2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
85 #include <linux/module.h>
86 #include <linux/kernel.h>
87 #include <linux/signal.h>
88 #include <linux/sched/signal.h>
89 #include <linux/errno.h>
90 #include <linux/string.h>
91 #include <linux/stat.h>
92 #include <linux/dcache.h>
93 #include <linux/namei.h>
94 #include <linux/socket.h>
96 #include <linux/fcntl.h>
97 #include <linux/termios.h>
98 #include <linux/sockios.h>
99 #include <linux/net.h>
100 #include <linux/in.h>
101 #include <linux/fs.h>
102 #include <linux/slab.h>
103 #include <linux/uaccess.h>
104 #include <linux/skbuff.h>
105 #include <linux/netdevice.h>
106 #include <net/net_namespace.h>
107 #include <net/sock.h>
108 #include <net/tcp_states.h>
109 #include <net/af_unix.h>
110 #include <linux/proc_fs.h>
111 #include <linux/seq_file.h>
113 #include <linux/init.h>
114 #include <linux/poll.h>
115 #include <linux/rtnetlink.h>
116 #include <linux/mount.h>
117 #include <net/checksum.h>
118 #include <linux/security.h>
119 #include <linux/freezer.h>
120 #include <linux/file.h>
124 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
125 EXPORT_SYMBOL_GPL(unix_socket_table);
126 DEFINE_SPINLOCK(unix_table_lock);
127 EXPORT_SYMBOL_GPL(unix_table_lock);
128 static atomic_long_t unix_nr_socks;
131 static struct hlist_head *unix_sockets_unbound(void *addr)
133 unsigned long hash = (unsigned long)addr;
137 hash %= UNIX_HASH_SIZE;
138 return &unix_socket_table[UNIX_HASH_SIZE + hash];
141 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
143 #ifdef CONFIG_SECURITY_NETWORK
144 static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
146 UNIXCB(skb).secid = scm->secid;
149 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
151 scm->secid = UNIXCB(skb).secid;
154 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
156 return (scm->secid == UNIXCB(skb).secid);
159 static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
162 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
165 static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
169 #endif /* CONFIG_SECURITY_NETWORK */
172 * SMP locking strategy:
173 * hash table is protected with spinlock unix_table_lock
174 * each socket state is protected by separate spin lock.
177 static inline unsigned int unix_hash_fold(__wsum n)
179 unsigned int hash = (__force unsigned int)csum_fold(n);
182 return hash&(UNIX_HASH_SIZE-1);
185 #define unix_peer(sk) (unix_sk(sk)->peer)
187 static inline int unix_our_peer(struct sock *sk, struct sock *osk)
189 return unix_peer(osk) == sk;
192 static inline int unix_may_send(struct sock *sk, struct sock *osk)
194 return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
197 static inline int unix_recvq_full(const struct sock *sk)
199 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
202 static inline int unix_recvq_full_lockless(const struct sock *sk)
204 return skb_queue_len_lockless(&sk->sk_receive_queue) >
205 READ_ONCE(sk->sk_max_ack_backlog);
208 struct sock *unix_peer_get(struct sock *s)
216 unix_state_unlock(s);
219 EXPORT_SYMBOL_GPL(unix_peer_get);
221 static inline void unix_release_addr(struct unix_address *addr)
223 if (refcount_dec_and_test(&addr->refcnt))
228 * Check unix socket name:
229 * - should be not zero length.
230 * - if started by not zero, should be NULL terminated (FS object)
231 * - if started by zero, it is abstract name.
234 static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
238 if (len <= sizeof(short) || len > sizeof(*sunaddr))
240 if (!sunaddr || sunaddr->sun_family != AF_UNIX)
242 if (sunaddr->sun_path[0]) {
244 * This may look like an off by one error but it is a bit more
245 * subtle. 108 is the longest valid AF_UNIX path for a binding.
246 * sun_path[108] doesn't as such exist. However in kernel space
247 * we are guaranteed that it is a valid memory location in our
248 * kernel address buffer.
250 ((char *)sunaddr)[len] = 0;
251 len = strlen(sunaddr->sun_path)+1+sizeof(short);
255 *hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
259 static void __unix_remove_socket(struct sock *sk)
261 sk_del_node_init(sk);
264 static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
266 WARN_ON(!sk_unhashed(sk));
267 sk_add_node(sk, list);
270 static inline void unix_remove_socket(struct sock *sk)
272 spin_lock(&unix_table_lock);
273 __unix_remove_socket(sk);
274 spin_unlock(&unix_table_lock);
277 static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
279 spin_lock(&unix_table_lock);
280 __unix_insert_socket(list, sk);
281 spin_unlock(&unix_table_lock);
284 static struct sock *__unix_find_socket_byname(struct net *net,
285 struct sockaddr_un *sunname,
286 int len, int type, unsigned int hash)
290 sk_for_each(s, &unix_socket_table[hash ^ type]) {
291 struct unix_sock *u = unix_sk(s);
293 if (!net_eq(sock_net(s), net))
296 if (u->addr->len == len &&
297 !memcmp(u->addr->name, sunname, len))
305 static inline struct sock *unix_find_socket_byname(struct net *net,
306 struct sockaddr_un *sunname,
312 spin_lock(&unix_table_lock);
313 s = __unix_find_socket_byname(net, sunname, len, type, hash);
316 spin_unlock(&unix_table_lock);
320 static struct sock *unix_find_socket_byinode(struct inode *i)
324 spin_lock(&unix_table_lock);
326 &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
327 struct dentry *dentry = unix_sk(s)->path.dentry;
329 if (dentry && d_backing_inode(dentry) == i) {
336 spin_unlock(&unix_table_lock);
340 /* Support code for asymmetrically connected dgram sockets
342 * If a datagram socket is connected to a socket not itself connected
343 * to the first socket (eg, /dev/log), clients may only enqueue more
344 * messages if the present receive queue of the server socket is not
345 * "too large". This means there's a second writeability condition
346 * poll and sendmsg need to test. The dgram recv code will do a wake
347 * up on the peer_wait wait queue of a socket upon reception of a
348 * datagram which needs to be propagated to sleeping would-be writers
349 * since these might not have sent anything so far. This can't be
350 * accomplished via poll_wait because the lifetime of the server
351 * socket might be less than that of its clients if these break their
352 * association with it or if the server socket is closed while clients
353 * are still connected to it and there's no way to inform "a polling
354 * implementation" that it should let go of a certain wait queue
356 * In order to propagate a wake up, a wait_queue_entry_t of the client
357 * socket is enqueued on the peer_wait queue of the server socket
358 * whose wake function does a wake_up on the ordinary client socket
359 * wait queue. This connection is established whenever a write (or
360 * poll for write) hit the flow control condition and broken when the
361 * association to the server socket is dissolved or after a wake up
365 static int unix_dgram_peer_wake_relay(wait_queue_entry_t *q, unsigned mode, int flags,
369 wait_queue_head_t *u_sleep;
371 u = container_of(q, struct unix_sock, peer_wake);
373 __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait,
375 u->peer_wake.private = NULL;
377 /* relaying can only happen while the wq still exists */
378 u_sleep = sk_sleep(&u->sk);
380 wake_up_interruptible_poll(u_sleep, key_to_poll(key));
385 static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other)
387 struct unix_sock *u, *u_other;
391 u_other = unix_sk(other);
393 spin_lock(&u_other->peer_wait.lock);
395 if (!u->peer_wake.private) {
396 u->peer_wake.private = other;
397 __add_wait_queue(&u_other->peer_wait, &u->peer_wake);
402 spin_unlock(&u_other->peer_wait.lock);
406 static void unix_dgram_peer_wake_disconnect(struct sock *sk,
409 struct unix_sock *u, *u_other;
412 u_other = unix_sk(other);
413 spin_lock(&u_other->peer_wait.lock);
415 if (u->peer_wake.private == other) {
416 __remove_wait_queue(&u_other->peer_wait, &u->peer_wake);
417 u->peer_wake.private = NULL;
420 spin_unlock(&u_other->peer_wait.lock);
423 static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk,
426 unix_dgram_peer_wake_disconnect(sk, other);
427 wake_up_interruptible_poll(sk_sleep(sk),
434 * - unix_peer(sk) == other
435 * - association is stable
437 static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
441 connected = unix_dgram_peer_wake_connect(sk, other);
443 /* If other is SOCK_DEAD, we want to make sure we signal
444 * POLLOUT, such that a subsequent write() can get a
445 * -ECONNREFUSED. Otherwise, if we haven't queued any skbs
446 * to other and its full, we will hang waiting for POLLOUT.
448 if (unix_recvq_full(other) && !sock_flag(other, SOCK_DEAD))
452 unix_dgram_peer_wake_disconnect(sk, other);
457 static int unix_writable(const struct sock *sk)
459 return sk->sk_state != TCP_LISTEN &&
460 (refcount_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
463 static void unix_write_space(struct sock *sk)
465 struct socket_wq *wq;
468 if (unix_writable(sk)) {
469 wq = rcu_dereference(sk->sk_wq);
470 if (skwq_has_sleeper(wq))
471 wake_up_interruptible_sync_poll(&wq->wait,
472 EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND);
473 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
478 /* When dgram socket disconnects (or changes its peer), we clear its receive
479 * queue of packets arrived from previous peer. First, it allows to do
480 * flow control based only on wmem_alloc; second, sk connected to peer
481 * may receive messages only from that peer. */
482 static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
484 if (!skb_queue_empty(&sk->sk_receive_queue)) {
485 skb_queue_purge(&sk->sk_receive_queue);
486 wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
488 /* If one link of bidirectional dgram pipe is disconnected,
489 * we signal error. Messages are lost. Do not make this,
490 * when peer was not connected to us.
492 if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
493 other->sk_err = ECONNRESET;
494 other->sk_error_report(other);
499 static void unix_sock_destructor(struct sock *sk)
501 struct unix_sock *u = unix_sk(sk);
503 skb_queue_purge(&sk->sk_receive_queue);
505 WARN_ON(refcount_read(&sk->sk_wmem_alloc));
506 WARN_ON(!sk_unhashed(sk));
507 WARN_ON(sk->sk_socket);
508 if (!sock_flag(sk, SOCK_DEAD)) {
509 pr_info("Attempt to release alive unix socket: %p\n", sk);
514 unix_release_addr(u->addr);
516 atomic_long_dec(&unix_nr_socks);
518 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
520 #ifdef UNIX_REFCNT_DEBUG
521 pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk,
522 atomic_long_read(&unix_nr_socks));
526 static void unix_release_sock(struct sock *sk, int embrion)
528 struct unix_sock *u = unix_sk(sk);
534 unix_remove_socket(sk);
539 sk->sk_shutdown = SHUTDOWN_MASK;
541 u->path.dentry = NULL;
543 state = sk->sk_state;
544 sk->sk_state = TCP_CLOSE;
546 skpair = unix_peer(sk);
547 unix_peer(sk) = NULL;
549 unix_state_unlock(sk);
551 wake_up_interruptible_all(&u->peer_wait);
553 if (skpair != NULL) {
554 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
555 unix_state_lock(skpair);
557 skpair->sk_shutdown = SHUTDOWN_MASK;
558 if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
559 skpair->sk_err = ECONNRESET;
560 unix_state_unlock(skpair);
561 skpair->sk_state_change(skpair);
562 sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
565 unix_dgram_peer_wake_disconnect(sk, skpair);
566 sock_put(skpair); /* It may now die */
569 /* Try to flush out this socket. Throw out buffers at least */
571 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
572 if (state == TCP_LISTEN)
573 unix_release_sock(skb->sk, 1);
574 /* passed fds are erased in the kfree_skb hook */
575 UNIXCB(skb).consumed = skb->len;
584 /* ---- Socket is dead now and most probably destroyed ---- */
587 * Fixme: BSD difference: In BSD all sockets connected to us get
588 * ECONNRESET and we die on the spot. In Linux we behave
589 * like files and pipes do and wait for the last
592 * Can't we simply set sock->err?
594 * What the above comment does talk about? --ANK(980817)
597 if (unix_tot_inflight)
598 unix_gc(); /* Garbage collect fds */
601 static void init_peercred(struct sock *sk)
603 put_pid(sk->sk_peer_pid);
604 if (sk->sk_peer_cred)
605 put_cred(sk->sk_peer_cred);
606 sk->sk_peer_pid = get_pid(task_tgid(current));
607 sk->sk_peer_cred = get_current_cred();
610 static void copy_peercred(struct sock *sk, struct sock *peersk)
612 put_pid(sk->sk_peer_pid);
613 if (sk->sk_peer_cred)
614 put_cred(sk->sk_peer_cred);
615 sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
616 sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
619 static int unix_listen(struct socket *sock, int backlog)
622 struct sock *sk = sock->sk;
623 struct unix_sock *u = unix_sk(sk);
624 struct pid *old_pid = NULL;
627 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
628 goto out; /* Only stream/seqpacket sockets accept */
631 goto out; /* No listens on an unbound socket */
633 if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
635 if (backlog > sk->sk_max_ack_backlog)
636 wake_up_interruptible_all(&u->peer_wait);
637 sk->sk_max_ack_backlog = backlog;
638 sk->sk_state = TCP_LISTEN;
639 /* set credentials so connect can copy them */
644 unix_state_unlock(sk);
650 static int unix_release(struct socket *);
651 static int unix_bind(struct socket *, struct sockaddr *, int);
652 static int unix_stream_connect(struct socket *, struct sockaddr *,
653 int addr_len, int flags);
654 static int unix_socketpair(struct socket *, struct socket *);
655 static int unix_accept(struct socket *, struct socket *, int, bool);
656 static int unix_getname(struct socket *, struct sockaddr *, int);
657 static __poll_t unix_poll(struct file *, struct socket *, poll_table *);
658 static __poll_t unix_dgram_poll(struct file *, struct socket *,
660 static int unix_ioctl(struct socket *, unsigned int, unsigned long);
662 static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
664 static int unix_shutdown(struct socket *, int);
665 static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t);
666 static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int);
667 static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset,
668 size_t size, int flags);
669 static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos,
670 struct pipe_inode_info *, size_t size,
672 static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t);
673 static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int);
674 static int unix_dgram_connect(struct socket *, struct sockaddr *,
676 static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t);
677 static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t,
680 static int unix_set_peek_off(struct sock *sk, int val)
682 struct unix_sock *u = unix_sk(sk);
684 if (mutex_lock_interruptible(&u->iolock))
687 sk->sk_peek_off = val;
688 mutex_unlock(&u->iolock);
694 static const struct proto_ops unix_stream_ops = {
696 .owner = THIS_MODULE,
697 .release = unix_release,
699 .connect = unix_stream_connect,
700 .socketpair = unix_socketpair,
701 .accept = unix_accept,
702 .getname = unix_getname,
706 .compat_ioctl = unix_compat_ioctl,
708 .listen = unix_listen,
709 .shutdown = unix_shutdown,
710 .setsockopt = sock_no_setsockopt,
711 .getsockopt = sock_no_getsockopt,
712 .sendmsg = unix_stream_sendmsg,
713 .recvmsg = unix_stream_recvmsg,
714 .mmap = sock_no_mmap,
715 .sendpage = unix_stream_sendpage,
716 .splice_read = unix_stream_splice_read,
717 .set_peek_off = unix_set_peek_off,
720 static const struct proto_ops unix_dgram_ops = {
722 .owner = THIS_MODULE,
723 .release = unix_release,
725 .connect = unix_dgram_connect,
726 .socketpair = unix_socketpair,
727 .accept = sock_no_accept,
728 .getname = unix_getname,
729 .poll = unix_dgram_poll,
732 .compat_ioctl = unix_compat_ioctl,
734 .listen = sock_no_listen,
735 .shutdown = unix_shutdown,
736 .setsockopt = sock_no_setsockopt,
737 .getsockopt = sock_no_getsockopt,
738 .sendmsg = unix_dgram_sendmsg,
739 .recvmsg = unix_dgram_recvmsg,
740 .mmap = sock_no_mmap,
741 .sendpage = sock_no_sendpage,
742 .set_peek_off = unix_set_peek_off,
745 static const struct proto_ops unix_seqpacket_ops = {
747 .owner = THIS_MODULE,
748 .release = unix_release,
750 .connect = unix_stream_connect,
751 .socketpair = unix_socketpair,
752 .accept = unix_accept,
753 .getname = unix_getname,
754 .poll = unix_dgram_poll,
757 .compat_ioctl = unix_compat_ioctl,
759 .listen = unix_listen,
760 .shutdown = unix_shutdown,
761 .setsockopt = sock_no_setsockopt,
762 .getsockopt = sock_no_getsockopt,
763 .sendmsg = unix_seqpacket_sendmsg,
764 .recvmsg = unix_seqpacket_recvmsg,
765 .mmap = sock_no_mmap,
766 .sendpage = sock_no_sendpage,
767 .set_peek_off = unix_set_peek_off,
770 static struct proto unix_proto = {
772 .owner = THIS_MODULE,
773 .obj_size = sizeof(struct unix_sock),
776 static struct sock *unix_create1(struct net *net, struct socket *sock, int kern)
778 struct sock *sk = NULL;
781 atomic_long_inc(&unix_nr_socks);
782 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
785 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, kern);
789 sock_init_data(sock, sk);
791 sk->sk_allocation = GFP_KERNEL_ACCOUNT;
792 sk->sk_write_space = unix_write_space;
793 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
794 sk->sk_destruct = unix_sock_destructor;
796 u->path.dentry = NULL;
798 spin_lock_init(&u->lock);
799 atomic_long_set(&u->inflight, 0);
800 INIT_LIST_HEAD(&u->link);
801 mutex_init(&u->iolock); /* single task reading lock */
802 mutex_init(&u->bindlock); /* single task binding lock */
803 init_waitqueue_head(&u->peer_wait);
804 init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);
805 unix_insert_socket(unix_sockets_unbound(sk), sk);
808 atomic_long_dec(&unix_nr_socks);
811 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
817 static int unix_create(struct net *net, struct socket *sock, int protocol,
820 if (protocol && protocol != PF_UNIX)
821 return -EPROTONOSUPPORT;
823 sock->state = SS_UNCONNECTED;
825 switch (sock->type) {
827 sock->ops = &unix_stream_ops;
830 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
834 sock->type = SOCK_DGRAM;
837 sock->ops = &unix_dgram_ops;
840 sock->ops = &unix_seqpacket_ops;
843 return -ESOCKTNOSUPPORT;
846 return unix_create1(net, sock, kern) ? 0 : -ENOMEM;
849 static int unix_release(struct socket *sock)
851 struct sock *sk = sock->sk;
856 unix_release_sock(sk, 0);
862 static int unix_autobind(struct socket *sock)
864 struct sock *sk = sock->sk;
865 struct net *net = sock_net(sk);
866 struct unix_sock *u = unix_sk(sk);
867 static u32 ordernum = 1;
868 struct unix_address *addr;
870 unsigned int retries = 0;
872 err = mutex_lock_interruptible(&u->bindlock);
881 addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
885 addr->name->sun_family = AF_UNIX;
886 refcount_set(&addr->refcnt, 1);
889 addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
890 addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
892 spin_lock(&unix_table_lock);
893 ordernum = (ordernum+1)&0xFFFFF;
895 if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
897 spin_unlock(&unix_table_lock);
899 * __unix_find_socket_byname() may take long time if many names
900 * are already in use.
903 /* Give up if all names seems to be in use. */
904 if (retries++ == 0xFFFFF) {
911 addr->hash ^= sk->sk_type;
913 __unix_remove_socket(sk);
914 smp_store_release(&u->addr, addr);
915 __unix_insert_socket(&unix_socket_table[addr->hash], sk);
916 spin_unlock(&unix_table_lock);
919 out: mutex_unlock(&u->bindlock);
923 static struct sock *unix_find_other(struct net *net,
924 struct sockaddr_un *sunname, int len,
925 int type, unsigned int hash, int *error)
931 if (sunname->sun_path[0]) {
933 err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
936 inode = d_backing_inode(path.dentry);
937 err = inode_permission(inode, MAY_WRITE);
942 if (!S_ISSOCK(inode->i_mode))
944 u = unix_find_socket_byinode(inode);
948 if (u->sk_type == type)
954 if (u->sk_type != type) {
960 u = unix_find_socket_byname(net, sunname, len, type, hash);
962 struct dentry *dentry;
963 dentry = unix_sk(u)->path.dentry;
965 touch_atime(&unix_sk(u)->path);
978 static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
980 struct dentry *dentry;
984 * Get the parent directory, calculate the hash for last
987 dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
988 err = PTR_ERR(dentry);
993 * All right, let's create it.
995 err = security_path_mknod(&path, dentry, mode, 0);
997 err = vfs_mknod(d_inode(path.dentry), dentry, mode, 0);
999 res->mnt = mntget(path.mnt);
1000 res->dentry = dget(dentry);
1003 done_path_create(&path, dentry);
1007 static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1009 struct sock *sk = sock->sk;
1010 struct net *net = sock_net(sk);
1011 struct unix_sock *u = unix_sk(sk);
1012 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1013 char *sun_path = sunaddr->sun_path;
1016 struct unix_address *addr;
1017 struct hlist_head *list;
1018 struct path path = { };
1021 if (addr_len < offsetofend(struct sockaddr_un, sun_family) ||
1022 sunaddr->sun_family != AF_UNIX)
1025 if (addr_len == sizeof(short)) {
1026 err = unix_autobind(sock);
1030 err = unix_mkname(sunaddr, addr_len, &hash);
1036 umode_t mode = S_IFSOCK |
1037 (SOCK_INODE(sock)->i_mode & ~current_umask());
1038 err = unix_mknod(sun_path, mode, &path);
1046 err = mutex_lock_interruptible(&u->bindlock);
1055 addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
1059 memcpy(addr->name, sunaddr, addr_len);
1060 addr->len = addr_len;
1061 addr->hash = hash ^ sk->sk_type;
1062 refcount_set(&addr->refcnt, 1);
1065 addr->hash = UNIX_HASH_SIZE;
1066 hash = d_backing_inode(path.dentry)->i_ino & (UNIX_HASH_SIZE - 1);
1067 spin_lock(&unix_table_lock);
1069 list = &unix_socket_table[hash];
1071 spin_lock(&unix_table_lock);
1073 if (__unix_find_socket_byname(net, sunaddr, addr_len,
1074 sk->sk_type, hash)) {
1075 unix_release_addr(addr);
1079 list = &unix_socket_table[addr->hash];
1083 __unix_remove_socket(sk);
1084 smp_store_release(&u->addr, addr);
1085 __unix_insert_socket(list, sk);
1088 spin_unlock(&unix_table_lock);
1090 mutex_unlock(&u->bindlock);
1098 static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
1100 if (unlikely(sk1 == sk2) || !sk2) {
1101 unix_state_lock(sk1);
1105 unix_state_lock(sk1);
1106 unix_state_lock_nested(sk2);
1108 unix_state_lock(sk2);
1109 unix_state_lock_nested(sk1);
1113 static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
1115 if (unlikely(sk1 == sk2) || !sk2) {
1116 unix_state_unlock(sk1);
1119 unix_state_unlock(sk1);
1120 unix_state_unlock(sk2);
1123 static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
1124 int alen, int flags)
1126 struct sock *sk = sock->sk;
1127 struct net *net = sock_net(sk);
1128 struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
1134 if (alen < offsetofend(struct sockaddr, sa_family))
1137 if (addr->sa_family != AF_UNSPEC) {
1138 err = unix_mkname(sunaddr, alen, &hash);
1143 if (test_bit(SOCK_PASSCRED, &sock->flags) &&
1144 !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
1148 other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
1152 unix_state_double_lock(sk, other);
1154 /* Apparently VFS overslept socket death. Retry. */
1155 if (sock_flag(other, SOCK_DEAD)) {
1156 unix_state_double_unlock(sk, other);
1162 if (!unix_may_send(sk, other))
1165 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1171 * 1003.1g breaking connected state with AF_UNSPEC
1174 unix_state_double_lock(sk, other);
1178 * If it was connected, reconnect.
1180 if (unix_peer(sk)) {
1181 struct sock *old_peer = unix_peer(sk);
1182 unix_peer(sk) = other;
1183 unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer);
1185 unix_state_double_unlock(sk, other);
1187 if (other != old_peer)
1188 unix_dgram_disconnected(sk, old_peer);
1191 unix_peer(sk) = other;
1192 unix_state_double_unlock(sk, other);
1197 unix_state_double_unlock(sk, other);
1203 static long unix_wait_for_peer(struct sock *other, long timeo)
1205 struct unix_sock *u = unix_sk(other);
1209 prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
1211 sched = !sock_flag(other, SOCK_DEAD) &&
1212 !(other->sk_shutdown & RCV_SHUTDOWN) &&
1213 unix_recvq_full(other);
1215 unix_state_unlock(other);
1218 timeo = schedule_timeout(timeo);
1220 finish_wait(&u->peer_wait, &wait);
1224 static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1225 int addr_len, int flags)
1227 struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
1228 struct sock *sk = sock->sk;
1229 struct net *net = sock_net(sk);
1230 struct unix_sock *u = unix_sk(sk), *newu, *otheru;
1231 struct sock *newsk = NULL;
1232 struct sock *other = NULL;
1233 struct sk_buff *skb = NULL;
1239 err = unix_mkname(sunaddr, addr_len, &hash);
1244 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
1245 (err = unix_autobind(sock)) != 0)
1248 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1250 /* First of all allocate resources.
1251 If we will make it after state is locked,
1252 we will have to recheck all again in any case.
1257 /* create new sock for complete connection */
1258 newsk = unix_create1(sock_net(sk), NULL, 0);
1262 /* Allocate skb for sending to listening sock */
1263 skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
1268 /* Find listening sock. */
1269 other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
1273 /* Latch state of peer */
1274 unix_state_lock(other);
1276 /* Apparently VFS overslept socket death. Retry. */
1277 if (sock_flag(other, SOCK_DEAD)) {
1278 unix_state_unlock(other);
1283 err = -ECONNREFUSED;
1284 if (other->sk_state != TCP_LISTEN)
1286 if (other->sk_shutdown & RCV_SHUTDOWN)
1289 if (unix_recvq_full(other)) {
1294 timeo = unix_wait_for_peer(other, timeo);
1296 err = sock_intr_errno(timeo);
1297 if (signal_pending(current))
1305 It is tricky place. We need to grab our state lock and cannot
1306 drop lock on peer. It is dangerous because deadlock is
1307 possible. Connect to self case and simultaneous
1308 attempt to connect are eliminated by checking socket
1309 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1310 check this before attempt to grab lock.
1312 Well, and we have to recheck the state after socket locked.
1318 /* This is ok... continue with connect */
1320 case TCP_ESTABLISHED:
1321 /* Socket is already connected */
1329 unix_state_lock_nested(sk);
1331 if (sk->sk_state != st) {
1332 unix_state_unlock(sk);
1333 unix_state_unlock(other);
1338 err = security_unix_stream_connect(sk, other, newsk);
1340 unix_state_unlock(sk);
1344 /* The way is open! Fastly set all the necessary fields... */
1347 unix_peer(newsk) = sk;
1348 newsk->sk_state = TCP_ESTABLISHED;
1349 newsk->sk_type = sk->sk_type;
1350 init_peercred(newsk);
1351 newu = unix_sk(newsk);
1352 RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
1353 otheru = unix_sk(other);
1355 /* copy address information from listening to new sock
1357 * The contents of *(otheru->addr) and otheru->path
1358 * are seen fully set up here, since we have found
1359 * otheru in hash under unix_table_lock. Insertion
1360 * into the hash chain we'd found it in had been done
1361 * in an earlier critical area protected by unix_table_lock,
1362 * the same one where we'd set *(otheru->addr) contents,
1363 * as well as otheru->path and otheru->addr itself.
1365 * Using smp_store_release() here to set newu->addr
1366 * is enough to make those stores, as well as stores
1367 * to newu->path visible to anyone who gets newu->addr
1368 * by smp_load_acquire(). IOW, the same warranties
1369 * as for unix_sock instances bound in unix_bind() or
1370 * in unix_autobind().
1372 if (otheru->path.dentry) {
1373 path_get(&otheru->path);
1374 newu->path = otheru->path;
1376 refcount_inc(&otheru->addr->refcnt);
1377 smp_store_release(&newu->addr, otheru->addr);
1379 /* Set credentials */
1380 copy_peercred(sk, other);
1382 sock->state = SS_CONNECTED;
1383 sk->sk_state = TCP_ESTABLISHED;
1386 smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */
1387 unix_peer(sk) = newsk;
1389 unix_state_unlock(sk);
1391 /* take ten and and send info to listening sock */
1392 spin_lock(&other->sk_receive_queue.lock);
1393 __skb_queue_tail(&other->sk_receive_queue, skb);
1394 spin_unlock(&other->sk_receive_queue.lock);
1395 unix_state_unlock(other);
1396 other->sk_data_ready(other);
1402 unix_state_unlock(other);
1407 unix_release_sock(newsk, 0);
1413 static int unix_socketpair(struct socket *socka, struct socket *sockb)
1415 struct sock *ska = socka->sk, *skb = sockb->sk;
1417 /* Join our sockets back to back */
1420 unix_peer(ska) = skb;
1421 unix_peer(skb) = ska;
1425 if (ska->sk_type != SOCK_DGRAM) {
1426 ska->sk_state = TCP_ESTABLISHED;
1427 skb->sk_state = TCP_ESTABLISHED;
1428 socka->state = SS_CONNECTED;
1429 sockb->state = SS_CONNECTED;
1434 static void unix_sock_inherit_flags(const struct socket *old,
1437 if (test_bit(SOCK_PASSCRED, &old->flags))
1438 set_bit(SOCK_PASSCRED, &new->flags);
1439 if (test_bit(SOCK_PASSSEC, &old->flags))
1440 set_bit(SOCK_PASSSEC, &new->flags);
1443 static int unix_accept(struct socket *sock, struct socket *newsock, int flags,
1446 struct sock *sk = sock->sk;
1448 struct sk_buff *skb;
1452 if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
1456 if (sk->sk_state != TCP_LISTEN)
1459 /* If socket state is TCP_LISTEN it cannot change (for now...),
1460 * so that no locks are necessary.
1463 skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
1465 /* This means receive shutdown. */
1472 skb_free_datagram(sk, skb);
1473 wake_up_interruptible(&unix_sk(sk)->peer_wait);
1475 /* attach accepted sock to socket */
1476 unix_state_lock(tsk);
1477 newsock->state = SS_CONNECTED;
1478 unix_sock_inherit_flags(sock, newsock);
1479 sock_graft(tsk, newsock);
1480 unix_state_unlock(tsk);
1488 static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer)
1490 struct sock *sk = sock->sk;
1491 struct unix_address *addr;
1492 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
1496 sk = unix_peer_get(sk);
1506 addr = smp_load_acquire(&unix_sk(sk)->addr);
1508 sunaddr->sun_family = AF_UNIX;
1509 sunaddr->sun_path[0] = 0;
1510 err = sizeof(short);
1513 memcpy(sunaddr, addr->name, addr->len);
1520 static void unix_peek_fds(struct scm_cookie *scm, struct sk_buff *skb)
1522 scm->fp = scm_fp_dup(UNIXCB(skb).fp);
1525 * Garbage collection of unix sockets starts by selecting a set of
1526 * candidate sockets which have reference only from being in flight
1527 * (total_refs == inflight_refs). This condition is checked once during
1528 * the candidate collection phase, and candidates are marked as such, so
1529 * that non-candidates can later be ignored. While inflight_refs is
1530 * protected by unix_gc_lock, total_refs (file count) is not, hence this
1531 * is an instantaneous decision.
1533 * Once a candidate, however, the socket must not be reinstalled into a
1534 * file descriptor while the garbage collection is in progress.
1536 * If the above conditions are met, then the directed graph of
1537 * candidates (*) does not change while unix_gc_lock is held.
1539 * Any operations that changes the file count through file descriptors
1540 * (dup, close, sendmsg) does not change the graph since candidates are
1541 * not installed in fds.
1543 * Dequeing a candidate via recvmsg would install it into an fd, but
1544 * that takes unix_gc_lock to decrement the inflight count, so it's
1545 * serialized with garbage collection.
1547 * MSG_PEEK is special in that it does not change the inflight count,
1548 * yet does install the socket into an fd. The following lock/unlock
1549 * pair is to ensure serialization with garbage collection. It must be
1550 * done between incrementing the file count and installing the file into
1553 * If garbage collection starts after the barrier provided by the
1554 * lock/unlock, then it will see the elevated refcount and not mark this
1555 * as a candidate. If a garbage collection is already in progress
1556 * before the file count was incremented, then the lock/unlock pair will
1557 * ensure that garbage collection is finished before progressing to
1558 * installing the fd.
1560 * (*) A -> B where B is on the queue of A or B is on the queue of C
1561 * which is on the queue of listening socket A.
1563 spin_lock(&unix_gc_lock);
1564 spin_unlock(&unix_gc_lock);
1567 static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1571 UNIXCB(skb).pid = get_pid(scm->pid);
1572 UNIXCB(skb).uid = scm->creds.uid;
1573 UNIXCB(skb).gid = scm->creds.gid;
1574 UNIXCB(skb).fp = NULL;
1575 unix_get_secdata(scm, skb);
1576 if (scm->fp && send_fds)
1577 err = unix_attach_fds(scm, skb);
1579 skb->destructor = unix_destruct_scm;
1583 static bool unix_passcred_enabled(const struct socket *sock,
1584 const struct sock *other)
1586 return test_bit(SOCK_PASSCRED, &sock->flags) ||
1587 !other->sk_socket ||
1588 test_bit(SOCK_PASSCRED, &other->sk_socket->flags);
1592 * Some apps rely on write() giving SCM_CREDENTIALS
1593 * We include credentials if source or destination socket
1594 * asserted SOCK_PASSCRED.
1596 static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1597 const struct sock *other)
1599 if (UNIXCB(skb).pid)
1601 if (unix_passcred_enabled(sock, other)) {
1602 UNIXCB(skb).pid = get_pid(task_tgid(current));
1603 current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid);
1607 static int maybe_init_creds(struct scm_cookie *scm,
1608 struct socket *socket,
1609 const struct sock *other)
1612 struct msghdr msg = { .msg_controllen = 0 };
1614 err = scm_send(socket, &msg, scm, false);
1618 if (unix_passcred_enabled(socket, other)) {
1619 scm->pid = get_pid(task_tgid(current));
1620 current_uid_gid(&scm->creds.uid, &scm->creds.gid);
1625 static bool unix_skb_scm_eq(struct sk_buff *skb,
1626 struct scm_cookie *scm)
1628 const struct unix_skb_parms *u = &UNIXCB(skb);
1630 return u->pid == scm->pid &&
1631 uid_eq(u->uid, scm->creds.uid) &&
1632 gid_eq(u->gid, scm->creds.gid) &&
1633 unix_secdata_eq(scm, skb);
1637 * Send AF_UNIX data.
1640 static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
1643 struct sock *sk = sock->sk;
1644 struct net *net = sock_net(sk);
1645 struct unix_sock *u = unix_sk(sk);
1646 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
1647 struct sock *other = NULL;
1648 int namelen = 0; /* fake GCC */
1651 struct sk_buff *skb;
1653 struct scm_cookie scm;
1658 err = scm_send(sock, msg, &scm, false);
1663 if (msg->msg_flags&MSG_OOB)
1666 if (msg->msg_namelen) {
1667 err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
1674 other = unix_peer_get(sk);
1679 if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
1680 && (err = unix_autobind(sock)) != 0)
1684 if (len > sk->sk_sndbuf - 32)
1687 if (len > SKB_MAX_ALLOC) {
1688 data_len = min_t(size_t,
1689 len - SKB_MAX_ALLOC,
1690 MAX_SKB_FRAGS * PAGE_SIZE);
1691 data_len = PAGE_ALIGN(data_len);
1693 BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE);
1696 skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
1697 msg->msg_flags & MSG_DONTWAIT, &err,
1698 PAGE_ALLOC_COSTLY_ORDER);
1702 err = unix_scm_to_skb(&scm, skb, true);
1706 skb_put(skb, len - data_len);
1707 skb->data_len = data_len;
1709 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len);
1713 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1718 if (sunaddr == NULL)
1721 other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
1727 if (sk_filter(other, skb) < 0) {
1728 /* Toss the packet but do not return any error to the sender */
1734 unix_state_lock(other);
1737 if (!unix_may_send(sk, other))
1740 if (unlikely(sock_flag(other, SOCK_DEAD))) {
1742 * Check with 1003.1g - what should
1745 unix_state_unlock(other);
1749 unix_state_lock(sk);
1752 if (unix_peer(sk) == other) {
1753 unix_peer(sk) = NULL;
1754 unix_dgram_peer_wake_disconnect_wakeup(sk, other);
1756 unix_state_unlock(sk);
1758 unix_dgram_disconnected(sk, other);
1760 err = -ECONNREFUSED;
1762 unix_state_unlock(sk);
1772 if (other->sk_shutdown & RCV_SHUTDOWN)
1775 if (sk->sk_type != SOCK_SEQPACKET) {
1776 err = security_unix_may_send(sk->sk_socket, other->sk_socket);
1781 /* other == sk && unix_peer(other) != sk if
1782 * - unix_peer(sk) == NULL, destination address bound to sk
1783 * - unix_peer(sk) == sk by time of get but disconnected before lock
1786 unlikely(unix_peer(other) != sk &&
1787 unix_recvq_full_lockless(other))) {
1789 timeo = unix_wait_for_peer(other, timeo);
1791 err = sock_intr_errno(timeo);
1792 if (signal_pending(current))
1799 unix_state_unlock(other);
1800 unix_state_double_lock(sk, other);
1803 if (unix_peer(sk) != other ||
1804 unix_dgram_peer_wake_me(sk, other)) {
1812 goto restart_locked;
1816 if (unlikely(sk_locked))
1817 unix_state_unlock(sk);
1819 if (sock_flag(other, SOCK_RCVTSTAMP))
1820 __net_timestamp(skb);
1821 maybe_add_creds(skb, sock, other);
1822 skb_queue_tail(&other->sk_receive_queue, skb);
1823 unix_state_unlock(other);
1824 other->sk_data_ready(other);
1831 unix_state_unlock(sk);
1832 unix_state_unlock(other);
1842 /* We use paged skbs for stream sockets, and limit occupancy to 32768
1843 * bytes, and a minimum of a full page.
1845 #define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768))
1847 static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
1850 struct sock *sk = sock->sk;
1851 struct sock *other = NULL;
1853 struct sk_buff *skb;
1855 struct scm_cookie scm;
1856 bool fds_sent = false;
1860 err = scm_send(sock, msg, &scm, false);
1865 if (msg->msg_flags&MSG_OOB)
1868 if (msg->msg_namelen) {
1869 err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
1873 other = unix_peer(sk);
1878 if (sk->sk_shutdown & SEND_SHUTDOWN)
1881 while (sent < len) {
1884 /* Keep two messages in the pipe so it schedules better */
1885 size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64);
1887 /* allow fallback to order-0 allocations */
1888 size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ);
1890 data_len = max_t(int, 0, size - SKB_MAX_HEAD(0));
1892 data_len = min_t(size_t, size, PAGE_ALIGN(data_len));
1894 skb = sock_alloc_send_pskb(sk, size - data_len, data_len,
1895 msg->msg_flags & MSG_DONTWAIT, &err,
1896 get_order(UNIX_SKB_FRAGS_SZ));
1900 /* Only send the fds in the first buffer */
1901 err = unix_scm_to_skb(&scm, skb, !fds_sent);
1908 skb_put(skb, size - data_len);
1909 skb->data_len = data_len;
1911 err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size);
1917 unix_state_lock(other);
1919 if (sock_flag(other, SOCK_DEAD) ||
1920 (other->sk_shutdown & RCV_SHUTDOWN))
1923 maybe_add_creds(skb, sock, other);
1924 skb_queue_tail(&other->sk_receive_queue, skb);
1925 unix_state_unlock(other);
1926 other->sk_data_ready(other);
1935 unix_state_unlock(other);
1938 if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
1939 send_sig(SIGPIPE, current, 0);
1943 return sent ? : err;
1946 static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page,
1947 int offset, size_t size, int flags)
1950 bool send_sigpipe = false;
1951 bool init_scm = true;
1952 struct scm_cookie scm;
1953 struct sock *other, *sk = socket->sk;
1954 struct sk_buff *skb, *newskb = NULL, *tail = NULL;
1956 if (flags & MSG_OOB)
1959 other = unix_peer(sk);
1960 if (!other || sk->sk_state != TCP_ESTABLISHED)
1965 unix_state_unlock(other);
1966 mutex_unlock(&unix_sk(other)->iolock);
1967 newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT,
1973 /* we must acquire iolock as we modify already present
1974 * skbs in the sk_receive_queue and mess with skb->len
1976 err = mutex_lock_interruptible(&unix_sk(other)->iolock);
1978 err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS;
1982 if (sk->sk_shutdown & SEND_SHUTDOWN) {
1984 send_sigpipe = true;
1988 unix_state_lock(other);
1990 if (sock_flag(other, SOCK_DEAD) ||
1991 other->sk_shutdown & RCV_SHUTDOWN) {
1993 send_sigpipe = true;
1994 goto err_state_unlock;
1998 err = maybe_init_creds(&scm, socket, other);
2000 goto err_state_unlock;
2004 skb = skb_peek_tail(&other->sk_receive_queue);
2005 if (tail && tail == skb) {
2007 } else if (!skb || !unix_skb_scm_eq(skb, &scm)) {
2014 } else if (newskb) {
2015 /* this is fast path, we don't necessarily need to
2016 * call to kfree_skb even though with newskb == NULL
2017 * this - does no harm
2019 consume_skb(newskb);
2023 if (skb_append_pagefrags(skb, page, offset, size)) {
2029 skb->data_len += size;
2030 skb->truesize += size;
2031 refcount_add(size, &sk->sk_wmem_alloc);
2034 err = unix_scm_to_skb(&scm, skb, false);
2036 goto err_state_unlock;
2037 spin_lock(&other->sk_receive_queue.lock);
2038 __skb_queue_tail(&other->sk_receive_queue, newskb);
2039 spin_unlock(&other->sk_receive_queue.lock);
2042 unix_state_unlock(other);
2043 mutex_unlock(&unix_sk(other)->iolock);
2045 other->sk_data_ready(other);
2050 unix_state_unlock(other);
2052 mutex_unlock(&unix_sk(other)->iolock);
2055 if (send_sigpipe && !(flags & MSG_NOSIGNAL))
2056 send_sig(SIGPIPE, current, 0);
2062 static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
2066 struct sock *sk = sock->sk;
2068 err = sock_error(sk);
2072 if (sk->sk_state != TCP_ESTABLISHED)
2075 if (msg->msg_namelen)
2076 msg->msg_namelen = 0;
2078 return unix_dgram_sendmsg(sock, msg, len);
2081 static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg,
2082 size_t size, int flags)
2084 struct sock *sk = sock->sk;
2086 if (sk->sk_state != TCP_ESTABLISHED)
2089 return unix_dgram_recvmsg(sock, msg, size, flags);
2092 static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
2094 struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr);
2097 msg->msg_namelen = addr->len;
2098 memcpy(msg->msg_name, addr->name, addr->len);
2102 static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg,
2103 size_t size, int flags)
2105 struct scm_cookie scm;
2106 struct sock *sk = sock->sk;
2107 struct unix_sock *u = unix_sk(sk);
2108 struct sk_buff *skb, *last;
2117 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
2120 mutex_lock(&u->iolock);
2122 skip = sk_peek_offset(sk, flags);
2123 skb = __skb_try_recv_datagram(sk, flags, NULL, &peeked, &skip,
2128 mutex_unlock(&u->iolock);
2133 !__skb_wait_for_more_packets(sk, &err, &timeo, last));
2135 if (!skb) { /* implies iolock unlocked */
2136 unix_state_lock(sk);
2137 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
2138 if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
2139 (sk->sk_shutdown & RCV_SHUTDOWN))
2141 unix_state_unlock(sk);
2145 if (wq_has_sleeper(&u->peer_wait))
2146 wake_up_interruptible_sync_poll(&u->peer_wait,
2147 EPOLLOUT | EPOLLWRNORM |
2151 unix_copy_addr(msg, skb->sk);
2153 if (size > skb->len - skip)
2154 size = skb->len - skip;
2155 else if (size < skb->len - skip)
2156 msg->msg_flags |= MSG_TRUNC;
2158 err = skb_copy_datagram_msg(skb, skip, msg, size);
2162 if (sock_flag(sk, SOCK_RCVTSTAMP))
2163 __sock_recv_timestamp(msg, sk, skb);
2165 memset(&scm, 0, sizeof(scm));
2167 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2168 unix_set_secdata(&scm, skb);
2170 if (!(flags & MSG_PEEK)) {
2172 unix_detach_fds(&scm, skb);
2174 sk_peek_offset_bwd(sk, skb->len);
2176 /* It is questionable: on PEEK we could:
2177 - do not return fds - good, but too simple 8)
2178 - return fds, and do not return them on read (old strategy,
2180 - clone fds (I chose it for now, it is the most universal
2183 POSIX 1003.1g does not actually define this clearly
2184 at all. POSIX 1003.1g doesn't define a lot of things
2189 sk_peek_offset_fwd(sk, size);
2192 unix_peek_fds(&scm, skb);
2194 err = (flags & MSG_TRUNC) ? skb->len - skip : size;
2196 scm_recv(sock, msg, &scm, flags);
2199 skb_free_datagram(sk, skb);
2200 mutex_unlock(&u->iolock);
2206 * Sleep until more data has arrived. But check for races..
2208 static long unix_stream_data_wait(struct sock *sk, long timeo,
2209 struct sk_buff *last, unsigned int last_len,
2212 struct sk_buff *tail;
2215 unix_state_lock(sk);
2218 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2220 tail = skb_peek_tail(&sk->sk_receive_queue);
2222 (tail && tail->len != last_len) ||
2224 (sk->sk_shutdown & RCV_SHUTDOWN) ||
2225 signal_pending(current) ||
2229 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2230 unix_state_unlock(sk);
2232 timeo = freezable_schedule_timeout(timeo);
2234 timeo = schedule_timeout(timeo);
2235 unix_state_lock(sk);
2237 if (sock_flag(sk, SOCK_DEAD))
2240 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2243 finish_wait(sk_sleep(sk), &wait);
2244 unix_state_unlock(sk);
2248 static unsigned int unix_skb_len(const struct sk_buff *skb)
2250 return skb->len - UNIXCB(skb).consumed;
2253 struct unix_stream_read_state {
2254 int (*recv_actor)(struct sk_buff *, int, int,
2255 struct unix_stream_read_state *);
2256 struct socket *socket;
2258 struct pipe_inode_info *pipe;
2261 unsigned int splice_flags;
2264 static int unix_stream_read_generic(struct unix_stream_read_state *state,
2267 struct scm_cookie scm;
2268 struct socket *sock = state->socket;
2269 struct sock *sk = sock->sk;
2270 struct unix_sock *u = unix_sk(sk);
2272 int flags = state->flags;
2273 int noblock = flags & MSG_DONTWAIT;
2274 bool check_creds = false;
2279 size_t size = state->size;
2280 unsigned int last_len;
2282 if (unlikely(sk->sk_state != TCP_ESTABLISHED)) {
2287 if (unlikely(flags & MSG_OOB)) {
2292 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
2293 timeo = sock_rcvtimeo(sk, noblock);
2295 memset(&scm, 0, sizeof(scm));
2297 /* Lock the socket to prevent queue disordering
2298 * while sleeps in memcpy_tomsg
2300 mutex_lock(&u->iolock);
2302 skip = max(sk_peek_offset(sk, flags), 0);
2307 struct sk_buff *skb, *last;
2310 unix_state_lock(sk);
2311 if (sock_flag(sk, SOCK_DEAD)) {
2315 last = skb = skb_peek(&sk->sk_receive_queue);
2316 last_len = last ? last->len : 0;
2319 if (copied >= target)
2323 * POSIX 1003.1g mandates this order.
2326 err = sock_error(sk);
2329 if (sk->sk_shutdown & RCV_SHUTDOWN)
2332 unix_state_unlock(sk);
2338 mutex_unlock(&u->iolock);
2340 timeo = unix_stream_data_wait(sk, timeo, last,
2341 last_len, freezable);
2343 if (signal_pending(current)) {
2344 err = sock_intr_errno(timeo);
2349 mutex_lock(&u->iolock);
2352 unix_state_unlock(sk);
2356 while (skip >= unix_skb_len(skb)) {
2357 skip -= unix_skb_len(skb);
2359 last_len = skb->len;
2360 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2365 unix_state_unlock(sk);
2368 /* Never glue messages from different writers */
2369 if (!unix_skb_scm_eq(skb, &scm))
2371 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
2372 /* Copy credentials */
2373 scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
2374 unix_set_secdata(&scm, skb);
2378 /* Copy address just once */
2379 if (state->msg && state->msg->msg_name) {
2380 DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
2381 state->msg->msg_name);
2382 unix_copy_addr(state->msg, skb->sk);
2386 chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
2388 chunk = state->recv_actor(skb, skip, chunk, state);
2389 drop_skb = !unix_skb_len(skb);
2390 /* skb is only safe to use if !drop_skb */
2401 /* the skb was touched by a concurrent reader;
2402 * we should not expect anything from this skb
2403 * anymore and assume it invalid - we can be
2404 * sure it was dropped from the socket queue
2406 * let's report a short read
2412 /* Mark read part of skb as used */
2413 if (!(flags & MSG_PEEK)) {
2414 UNIXCB(skb).consumed += chunk;
2416 sk_peek_offset_bwd(sk, chunk);
2419 unix_detach_fds(&scm, skb);
2421 if (unix_skb_len(skb))
2424 skb_unlink(skb, &sk->sk_receive_queue);
2430 /* It is questionable, see note in unix_dgram_recvmsg.
2433 unix_peek_fds(&scm, skb);
2435 sk_peek_offset_fwd(sk, chunk);
2442 last_len = skb->len;
2443 unix_state_lock(sk);
2444 skb = skb_peek_next(skb, &sk->sk_receive_queue);
2447 unix_state_unlock(sk);
2452 mutex_unlock(&u->iolock);
2454 scm_recv(sock, state->msg, &scm, flags);
2458 return copied ? : err;
2461 static int unix_stream_read_actor(struct sk_buff *skb,
2462 int skip, int chunk,
2463 struct unix_stream_read_state *state)
2467 ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
2469 return ret ?: chunk;
2472 static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
2473 size_t size, int flags)
2475 struct unix_stream_read_state state = {
2476 .recv_actor = unix_stream_read_actor,
2483 return unix_stream_read_generic(&state, true);
2486 static int unix_stream_splice_actor(struct sk_buff *skb,
2487 int skip, int chunk,
2488 struct unix_stream_read_state *state)
2490 return skb_splice_bits(skb, state->socket->sk,
2491 UNIXCB(skb).consumed + skip,
2492 state->pipe, chunk, state->splice_flags);
2495 static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos,
2496 struct pipe_inode_info *pipe,
2497 size_t size, unsigned int flags)
2499 struct unix_stream_read_state state = {
2500 .recv_actor = unix_stream_splice_actor,
2504 .splice_flags = flags,
2507 if (unlikely(*ppos))
2510 if (sock->file->f_flags & O_NONBLOCK ||
2511 flags & SPLICE_F_NONBLOCK)
2512 state.flags = MSG_DONTWAIT;
2514 return unix_stream_read_generic(&state, false);
2517 static int unix_shutdown(struct socket *sock, int mode)
2519 struct sock *sk = sock->sk;
2522 if (mode < SHUT_RD || mode > SHUT_RDWR)
2525 * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2526 * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2527 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2531 unix_state_lock(sk);
2532 sk->sk_shutdown |= mode;
2533 other = unix_peer(sk);
2536 unix_state_unlock(sk);
2537 sk->sk_state_change(sk);
2540 (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
2544 if (mode&RCV_SHUTDOWN)
2545 peer_mode |= SEND_SHUTDOWN;
2546 if (mode&SEND_SHUTDOWN)
2547 peer_mode |= RCV_SHUTDOWN;
2548 unix_state_lock(other);
2549 other->sk_shutdown |= peer_mode;
2550 unix_state_unlock(other);
2551 other->sk_state_change(other);
2552 if (peer_mode == SHUTDOWN_MASK)
2553 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
2554 else if (peer_mode & RCV_SHUTDOWN)
2555 sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
2563 long unix_inq_len(struct sock *sk)
2565 struct sk_buff *skb;
2568 if (sk->sk_state == TCP_LISTEN)
2571 spin_lock(&sk->sk_receive_queue.lock);
2572 if (sk->sk_type == SOCK_STREAM ||
2573 sk->sk_type == SOCK_SEQPACKET) {
2574 skb_queue_walk(&sk->sk_receive_queue, skb)
2575 amount += unix_skb_len(skb);
2577 skb = skb_peek(&sk->sk_receive_queue);
2581 spin_unlock(&sk->sk_receive_queue.lock);
2585 EXPORT_SYMBOL_GPL(unix_inq_len);
2587 long unix_outq_len(struct sock *sk)
2589 return sk_wmem_alloc_get(sk);
2591 EXPORT_SYMBOL_GPL(unix_outq_len);
2593 static int unix_open_file(struct sock *sk)
2599 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2602 if (!smp_load_acquire(&unix_sk(sk)->addr))
2605 path = unix_sk(sk)->path;
2611 fd = get_unused_fd_flags(O_CLOEXEC);
2615 f = dentry_open(&path, O_PATH, current_cred());
2629 static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2631 struct sock *sk = sock->sk;
2637 amount = unix_outq_len(sk);
2638 err = put_user(amount, (int __user *)arg);
2641 amount = unix_inq_len(sk);
2645 err = put_user(amount, (int __user *)arg);
2648 err = unix_open_file(sk);
2657 #ifdef CONFIG_COMPAT
2658 static int unix_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2660 return unix_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
2664 static __poll_t unix_poll(struct file *file, struct socket *sock, poll_table *wait)
2666 struct sock *sk = sock->sk;
2669 sock_poll_wait(file, sock, wait);
2672 /* exceptional events? */
2675 if (sk->sk_shutdown == SHUTDOWN_MASK)
2677 if (sk->sk_shutdown & RCV_SHUTDOWN)
2678 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2681 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
2682 mask |= EPOLLIN | EPOLLRDNORM;
2684 /* Connection-based need to check for termination and startup */
2685 if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
2686 sk->sk_state == TCP_CLOSE)
2690 * we set writable also when the other side has shut down the
2691 * connection. This prevents stuck sockets.
2693 if (unix_writable(sk))
2694 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2699 static __poll_t unix_dgram_poll(struct file *file, struct socket *sock,
2702 struct sock *sk = sock->sk, *other;
2703 unsigned int writable;
2706 sock_poll_wait(file, sock, wait);
2709 /* exceptional events? */
2710 if (sk->sk_err || !skb_queue_empty_lockless(&sk->sk_error_queue))
2712 (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? EPOLLPRI : 0);
2714 if (sk->sk_shutdown & RCV_SHUTDOWN)
2715 mask |= EPOLLRDHUP | EPOLLIN | EPOLLRDNORM;
2716 if (sk->sk_shutdown == SHUTDOWN_MASK)
2720 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
2721 mask |= EPOLLIN | EPOLLRDNORM;
2723 /* Connection-based need to check for termination and startup */
2724 if (sk->sk_type == SOCK_SEQPACKET) {
2725 if (sk->sk_state == TCP_CLOSE)
2727 /* connection hasn't started yet? */
2728 if (sk->sk_state == TCP_SYN_SENT)
2732 /* No write status requested, avoid expensive OUT tests. */
2733 if (!(poll_requested_events(wait) & (EPOLLWRBAND|EPOLLWRNORM|EPOLLOUT)))
2736 writable = unix_writable(sk);
2738 unix_state_lock(sk);
2740 other = unix_peer(sk);
2741 if (other && unix_peer(other) != sk &&
2742 unix_recvq_full_lockless(other) &&
2743 unix_dgram_peer_wake_me(sk, other))
2746 unix_state_unlock(sk);
2750 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
2752 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2757 #ifdef CONFIG_PROC_FS
2759 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2761 #define get_bucket(x) ((x) >> BUCKET_SPACE)
2762 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2763 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2765 static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
2767 unsigned long offset = get_offset(*pos);
2768 unsigned long bucket = get_bucket(*pos);
2770 unsigned long count = 0;
2772 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
2773 if (sock_net(sk) != seq_file_net(seq))
2775 if (++count == offset)
2782 static struct sock *unix_next_socket(struct seq_file *seq,
2786 unsigned long bucket;
2788 while (sk > (struct sock *)SEQ_START_TOKEN) {
2792 if (sock_net(sk) == seq_file_net(seq))
2797 sk = unix_from_bucket(seq, pos);
2802 bucket = get_bucket(*pos) + 1;
2803 *pos = set_bucket_offset(bucket, 1);
2804 } while (bucket < ARRAY_SIZE(unix_socket_table));
2809 static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
2810 __acquires(unix_table_lock)
2812 spin_lock(&unix_table_lock);
2815 return SEQ_START_TOKEN;
2817 if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
2820 return unix_next_socket(seq, NULL, pos);
2823 static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2826 return unix_next_socket(seq, v, pos);
2829 static void unix_seq_stop(struct seq_file *seq, void *v)
2830 __releases(unix_table_lock)
2832 spin_unlock(&unix_table_lock);
2835 static int unix_seq_show(struct seq_file *seq, void *v)
2838 if (v == SEQ_START_TOKEN)
2839 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2843 struct unix_sock *u = unix_sk(s);
2846 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2848 refcount_read(&s->sk_refcnt),
2850 s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
2853 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
2854 (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
2857 if (u->addr) { // under unix_table_lock here
2862 len = u->addr->len - sizeof(short);
2863 if (!UNIX_ABSTRACT(s))
2869 for ( ; i < len; i++)
2870 seq_putc(seq, u->addr->name->sun_path[i] ?:
2873 unix_state_unlock(s);
2874 seq_putc(seq, '\n');
2880 static const struct seq_operations unix_seq_ops = {
2881 .start = unix_seq_start,
2882 .next = unix_seq_next,
2883 .stop = unix_seq_stop,
2884 .show = unix_seq_show,
2888 static const struct net_proto_family unix_family_ops = {
2890 .create = unix_create,
2891 .owner = THIS_MODULE,
2895 static int __net_init unix_net_init(struct net *net)
2897 int error = -ENOMEM;
2899 net->unx.sysctl_max_dgram_qlen = 10;
2900 if (unix_sysctl_register(net))
2903 #ifdef CONFIG_PROC_FS
2904 if (!proc_create_net("unix", 0, net->proc_net, &unix_seq_ops,
2905 sizeof(struct seq_net_private))) {
2906 unix_sysctl_unregister(net);
2915 static void __net_exit unix_net_exit(struct net *net)
2917 unix_sysctl_unregister(net);
2918 remove_proc_entry("unix", net->proc_net);
2921 static struct pernet_operations unix_net_ops = {
2922 .init = unix_net_init,
2923 .exit = unix_net_exit,
2926 static int __init af_unix_init(void)
2930 BUILD_BUG_ON(sizeof(struct unix_skb_parms) > FIELD_SIZEOF(struct sk_buff, cb));
2932 rc = proto_register(&unix_proto, 1);
2934 pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__);
2938 sock_register(&unix_family_ops);
2939 register_pernet_subsys(&unix_net_ops);
2944 static void __exit af_unix_exit(void)
2946 sock_unregister(PF_UNIX);
2947 proto_unregister(&unix_proto);
2948 unregister_pernet_subsys(&unix_net_ops);
2951 /* Earlier than device_initcall() so that other drivers invoking
2952 request_module() don't end up in a loop when modprobe tries
2953 to use a UNIX socket. But later than subsys_initcall() because
2954 we depend on stuff initialised there */
2955 fs_initcall(af_unix_init);
2956 module_exit(af_unix_exit);
2958 MODULE_LICENSE("GPL");
2959 MODULE_ALIAS_NETPROTO(PF_UNIX);