 *    hash table is protected with spinlock unix_table_lock
- *    each socket state is protected by separate rwlock.
+ *    each socket state is protected by separate spin lock.
 */
 static inline unsigned unix_hash_fold(__wsum n)
@@ -282,7 +282,7 @@ static inline struct sock *unix_find_socket_byname(struct net *net,
        return s;
 }
-static struct sock *unix_find_socket_byinode(struct net *net, struct inode *i)
+static struct sock *unix_find_socket_byinode(struct inode *i)
 {
        struct sock *s;
        struct hlist_node *node;
@@ -292,9 +292,6 @@ static struct sock *unix_find_socket_byinode(struct net *net, struct inode *i)
                    &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
                struct dentry *dentry = unix_sk(s)->dentry;
-                if (!net_eq(sock_net(s), net))
-                        continue;
                if (dentry && dentry->d_inode == i) {
                        sock_hold(s);
                        goto found;
@@ -313,13 +310,16 @@ static inline int unix_writable(struct sock *sk)
 static void unix_write_space(struct sock *sk)
 {
-        read_lock(&sk->sk_callback_lock);
+        struct socket_wq *wq;
+        rcu_read_lock();
        if (unix_writable(sk)) {
-                if (sk_has_sleeper(sk))
+                wq = rcu_dereference(sk->sk_wq);
-                        wake_up_interruptible_sync(sk->sk_sleep);
+                if (wq_has_sleeper(wq))
+                        wake_up_interruptible_sync(&wq->wait);
                sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
        }
-        read_unlock(&sk->sk_callback_lock);
+        rcu_read_unlock();
 }
 /* When dgram socket disconnects (or changes its peer), we clear its receive
@@ -406,9 +406,7 @@ static int unix_release_sock(struct sock *sk, int embrion)
                                skpair->sk_err = ECONNRESET;
                        unix_state_unlock(skpair);
                        skpair->sk_state_change(skpair);
-                        read_lock(&skpair->sk_callback_lock);
                        sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
-                        read_unlock(&skpair->sk_callback_lock);
                }
                sock_put(skpair); /* It may now die */
                unix_peer(sk) = NULL;
@@ -449,11 +447,31 @@ static int unix_release_sock(struct sock *sk, int embrion)
        return 0;
 }
+static void init_peercred(struct sock *sk)
+{
+        put_pid(sk->sk_peer_pid);
+        if (sk->sk_peer_cred)
+                put_cred(sk->sk_peer_cred);
+        sk->sk_peer_pid  = get_pid(task_tgid(current));
+        sk->sk_peer_cred = get_current_cred();
+}
+static void copy_peercred(struct sock *sk, struct sock *peersk)
+{
+        put_pid(sk->sk_peer_pid);
+        if (sk->sk_peer_cred)
+                put_cred(sk->sk_peer_cred);
+        sk->sk_peer_pid  = get_pid(peersk->sk_peer_pid);
+        sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
+}
 static int unix_listen(struct socket *sock, int backlog)
 {
        int err;
        struct sock *sk = sock->sk;
        struct unix_sock *u = unix_sk(sk);
+        struct pid *old_pid = NULL;
+        const struct cred *old_cred = NULL;
        err = -EOPNOTSUPP;
        if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
@@ -469,12 +487,14 @@ static int unix_listen(struct socket *sock, int backlog)
        sk->sk_max_ack_backlog  = backlog;
        sk->sk_state            = TCP_LISTEN;
        /* set credentials so connect can copy them */
-        sk->sk_peercred.pid     = task_tgid_vnr(current);
+        init_peercred(sk);
-        current_euid_egid(&sk->sk_peercred.uid, &sk->sk_peercred.gid);
        err = 0;
 out_unlock:
        unix_state_unlock(sk);
+        put_pid(old_pid);
+        if (old_cred)
+                put_cred(old_cred);
 out:
        return err;
 }
@@ -735,7 +755,7 @@ static struct sock *unix_find_other(struct net *net,
                err = -ECONNREFUSED;
                if (!S_ISSOCK(inode->i_mode))
                        goto put_fail;
-                u = unix_find_socket_byinode(net, inode);
+                u = unix_find_socket_byinode(inode);
                if (!u)
                        goto put_fail;
@@ -1139,10 +1159,9 @@ restart:
        unix_peer(newsk)        = sk;
        newsk->sk_state         = TCP_ESTABLISHED;
        newsk->sk_type          = sk->sk_type;
-        newsk->sk_peercred.pid  = task_tgid_vnr(current);
+        init_peercred(newsk);
-        current_euid_egid(&newsk->sk_peercred.uid, &newsk->sk_peercred.gid);
        newu = unix_sk(newsk);
-        newsk->sk_sleep         = &newu->peer_wait;
+        newsk->sk_wq            = &newu->peer_wq;
        otheru = unix_sk(other);
        /* copy address information from listening to new sock*/
@@ -1156,7 +1175,7 @@ restart:
        }
        /* Set credentials */
-        sk->sk_peercred = other->sk_peercred;
+        copy_peercred(sk, other);
        sock->state     = SS_CONNECTED;
        sk->sk_state    = TCP_ESTABLISHED;
@@ -1198,10 +1217,8 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb)
        sock_hold(skb);
        unix_peer(ska) = skb;
        unix_peer(skb) = ska;
-        ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current);
+        init_peercred(ska);
-        current_euid_egid(&skb->sk_peercred.uid, &skb->sk_peercred.gid);
+        init_peercred(skb);
-        ska->sk_peercred.uid = skb->sk_peercred.uid;
-        ska->sk_peercred.gid = skb->sk_peercred.gid;
        if (ska->sk_type != SOCK_DGRAM) {
                ska->sk_state = TCP_ESTABLISHED;
@@ -1296,18 +1313,20 @@ static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
        int i;
        scm->fp = UNIXCB(skb).fp;
-        skb->destructor = sock_wfree;
        UNIXCB(skb).fp = NULL;
        for (i = scm->fp->count-1; i >= 0; i--)
                unix_notinflight(scm->fp->fp[i]);
 }
-static void unix_destruct_fds(struct sk_buff *skb)
+static void unix_destruct_scm(struct sk_buff *skb)
 {
        struct scm_cookie scm;
        memset(&scm, 0, sizeof(scm));
-        unix_detach_fds(&scm, skb);
+        scm.pid  = UNIXCB(skb).pid;
+        scm.cred = UNIXCB(skb).cred;
+        if (UNIXCB(skb).fp)
+                unix_detach_fds(&scm, skb);
        /* Alas, it calls VFS */
        /* So fscking what? fput() had been SMP-safe since the last Summer */
@@ -1330,10 +1349,22 @@ static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
        for (i = scm->fp->count-1; i >= 0; i--)
                unix_inflight(scm->fp->fp[i]);
-        skb->destructor = unix_destruct_fds;
        return 0;
 }
+static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
+{
+        int err = 0;
+        UNIXCB(skb).pid  = get_pid(scm->pid);
+        UNIXCB(skb).cred = get_cred(scm->cred);
+        UNIXCB(skb).fp = NULL;
+        if (scm->fp && send_fds)
+                err = unix_attach_fds(scm, skb);
+        skb->destructor = unix_destruct_scm;
+        return err;
+}
 /*
 *      Send AF_UNIX data.
 */
@@ -1390,12 +1421,9 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
        if (skb == NULL)
                goto out;
-        memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
+        err = unix_scm_to_skb(siocb->scm, skb, true);
-        if (siocb->scm->fp) {
+        if (err)
-                err = unix_attach_fds(siocb->scm, skb);
+                goto out_free;
-                if (err)
-                        goto out_free;
-        }
        unix_get_secdata(siocb->scm, skb);
        skb_reset_transport_header(skb);
@@ -1565,16 +1593,14 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
                 */
                size = min_t(int, size, skb_tailroom(skb));
-                memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
                /* Only send the fds in the first buffer */
-                if (siocb->scm->fp && !fds_sent) {
+                err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
-                        err = unix_attach_fds(siocb->scm, skb);
+                if (err) {
-                        if (err) {
+                        kfree_skb(skb);
-                                kfree_skb(skb);
+                        goto out_err;
-                                goto out_err;
-                        }
-                        fds_sent = true;
                }
+                fds_sent = true;
                err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
                if (err) {
@@ -1691,7 +1717,7 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
                siocb->scm = &tmp_scm;
                memset(&tmp_scm, 0, sizeof(tmp_scm));
        }
-        siocb->scm->creds = *UNIXCREDS(skb);
+        scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
        unix_set_secdata(siocb->scm, skb);
        if (!(flags & MSG_PEEK)) {
@@ -1736,7 +1762,7 @@ static long unix_stream_data_wait(struct sock *sk, long timeo)
        unix_state_lock(sk);
        for (;;) {
-                prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);
+                prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
                if (!skb_queue_empty(&sk->sk_receive_queue) ||
                    sk->sk_err ||
@@ -1752,7 +1778,7 @@ static long unix_stream_data_wait(struct sock *sk, long timeo)
                clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
        }
-        finish_wait(sk->sk_sleep, &wait);
+        finish_wait(sk_sleep(sk), &wait);
        unix_state_unlock(sk);
        return timeo;
 }
@@ -1840,14 +1866,14 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
                if (check_creds) {
                        /* Never glue messages from different writers */
-                        if (memcmp(UNIXCREDS(skb), &siocb->scm->creds,
+                        if ((UNIXCB(skb).pid  != siocb->scm->pid) ||
-                                   sizeof(siocb->scm->creds)) != 0) {
+                            (UNIXCB(skb).cred != siocb->scm->cred)) {
                                skb_queue_head(&sk->sk_receive_queue, skb);
                                break;
                        }
                } else {
                        /* Copy credentials */
-                        siocb->scm->creds = *UNIXCREDS(skb);
+                        scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
                        check_creds = 1;
                }
@@ -1880,7 +1906,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
                                break;
                        }
-                        kfree_skb(skb);
+                        consume_skb(skb);
                        if (siocb->scm->fp)
                                break;
@@ -1931,12 +1957,10 @@ static int unix_shutdown(struct socket *sock, int mode)
                        other->sk_shutdown |= peer_mode;
                        unix_state_unlock(other);
                        other->sk_state_change(other);
-                        read_lock(&other->sk_callback_lock);
                        if (peer_mode == SHUTDOWN_MASK)
                                sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
                        else if (peer_mode & RCV_SHUTDOWN)
                                sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
-                        read_unlock(&other->sk_callback_lock);
                }
                if (other)
                        sock_put(other);
@@ -1991,7 +2015,7 @@ static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table
        struct sock *sk = sock->sk;
        unsigned int mask;
-        sock_poll_wait(file, sk->sk_sleep, wait);
+        sock_poll_wait(file, sk_sleep(sk), wait);
        mask = 0;
        /* exceptional events? */
@@ -2028,7 +2052,7 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
        struct sock *sk = sock->sk, *other;
        unsigned int mask, writable;
-        sock_poll_wait(file, sk->sk_sleep, wait);
+        sock_poll_wait(file, sk_sleep(sk), wait);
        mask = 0;
        /* exceptional events? */
@@ -2224,7 +2248,7 @@ static const struct net_proto_family unix_family_ops = {
 };
-static int unix_net_init(struct net *net)
+static int __net_init unix_net_init(struct net *net)
 {
        int error = -ENOMEM;
@@ -2243,7 +2267,7 @@ out:
        return error;
 }
-static void unix_net_exit(struct net *net)
+static void __net_exit unix_net_exit(struct net *net)
 {
        unix_sysctl_unregister(net);
        proc_net_remove(net, "unix");
diff --git a/net/unix/garbage.c b/net/unix/garbage.c
index 19c17e4a0c8b..c8df6fda0b1f 100644
--- a/net/unix/garbage.c
+++ b/net/unix/garbage.c
@@ -74,7 +74,6 @@
 #include <linux/un.h>
 #include <linux/net.h>
 #include <linux/fs.h>
-#include <linux/slab.h>
 #include <linux/skbuff.h>
 #include <linux/netdevice.h>
 #include <linux/file.h>
@@ -154,15 +153,6 @@ void unix_notinflight(struct file *fp)
        }
 }
-static inline struct sk_buff *sock_queue_head(struct sock *sk)
-{
-        return (struct sk_buff *)&sk->sk_receive_queue;
-}
-#define receive_queue_for_each_skb(sk, next, skb) \
-        for (skb = sock_queue_head(sk)->next, next = skb->next; \
-             skb != sock_queue_head(sk); skb = next, next = skb->next)
 static void scan_inflight(struct sock *x, void (*func)(struct unix_sock *),
                          struct sk_buff_head *hitlist)
 {
@@ -170,7 +160,7 @@ static void scan_inflight(struct sock *x, void (*func)(struct unix_sock *),
        struct sk_buff *next;
        spin_lock(&x->sk_receive_queue.lock);
-        receive_queue_for_each_skb(x, next, skb) {
+        skb_queue_walk_safe(&x->sk_receive_queue, skb, next) {
                /*
                 *      Do we have file descriptors ?
                 */
@@ -226,7 +216,7 @@ static void scan_children(struct sock *x, void (*func)(struct unix_sock *),
                 * and perform a scan on them as well.
                 */
                spin_lock(&x->sk_receive_queue.lock);
-                receive_queue_for_each_skb(x, next, skb) {
+                skb_queue_walk_safe(&x->sk_receive_queue, skb, next) {
                        u = unix_sk(skb->sk);
                        /*
diff --git a/net/unix/sysctl_net_unix.c b/net/unix/sysctl_net_unix.c
index 708f5df6b7f0..397cffebb3b6 100644
--- a/net/unix/sysctl_net_unix.c
+++ b/net/unix/sysctl_net_unix.c
@@ -10,6 +10,7 @@
 */
 #include <linux/mm.h>
+#include <linux/slab.h>
 #include <linux/sysctl.h>
 #include <net/af_unix.h>
@@ -31,7 +32,7 @@ static struct ctl_path unix_path[] = {
        { },
 };
-int unix_sysctl_register(struct net *net)
+int __net_init unix_sysctl_register(struct net *net)
 {
        struct ctl_table *table;

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index f25511903115..4414a18c63b4 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c
@@ -144,7 +144,7 @@ static inline void unix_set_secdata(struct scm_cookie scm, struct sk_buff skb)
144	/*	144	/*
145	* SMP locking strategy:	145	* SMP locking strategy:
146	* hash table is protected with spinlock unix_table_lock	146	* hash table is protected with spinlock unix_table_lock
147	* each socket state is protected by separate rwlock.	147	* each socket state is protected by separate spin lock.
148	*/	148	*/
149		149
150	static inline unsigned unix_hash_fold(__wsum n)	150	static inline unsigned unix_hash_fold(__wsum n)
@@ -282,7 +282,7 @@ static inline struct sock unix_find_socket_byname(struct net net,
282	return s;	282	return s;
283	}	283	}
284		284
285	static struct sock unix_find_socket_byinode(struct net net, struct inode *i)	285	static struct sock unix_find_socket_byinode(struct inode i)
286	{	286	{
287	struct sock *s;	287	struct sock *s;
288	struct hlist_node *node;	288	struct hlist_node *node;
@@ -292,9 +292,6 @@ static struct sock unix_find_socket_byinode(struct net net, struct inode *i)
292	&unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {	292	&unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
293	struct dentry *dentry = unix_sk(s)->dentry;	293	struct dentry *dentry = unix_sk(s)->dentry;
294		294
295	if (!net_eq(sock_net(s), net))
296	continue;
297
298	if (dentry && dentry->d_inode == i) {	295	if (dentry && dentry->d_inode == i) {
299	sock_hold(s);	296	sock_hold(s);
300	goto found;	297	goto found;
@@ -313,13 +310,16 @@ static inline int unix_writable(struct sock *sk)
313		310
314	static void unix_write_space(struct sock *sk)	311	static void unix_write_space(struct sock *sk)
315	{	312	{
316	read_lock(&sk->sk_callback_lock);	313	struct socket_wq *wq;
		314
		315	rcu_read_lock();
317	if (unix_writable(sk)) {	316	if (unix_writable(sk)) {
318	if (sk_has_sleeper(sk))	317	wq = rcu_dereference(sk->sk_wq);
319	wake_up_interruptible_sync(sk->sk_sleep);	318	if (wq_has_sleeper(wq))
		319	wake_up_interruptible_sync(&wq->wait);
320	sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);	320	sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
321	}	321	}
322	read_unlock(&sk->sk_callback_lock);	322	rcu_read_unlock();
323	}	323	}
324		324
325	/* When dgram socket disconnects (or changes its peer), we clear its receive	325	/* When dgram socket disconnects (or changes its peer), we clear its receive
@@ -406,9 +406,7 @@ static int unix_release_sock(struct sock *sk, int embrion)
406	skpair->sk_err = ECONNRESET;	406	skpair->sk_err = ECONNRESET;
407	unix_state_unlock(skpair);	407	unix_state_unlock(skpair);
408	skpair->sk_state_change(skpair);	408	skpair->sk_state_change(skpair);
409	read_lock(&skpair->sk_callback_lock);
410	sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);	409	sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
411	read_unlock(&skpair->sk_callback_lock);
412	}	410	}
413	sock_put(skpair); /* It may now die */	411	sock_put(skpair); /* It may now die */
414	unix_peer(sk) = NULL;	412	unix_peer(sk) = NULL;
@@ -449,11 +447,31 @@ static int unix_release_sock(struct sock *sk, int embrion)
449	return 0;	447	return 0;
450	}	448	}
451		449
		450	static void init_peercred(struct sock *sk)
		451	{
		452	put_pid(sk->sk_peer_pid);
		453	if (sk->sk_peer_cred)
		454	put_cred(sk->sk_peer_cred);
		455	sk->sk_peer_pid = get_pid(task_tgid(current));
		456	sk->sk_peer_cred = get_current_cred();
		457	}
		458
		459	static void copy_peercred(struct sock sk, struct sock peersk)
		460	{
		461	put_pid(sk->sk_peer_pid);
		462	if (sk->sk_peer_cred)
		463	put_cred(sk->sk_peer_cred);
		464	sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
		465	sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
		466	}
		467
452	static int unix_listen(struct socket *sock, int backlog)	468	static int unix_listen(struct socket *sock, int backlog)
453	{	469	{
454	int err;	470	int err;
455	struct sock *sk = sock->sk;	471	struct sock *sk = sock->sk;
456	struct unix_sock *u = unix_sk(sk);	472	struct unix_sock *u = unix_sk(sk);
		473	struct pid *old_pid = NULL;
		474	const struct cred *old_cred = NULL;
457		475
458	err = -EOPNOTSUPP;	476	err = -EOPNOTSUPP;
459	if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)	477	if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
@@ -469,12 +487,14 @@ static int unix_listen(struct socket *sock, int backlog)
469	sk->sk_max_ack_backlog = backlog;	487	sk->sk_max_ack_backlog = backlog;
470	sk->sk_state = TCP_LISTEN;	488	sk->sk_state = TCP_LISTEN;
471	/* set credentials so connect can copy them */	489	/* set credentials so connect can copy them */
472	sk->sk_peercred.pid = task_tgid_vnr(current);	490	init_peercred(sk);
473	current_euid_egid(&sk->sk_peercred.uid, &sk->sk_peercred.gid);
474	err = 0;	491	err = 0;
475		492
476	out_unlock:	493	out_unlock:
477	unix_state_unlock(sk);	494	unix_state_unlock(sk);
		495	put_pid(old_pid);
		496	if (old_cred)
		497	put_cred(old_cred);
478	out:	498	out:
479	return err;	499	return err;
480	}	500	}
@@ -735,7 +755,7 @@ static struct sock unix_find_other(struct net net,
735	err = -ECONNREFUSED;	755	err = -ECONNREFUSED;
736	if (!S_ISSOCK(inode->i_mode))	756	if (!S_ISSOCK(inode->i_mode))
737	goto put_fail;	757	goto put_fail;
738	u = unix_find_socket_byinode(net, inode);	758	u = unix_find_socket_byinode(inode);
739	if (!u)	759	if (!u)
740	goto put_fail;	760	goto put_fail;
741		761
@@ -1139,10 +1159,9 @@ restart:
1139	unix_peer(newsk) = sk;	1159	unix_peer(newsk) = sk;
1140	newsk->sk_state = TCP_ESTABLISHED;	1160	newsk->sk_state = TCP_ESTABLISHED;
1141	newsk->sk_type = sk->sk_type;	1161	newsk->sk_type = sk->sk_type;
1142	newsk->sk_peercred.pid = task_tgid_vnr(current);	1162	init_peercred(newsk);
1143	current_euid_egid(&newsk->sk_peercred.uid, &newsk->sk_peercred.gid);
1144	newu = unix_sk(newsk);	1163	newu = unix_sk(newsk);
1145	newsk->sk_sleep = &newu->peer_wait;	1164	newsk->sk_wq = &newu->peer_wq;
1146	otheru = unix_sk(other);	1165	otheru = unix_sk(other);
1147		1166
1148	/* copy address information from listening to new sock*/	1167	/* copy address information from listening to new sock*/
@@ -1156,7 +1175,7 @@ restart:
1156	}	1175	}
1157		1176
1158	/* Set credentials */	1177	/* Set credentials */
1159	sk->sk_peercred = other->sk_peercred;	1178	copy_peercred(sk, other);
1160		1179
1161	sock->state = SS_CONNECTED;	1180	sock->state = SS_CONNECTED;
1162	sk->sk_state = TCP_ESTABLISHED;	1181	sk->sk_state = TCP_ESTABLISHED;
@@ -1198,10 +1217,8 @@ static int unix_socketpair(struct socket socka, struct socket sockb)
1198	sock_hold(skb);	1217	sock_hold(skb);
1199	unix_peer(ska) = skb;	1218	unix_peer(ska) = skb;
1200	unix_peer(skb) = ska;	1219	unix_peer(skb) = ska;
1201	ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current);	1220	init_peercred(ska);
1202	current_euid_egid(&skb->sk_peercred.uid, &skb->sk_peercred.gid);	1221	init_peercred(skb);
1203	ska->sk_peercred.uid = skb->sk_peercred.uid;
1204	ska->sk_peercred.gid = skb->sk_peercred.gid;
1205		1222
1206	if (ska->sk_type != SOCK_DGRAM) {	1223	if (ska->sk_type != SOCK_DGRAM) {
1207	ska->sk_state = TCP_ESTABLISHED;	1224	ska->sk_state = TCP_ESTABLISHED;
@@ -1296,18 +1313,20 @@ static void unix_detach_fds(struct scm_cookie scm, struct sk_buff skb)
1296	int i;	1313	int i;
1297		1314
1298	scm->fp = UNIXCB(skb).fp;	1315	scm->fp = UNIXCB(skb).fp;
1299	skb->destructor = sock_wfree;
1300	UNIXCB(skb).fp = NULL;	1316	UNIXCB(skb).fp = NULL;
1301		1317
1302	for (i = scm->fp->count-1; i >= 0; i--)	1318	for (i = scm->fp->count-1; i >= 0; i--)
1303	unix_notinflight(scm->fp->fp[i]);	1319	unix_notinflight(scm->fp->fp[i]);
1304	}	1320	}
1305		1321
1306	static void unix_destruct_fds(struct sk_buff *skb)	1322	static void unix_destruct_scm(struct sk_buff *skb)
1307	{	1323	{
1308	struct scm_cookie scm;	1324	struct scm_cookie scm;
1309	memset(&scm, 0, sizeof(scm));	1325	memset(&scm, 0, sizeof(scm));
1310	unix_detach_fds(&scm, skb);	1326	scm.pid = UNIXCB(skb).pid;
		1327	scm.cred = UNIXCB(skb).cred;
		1328	if (UNIXCB(skb).fp)
		1329	unix_detach_fds(&scm, skb);
1311		1330
1312	/* Alas, it calls VFS */	1331	/* Alas, it calls VFS */
1313	/* So fscking what? fput() had been SMP-safe since the last Summer */	1332	/* So fscking what? fput() had been SMP-safe since the last Summer */
@@ -1330,10 +1349,22 @@ static int unix_attach_fds(struct scm_cookie scm, struct sk_buff skb)
1330		1349
1331	for (i = scm->fp->count-1; i >= 0; i--)	1350	for (i = scm->fp->count-1; i >= 0; i--)
1332	unix_inflight(scm->fp->fp[i]);	1351	unix_inflight(scm->fp->fp[i]);
1333	skb->destructor = unix_destruct_fds;
1334	return 0;	1352	return 0;
1335	}	1353	}
1336		1354
		1355	static int unix_scm_to_skb(struct scm_cookie scm, struct sk_buff skb, bool send_fds)
		1356	{
		1357	int err = 0;
		1358	UNIXCB(skb).pid = get_pid(scm->pid);
		1359	UNIXCB(skb).cred = get_cred(scm->cred);
		1360	UNIXCB(skb).fp = NULL;
		1361	if (scm->fp && send_fds)
		1362	err = unix_attach_fds(scm, skb);
		1363
		1364	skb->destructor = unix_destruct_scm;
		1365	return err;
		1366	}
		1367
1337	/*	1368	/*
1338	* Send AF_UNIX data.	1369	* Send AF_UNIX data.
1339	*/	1370	*/
@@ -1390,12 +1421,9 @@ static int unix_dgram_sendmsg(struct kiocb kiocb, struct socket sock,
1390	if (skb == NULL)	1421	if (skb == NULL)
1391	goto out;	1422	goto out;
1392		1423
1393	memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));	1424	err = unix_scm_to_skb(siocb->scm, skb, true);
1394	if (siocb->scm->fp) {	1425	if (err)
1395	err = unix_attach_fds(siocb->scm, skb);	1426	goto out_free;
1396	if (err)
1397	goto out_free;
1398	}
1399	unix_get_secdata(siocb->scm, skb);	1427	unix_get_secdata(siocb->scm, skb);
1400		1428
1401	skb_reset_transport_header(skb);	1429	skb_reset_transport_header(skb);
@@ -1565,16 +1593,14 @@ static int unix_stream_sendmsg(struct kiocb kiocb, struct socket sock,
1565	*/	1593	*/
1566	size = min_t(int, size, skb_tailroom(skb));	1594	size = min_t(int, size, skb_tailroom(skb));
1567		1595
1568	memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));	1596
1569	/* Only send the fds in the first buffer */	1597	/* Only send the fds in the first buffer */
1570	if (siocb->scm->fp && !fds_sent) {	1598	err = unix_scm_to_skb(siocb->scm, skb, !fds_sent);
1571	err = unix_attach_fds(siocb->scm, skb);	1599	if (err) {
1572	if (err) {	1600	kfree_skb(skb);
1573	kfree_skb(skb);	1601	goto out_err;
1574	goto out_err;
1575	}
1576	fds_sent = true;
1577	}	1602	}
		1603	fds_sent = true;
1578		1604
1579	err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);	1605	err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
1580	if (err) {	1606	if (err) {
@@ -1691,7 +1717,7 @@ static int unix_dgram_recvmsg(struct kiocb iocb, struct socket sock,
1691	siocb->scm = &tmp_scm;	1717	siocb->scm = &tmp_scm;
1692	memset(&tmp_scm, 0, sizeof(tmp_scm));	1718	memset(&tmp_scm, 0, sizeof(tmp_scm));
1693	}	1719	}
1694	siocb->scm->creds = *UNIXCREDS(skb);	1720	scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1695	unix_set_secdata(siocb->scm, skb);	1721	unix_set_secdata(siocb->scm, skb);
1696		1722
1697	if (!(flags & MSG_PEEK)) {	1723	if (!(flags & MSG_PEEK)) {
@@ -1736,7 +1762,7 @@ static long unix_stream_data_wait(struct sock *sk, long timeo)
1736	unix_state_lock(sk);	1762	unix_state_lock(sk);
1737		1763
1738	for (;;) {	1764	for (;;) {
1739	prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);	1765	prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1740		1766
1741	if (!skb_queue_empty(&sk->sk_receive_queue) \|\|	1767	if (!skb_queue_empty(&sk->sk_receive_queue) \|\|
1742	sk->sk_err \|\|	1768	sk->sk_err \|\|
@@ -1752,7 +1778,7 @@ static long unix_stream_data_wait(struct sock *sk, long timeo)
1752	clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);	1778	clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1753	}	1779	}
1754		1780
1755	finish_wait(sk->sk_sleep, &wait);	1781	finish_wait(sk_sleep(sk), &wait);
1756	unix_state_unlock(sk);	1782	unix_state_unlock(sk);
1757	return timeo;	1783	return timeo;
1758	}	1784	}
@@ -1840,14 +1866,14 @@ static int unix_stream_recvmsg(struct kiocb iocb, struct socket sock,
1840		1866
1841	if (check_creds) {	1867	if (check_creds) {
1842	/* Never glue messages from different writers */	1868	/* Never glue messages from different writers */
1843	if (memcmp(UNIXCREDS(skb), &siocb->scm->creds,	1869	if ((UNIXCB(skb).pid != siocb->scm->pid) \|\|
1844	sizeof(siocb->scm->creds)) != 0) {	1870	(UNIXCB(skb).cred != siocb->scm->cred)) {
1845	skb_queue_head(&sk->sk_receive_queue, skb);	1871	skb_queue_head(&sk->sk_receive_queue, skb);
1846	break;	1872	break;
1847	}	1873	}
1848	} else {	1874	} else {
1849	/* Copy credentials */	1875	/* Copy credentials */
1850	siocb->scm->creds = *UNIXCREDS(skb);	1876	scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1851	check_creds = 1;	1877	check_creds = 1;
1852	}	1878	}
1853		1879
@@ -1880,7 +1906,7 @@ static int unix_stream_recvmsg(struct kiocb iocb, struct socket sock,
1880	break;	1906	break;
1881	}	1907	}
1882		1908
1883	kfree_skb(skb);	1909	consume_skb(skb);
1884		1910
1885	if (siocb->scm->fp)	1911	if (siocb->scm->fp)
1886	break;	1912	break;
@@ -1931,12 +1957,10 @@ static int unix_shutdown(struct socket *sock, int mode)
1931	other->sk_shutdown \|= peer_mode;	1957	other->sk_shutdown \|= peer_mode;
1932	unix_state_unlock(other);	1958	unix_state_unlock(other);
1933	other->sk_state_change(other);	1959	other->sk_state_change(other);
1934	read_lock(&other->sk_callback_lock);
1935	if (peer_mode == SHUTDOWN_MASK)	1960	if (peer_mode == SHUTDOWN_MASK)
1936	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);	1961	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
1937	else if (peer_mode & RCV_SHUTDOWN)	1962	else if (peer_mode & RCV_SHUTDOWN)
1938	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);	1963	sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
1939	read_unlock(&other->sk_callback_lock);
1940	}	1964	}
1941	if (other)	1965	if (other)
1942	sock_put(other);	1966	sock_put(other);
@@ -1991,7 +2015,7 @@ static unsigned int unix_poll(struct file file, struct socket sock, poll_table
1991	struct sock *sk = sock->sk;	2015	struct sock *sk = sock->sk;
1992	unsigned int mask;	2016	unsigned int mask;
1993		2017
1994	sock_poll_wait(file, sk->sk_sleep, wait);	2018	sock_poll_wait(file, sk_sleep(sk), wait);
1995	mask = 0;	2019	mask = 0;
1996		2020
1997	/* exceptional events? */	2021	/* exceptional events? */
@@ -2028,7 +2052,7 @@ static unsigned int unix_dgram_poll(struct file file, struct socket sock,
2028	struct sock sk = sock->sk, other;	2052	struct sock sk = sock->sk, other;
2029	unsigned int mask, writable;	2053	unsigned int mask, writable;
2030		2054
2031	sock_poll_wait(file, sk->sk_sleep, wait);	2055	sock_poll_wait(file, sk_sleep(sk), wait);
2032	mask = 0;	2056	mask = 0;
2033		2057
2034	/* exceptional events? */	2058	/* exceptional events? */
@@ -2224,7 +2248,7 @@ static const struct net_proto_family unix_family_ops = {
2224	};	2248	};
2225		2249
2226		2250
2227	static int unix_net_init(struct net *net)	2251	static int __net_init unix_net_init(struct net *net)
2228	{	2252	{
2229	int error = -ENOMEM;	2253	int error = -ENOMEM;
2230		2254
@@ -2243,7 +2267,7 @@ out:
2243	return error;	2267	return error;
2244	}	2268	}
2245		2269
2246	static void unix_net_exit(struct net *net)	2270	static void __net_exit unix_net_exit(struct net *net)
2247	{	2271	{
2248	unix_sysctl_unregister(net);	2272	unix_sysctl_unregister(net);
2249	proc_net_remove(net, "unix");	2273	proc_net_remove(net, "unix");


diff --git a/net/unix/garbage.c b/net/unix/garbage.c index 19c17e4a0c8b..c8df6fda0b1f 100644 --- a/net/unix/garbage.c +++ b/net/unix/garbage.c
@@ -74,7 +74,6 @@
74	#include <linux/un.h>	74	#include <linux/un.h>
75	#include <linux/net.h>	75	#include <linux/net.h>
76	#include <linux/fs.h>	76	#include <linux/fs.h>
77	#include <linux/slab.h>
78	#include <linux/skbuff.h>	77	#include <linux/skbuff.h>
79	#include <linux/netdevice.h>	78	#include <linux/netdevice.h>
80	#include <linux/file.h>	79	#include <linux/file.h>
@@ -154,15 +153,6 @@ void unix_notinflight(struct file *fp)
154	}	153	}
155	}	154	}
156		155
157	static inline struct sk_buff sock_queue_head(struct sock sk)
158	{
159	return (struct sk_buff *)&sk->sk_receive_queue;
160	}
161
162	#define receive_queue_for_each_skb(sk, next, skb) \
163	for (skb = sock_queue_head(sk)->next, next = skb->next; \
164	skb != sock_queue_head(sk); skb = next, next = skb->next)
165
166	static void scan_inflight(struct sock x, void (func)(struct unix_sock *),	156	static void scan_inflight(struct sock x, void (func)(struct unix_sock *),
167	struct sk_buff_head *hitlist)	157	struct sk_buff_head *hitlist)
168	{	158	{
@@ -170,7 +160,7 @@ static void scan_inflight(struct sock x, void (func)(struct unix_sock *),
170	struct sk_buff *next;	160	struct sk_buff *next;
171		161
172	spin_lock(&x->sk_receive_queue.lock);	162	spin_lock(&x->sk_receive_queue.lock);
173	receive_queue_for_each_skb(x, next, skb) {	163	skb_queue_walk_safe(&x->sk_receive_queue, skb, next) {
174	/*	164	/*
175	* Do we have file descriptors ?	165	* Do we have file descriptors ?
176	*/	166	*/
@@ -226,7 +216,7 @@ static void scan_children(struct sock x, void (func)(struct unix_sock *),
226	* and perform a scan on them as well.	216	* and perform a scan on them as well.
227	*/	217	*/
228	spin_lock(&x->sk_receive_queue.lock);	218	spin_lock(&x->sk_receive_queue.lock);
229	receive_queue_for_each_skb(x, next, skb) {	219	skb_queue_walk_safe(&x->sk_receive_queue, skb, next) {
230	u = unix_sk(skb->sk);	220	u = unix_sk(skb->sk);
231		221
232	/*	222	/*


diff --git a/net/unix/sysctl_net_unix.c b/net/unix/sysctl_net_unix.c index 708f5df6b7f0..397cffebb3b6 100644 --- a/net/unix/sysctl_net_unix.c +++ b/net/unix/sysctl_net_unix.c
@@ -10,6 +10,7 @@
10	*/	10	*/
11		11
12	#include <linux/mm.h>	12	#include <linux/mm.h>
		13	#include <linux/slab.h>
13	#include <linux/sysctl.h>	14	#include <linux/sysctl.h>
14		15
15	#include <net/af_unix.h>	16	#include <net/af_unix.h>
@@ -31,7 +32,7 @@ static struct ctl_path unix_path[] = {
31	{ },	32	{ },
32	};	33	};
33		34
34	int unix_sysctl_register(struct net *net)	35	int __net_init unix_sysctl_register(struct net *net)
35	{	36	{
36	struct ctl_table *table;	37	struct ctl_table *table;
37		38