2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* NET4: Implementation of BSD Unix domain sockets.
|
|
|
|
*
|
2008-10-14 10:01:08 +08:00
|
|
|
* Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version
|
|
|
|
* 2 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* Fixes:
|
|
|
|
* Linus Torvalds : Assorted bug cures.
|
|
|
|
* Niibe Yutaka : async I/O support.
|
|
|
|
* Carsten Paeth : PF_UNIX check, address fixes.
|
|
|
|
* Alan Cox : Limit size of allocated blocks.
|
|
|
|
* Alan Cox : Fixed the stupid socketpair bug.
|
|
|
|
* Alan Cox : BSD compatibility fine tuning.
|
|
|
|
* Alan Cox : Fixed a bug in connect when interrupted.
|
|
|
|
* Alan Cox : Sorted out a proper draft version of
|
|
|
|
* file descriptor passing hacked up from
|
|
|
|
* Mike Shaver's work.
|
|
|
|
* Marty Leisner : Fixes to fd passing
|
|
|
|
* Nick Nevin : recvmsg bugfix.
|
|
|
|
* Alan Cox : Started proper garbage collector
|
|
|
|
* Heiko EiBfeldt : Missing verify_area check
|
|
|
|
* Alan Cox : Started POSIXisms
|
|
|
|
* Andreas Schwab : Replace inode by dentry for proper
|
|
|
|
* reference counting
|
|
|
|
* Kirk Petersen : Made this a module
|
|
|
|
* Christoph Rohland : Elegant non-blocking accept/connect algorithm.
|
|
|
|
* Lots of bug fixes.
|
|
|
|
* Alexey Kuznetosv : Repaired (I hope) bugs introduces
|
|
|
|
* by above two patches.
|
|
|
|
* Andrea Arcangeli : If possible we block in connect(2)
|
|
|
|
* if the max backlog of the listen socket
|
|
|
|
* is been reached. This won't break
|
|
|
|
* old apps and it will avoid huge amount
|
|
|
|
* of socks hashed (this for unix_gc()
|
|
|
|
* performances reasons).
|
|
|
|
* Security fix that limits the max
|
|
|
|
* number of socks to 2*max_files and
|
|
|
|
* the number of skb queueable in the
|
|
|
|
* dgram receiver.
|
|
|
|
* Artur Skawina : Hash function optimizations
|
|
|
|
* Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
|
|
|
|
* Malcolm Beattie : Set peercred for socketpair
|
|
|
|
* Michal Ostrowski : Module initialization cleanup.
|
|
|
|
* Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
|
|
|
|
* the core infrastructure is doing that
|
|
|
|
* for all net proto families now (2.5.69+)
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* Known differences from reference BSD that was tested:
|
|
|
|
*
|
|
|
|
* [TO FIX]
|
|
|
|
* ECONNREFUSED is not returned from one end of a connected() socket to the
|
|
|
|
* other the moment one end closes.
|
|
|
|
* fstat() doesn't return st_dev=0, and give the blksize as high water mark
|
|
|
|
* and a fake inode identifier (nor the BSD first socket fstat twice bug).
|
|
|
|
* [NOT TO FIX]
|
|
|
|
* accept() returns a path name even if the connecting socket has closed
|
|
|
|
* in the meantime (BSD loses the path and gives up).
|
|
|
|
* accept() returns 0 length path for an unbound connector. BSD returns 16
|
|
|
|
* and a null first byte in the path (but not for gethost/peername - BSD bug ??)
|
|
|
|
* socketpair(...SOCK_RAW..) doesn't panic the kernel.
|
|
|
|
* BSD af_unix apparently has connect forgetting to block properly.
|
|
|
|
* (need to check this with the POSIX spec in detail)
|
|
|
|
*
|
|
|
|
* Differences from 2.0.0-11-... (ANK)
|
|
|
|
* Bug fixes and improvements.
|
|
|
|
* - client shutdown killed server socket.
|
|
|
|
* - removed all useless cli/sti pairs.
|
|
|
|
*
|
|
|
|
* Semantic changes/extensions.
|
|
|
|
* - generic control message passing.
|
|
|
|
* - SCM_CREDENTIALS control message.
|
|
|
|
* - "Abstract" (not FS based) socket bindings.
|
|
|
|
* Abstract names are sequences of bytes (not zero terminated)
|
|
|
|
* started by 0, so that this name space does not intersect
|
|
|
|
* with BSD names.
|
|
|
|
*/
|
|
|
|
|
2013-12-06 18:03:36 +08:00
|
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/signal.h>
|
|
|
|
#include <linux/sched.h>
|
|
|
|
#include <linux/errno.h>
|
|
|
|
#include <linux/string.h>
|
|
|
|
#include <linux/stat.h>
|
|
|
|
#include <linux/dcache.h>
|
|
|
|
#include <linux/namei.h>
|
|
|
|
#include <linux/socket.h>
|
|
|
|
#include <linux/un.h>
|
|
|
|
#include <linux/fcntl.h>
|
|
|
|
#include <linux/termios.h>
|
|
|
|
#include <linux/sockios.h>
|
|
|
|
#include <linux/net.h>
|
|
|
|
#include <linux/in.h>
|
|
|
|
#include <linux/fs.h>
|
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <asm/uaccess.h>
|
|
|
|
#include <linux/skbuff.h>
|
|
|
|
#include <linux/netdevice.h>
|
2007-09-12 18:01:34 +08:00
|
|
|
#include <net/net_namespace.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <net/sock.h>
|
2005-08-10 11:08:28 +08:00
|
|
|
#include <net/tcp_states.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <net/af_unix.h>
|
|
|
|
#include <linux/proc_fs.h>
|
|
|
|
#include <linux/seq_file.h>
|
|
|
|
#include <net/scm.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/poll.h>
|
|
|
|
#include <linux/rtnetlink.h>
|
|
|
|
#include <linux/mount.h>
|
|
|
|
#include <net/checksum.h>
|
|
|
|
#include <linux/security.h>
|
2013-05-07 07:50:21 +08:00
|
|
|
#include <linux/freezer.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-06-08 13:03:21 +08:00
|
|
|
struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
|
2011-12-15 10:44:03 +08:00
|
|
|
EXPORT_SYMBOL_GPL(unix_socket_table);
|
|
|
|
DEFINE_SPINLOCK(unix_table_lock);
|
|
|
|
EXPORT_SYMBOL_GPL(unix_table_lock);
|
2010-10-27 05:22:44 +08:00
|
|
|
static atomic_long_t unix_nr_socks;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
2012-06-08 13:03:21 +08:00
|
|
|
static struct hlist_head *unix_sockets_unbound(void *addr)
|
|
|
|
{
|
|
|
|
unsigned long hash = (unsigned long)addr;
|
|
|
|
|
|
|
|
hash ^= hash >> 16;
|
|
|
|
hash ^= hash >> 8;
|
|
|
|
hash %= UNIX_HASH_SIZE;
|
|
|
|
return &unix_socket_table[UNIX_HASH_SIZE + hash];
|
|
|
|
}
|
|
|
|
|
|
|
|
#define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
|
2005-04-17 06:20:36 +08:00
|
|
|
|
[AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket. The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.
Patch design and implementation:
The design and implementation is very similar to the UDP case for INET
sockets. Basically we build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message). To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt. Then the application
retrieves the security context using the auxiliary data mechanism.
An example server application for Unix datagram socket should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_SOCKET &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.
Testing:
We have tested the patch by setting up Unix datagram client and server
applications. We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-30 03:27:47 +08:00
|
|
|
#ifdef CONFIG_SECURITY_NETWORK
|
2006-08-03 05:12:06 +08:00
|
|
|
static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
|
[AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket. The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.
Patch design and implementation:
The design and implementation is very similar to the UDP case for INET
sockets. Basically we build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message). To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt. Then the application
retrieves the security context using the auxiliary data mechanism.
An example server application for Unix datagram socket should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_SOCKET &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.
Testing:
We have tested the patch by setting up Unix datagram client and server
applications. We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-30 03:27:47 +08:00
|
|
|
{
|
2015-06-10 20:44:59 +08:00
|
|
|
UNIXCB(skb).secid = scm->secid;
|
[AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket. The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.
Patch design and implementation:
The design and implementation is very similar to the UDP case for INET
sockets. Basically we build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message). To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt. Then the application
retrieves the security context using the auxiliary data mechanism.
An example server application for Unix datagram socket should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_SOCKET &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.
Testing:
We have tested the patch by setting up Unix datagram client and server
applications. We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-30 03:27:47 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
|
|
|
|
{
|
2015-06-10 20:44:59 +08:00
|
|
|
scm->secid = UNIXCB(skb).secid;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
return (scm->secid == UNIXCB(skb).secid);
|
[AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket. The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.
Patch design and implementation:
The design and implementation is very similar to the UDP case for INET
sockets. Basically we build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message). To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt. Then the application
retrieves the security context using the auxiliary data mechanism.
An example server application for Unix datagram socket should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_SOCKET &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.
Testing:
We have tested the patch by setting up Unix datagram client and server
applications. We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-30 03:27:47 +08:00
|
|
|
}
|
|
|
|
#else
|
2006-08-03 05:12:06 +08:00
|
|
|
static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
|
[AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket. The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.
Patch design and implementation:
The design and implementation is very similar to the UDP case for INET
sockets. Basically we build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message). To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt. Then the application
retrieves the security context using the auxiliary data mechanism.
An example server application for Unix datagram socket should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_SOCKET &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.
Testing:
We have tested the patch by setting up Unix datagram client and server
applications. We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-30 03:27:47 +08:00
|
|
|
{ }
|
|
|
|
|
|
|
|
static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
|
|
|
|
{ }
|
2015-06-10 20:44:59 +08:00
|
|
|
|
|
|
|
static inline bool unix_secdata_eq(struct scm_cookie *scm, struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
return true;
|
|
|
|
}
|
[AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket. The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.
Patch design and implementation:
The design and implementation is very similar to the UDP case for INET
sockets. Basically we build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message). To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt. Then the application
retrieves the security context using the auxiliary data mechanism.
An example server application for Unix datagram socket should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_SOCKET &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.
Testing:
We have tested the patch by setting up Unix datagram client and server
applications. We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-30 03:27:47 +08:00
|
|
|
#endif /* CONFIG_SECURITY_NETWORK */
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* SMP locking strategy:
|
2005-12-14 15:26:29 +08:00
|
|
|
* hash table is protected with spinlock unix_table_lock
|
2010-02-19 06:12:06 +08:00
|
|
|
* each socket state is protected by separate spin lock.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
|
|
|
|
2012-04-15 13:58:06 +08:00
|
|
|
static inline unsigned int unix_hash_fold(__wsum n)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
net: unix socket code abuses csum_partial
The unix socket code is using the result of csum_partial to
hash into a lookup table:
unix_hash_fold(csum_partial(sunaddr, len, 0));
csum_partial is only guaranteed to produce something that can be
folded into a checksum, as its prototype explains:
* returns a 32-bit number suitable for feeding into itself
* or csum_tcpudp_magic
The 32bit value should not be used directly.
Depending on the alignment, the ppc64 csum_partial will return
different 32bit partial checksums that will fold into the same
16bit checksum.
This difference causes the following testcase (courtesy of
Gustavo) to sometimes fail:
#include <sys/socket.h>
#include <stdio.h>
int main()
{
int fd = socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0);
int i = 1;
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &i, 4);
struct sockaddr addr;
addr.sa_family = AF_LOCAL;
bind(fd, &addr, 2);
listen(fd, 128);
struct sockaddr_storage ss;
socklen_t sslen = (socklen_t)sizeof(ss);
getsockname(fd, (struct sockaddr*)&ss, &sslen);
fd = socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0);
if (connect(fd, (struct sockaddr*)&ss, sslen) == -1){
perror(NULL);
return 1;
}
printf("OK\n");
return 0;
}
As suggested by davem, fix this by using csum_fold to fold the
partial 32bit checksum into a 16bit checksum before using it.
Signed-off-by: Anton Blanchard <anton@samba.org>
Cc: stable@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-03-05 11:29:58 +08:00
|
|
|
unsigned int hash = (__force unsigned int)csum_fold(n);
|
2012-04-15 13:58:06 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
hash ^= hash>>8;
|
|
|
|
return hash&(UNIX_HASH_SIZE-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
#define unix_peer(sk) (unix_sk(sk)->peer)
|
|
|
|
|
|
|
|
static inline int unix_our_peer(struct sock *sk, struct sock *osk)
|
|
|
|
{
|
|
|
|
return unix_peer(osk) == sk;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline int unix_may_send(struct sock *sk, struct sock *osk)
|
|
|
|
{
|
2008-11-17 14:58:44 +08:00
|
|
|
return unix_peer(osk) == NULL || unix_our_peer(sk, osk);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2008-06-18 13:28:05 +08:00
|
|
|
static inline int unix_recvq_full(struct sock const *sk)
|
|
|
|
{
|
|
|
|
return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
|
|
|
|
}
|
|
|
|
|
2011-12-15 10:44:03 +08:00
|
|
|
struct sock *unix_peer_get(struct sock *s)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *peer;
|
|
|
|
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(s);
|
2005-04-17 06:20:36 +08:00
|
|
|
peer = unix_peer(s);
|
|
|
|
if (peer)
|
|
|
|
sock_hold(peer);
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(s);
|
2005-04-17 06:20:36 +08:00
|
|
|
return peer;
|
|
|
|
}
|
2011-12-15 10:44:03 +08:00
|
|
|
EXPORT_SYMBOL_GPL(unix_peer_get);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
static inline void unix_release_addr(struct unix_address *addr)
|
|
|
|
{
|
|
|
|
if (atomic_dec_and_test(&addr->refcnt))
|
|
|
|
kfree(addr);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check unix socket name:
|
|
|
|
* - should be not zero length.
|
|
|
|
* - if started by not zero, should be NULL terminated (FS object)
|
|
|
|
* - if started by zero, it is abstract name.
|
|
|
|
*/
|
2007-02-09 22:25:23 +08:00
|
|
|
|
2012-04-15 13:58:06 +08:00
|
|
|
static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
if (len <= sizeof(short) || len > sizeof(*sunaddr))
|
|
|
|
return -EINVAL;
|
|
|
|
if (!sunaddr || sunaddr->sun_family != AF_UNIX)
|
|
|
|
return -EINVAL;
|
|
|
|
if (sunaddr->sun_path[0]) {
|
|
|
|
/*
|
|
|
|
* This may look like an off by one error but it is a bit more
|
|
|
|
* subtle. 108 is the longest valid AF_UNIX path for a binding.
|
2011-03-31 09:57:33 +08:00
|
|
|
* sun_path[108] doesn't as such exist. However in kernel space
|
2005-04-17 06:20:36 +08:00
|
|
|
* we are guaranteed that it is a valid memory location in our
|
|
|
|
* kernel address buffer.
|
|
|
|
*/
|
2008-11-02 12:38:31 +08:00
|
|
|
((char *)sunaddr)[len] = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
len = strlen(sunaddr->sun_path)+1+sizeof(short);
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
2008-11-20 07:44:53 +08:00
|
|
|
*hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));
|
2005-04-17 06:20:36 +08:00
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __unix_remove_socket(struct sock *sk)
|
|
|
|
{
|
|
|
|
sk_del_node_init(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
|
|
|
|
{
|
2008-07-26 12:43:18 +08:00
|
|
|
WARN_ON(!sk_unhashed(sk));
|
2005-04-17 06:20:36 +08:00
|
|
|
sk_add_node(sk, list);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void unix_remove_socket(struct sock *sk)
|
|
|
|
{
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_lock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
__unix_remove_socket(sk);
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_unlock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)
|
|
|
|
{
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_lock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
__unix_insert_socket(list, sk);
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_unlock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2007-11-20 14:29:30 +08:00
|
|
|
static struct sock *__unix_find_socket_byname(struct net *net,
|
|
|
|
struct sockaddr_un *sunname,
|
2012-04-15 13:58:06 +08:00
|
|
|
int len, int type, unsigned int hash)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *s;
|
|
|
|
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 09:06:00 +08:00
|
|
|
sk_for_each(s, &unix_socket_table[hash ^ type]) {
|
2005-04-17 06:20:36 +08:00
|
|
|
struct unix_sock *u = unix_sk(s);
|
|
|
|
|
2008-03-26 02:57:35 +08:00
|
|
|
if (!net_eq(sock_net(s), net))
|
2007-11-20 14:29:30 +08:00
|
|
|
continue;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
if (u->addr->len == len &&
|
|
|
|
!memcmp(u->addr->name, sunname, len))
|
|
|
|
goto found;
|
|
|
|
}
|
|
|
|
s = NULL;
|
|
|
|
found:
|
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
2007-11-20 14:29:30 +08:00
|
|
|
static inline struct sock *unix_find_socket_byname(struct net *net,
|
|
|
|
struct sockaddr_un *sunname,
|
2005-04-17 06:20:36 +08:00
|
|
|
int len, int type,
|
2012-04-15 13:58:06 +08:00
|
|
|
unsigned int hash)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *s;
|
|
|
|
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_lock(&unix_table_lock);
|
2007-11-20 14:29:30 +08:00
|
|
|
s = __unix_find_socket_byname(net, sunname, len, type, hash);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (s)
|
|
|
|
sock_hold(s);
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_unlock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
2010-06-13 11:35:48 +08:00
|
|
|
static struct sock *unix_find_socket_byinode(struct inode *i)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *s;
|
|
|
|
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_lock(&unix_table_lock);
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 09:06:00 +08:00
|
|
|
sk_for_each(s,
|
2005-04-17 06:20:36 +08:00
|
|
|
&unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
|
2012-03-15 09:54:32 +08:00
|
|
|
struct dentry *dentry = unix_sk(s)->path.dentry;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
af_unix: fix hard linked sockets on overlay
Overlayfs uses separate inodes even in the case of hard links on the
underlying filesystems. This is a problem for AF_UNIX socket
implementation which indexes sockets based on the inode. This resulted in
hard linked sockets not working.
The fix is to use the real, underlying inode.
Test case follows:
-- ovl-sock-test.c --
#include <unistd.h>
#include <err.h>
#include <sys/socket.h>
#include <sys/un.h>
#define SOCK "test-sock"
#define SOCK2 "test-sock2"
int main(void)
{
int fd, fd2;
struct sockaddr_un addr = {
.sun_family = AF_UNIX,
.sun_path = SOCK,
};
struct sockaddr_un addr2 = {
.sun_family = AF_UNIX,
.sun_path = SOCK2,
};
unlink(SOCK);
unlink(SOCK2);
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
err(1, "socket");
if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) == -1)
err(1, "bind");
if (listen(fd, 0) == -1)
err(1, "listen");
if (link(SOCK, SOCK2) == -1)
err(1, "link");
if ((fd2 = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
err(1, "socket");
if (connect(fd2, (struct sockaddr *) &addr2, sizeof(addr2)) == -1)
err (1, "connect");
return 0;
}
----
Reported-by: Alexander Morozov <alexandr.morozov@docker.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: <stable@vger.kernel.org>
2016-05-21 04:13:45 +08:00
|
|
|
if (dentry && d_real_inode(dentry) == i) {
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_hold(s);
|
|
|
|
goto found;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
s = NULL;
|
|
|
|
found:
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_unlock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
2015-11-21 06:07:23 +08:00
|
|
|
/* Support code for asymmetrically connected dgram sockets
|
|
|
|
*
|
|
|
|
* If a datagram socket is connected to a socket not itself connected
|
|
|
|
* to the first socket (eg, /dev/log), clients may only enqueue more
|
|
|
|
* messages if the present receive queue of the server socket is not
|
|
|
|
* "too large". This means there's a second writeability condition
|
|
|
|
* poll and sendmsg need to test. The dgram recv code will do a wake
|
|
|
|
* up on the peer_wait wait queue of a socket upon reception of a
|
|
|
|
* datagram which needs to be propagated to sleeping would-be writers
|
|
|
|
* since these might not have sent anything so far. This can't be
|
|
|
|
* accomplished via poll_wait because the lifetime of the server
|
|
|
|
* socket might be less than that of its clients if these break their
|
|
|
|
* association with it or if the server socket is closed while clients
|
|
|
|
* are still connected to it and there's no way to inform "a polling
|
|
|
|
* implementation" that it should let go of a certain wait queue
|
|
|
|
*
|
|
|
|
* In order to propagate a wake up, a wait_queue_t of the client
|
|
|
|
* socket is enqueued on the peer_wait queue of the server socket
|
|
|
|
* whose wake function does a wake_up on the ordinary client socket
|
|
|
|
* wait queue. This connection is established whenever a write (or
|
|
|
|
* poll for write) hit the flow control condition and broken when the
|
|
|
|
* association to the server socket is dissolved or after a wake up
|
|
|
|
* was relayed.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int unix_dgram_peer_wake_relay(wait_queue_t *q, unsigned mode, int flags,
|
|
|
|
void *key)
|
|
|
|
{
|
|
|
|
struct unix_sock *u;
|
|
|
|
wait_queue_head_t *u_sleep;
|
|
|
|
|
|
|
|
u = container_of(q, struct unix_sock, peer_wake);
|
|
|
|
|
|
|
|
__remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait,
|
|
|
|
q);
|
|
|
|
u->peer_wake.private = NULL;
|
|
|
|
|
|
|
|
/* relaying can only happen while the wq still exists */
|
|
|
|
u_sleep = sk_sleep(&u->sk);
|
|
|
|
if (u_sleep)
|
|
|
|
wake_up_interruptible_poll(u_sleep, key);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other)
|
|
|
|
{
|
|
|
|
struct unix_sock *u, *u_other;
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
u = unix_sk(sk);
|
|
|
|
u_other = unix_sk(other);
|
|
|
|
rc = 0;
|
|
|
|
spin_lock(&u_other->peer_wait.lock);
|
|
|
|
|
|
|
|
if (!u->peer_wake.private) {
|
|
|
|
u->peer_wake.private = other;
|
|
|
|
__add_wait_queue(&u_other->peer_wait, &u->peer_wake);
|
|
|
|
|
|
|
|
rc = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
spin_unlock(&u_other->peer_wait.lock);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void unix_dgram_peer_wake_disconnect(struct sock *sk,
|
|
|
|
struct sock *other)
|
|
|
|
{
|
|
|
|
struct unix_sock *u, *u_other;
|
|
|
|
|
|
|
|
u = unix_sk(sk);
|
|
|
|
u_other = unix_sk(other);
|
|
|
|
spin_lock(&u_other->peer_wait.lock);
|
|
|
|
|
|
|
|
if (u->peer_wake.private == other) {
|
|
|
|
__remove_wait_queue(&u_other->peer_wait, &u->peer_wake);
|
|
|
|
u->peer_wake.private = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
spin_unlock(&u_other->peer_wait.lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk,
|
|
|
|
struct sock *other)
|
|
|
|
{
|
|
|
|
unix_dgram_peer_wake_disconnect(sk, other);
|
|
|
|
wake_up_interruptible_poll(sk_sleep(sk),
|
|
|
|
POLLOUT |
|
|
|
|
POLLWRNORM |
|
|
|
|
POLLWRBAND);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* preconditions:
|
|
|
|
* - unix_peer(sk) == other
|
|
|
|
* - association is stable
|
|
|
|
*/
|
|
|
|
static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
|
|
|
|
{
|
|
|
|
int connected;
|
|
|
|
|
|
|
|
connected = unix_dgram_peer_wake_connect(sk, other);
|
|
|
|
|
|
|
|
if (unix_recvq_full(other))
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
if (connected)
|
|
|
|
unix_dgram_peer_wake_disconnect(sk, other);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-10-24 01:59:16 +08:00
|
|
|
static int unix_writable(const struct sock *sk)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2015-10-24 01:59:16 +08:00
|
|
|
return sk->sk_state != TCP_LISTEN &&
|
|
|
|
(atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void unix_write_space(struct sock *sk)
|
|
|
|
{
|
2010-04-29 19:01:49 +08:00
|
|
|
struct socket_wq *wq;
|
|
|
|
|
|
|
|
rcu_read_lock();
|
2005-04-17 06:20:36 +08:00
|
|
|
if (unix_writable(sk)) {
|
2010-04-29 19:01:49 +08:00
|
|
|
wq = rcu_dereference(sk->sk_wq);
|
2015-11-26 13:55:39 +08:00
|
|
|
if (skwq_has_sleeper(wq))
|
2010-10-30 04:44:44 +08:00
|
|
|
wake_up_interruptible_sync_poll(&wq->wait,
|
|
|
|
POLLOUT | POLLWRNORM | POLLWRBAND);
|
2007-11-26 20:10:50 +08:00
|
|
|
sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2010-04-29 19:01:49 +08:00
|
|
|
rcu_read_unlock();
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* When dgram socket disconnects (or changes its peer), we clear its receive
|
|
|
|
* queue of packets arrived from previous peer. First, it allows to do
|
|
|
|
* flow control based only on wmem_alloc; second, sk connected to peer
|
|
|
|
* may receive messages only from that peer. */
|
|
|
|
static void unix_dgram_disconnected(struct sock *sk, struct sock *other)
|
|
|
|
{
|
2005-07-09 05:57:23 +08:00
|
|
|
if (!skb_queue_empty(&sk->sk_receive_queue)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
skb_queue_purge(&sk->sk_receive_queue);
|
|
|
|
wake_up_interruptible_all(&unix_sk(sk)->peer_wait);
|
|
|
|
|
|
|
|
/* If one link of bidirectional dgram pipe is disconnected,
|
|
|
|
* we signal error. Messages are lost. Do not make this,
|
|
|
|
* when peer was not connected to us.
|
|
|
|
*/
|
|
|
|
if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) {
|
|
|
|
other->sk_err = ECONNRESET;
|
|
|
|
other->sk_error_report(other);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void unix_sock_destructor(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct unix_sock *u = unix_sk(sk);
|
|
|
|
|
|
|
|
skb_queue_purge(&sk->sk_receive_queue);
|
|
|
|
|
2008-07-26 12:43:18 +08:00
|
|
|
WARN_ON(atomic_read(&sk->sk_wmem_alloc));
|
|
|
|
WARN_ON(!sk_unhashed(sk));
|
|
|
|
WARN_ON(sk->sk_socket);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!sock_flag(sk, SOCK_DEAD)) {
|
2013-12-06 18:03:36 +08:00
|
|
|
pr_info("Attempt to release alive unix socket: %p\n", sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (u->addr)
|
|
|
|
unix_release_addr(u->addr);
|
|
|
|
|
2010-10-27 05:22:44 +08:00
|
|
|
atomic_long_dec(&unix_nr_socks);
|
2008-11-24 09:34:03 +08:00
|
|
|
local_bh_disable();
|
2008-11-17 18:38:49 +08:00
|
|
|
sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
|
2008-11-24 09:34:03 +08:00
|
|
|
local_bh_enable();
|
2005-04-17 06:20:36 +08:00
|
|
|
#ifdef UNIX_REFCNT_DEBUG
|
2013-12-06 18:03:36 +08:00
|
|
|
pr_debug("UNIX %p is destroyed, %ld are still alive.\n", sk,
|
2010-10-27 05:22:44 +08:00
|
|
|
atomic_long_read(&unix_nr_socks));
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2013-03-25 11:18:33 +08:00
|
|
|
static void unix_release_sock(struct sock *sk, int embrion)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct unix_sock *u = unix_sk(sk);
|
2012-03-15 09:54:32 +08:00
|
|
|
struct path path;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct sock *skpair;
|
|
|
|
struct sk_buff *skb;
|
|
|
|
int state;
|
|
|
|
|
|
|
|
unix_remove_socket(sk);
|
|
|
|
|
|
|
|
/* Clear state */
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_orphan(sk);
|
|
|
|
sk->sk_shutdown = SHUTDOWN_MASK;
|
2012-03-15 09:54:32 +08:00
|
|
|
path = u->path;
|
|
|
|
u->path.dentry = NULL;
|
|
|
|
u->path.mnt = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
state = sk->sk_state;
|
|
|
|
sk->sk_state = TCP_CLOSE;
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
wake_up_interruptible_all(&u->peer_wait);
|
|
|
|
|
2008-11-02 12:38:31 +08:00
|
|
|
skpair = unix_peer(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-11-02 12:38:31 +08:00
|
|
|
if (skpair != NULL) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) {
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(skpair);
|
2005-04-17 06:20:36 +08:00
|
|
|
/* No more writes */
|
|
|
|
skpair->sk_shutdown = SHUTDOWN_MASK;
|
|
|
|
if (!skb_queue_empty(&sk->sk_receive_queue) || embrion)
|
|
|
|
skpair->sk_err = ECONNRESET;
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(skpair);
|
2005-04-17 06:20:36 +08:00
|
|
|
skpair->sk_state_change(skpair);
|
2007-11-26 20:10:50 +08:00
|
|
|
sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2015-11-21 06:07:23 +08:00
|
|
|
|
|
|
|
unix_dgram_peer_wake_disconnect(sk, skpair);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_put(skpair); /* It may now die */
|
|
|
|
unix_peer(sk) = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Try to flush out this socket. Throw out buffers at least */
|
|
|
|
|
|
|
|
while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
|
2008-11-02 12:38:31 +08:00
|
|
|
if (state == TCP_LISTEN)
|
2005-04-17 06:20:36 +08:00
|
|
|
unix_release_sock(skb->sk, 1);
|
|
|
|
/* passed fds are erased in the kfree_skb hook */
|
2015-11-10 23:23:15 +08:00
|
|
|
UNIXCB(skb).consumed = skb->len;
|
2005-04-17 06:20:36 +08:00
|
|
|
kfree_skb(skb);
|
|
|
|
}
|
|
|
|
|
2012-03-15 09:54:32 +08:00
|
|
|
if (path.dentry)
|
|
|
|
path_put(&path);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
sock_put(sk);
|
|
|
|
|
|
|
|
/* ---- Socket is dead now and most probably destroyed ---- */
|
|
|
|
|
|
|
|
/*
|
2012-09-17 08:52:41 +08:00
|
|
|
* Fixme: BSD difference: In BSD all sockets connected to us get
|
2005-04-17 06:20:36 +08:00
|
|
|
* ECONNRESET and we die on the spot. In Linux we behave
|
|
|
|
* like files and pipes do and wait for the last
|
|
|
|
* dereference.
|
|
|
|
*
|
|
|
|
* Can't we simply set sock->err?
|
|
|
|
*
|
|
|
|
* What the above comment does talk about? --ANK(980817)
|
|
|
|
*/
|
|
|
|
|
2007-11-11 14:06:01 +08:00
|
|
|
if (unix_tot_inflight)
|
2007-02-09 22:25:23 +08:00
|
|
|
unix_gc(); /* Garbage collect fds */
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2010-06-13 11:30:14 +08:00
|
|
|
static void init_peercred(struct sock *sk)
|
|
|
|
{
|
|
|
|
put_pid(sk->sk_peer_pid);
|
|
|
|
if (sk->sk_peer_cred)
|
|
|
|
put_cred(sk->sk_peer_cred);
|
|
|
|
sk->sk_peer_pid = get_pid(task_tgid(current));
|
|
|
|
sk->sk_peer_cred = get_current_cred();
|
|
|
|
}
|
|
|
|
|
|
|
|
static void copy_peercred(struct sock *sk, struct sock *peersk)
|
|
|
|
{
|
|
|
|
put_pid(sk->sk_peer_pid);
|
|
|
|
if (sk->sk_peer_cred)
|
|
|
|
put_cred(sk->sk_peer_cred);
|
|
|
|
sk->sk_peer_pid = get_pid(peersk->sk_peer_pid);
|
|
|
|
sk->sk_peer_cred = get_cred(peersk->sk_peer_cred);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int unix_listen(struct socket *sock, int backlog)
|
|
|
|
{
|
|
|
|
int err;
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct unix_sock *u = unix_sk(sk);
|
2010-06-13 11:30:14 +08:00
|
|
|
struct pid *old_pid = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
err = -EOPNOTSUPP;
|
2008-11-17 14:58:44 +08:00
|
|
|
if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
|
|
|
|
goto out; /* Only stream/seqpacket sockets accept */
|
2005-04-17 06:20:36 +08:00
|
|
|
err = -EINVAL;
|
|
|
|
if (!u->addr)
|
2008-11-17 14:58:44 +08:00
|
|
|
goto out; /* No listens on an unbound socket */
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN)
|
|
|
|
goto out_unlock;
|
|
|
|
if (backlog > sk->sk_max_ack_backlog)
|
|
|
|
wake_up_interruptible_all(&u->peer_wait);
|
|
|
|
sk->sk_max_ack_backlog = backlog;
|
|
|
|
sk->sk_state = TCP_LISTEN;
|
|
|
|
/* set credentials so connect can copy them */
|
2010-06-13 11:30:14 +08:00
|
|
|
init_peercred(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
err = 0;
|
|
|
|
|
|
|
|
out_unlock:
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(sk);
|
2010-06-13 11:30:14 +08:00
|
|
|
put_pid(old_pid);
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int unix_release(struct socket *);
|
|
|
|
static int unix_bind(struct socket *, struct sockaddr *, int);
|
|
|
|
static int unix_stream_connect(struct socket *, struct sockaddr *,
|
|
|
|
int addr_len, int flags);
|
|
|
|
static int unix_socketpair(struct socket *, struct socket *);
|
|
|
|
static int unix_accept(struct socket *, struct socket *, int);
|
|
|
|
static int unix_getname(struct socket *, struct sockaddr *, int *, int);
|
|
|
|
static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
|
af_unix: fix 'poll for write'/connected DGRAM sockets
For n:1 'datagram connections' (eg /dev/log), the unix_dgram_sendmsg
routine implements a form of receiver-imposed flow control by
comparing the length of the receive queue of the 'peer socket' with
the max_ack_backlog value stored in the corresponding sock structure,
either blocking the thread which caused the send-routine to be called
or returning EAGAIN. This routine is used by both SOCK_DGRAM and
SOCK_SEQPACKET sockets. The poll-implementation for these socket types
is datagram_poll from core/datagram.c. A socket is deemed to be
writeable by this routine when the memory presently consumed by
datagrams owned by it is less than the configured socket send buffer
size. This is always wrong for PF_UNIX non-stream sockets connected to
server sockets dealing with (potentially) multiple clients if the
abovementioned receive queue is currently considered to be full.
'poll' will then return, indicating that the socket is writeable, but
a subsequent write result in EAGAIN, effectively causing an (usual)
application to 'poll for writeability by repeated send request with
O_NONBLOCK set' until it has consumed its time quantum.
The change below uses a suitably modified variant of the datagram_poll
routines for both type of PF_UNIX sockets, which tests if the
recv-queue of the peer a socket is connected to is presently
considered to be 'full' as part of the 'is this socket
writeable'-checking code. The socket being polled is additionally
put onto the peer_wait wait queue associated with its peer, because the
unix_dgram_recvmsg routine does a wake up on this queue after a
datagram was received and the 'other wakeup call' is done implicitly
as part of skb destruction, meaning, a process blocked in poll
because of a full peer receive queue could otherwise sleep forever
if no datagram owned by its socket was already sitting on this queue.
Among this change is a small (inline) helper routine named
'unix_recvq_full', which consolidates the actual testing code (in three
different places) into a single location.
Signed-off-by: Rainer Weikusat <rweikusat@mssgmbh.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-28 10:34:18 +08:00
|
|
|
static unsigned int unix_dgram_poll(struct file *, struct socket *,
|
|
|
|
poll_table *);
|
2005-04-17 06:20:36 +08:00
|
|
|
static int unix_ioctl(struct socket *, unsigned int, unsigned long);
|
|
|
|
static int unix_shutdown(struct socket *, int);
|
2015-03-02 15:37:48 +08:00
|
|
|
static int unix_stream_sendmsg(struct socket *, struct msghdr *, size_t);
|
|
|
|
static int unix_stream_recvmsg(struct socket *, struct msghdr *, size_t, int);
|
2015-05-21 22:59:59 +08:00
|
|
|
static ssize_t unix_stream_sendpage(struct socket *, struct page *, int offset,
|
|
|
|
size_t size, int flags);
|
2015-05-21 23:00:01 +08:00
|
|
|
static ssize_t unix_stream_splice_read(struct socket *, loff_t *ppos,
|
|
|
|
struct pipe_inode_info *, size_t size,
|
|
|
|
unsigned int flags);
|
2015-03-02 15:37:48 +08:00
|
|
|
static int unix_dgram_sendmsg(struct socket *, struct msghdr *, size_t);
|
|
|
|
static int unix_dgram_recvmsg(struct socket *, struct msghdr *, size_t, int);
|
2005-04-17 06:20:36 +08:00
|
|
|
static int unix_dgram_connect(struct socket *, struct sockaddr *,
|
|
|
|
int, int);
|
2015-03-02 15:37:48 +08:00
|
|
|
static int unix_seqpacket_sendmsg(struct socket *, struct msghdr *, size_t);
|
|
|
|
static int unix_seqpacket_recvmsg(struct socket *, struct msghdr *, size_t,
|
|
|
|
int);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-12-08 06:26:27 +08:00
|
|
|
static int unix_set_peek_off(struct sock *sk, int val)
|
2012-02-21 15:31:51 +08:00
|
|
|
{
|
|
|
|
struct unix_sock *u = unix_sk(sk);
|
|
|
|
|
2013-12-08 06:26:27 +08:00
|
|
|
if (mutex_lock_interruptible(&u->readlock))
|
|
|
|
return -EINTR;
|
|
|
|
|
2012-02-21 15:31:51 +08:00
|
|
|
sk->sk_peek_off = val;
|
|
|
|
mutex_unlock(&u->readlock);
|
2013-12-08 06:26:27 +08:00
|
|
|
|
|
|
|
return 0;
|
2012-02-21 15:31:51 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2005-12-23 04:49:22 +08:00
|
|
|
static const struct proto_ops unix_stream_ops = {
|
2005-04-17 06:20:36 +08:00
|
|
|
.family = PF_UNIX,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.release = unix_release,
|
|
|
|
.bind = unix_bind,
|
|
|
|
.connect = unix_stream_connect,
|
|
|
|
.socketpair = unix_socketpair,
|
|
|
|
.accept = unix_accept,
|
|
|
|
.getname = unix_getname,
|
|
|
|
.poll = unix_poll,
|
|
|
|
.ioctl = unix_ioctl,
|
|
|
|
.listen = unix_listen,
|
|
|
|
.shutdown = unix_shutdown,
|
|
|
|
.setsockopt = sock_no_setsockopt,
|
|
|
|
.getsockopt = sock_no_getsockopt,
|
|
|
|
.sendmsg = unix_stream_sendmsg,
|
|
|
|
.recvmsg = unix_stream_recvmsg,
|
|
|
|
.mmap = sock_no_mmap,
|
2015-05-21 22:59:59 +08:00
|
|
|
.sendpage = unix_stream_sendpage,
|
2015-05-21 23:00:01 +08:00
|
|
|
.splice_read = unix_stream_splice_read,
|
2012-02-21 15:32:06 +08:00
|
|
|
.set_peek_off = unix_set_peek_off,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2005-12-23 04:49:22 +08:00
|
|
|
static const struct proto_ops unix_dgram_ops = {
|
2005-04-17 06:20:36 +08:00
|
|
|
.family = PF_UNIX,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.release = unix_release,
|
|
|
|
.bind = unix_bind,
|
|
|
|
.connect = unix_dgram_connect,
|
|
|
|
.socketpair = unix_socketpair,
|
|
|
|
.accept = sock_no_accept,
|
|
|
|
.getname = unix_getname,
|
af_unix: fix 'poll for write'/connected DGRAM sockets
For n:1 'datagram connections' (eg /dev/log), the unix_dgram_sendmsg
routine implements a form of receiver-imposed flow control by
comparing the length of the receive queue of the 'peer socket' with
the max_ack_backlog value stored in the corresponding sock structure,
either blocking the thread which caused the send-routine to be called
or returning EAGAIN. This routine is used by both SOCK_DGRAM and
SOCK_SEQPACKET sockets. The poll-implementation for these socket types
is datagram_poll from core/datagram.c. A socket is deemed to be
writeable by this routine when the memory presently consumed by
datagrams owned by it is less than the configured socket send buffer
size. This is always wrong for PF_UNIX non-stream sockets connected to
server sockets dealing with (potentially) multiple clients if the
abovementioned receive queue is currently considered to be full.
'poll' will then return, indicating that the socket is writeable, but
a subsequent write result in EAGAIN, effectively causing an (usual)
application to 'poll for writeability by repeated send request with
O_NONBLOCK set' until it has consumed its time quantum.
The change below uses a suitably modified variant of the datagram_poll
routines for both type of PF_UNIX sockets, which tests if the
recv-queue of the peer a socket is connected to is presently
considered to be 'full' as part of the 'is this socket
writeable'-checking code. The socket being polled is additionally
put onto the peer_wait wait queue associated with its peer, because the
unix_dgram_recvmsg routine does a wake up on this queue after a
datagram was received and the 'other wakeup call' is done implicitly
as part of skb destruction, meaning, a process blocked in poll
because of a full peer receive queue could otherwise sleep forever
if no datagram owned by its socket was already sitting on this queue.
Among this change is a small (inline) helper routine named
'unix_recvq_full', which consolidates the actual testing code (in three
different places) into a single location.
Signed-off-by: Rainer Weikusat <rweikusat@mssgmbh.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-28 10:34:18 +08:00
|
|
|
.poll = unix_dgram_poll,
|
2005-04-17 06:20:36 +08:00
|
|
|
.ioctl = unix_ioctl,
|
|
|
|
.listen = sock_no_listen,
|
|
|
|
.shutdown = unix_shutdown,
|
|
|
|
.setsockopt = sock_no_setsockopt,
|
|
|
|
.getsockopt = sock_no_getsockopt,
|
|
|
|
.sendmsg = unix_dgram_sendmsg,
|
|
|
|
.recvmsg = unix_dgram_recvmsg,
|
|
|
|
.mmap = sock_no_mmap,
|
|
|
|
.sendpage = sock_no_sendpage,
|
2012-02-21 15:31:51 +08:00
|
|
|
.set_peek_off = unix_set_peek_off,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2005-12-23 04:49:22 +08:00
|
|
|
static const struct proto_ops unix_seqpacket_ops = {
|
2005-04-17 06:20:36 +08:00
|
|
|
.family = PF_UNIX,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.release = unix_release,
|
|
|
|
.bind = unix_bind,
|
|
|
|
.connect = unix_stream_connect,
|
|
|
|
.socketpair = unix_socketpair,
|
|
|
|
.accept = unix_accept,
|
|
|
|
.getname = unix_getname,
|
af_unix: fix 'poll for write'/connected DGRAM sockets
For n:1 'datagram connections' (eg /dev/log), the unix_dgram_sendmsg
routine implements a form of receiver-imposed flow control by
comparing the length of the receive queue of the 'peer socket' with
the max_ack_backlog value stored in the corresponding sock structure,
either blocking the thread which caused the send-routine to be called
or returning EAGAIN. This routine is used by both SOCK_DGRAM and
SOCK_SEQPACKET sockets. The poll-implementation for these socket types
is datagram_poll from core/datagram.c. A socket is deemed to be
writeable by this routine when the memory presently consumed by
datagrams owned by it is less than the configured socket send buffer
size. This is always wrong for PF_UNIX non-stream sockets connected to
server sockets dealing with (potentially) multiple clients if the
abovementioned receive queue is currently considered to be full.
'poll' will then return, indicating that the socket is writeable, but
a subsequent write result in EAGAIN, effectively causing an (usual)
application to 'poll for writeability by repeated send request with
O_NONBLOCK set' until it has consumed its time quantum.
The change below uses a suitably modified variant of the datagram_poll
routines for both type of PF_UNIX sockets, which tests if the
recv-queue of the peer a socket is connected to is presently
considered to be 'full' as part of the 'is this socket
writeable'-checking code. The socket being polled is additionally
put onto the peer_wait wait queue associated with its peer, because the
unix_dgram_recvmsg routine does a wake up on this queue after a
datagram was received and the 'other wakeup call' is done implicitly
as part of skb destruction, meaning, a process blocked in poll
because of a full peer receive queue could otherwise sleep forever
if no datagram owned by its socket was already sitting on this queue.
Among this change is a small (inline) helper routine named
'unix_recvq_full', which consolidates the actual testing code (in three
different places) into a single location.
Signed-off-by: Rainer Weikusat <rweikusat@mssgmbh.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-28 10:34:18 +08:00
|
|
|
.poll = unix_dgram_poll,
|
2005-04-17 06:20:36 +08:00
|
|
|
.ioctl = unix_ioctl,
|
|
|
|
.listen = unix_listen,
|
|
|
|
.shutdown = unix_shutdown,
|
|
|
|
.setsockopt = sock_no_setsockopt,
|
|
|
|
.getsockopt = sock_no_getsockopt,
|
|
|
|
.sendmsg = unix_seqpacket_sendmsg,
|
2011-04-24 09:54:57 +08:00
|
|
|
.recvmsg = unix_seqpacket_recvmsg,
|
2005-04-17 06:20:36 +08:00
|
|
|
.mmap = sock_no_mmap,
|
|
|
|
.sendpage = sock_no_sendpage,
|
2012-02-21 15:31:51 +08:00
|
|
|
.set_peek_off = unix_set_peek_off,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
static struct proto unix_proto = {
|
2008-11-17 16:00:30 +08:00
|
|
|
.name = "UNIX",
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.obj_size = sizeof(struct unix_sock),
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2006-07-03 15:25:12 +08:00
|
|
|
/*
|
|
|
|
* AF_UNIX sockets do not interact with hardware, hence they
|
|
|
|
* dont trigger interrupts - so it's safe for them to have
|
|
|
|
* bh-unsafe locking for their sk_receive_queue.lock. Split off
|
|
|
|
* this special lock-class by reinitializing the spinlock key:
|
|
|
|
*/
|
|
|
|
static struct lock_class_key af_unix_sk_receive_queue_lock_key;
|
|
|
|
|
2015-05-09 10:09:13 +08:00
|
|
|
static struct sock *unix_create1(struct net *net, struct socket *sock, int kern)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *sk = NULL;
|
|
|
|
struct unix_sock *u;
|
|
|
|
|
2010-10-27 05:22:44 +08:00
|
|
|
atomic_long_inc(&unix_nr_socks);
|
|
|
|
if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
|
2015-05-09 10:09:13 +08:00
|
|
|
sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, kern);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!sk)
|
|
|
|
goto out;
|
|
|
|
|
2008-11-17 14:58:44 +08:00
|
|
|
sock_init_data(sock, sk);
|
2006-07-03 15:25:12 +08:00
|
|
|
lockdep_set_class(&sk->sk_receive_queue.lock,
|
|
|
|
&af_unix_sk_receive_queue_lock_key);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
af_unix: charge buffers to kmemcg
Unix sockets can consume a significant amount of system memory, hence
they should be accounted to kmemcg.
Since unix socket buffers are always allocated from process context, all
we need to do to charge them to kmemcg is set __GFP_ACCOUNT in
sock->sk_allocation mask.
Eric asked:
> 1) What happens when a buffer, allocated from socket <A> lands in a
> different socket <B>, maybe owned by another user/process.
>
> Who owns it now, in term of kmemcg accounting ?
We never move memcg charges. E.g. if two processes from different
cgroups are sharing a memory region, each page will be charged to the
process which touched it first. Or if two processes are working with
the same directory tree, inodes and dentries will be charged to the
first user. The same is fair for unix socket buffers - they will be
charged to the sender.
> 2) Has performance impact been evaluated ?
I ran netperf STREAM_STREAM with default options in a kmemcg on a 4 core
x2 HT box. The results are below:
# clients bandwidth (10^6bits/sec)
base patched
1 67643 +- 725 64874 +- 353 - 4.0 %
4 193585 +- 2516 186715 +- 1460 - 3.5 %
8 194820 +- 377 187443 +- 1229 - 3.7 %
So the accounting doesn't come for free - it takes ~4% of performance.
I believe we could optimize it by using per cpu batching not only on
charge, but also on uncharge in memcg core, but that's beyond the scope
of this patch set - I'll take a look at this later.
Anyway, if performance impact is found to be unacceptable, it is always
possible to disable kmem accounting at boot time (cgroup.memory=nokmem)
or not use memory cgroups at runtime at all (thanks to jump labels
there'll be no overhead even if they are compiled in).
Link: http://lkml.kernel.org/r/fcfe6cae27a59fbc5e40145664b3cf085a560c68.1464079538.git.vdavydov@virtuozzo.com
Signed-off-by: Vladimir Davydov <vdavydov@virtuozzo.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Minchan Kim <minchan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-07-27 06:24:36 +08:00
|
|
|
sk->sk_allocation = GFP_KERNEL_ACCOUNT;
|
2005-04-17 06:20:36 +08:00
|
|
|
sk->sk_write_space = unix_write_space;
|
2007-12-11 20:19:17 +08:00
|
|
|
sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
|
2005-04-17 06:20:36 +08:00
|
|
|
sk->sk_destruct = unix_sock_destructor;
|
|
|
|
u = unix_sk(sk);
|
2012-03-15 09:54:32 +08:00
|
|
|
u->path.dentry = NULL;
|
|
|
|
u->path.mnt = NULL;
|
2006-01-04 06:10:46 +08:00
|
|
|
spin_lock_init(&u->lock);
|
2008-07-26 12:39:17 +08:00
|
|
|
atomic_long_set(&u->inflight, 0);
|
2007-07-12 05:22:39 +08:00
|
|
|
INIT_LIST_HEAD(&u->link);
|
2006-03-21 14:35:41 +08:00
|
|
|
mutex_init(&u->readlock); /* single task reading lock */
|
2005-04-17 06:20:36 +08:00
|
|
|
init_waitqueue_head(&u->peer_wait);
|
2015-11-21 06:07:23 +08:00
|
|
|
init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);
|
2012-06-08 13:03:21 +08:00
|
|
|
unix_insert_socket(unix_sockets_unbound(sk), sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
2007-11-11 14:08:30 +08:00
|
|
|
if (sk == NULL)
|
2010-10-27 05:22:44 +08:00
|
|
|
atomic_long_dec(&unix_nr_socks);
|
2008-11-24 16:09:29 +08:00
|
|
|
else {
|
|
|
|
local_bh_disable();
|
2008-11-17 18:38:49 +08:00
|
|
|
sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
|
2008-11-24 16:09:29 +08:00
|
|
|
local_bh_enable();
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
return sk;
|
|
|
|
}
|
|
|
|
|
2009-11-06 14:18:14 +08:00
|
|
|
static int unix_create(struct net *net, struct socket *sock, int protocol,
|
|
|
|
int kern)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
if (protocol && protocol != PF_UNIX)
|
|
|
|
return -EPROTONOSUPPORT;
|
|
|
|
|
|
|
|
sock->state = SS_UNCONNECTED;
|
|
|
|
|
|
|
|
switch (sock->type) {
|
|
|
|
case SOCK_STREAM:
|
|
|
|
sock->ops = &unix_stream_ops;
|
|
|
|
break;
|
|
|
|
/*
|
|
|
|
* Believe it or not BSD has AF_UNIX, SOCK_RAW though
|
|
|
|
* nothing uses it.
|
|
|
|
*/
|
|
|
|
case SOCK_RAW:
|
2008-11-02 12:38:31 +08:00
|
|
|
sock->type = SOCK_DGRAM;
|
2005-04-17 06:20:36 +08:00
|
|
|
case SOCK_DGRAM:
|
|
|
|
sock->ops = &unix_dgram_ops;
|
|
|
|
break;
|
|
|
|
case SOCK_SEQPACKET:
|
|
|
|
sock->ops = &unix_seqpacket_ops;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return -ESOCKTNOSUPPORT;
|
|
|
|
}
|
|
|
|
|
2015-05-09 10:09:13 +08:00
|
|
|
return unix_create1(net, sock, kern) ? 0 : -ENOMEM;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int unix_release(struct socket *sock)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
|
|
|
if (!sk)
|
|
|
|
return 0;
|
|
|
|
|
2013-03-25 11:18:33 +08:00
|
|
|
unix_release_sock(sk, 0);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock->sk = NULL;
|
|
|
|
|
2013-03-25 11:18:33 +08:00
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int unix_autobind(struct socket *sock)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
2008-03-26 01:26:21 +08:00
|
|
|
struct net *net = sock_net(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
struct unix_sock *u = unix_sk(sk);
|
|
|
|
static u32 ordernum = 1;
|
2008-11-17 14:58:44 +08:00
|
|
|
struct unix_address *addr;
|
2005-04-17 06:20:36 +08:00
|
|
|
int err;
|
2010-09-04 09:34:28 +08:00
|
|
|
unsigned int retries = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-12-13 23:54:22 +08:00
|
|
|
err = mutex_lock_interruptible(&u->readlock);
|
|
|
|
if (err)
|
|
|
|
return err;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
err = 0;
|
|
|
|
if (u->addr)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
err = -ENOMEM;
|
2006-07-22 05:51:30 +08:00
|
|
|
addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!addr)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
addr->name->sun_family = AF_UNIX;
|
|
|
|
atomic_set(&addr->refcnt, 1);
|
|
|
|
|
|
|
|
retry:
|
|
|
|
addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
|
2008-11-20 07:44:53 +08:00
|
|
|
addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_lock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
ordernum = (ordernum+1)&0xFFFFF;
|
|
|
|
|
2007-11-20 14:29:30 +08:00
|
|
|
if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type,
|
2005-04-17 06:20:36 +08:00
|
|
|
addr->hash)) {
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_unlock(&unix_table_lock);
|
2010-09-04 09:34:28 +08:00
|
|
|
/*
|
|
|
|
* __unix_find_socket_byname() may take long time if many names
|
|
|
|
* are already in use.
|
|
|
|
*/
|
|
|
|
cond_resched();
|
|
|
|
/* Give up if all names seems to be in use. */
|
|
|
|
if (retries++ == 0xFFFFF) {
|
|
|
|
err = -ENOSPC;
|
|
|
|
kfree(addr);
|
|
|
|
goto out;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
goto retry;
|
|
|
|
}
|
|
|
|
addr->hash ^= sk->sk_type;
|
|
|
|
|
|
|
|
__unix_remove_socket(sk);
|
|
|
|
u->addr = addr;
|
|
|
|
__unix_insert_socket(&unix_socket_table[addr->hash], sk);
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_unlock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
err = 0;
|
|
|
|
|
2006-03-21 14:35:41 +08:00
|
|
|
out: mutex_unlock(&u->readlock);
|
2005-04-17 06:20:36 +08:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2007-11-20 14:29:30 +08:00
|
|
|
static struct sock *unix_find_other(struct net *net,
|
|
|
|
struct sockaddr_un *sunname, int len,
|
2012-04-15 13:58:06 +08:00
|
|
|
int type, unsigned int hash, int *error)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *u;
|
2008-08-02 13:04:36 +08:00
|
|
|
struct path path;
|
2005-04-17 06:20:36 +08:00
|
|
|
int err = 0;
|
2007-02-09 22:25:23 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
if (sunname->sun_path[0]) {
|
2008-08-02 13:04:36 +08:00
|
|
|
struct inode *inode;
|
|
|
|
err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (err)
|
|
|
|
goto fail;
|
af_unix: fix hard linked sockets on overlay
Overlayfs uses separate inodes even in the case of hard links on the
underlying filesystems. This is a problem for AF_UNIX socket
implementation which indexes sockets based on the inode. This resulted in
hard linked sockets not working.
The fix is to use the real, underlying inode.
Test case follows:
-- ovl-sock-test.c --
#include <unistd.h>
#include <err.h>
#include <sys/socket.h>
#include <sys/un.h>
#define SOCK "test-sock"
#define SOCK2 "test-sock2"
int main(void)
{
int fd, fd2;
struct sockaddr_un addr = {
.sun_family = AF_UNIX,
.sun_path = SOCK,
};
struct sockaddr_un addr2 = {
.sun_family = AF_UNIX,
.sun_path = SOCK2,
};
unlink(SOCK);
unlink(SOCK2);
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
err(1, "socket");
if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) == -1)
err(1, "bind");
if (listen(fd, 0) == -1)
err(1, "listen");
if (link(SOCK, SOCK2) == -1)
err(1, "link");
if ((fd2 = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
err(1, "socket");
if (connect(fd2, (struct sockaddr *) &addr2, sizeof(addr2)) == -1)
err (1, "connect");
return 0;
}
----
Reported-by: Alexander Morozov <alexandr.morozov@docker.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: <stable@vger.kernel.org>
2016-05-21 04:13:45 +08:00
|
|
|
inode = d_real_inode(path.dentry);
|
2008-08-02 13:04:36 +08:00
|
|
|
err = inode_permission(inode, MAY_WRITE);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (err)
|
|
|
|
goto put_fail;
|
|
|
|
|
|
|
|
err = -ECONNREFUSED;
|
2008-08-02 13:04:36 +08:00
|
|
|
if (!S_ISSOCK(inode->i_mode))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto put_fail;
|
2010-06-13 11:35:48 +08:00
|
|
|
u = unix_find_socket_byinode(inode);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!u)
|
|
|
|
goto put_fail;
|
|
|
|
|
|
|
|
if (u->sk_type == type)
|
2012-03-15 20:21:57 +08:00
|
|
|
touch_atime(&path);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-08-02 13:04:36 +08:00
|
|
|
path_put(&path);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-11-02 12:38:31 +08:00
|
|
|
err = -EPROTOTYPE;
|
2005-04-17 06:20:36 +08:00
|
|
|
if (u->sk_type != type) {
|
|
|
|
sock_put(u);
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
err = -ECONNREFUSED;
|
2008-11-02 12:38:31 +08:00
|
|
|
u = unix_find_socket_byname(net, sunname, len, type, hash);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (u) {
|
|
|
|
struct dentry *dentry;
|
2012-03-15 09:54:32 +08:00
|
|
|
dentry = unix_sk(u)->path.dentry;
|
2005-04-17 06:20:36 +08:00
|
|
|
if (dentry)
|
2012-03-15 20:21:57 +08:00
|
|
|
touch_atime(&unix_sk(u)->path);
|
2005-04-17 06:20:36 +08:00
|
|
|
} else
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
return u;
|
|
|
|
|
|
|
|
put_fail:
|
2008-08-02 13:04:36 +08:00
|
|
|
path_put(&path);
|
2005-04-17 06:20:36 +08:00
|
|
|
fail:
|
2008-11-02 12:38:31 +08:00
|
|
|
*error = err;
|
2005-04-17 06:20:36 +08:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2016-03-26 03:21:09 +08:00
|
|
|
static int unix_mknod(struct dentry *dentry, const struct path *path, umode_t mode,
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
struct path *res)
|
2012-07-20 06:37:29 +08:00
|
|
|
{
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
int err;
|
2012-07-20 06:37:29 +08:00
|
|
|
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
err = security_path_mknod(path, dentry, mode, 0);
|
2012-07-20 06:37:29 +08:00
|
|
|
if (!err) {
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
err = vfs_mknod(d_inode(path->dentry), dentry, mode, 0);
|
2012-07-20 06:37:29 +08:00
|
|
|
if (!err) {
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
res->mnt = mntget(path->mnt);
|
2012-07-20 06:37:29 +08:00
|
|
|
res->dentry = dget(dentry);
|
|
|
|
}
|
|
|
|
}
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
|
2012-07-20 06:37:29 +08:00
|
|
|
return err;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
2008-03-26 01:26:21 +08:00
|
|
|
struct net *net = sock_net(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
struct unix_sock *u = unix_sk(sk);
|
2008-11-02 12:38:31 +08:00
|
|
|
struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
|
2011-06-26 23:50:15 +08:00
|
|
|
char *sun_path = sunaddr->sun_path;
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
int err, name_err;
|
2012-04-15 13:58:06 +08:00
|
|
|
unsigned int hash;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct unix_address *addr;
|
|
|
|
struct hlist_head *list;
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
struct path path;
|
|
|
|
struct dentry *dentry;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
err = -EINVAL;
|
|
|
|
if (sunaddr->sun_family != AF_UNIX)
|
|
|
|
goto out;
|
|
|
|
|
2008-11-02 12:38:31 +08:00
|
|
|
if (addr_len == sizeof(short)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
err = unix_autobind(sock);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
err = unix_mkname(sunaddr, addr_len, &hash);
|
|
|
|
if (err < 0)
|
|
|
|
goto out;
|
|
|
|
addr_len = err;
|
|
|
|
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
name_err = 0;
|
|
|
|
dentry = NULL;
|
|
|
|
if (sun_path[0]) {
|
|
|
|
/* Get the parent directory, calculate the hash for last
|
|
|
|
* component.
|
|
|
|
*/
|
|
|
|
dentry = kern_path_create(AT_FDCWD, sun_path, &path, 0);
|
|
|
|
|
|
|
|
if (IS_ERR(dentry)) {
|
|
|
|
/* delay report until after 'already bound' check */
|
|
|
|
name_err = PTR_ERR(dentry);
|
|
|
|
dentry = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-12-13 23:54:22 +08:00
|
|
|
err = mutex_lock_interruptible(&u->readlock);
|
|
|
|
if (err)
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
goto out_path;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
err = -EINVAL;
|
|
|
|
if (u->addr)
|
|
|
|
goto out_up;
|
|
|
|
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
if (name_err) {
|
|
|
|
err = name_err == -EEXIST ? -EADDRINUSE : name_err;
|
|
|
|
goto out_up;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
err = -ENOMEM;
|
|
|
|
addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL);
|
|
|
|
if (!addr)
|
|
|
|
goto out_up;
|
|
|
|
|
|
|
|
memcpy(addr->name, sunaddr, addr_len);
|
|
|
|
addr->len = addr_len;
|
|
|
|
addr->hash = hash ^ sk->sk_type;
|
|
|
|
atomic_set(&addr->refcnt, 1);
|
|
|
|
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
if (dentry) {
|
|
|
|
struct path u_path;
|
2012-07-20 06:37:29 +08:00
|
|
|
umode_t mode = S_IFSOCK |
|
2009-03-30 07:08:22 +08:00
|
|
|
(SOCK_INODE(sock)->i_mode & ~current_umask());
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
err = unix_mknod(dentry, &path, mode, &u_path);
|
2012-07-20 06:37:29 +08:00
|
|
|
if (err) {
|
|
|
|
if (err == -EEXIST)
|
|
|
|
err = -EADDRINUSE;
|
|
|
|
unix_release_addr(addr);
|
|
|
|
goto out_up;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
addr->hash = UNIX_HASH_SIZE;
|
af_unix: fix hard linked sockets on overlay
Overlayfs uses separate inodes even in the case of hard links on the
underlying filesystems. This is a problem for AF_UNIX socket
implementation which indexes sockets based on the inode. This resulted in
hard linked sockets not working.
The fix is to use the real, underlying inode.
Test case follows:
-- ovl-sock-test.c --
#include <unistd.h>
#include <err.h>
#include <sys/socket.h>
#include <sys/un.h>
#define SOCK "test-sock"
#define SOCK2 "test-sock2"
int main(void)
{
int fd, fd2;
struct sockaddr_un addr = {
.sun_family = AF_UNIX,
.sun_path = SOCK,
};
struct sockaddr_un addr2 = {
.sun_family = AF_UNIX,
.sun_path = SOCK2,
};
unlink(SOCK);
unlink(SOCK2);
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
err(1, "socket");
if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) == -1)
err(1, "bind");
if (listen(fd, 0) == -1)
err(1, "listen");
if (link(SOCK, SOCK2) == -1)
err(1, "link");
if ((fd2 = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
err(1, "socket");
if (connect(fd2, (struct sockaddr *) &addr2, sizeof(addr2)) == -1)
err (1, "connect");
return 0;
}
----
Reported-by: Alexander Morozov <alexandr.morozov@docker.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: <stable@vger.kernel.org>
2016-05-21 04:13:45 +08:00
|
|
|
hash = d_real_inode(dentry)->i_ino & (UNIX_HASH_SIZE - 1);
|
2012-07-20 06:37:29 +08:00
|
|
|
spin_lock(&unix_table_lock);
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
u->path = u_path;
|
2012-07-20 06:37:29 +08:00
|
|
|
list = &unix_socket_table[hash];
|
|
|
|
} else {
|
|
|
|
spin_lock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
err = -EADDRINUSE;
|
2007-11-20 14:29:30 +08:00
|
|
|
if (__unix_find_socket_byname(net, sunaddr, addr_len,
|
2005-04-17 06:20:36 +08:00
|
|
|
sk->sk_type, hash)) {
|
|
|
|
unix_release_addr(addr);
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
|
|
|
|
|
|
|
list = &unix_socket_table[addr->hash];
|
|
|
|
}
|
|
|
|
|
|
|
|
err = 0;
|
|
|
|
__unix_remove_socket(sk);
|
|
|
|
u->addr = addr;
|
|
|
|
__unix_insert_socket(list, sk);
|
|
|
|
|
|
|
|
out_unlock:
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_unlock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
out_up:
|
2006-03-21 14:35:41 +08:00
|
|
|
mutex_unlock(&u->readlock);
|
af_unix: Fix splice-bind deadlock
On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
system call and AF_UNIX sockets,
http://lists.openwall.net/netdev/2015/11/06/24
The situation was analyzed as
(a while ago) A: socketpair()
B: splice() from a pipe to /mnt/regular_file
does sb_start_write() on /mnt
C: try to freeze /mnt
wait for B to finish with /mnt
A: bind() try to bind our socket to /mnt/new_socket_name
lock our socket, see it not bound yet
decide that it needs to create something in /mnt
try to do sb_start_write() on /mnt, block (it's
waiting for C).
D: splice() from the same pipe to our socket
lock the pipe, see that socket is connected
try to lock the socket, block waiting for A
B: get around to actually feeding a chunk from
pipe to file, try to lock the pipe. Deadlock.
on 2015/11/10 by Al Viro,
http://lists.openwall.net/netdev/2015/11/10/4
The patch fixes this by removing the kern_path_create related code from
unix_mknod and executing it as part of unix_bind prior acquiring the
readlock of the socket in question. This means that A (as used above)
will sb_start_write on /mnt before it acquires the readlock, hence, it
won't indirectly block B which first did a sb_start_write and then
waited for a thread trying to acquire the readlock. Consequently, A
being blocked by C waiting for B won't cause a deadlock anymore
(effectively, both A and B acquire two locks in opposite order in the
situation described above).
Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 02:56:38 +08:00
|
|
|
out_path:
|
|
|
|
if (dentry)
|
|
|
|
done_path_create(&path, dentry);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2007-06-01 06:19:20 +08:00
|
|
|
static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
|
|
|
|
{
|
|
|
|
if (unlikely(sk1 == sk2) || !sk2) {
|
|
|
|
unix_state_lock(sk1);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (sk1 < sk2) {
|
|
|
|
unix_state_lock(sk1);
|
|
|
|
unix_state_lock_nested(sk2);
|
|
|
|
} else {
|
|
|
|
unix_state_lock(sk2);
|
|
|
|
unix_state_lock_nested(sk1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
|
|
|
|
{
|
|
|
|
if (unlikely(sk1 == sk2) || !sk2) {
|
|
|
|
unix_state_unlock(sk1);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
unix_state_unlock(sk1);
|
|
|
|
unix_state_unlock(sk2);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
|
|
|
|
int alen, int flags)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
2008-03-26 01:26:21 +08:00
|
|
|
struct net *net = sock_net(sk);
|
2008-11-02 12:38:31 +08:00
|
|
|
struct sockaddr_un *sunaddr = (struct sockaddr_un *)addr;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct sock *other;
|
2012-04-15 13:58:06 +08:00
|
|
|
unsigned int hash;
|
2005-04-17 06:20:36 +08:00
|
|
|
int err;
|
|
|
|
|
|
|
|
if (addr->sa_family != AF_UNSPEC) {
|
|
|
|
err = unix_mkname(sunaddr, alen, &hash);
|
|
|
|
if (err < 0)
|
|
|
|
goto out;
|
|
|
|
alen = err;
|
|
|
|
|
|
|
|
if (test_bit(SOCK_PASSCRED, &sock->flags) &&
|
|
|
|
!unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
|
|
|
|
goto out;
|
|
|
|
|
2007-06-01 06:19:20 +08:00
|
|
|
restart:
|
2008-11-02 12:38:31 +08:00
|
|
|
other = unix_find_other(net, sunaddr, alen, sock->type, hash, &err);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!other)
|
|
|
|
goto out;
|
|
|
|
|
2007-06-01 06:19:20 +08:00
|
|
|
unix_state_double_lock(sk, other);
|
|
|
|
|
|
|
|
/* Apparently VFS overslept socket death. Retry. */
|
|
|
|
if (sock_flag(other, SOCK_DEAD)) {
|
|
|
|
unix_state_double_unlock(sk, other);
|
|
|
|
sock_put(other);
|
|
|
|
goto restart;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
err = -EPERM;
|
|
|
|
if (!unix_may_send(sk, other))
|
|
|
|
goto out_unlock;
|
|
|
|
|
|
|
|
err = security_unix_may_send(sk->sk_socket, other->sk_socket);
|
|
|
|
if (err)
|
|
|
|
goto out_unlock;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* 1003.1g breaking connected state with AF_UNSPEC
|
|
|
|
*/
|
|
|
|
other = NULL;
|
2007-06-01 06:19:20 +08:00
|
|
|
unix_state_double_lock(sk, other);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If it was connected, reconnect.
|
|
|
|
*/
|
|
|
|
if (unix_peer(sk)) {
|
|
|
|
struct sock *old_peer = unix_peer(sk);
|
2008-11-02 12:38:31 +08:00
|
|
|
unix_peer(sk) = other;
|
2015-11-21 06:07:23 +08:00
|
|
|
unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer);
|
|
|
|
|
2007-06-01 06:19:20 +08:00
|
|
|
unix_state_double_unlock(sk, other);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (other != old_peer)
|
|
|
|
unix_dgram_disconnected(sk, old_peer);
|
|
|
|
sock_put(old_peer);
|
|
|
|
} else {
|
2008-11-02 12:38:31 +08:00
|
|
|
unix_peer(sk) = other;
|
2007-06-01 06:19:20 +08:00
|
|
|
unix_state_double_unlock(sk, other);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2007-02-09 22:25:23 +08:00
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
out_unlock:
|
2007-06-01 06:19:20 +08:00
|
|
|
unix_state_double_unlock(sk, other);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_put(other);
|
|
|
|
out:
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static long unix_wait_for_peer(struct sock *other, long timeo)
|
|
|
|
{
|
|
|
|
struct unix_sock *u = unix_sk(other);
|
|
|
|
int sched;
|
|
|
|
DEFINE_WAIT(wait);
|
|
|
|
|
|
|
|
prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE);
|
|
|
|
|
|
|
|
sched = !sock_flag(other, SOCK_DEAD) &&
|
|
|
|
!(other->sk_shutdown & RCV_SHUTDOWN) &&
|
2008-06-18 13:28:05 +08:00
|
|
|
unix_recvq_full(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (sched)
|
|
|
|
timeo = schedule_timeout(timeo);
|
|
|
|
|
|
|
|
finish_wait(&u->peer_wait, &wait);
|
|
|
|
return timeo;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
|
|
|
|
int addr_len, int flags)
|
|
|
|
{
|
2008-11-02 12:38:31 +08:00
|
|
|
struct sockaddr_un *sunaddr = (struct sockaddr_un *)uaddr;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct sock *sk = sock->sk;
|
2008-03-26 01:26:21 +08:00
|
|
|
struct net *net = sock_net(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
struct unix_sock *u = unix_sk(sk), *newu, *otheru;
|
|
|
|
struct sock *newsk = NULL;
|
|
|
|
struct sock *other = NULL;
|
|
|
|
struct sk_buff *skb = NULL;
|
2012-04-15 13:58:06 +08:00
|
|
|
unsigned int hash;
|
2005-04-17 06:20:36 +08:00
|
|
|
int st;
|
|
|
|
int err;
|
|
|
|
long timeo;
|
|
|
|
|
|
|
|
err = unix_mkname(sunaddr, addr_len, &hash);
|
|
|
|
if (err < 0)
|
|
|
|
goto out;
|
|
|
|
addr_len = err;
|
|
|
|
|
2009-11-30 08:55:45 +08:00
|
|
|
if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
|
|
|
|
(err = unix_autobind(sock)) != 0)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
|
|
|
|
|
|
|
|
/* First of all allocate resources.
|
|
|
|
If we will make it after state is locked,
|
|
|
|
we will have to recheck all again in any case.
|
|
|
|
*/
|
|
|
|
|
|
|
|
err = -ENOMEM;
|
|
|
|
|
|
|
|
/* create new sock for complete connection */
|
2015-05-09 10:09:13 +08:00
|
|
|
newsk = unix_create1(sock_net(sk), NULL, 0);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (newsk == NULL)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/* Allocate skb for sending to listening sock */
|
|
|
|
skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
|
|
|
|
if (skb == NULL)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
restart:
|
|
|
|
/* Find listening sock. */
|
2007-11-20 14:29:30 +08:00
|
|
|
other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!other)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/* Latch state of peer */
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* Apparently VFS overslept socket death. Retry. */
|
|
|
|
if (sock_flag(other, SOCK_DEAD)) {
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_put(other);
|
|
|
|
goto restart;
|
|
|
|
}
|
|
|
|
|
|
|
|
err = -ECONNREFUSED;
|
|
|
|
if (other->sk_state != TCP_LISTEN)
|
|
|
|
goto out_unlock;
|
AF_UNIX: Fix deadlock on connecting to shutdown socket
I found a deadlock bug in UNIX domain socket, which makes able to DoS
attack against the local machine by non-root users.
How to reproduce:
1. Make a listening AF_UNIX/SOCK_STREAM socket with an abstruct
namespace(*), and shutdown(2) it.
2. Repeat connect(2)ing to the listening socket from the other sockets
until the connection backlog is full-filled.
3. connect(2) takes the CPU forever. If every core is taken, the
system hangs.
PoC code: (Run as many times as cores on SMP machines.)
int main(void)
{
int ret;
int csd;
int lsd;
struct sockaddr_un sun;
/* make an abstruct name address (*) */
memset(&sun, 0, sizeof(sun));
sun.sun_family = PF_UNIX;
sprintf(&sun.sun_path[1], "%d", getpid());
/* create the listening socket and shutdown */
lsd = socket(AF_UNIX, SOCK_STREAM, 0);
bind(lsd, (struct sockaddr *)&sun, sizeof(sun));
listen(lsd, 1);
shutdown(lsd, SHUT_RDWR);
/* connect loop */
alarm(15); /* forcely exit the loop after 15 sec */
for (;;) {
csd = socket(AF_UNIX, SOCK_STREAM, 0);
ret = connect(csd, (struct sockaddr *)&sun, sizeof(sun));
if (-1 == ret) {
perror("connect()");
break;
}
puts("Connection OK");
}
return 0;
}
(*) Make sun_path[0] = 0 to use the abstruct namespace.
If a file-based socket is used, the system doesn't deadlock because
of context switches in the file system layer.
Why this happens:
Error checks between unix_socket_connect() and unix_wait_for_peer() are
inconsistent. The former calls the latter to wait until the backlog is
processed. Despite the latter returns without doing anything when the
socket is shutdown, the former doesn't check the shutdown state and
just retries calling the latter forever.
Patch:
The patch below adds shutdown check into unix_socket_connect(), so
connect(2) to the shutdown socket will return -ECONREFUSED.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com>
Signed-off-by: Masanori Yoshida <masanori.yoshida.tv@hitachi.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-10-19 14:17:37 +08:00
|
|
|
if (other->sk_shutdown & RCV_SHUTDOWN)
|
|
|
|
goto out_unlock;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-06-18 13:28:05 +08:00
|
|
|
if (unix_recvq_full(other)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
err = -EAGAIN;
|
|
|
|
if (!timeo)
|
|
|
|
goto out_unlock;
|
|
|
|
|
|
|
|
timeo = unix_wait_for_peer(other, timeo);
|
|
|
|
|
|
|
|
err = sock_intr_errno(timeo);
|
|
|
|
if (signal_pending(current))
|
|
|
|
goto out;
|
|
|
|
sock_put(other);
|
|
|
|
goto restart;
|
2007-02-09 22:25:23 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* Latch our state.
|
|
|
|
|
2011-03-15 06:25:33 +08:00
|
|
|
It is tricky place. We need to grab our state lock and cannot
|
2005-04-17 06:20:36 +08:00
|
|
|
drop lock on peer. It is dangerous because deadlock is
|
|
|
|
possible. Connect to self case and simultaneous
|
|
|
|
attempt to connect are eliminated by checking socket
|
|
|
|
state. other is TCP_LISTEN, if sk is TCP_LISTEN we
|
|
|
|
check this before attempt to grab lock.
|
|
|
|
|
|
|
|
Well, and we have to recheck the state after socket locked.
|
|
|
|
*/
|
|
|
|
st = sk->sk_state;
|
|
|
|
|
|
|
|
switch (st) {
|
|
|
|
case TCP_CLOSE:
|
|
|
|
/* This is ok... continue with connect */
|
|
|
|
break;
|
|
|
|
case TCP_ESTABLISHED:
|
|
|
|
/* Socket is already connected */
|
|
|
|
err = -EISCONN;
|
|
|
|
goto out_unlock;
|
|
|
|
default:
|
|
|
|
err = -EINVAL;
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
|
|
|
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock_nested(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (sk->sk_state != st) {
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(sk);
|
|
|
|
unix_state_unlock(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_put(other);
|
|
|
|
goto restart;
|
|
|
|
}
|
|
|
|
|
2011-01-06 07:38:53 +08:00
|
|
|
err = security_unix_stream_connect(sk, other, newsk);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (err) {
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out_unlock;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* The way is open! Fastly set all the necessary fields... */
|
|
|
|
|
|
|
|
sock_hold(sk);
|
|
|
|
unix_peer(newsk) = sk;
|
|
|
|
newsk->sk_state = TCP_ESTABLISHED;
|
|
|
|
newsk->sk_type = sk->sk_type;
|
2010-06-13 11:30:14 +08:00
|
|
|
init_peercred(newsk);
|
2005-04-17 06:20:36 +08:00
|
|
|
newu = unix_sk(newsk);
|
2011-02-18 11:26:36 +08:00
|
|
|
RCU_INIT_POINTER(newsk->sk_wq, &newu->peer_wq);
|
2005-04-17 06:20:36 +08:00
|
|
|
otheru = unix_sk(other);
|
|
|
|
|
|
|
|
/* copy address information from listening to new sock*/
|
|
|
|
if (otheru->addr) {
|
|
|
|
atomic_inc(&otheru->addr->refcnt);
|
|
|
|
newu->addr = otheru->addr;
|
|
|
|
}
|
2012-03-15 09:54:32 +08:00
|
|
|
if (otheru->path.dentry) {
|
|
|
|
path_get(&otheru->path);
|
|
|
|
newu->path = otheru->path;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Set credentials */
|
2010-06-13 11:30:14 +08:00
|
|
|
copy_peercred(sk, other);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
sock->state = SS_CONNECTED;
|
|
|
|
sk->sk_state = TCP_ESTABLISHED;
|
2005-12-14 15:22:32 +08:00
|
|
|
sock_hold(newsk);
|
|
|
|
|
2014-03-18 01:06:10 +08:00
|
|
|
smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */
|
2005-12-14 15:22:32 +08:00
|
|
|
unix_peer(sk) = newsk;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* take ten and and send info to listening sock */
|
|
|
|
spin_lock(&other->sk_receive_queue.lock);
|
|
|
|
__skb_queue_tail(&other->sk_receive_queue, skb);
|
|
|
|
spin_unlock(&other->sk_receive_queue.lock);
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(other);
|
2014-04-12 04:15:36 +08:00
|
|
|
other->sk_data_ready(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_put(other);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
out_unlock:
|
|
|
|
if (other)
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
out:
|
2009-02-25 08:32:45 +08:00
|
|
|
kfree_skb(skb);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (newsk)
|
|
|
|
unix_release_sock(newsk, 0);
|
|
|
|
if (other)
|
|
|
|
sock_put(other);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int unix_socketpair(struct socket *socka, struct socket *sockb)
|
|
|
|
{
|
2008-11-02 12:38:31 +08:00
|
|
|
struct sock *ska = socka->sk, *skb = sockb->sk;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* Join our sockets back to back */
|
|
|
|
sock_hold(ska);
|
|
|
|
sock_hold(skb);
|
2008-11-02 12:38:31 +08:00
|
|
|
unix_peer(ska) = skb;
|
|
|
|
unix_peer(skb) = ska;
|
2010-06-13 11:30:14 +08:00
|
|
|
init_peercred(ska);
|
|
|
|
init_peercred(skb);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (ska->sk_type != SOCK_DGRAM) {
|
|
|
|
ska->sk_state = TCP_ESTABLISHED;
|
|
|
|
skb->sk_state = TCP_ESTABLISHED;
|
|
|
|
socka->state = SS_CONNECTED;
|
|
|
|
sockb->state = SS_CONNECTED;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
net: unix: inherit SOCK_PASS{CRED, SEC} flags from socket to fix race
In the case of credentials passing in unix stream sockets (dgram
sockets seem not affected), we get a rather sparse race after
commit 16e5726 ("af_unix: dont send SCM_CREDENTIALS by default").
We have a stream server on receiver side that requests credential
passing from senders (e.g. nc -U). Since we need to set SO_PASSCRED
on each spawned/accepted socket on server side to 1 first (as it's
not inherited), it can happen that in the time between accept() and
setsockopt() we get interrupted, the sender is being scheduled and
continues with passing data to our receiver. At that time SO_PASSCRED
is neither set on sender nor receiver side, hence in cmsg's
SCM_CREDENTIALS we get eventually pid:0, uid:65534, gid:65534
(== overflow{u,g}id) instead of what we actually would like to see.
On the sender side, here nc -U, the tests in maybe_add_creds()
invoked through unix_stream_sendmsg() would fail, as at that exact
time, as mentioned, the sender has neither SO_PASSCRED on his side
nor sees it on the server side, and we have a valid 'other' socket
in place. Thus, sender believes it would just look like a normal
connection, not needing/requesting SO_PASSCRED at that time.
As reverting 16e5726 would not be an option due to the significant
performance regression reported when having creds always passed,
one way/trade-off to prevent that would be to set SO_PASSCRED on
the listener socket and allow inheriting these flags to the spawned
socket on server side in accept(). It seems also logical to do so
if we'd tell the listener socket to pass those flags onwards, and
would fix the race.
Before, strace:
recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"blub\n", 4096}],
msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET,
cmsg_type=SCM_CREDENTIALS{pid=0, uid=65534, gid=65534}},
msg_flags=0}, 0) = 5
After, strace:
recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"blub\n", 4096}],
msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET,
cmsg_type=SCM_CREDENTIALS{pid=11580, uid=1000, gid=1000}},
msg_flags=0}, 0) = 5
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-10-18 04:51:31 +08:00
|
|
|
static void unix_sock_inherit_flags(const struct socket *old,
|
|
|
|
struct socket *new)
|
|
|
|
{
|
|
|
|
if (test_bit(SOCK_PASSCRED, &old->flags))
|
|
|
|
set_bit(SOCK_PASSCRED, &new->flags);
|
|
|
|
if (test_bit(SOCK_PASSSEC, &old->flags))
|
|
|
|
set_bit(SOCK_PASSSEC, &new->flags);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct sock *tsk;
|
|
|
|
struct sk_buff *skb;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
err = -EOPNOTSUPP;
|
2008-11-17 14:58:44 +08:00
|
|
|
if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
err = -EINVAL;
|
|
|
|
if (sk->sk_state != TCP_LISTEN)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/* If socket state is TCP_LISTEN it cannot change (for now...),
|
|
|
|
* so that no locks are necessary.
|
|
|
|
*/
|
|
|
|
|
|
|
|
skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err);
|
|
|
|
if (!skb) {
|
|
|
|
/* This means receive shutdown. */
|
|
|
|
if (err == 0)
|
|
|
|
err = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
tsk = skb->sk;
|
|
|
|
skb_free_datagram(sk, skb);
|
|
|
|
wake_up_interruptible(&unix_sk(sk)->peer_wait);
|
|
|
|
|
|
|
|
/* attach accepted sock to socket */
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(tsk);
|
2005-04-17 06:20:36 +08:00
|
|
|
newsock->state = SS_CONNECTED;
|
net: unix: inherit SOCK_PASS{CRED, SEC} flags from socket to fix race
In the case of credentials passing in unix stream sockets (dgram
sockets seem not affected), we get a rather sparse race after
commit 16e5726 ("af_unix: dont send SCM_CREDENTIALS by default").
We have a stream server on receiver side that requests credential
passing from senders (e.g. nc -U). Since we need to set SO_PASSCRED
on each spawned/accepted socket on server side to 1 first (as it's
not inherited), it can happen that in the time between accept() and
setsockopt() we get interrupted, the sender is being scheduled and
continues with passing data to our receiver. At that time SO_PASSCRED
is neither set on sender nor receiver side, hence in cmsg's
SCM_CREDENTIALS we get eventually pid:0, uid:65534, gid:65534
(== overflow{u,g}id) instead of what we actually would like to see.
On the sender side, here nc -U, the tests in maybe_add_creds()
invoked through unix_stream_sendmsg() would fail, as at that exact
time, as mentioned, the sender has neither SO_PASSCRED on his side
nor sees it on the server side, and we have a valid 'other' socket
in place. Thus, sender believes it would just look like a normal
connection, not needing/requesting SO_PASSCRED at that time.
As reverting 16e5726 would not be an option due to the significant
performance regression reported when having creds always passed,
one way/trade-off to prevent that would be to set SO_PASSCRED on
the listener socket and allow inheriting these flags to the spawned
socket on server side in accept(). It seems also logical to do so
if we'd tell the listener socket to pass those flags onwards, and
would fix the race.
Before, strace:
recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"blub\n", 4096}],
msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET,
cmsg_type=SCM_CREDENTIALS{pid=0, uid=65534, gid=65534}},
msg_flags=0}, 0) = 5
After, strace:
recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"blub\n", 4096}],
msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET,
cmsg_type=SCM_CREDENTIALS{pid=11580, uid=1000, gid=1000}},
msg_flags=0}, 0) = 5
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-10-18 04:51:31 +08:00
|
|
|
unix_sock_inherit_flags(sock, newsock);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_graft(tsk, newsock);
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(tsk);
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
out:
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct unix_sock *u;
|
2009-11-08 13:51:19 +08:00
|
|
|
DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, uaddr);
|
2005-04-17 06:20:36 +08:00
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
if (peer) {
|
|
|
|
sk = unix_peer_get(sk);
|
|
|
|
|
|
|
|
err = -ENOTCONN;
|
|
|
|
if (!sk)
|
|
|
|
goto out;
|
|
|
|
err = 0;
|
|
|
|
} else {
|
|
|
|
sock_hold(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
u = unix_sk(sk);
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!u->addr) {
|
|
|
|
sunaddr->sun_family = AF_UNIX;
|
|
|
|
sunaddr->sun_path[0] = 0;
|
|
|
|
*uaddr_len = sizeof(short);
|
|
|
|
} else {
|
|
|
|
struct unix_address *addr = u->addr;
|
|
|
|
|
|
|
|
*uaddr_len = addr->len;
|
|
|
|
memcpy(sunaddr, addr->name, *uaddr_len);
|
|
|
|
}
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_put(sk);
|
|
|
|
out:
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
scm->fp = UNIXCB(skb).fp;
|
|
|
|
UNIXCB(skb).fp = NULL;
|
|
|
|
|
2008-11-17 14:58:44 +08:00
|
|
|
for (i = scm->fp->count-1; i >= 0; i--)
|
2016-02-03 09:11:03 +08:00
|
|
|
unix_notinflight(scm->fp->user, scm->fp->fp[i]);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2010-06-13 11:34:33 +08:00
|
|
|
static void unix_destruct_scm(struct sk_buff *skb)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct scm_cookie scm;
|
|
|
|
memset(&scm, 0, sizeof(scm));
|
2010-06-13 11:34:33 +08:00
|
|
|
scm.pid = UNIXCB(skb).pid;
|
|
|
|
if (UNIXCB(skb).fp)
|
|
|
|
unix_detach_fds(&scm, skb);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* Alas, it calls VFS */
|
|
|
|
/* So fscking what? fput() had been SMP-safe since the last Summer */
|
|
|
|
scm_destroy(&scm);
|
|
|
|
sock_wfree(skb);
|
|
|
|
}
|
|
|
|
|
2016-01-10 14:54:56 +08:00
|
|
|
/*
|
|
|
|
* The "user->unix_inflight" variable is protected by the garbage
|
|
|
|
* collection lock, and we just read it locklessly here. If you go
|
|
|
|
* over the limit, there might be a tiny race in actually noticing
|
|
|
|
* it across threads. Tough.
|
|
|
|
*/
|
|
|
|
static inline bool too_many_unix_fds(struct task_struct *p)
|
|
|
|
{
|
|
|
|
struct user_struct *user = current_user();
|
|
|
|
|
|
|
|
if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE)))
|
|
|
|
return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2010-11-25 12:11:39 +08:00
|
|
|
#define MAX_RECURSION_LEVEL 4
|
|
|
|
|
2008-11-09 22:23:57 +08:00
|
|
|
static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
int i;
|
2010-11-25 12:11:39 +08:00
|
|
|
unsigned char max_level = 0;
|
|
|
|
|
2016-01-10 14:54:56 +08:00
|
|
|
if (too_many_unix_fds(current))
|
|
|
|
return -ETOOMANYREFS;
|
|
|
|
|
2010-11-25 12:11:39 +08:00
|
|
|
for (i = scm->fp->count - 1; i >= 0; i--) {
|
|
|
|
struct sock *sk = unix_get_socket(scm->fp->fp[i]);
|
|
|
|
|
2016-02-03 01:17:54 +08:00
|
|
|
if (sk)
|
2010-11-25 12:11:39 +08:00
|
|
|
max_level = max(max_level,
|
|
|
|
unix_sk(sk)->recursion_level);
|
|
|
|
}
|
|
|
|
if (unlikely(max_level > MAX_RECURSION_LEVEL))
|
|
|
|
return -ETOOMANYREFS;
|
2008-11-09 22:23:57 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Need to duplicate file references for the sake of garbage
|
|
|
|
* collection. Otherwise a socket in the fps might become a
|
|
|
|
* candidate for GC while the skb is not yet queued.
|
|
|
|
*/
|
|
|
|
UNIXCB(skb).fp = scm_fp_dup(scm->fp);
|
|
|
|
if (!UNIXCB(skb).fp)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2016-01-10 14:54:56 +08:00
|
|
|
for (i = scm->fp->count - 1; i >= 0; i--)
|
2016-02-03 09:11:03 +08:00
|
|
|
unix_inflight(scm->fp->user, scm->fp->fp[i]);
|
2010-11-25 12:11:39 +08:00
|
|
|
return max_level;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2011-09-17 07:34:00 +08:00
|
|
|
static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
|
2010-06-13 11:34:33 +08:00
|
|
|
{
|
|
|
|
int err = 0;
|
2011-09-19 13:52:27 +08:00
|
|
|
|
2011-09-17 07:34:00 +08:00
|
|
|
UNIXCB(skb).pid = get_pid(scm->pid);
|
2013-04-04 01:28:16 +08:00
|
|
|
UNIXCB(skb).uid = scm->creds.uid;
|
|
|
|
UNIXCB(skb).gid = scm->creds.gid;
|
2010-06-13 11:34:33 +08:00
|
|
|
UNIXCB(skb).fp = NULL;
|
2015-06-10 20:44:59 +08:00
|
|
|
unix_get_secdata(scm, skb);
|
2010-06-13 11:34:33 +08:00
|
|
|
if (scm->fp && send_fds)
|
|
|
|
err = unix_attach_fds(scm, skb);
|
|
|
|
|
|
|
|
skb->destructor = unix_destruct_scm;
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2015-11-26 19:08:18 +08:00
|
|
|
static bool unix_passcred_enabled(const struct socket *sock,
|
|
|
|
const struct sock *other)
|
|
|
|
{
|
|
|
|
return test_bit(SOCK_PASSCRED, &sock->flags) ||
|
|
|
|
!other->sk_socket ||
|
|
|
|
test_bit(SOCK_PASSCRED, &other->sk_socket->flags);
|
|
|
|
}
|
|
|
|
|
2011-09-19 13:52:27 +08:00
|
|
|
/*
|
|
|
|
* Some apps rely on write() giving SCM_CREDENTIALS
|
|
|
|
* We include credentials if source or destination socket
|
|
|
|
* asserted SOCK_PASSCRED.
|
|
|
|
*/
|
|
|
|
static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
|
|
|
|
const struct sock *other)
|
|
|
|
{
|
2013-04-04 01:28:16 +08:00
|
|
|
if (UNIXCB(skb).pid)
|
2011-09-19 13:52:27 +08:00
|
|
|
return;
|
2015-11-26 19:08:18 +08:00
|
|
|
if (unix_passcred_enabled(sock, other)) {
|
2011-09-19 13:52:27 +08:00
|
|
|
UNIXCB(skb).pid = get_pid(task_tgid(current));
|
2013-04-23 08:32:51 +08:00
|
|
|
current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid);
|
2011-09-19 13:52:27 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-11-26 19:08:18 +08:00
|
|
|
static int maybe_init_creds(struct scm_cookie *scm,
|
|
|
|
struct socket *socket,
|
|
|
|
const struct sock *other)
|
|
|
|
{
|
|
|
|
int err;
|
|
|
|
struct msghdr msg = { .msg_controllen = 0 };
|
|
|
|
|
|
|
|
err = scm_send(socket, &msg, scm, false);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
if (unix_passcred_enabled(socket, other)) {
|
|
|
|
scm->pid = get_pid(task_tgid(current));
|
|
|
|
current_uid_gid(&scm->creds.uid, &scm->creds.gid);
|
|
|
|
}
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool unix_skb_scm_eq(struct sk_buff *skb,
|
|
|
|
struct scm_cookie *scm)
|
|
|
|
{
|
|
|
|
const struct unix_skb_parms *u = &UNIXCB(skb);
|
|
|
|
|
|
|
|
return u->pid == scm->pid &&
|
|
|
|
uid_eq(u->uid, scm->creds.uid) &&
|
|
|
|
gid_eq(u->gid, scm->creds.gid) &&
|
|
|
|
unix_secdata_eq(scm, skb);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Send AF_UNIX data.
|
|
|
|
*/
|
|
|
|
|
2015-03-02 15:37:48 +08:00
|
|
|
static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
|
|
|
|
size_t len)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
2008-03-26 01:26:21 +08:00
|
|
|
struct net *net = sock_net(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
struct unix_sock *u = unix_sk(sk);
|
2014-01-18 05:53:15 +08:00
|
|
|
DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name);
|
2005-04-17 06:20:36 +08:00
|
|
|
struct sock *other = NULL;
|
|
|
|
int namelen = 0; /* fake GCC */
|
|
|
|
int err;
|
2012-04-15 13:58:06 +08:00
|
|
|
unsigned int hash;
|
2011-09-17 07:34:00 +08:00
|
|
|
struct sk_buff *skb;
|
2005-04-17 06:20:36 +08:00
|
|
|
long timeo;
|
2015-01-29 01:04:53 +08:00
|
|
|
struct scm_cookie scm;
|
2010-11-25 12:11:39 +08:00
|
|
|
int max_level;
|
2012-04-03 13:28:28 +08:00
|
|
|
int data_len = 0;
|
2015-11-21 06:07:23 +08:00
|
|
|
int sk_locked;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-11-27 07:32:27 +08:00
|
|
|
wait_for_unix_gc();
|
2015-01-29 01:04:53 +08:00
|
|
|
err = scm_send(sock, msg, &scm, false);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (err < 0)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
err = -EOPNOTSUPP;
|
|
|
|
if (msg->msg_flags&MSG_OOB)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (msg->msg_namelen) {
|
|
|
|
err = unix_mkname(sunaddr, msg->msg_namelen, &hash);
|
|
|
|
if (err < 0)
|
|
|
|
goto out;
|
|
|
|
namelen = err;
|
|
|
|
} else {
|
|
|
|
sunaddr = NULL;
|
|
|
|
err = -ENOTCONN;
|
|
|
|
other = unix_peer_get(sk);
|
|
|
|
if (!other)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2009-11-30 08:55:45 +08:00
|
|
|
if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
|
|
|
|
&& (err = unix_autobind(sock)) != 0)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
err = -EMSGSIZE;
|
|
|
|
if (len > sk->sk_sndbuf - 32)
|
|
|
|
goto out;
|
|
|
|
|
2014-05-15 23:56:28 +08:00
|
|
|
if (len > SKB_MAX_ALLOC) {
|
2012-04-03 13:28:28 +08:00
|
|
|
data_len = min_t(size_t,
|
|
|
|
len - SKB_MAX_ALLOC,
|
|
|
|
MAX_SKB_FRAGS * PAGE_SIZE);
|
2014-05-15 23:56:28 +08:00
|
|
|
data_len = PAGE_ALIGN(data_len);
|
|
|
|
|
|
|
|
BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE);
|
|
|
|
}
|
2012-04-03 13:28:28 +08:00
|
|
|
|
|
|
|
skb = sock_alloc_send_pskb(sk, len - data_len, data_len,
|
2013-08-09 05:38:47 +08:00
|
|
|
msg->msg_flags & MSG_DONTWAIT, &err,
|
|
|
|
PAGE_ALLOC_COSTLY_ORDER);
|
2008-11-02 12:38:31 +08:00
|
|
|
if (skb == NULL)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
|
2015-01-29 01:04:53 +08:00
|
|
|
err = unix_scm_to_skb(&scm, skb, true);
|
2010-11-25 12:11:39 +08:00
|
|
|
if (err < 0)
|
2010-06-13 11:34:33 +08:00
|
|
|
goto out_free;
|
2010-11-25 12:11:39 +08:00
|
|
|
max_level = err + 1;
|
[AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket. The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.
Patch design and implementation:
The design and implementation is very similar to the UDP case for INET
sockets. Basically we build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message). To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt. Then the application
retrieves the security context using the auxiliary data mechanism.
An example server application for Unix datagram socket should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_SOCKET &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.
Testing:
We have tested the patch by setting up Unix datagram client and server
applications. We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-30 03:27:47 +08:00
|
|
|
|
2012-04-03 13:28:28 +08:00
|
|
|
skb_put(skb, len - data_len);
|
|
|
|
skb->data_len = data_len;
|
|
|
|
skb->len = len;
|
2014-11-24 23:42:55 +08:00
|
|
|
err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (err)
|
|
|
|
goto out_free;
|
|
|
|
|
|
|
|
timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
|
|
|
|
|
|
|
|
restart:
|
|
|
|
if (!other) {
|
|
|
|
err = -ECONNRESET;
|
|
|
|
if (sunaddr == NULL)
|
|
|
|
goto out_free;
|
|
|
|
|
2007-11-20 14:29:30 +08:00
|
|
|
other = unix_find_other(net, sunaddr, namelen, sk->sk_type,
|
2005-04-17 06:20:36 +08:00
|
|
|
hash, &err);
|
2008-11-02 12:38:31 +08:00
|
|
|
if (other == NULL)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out_free;
|
|
|
|
}
|
|
|
|
|
af_unix: implement socket filter
Linux Socket Filters can already be successfully attached and detached on unix
sockets with setsockopt(sockfd, SOL_SOCKET, SO_{ATTACH,DETACH}_FILTER, ...).
See: Documentation/networking/filter.txt
But the filter was never used in the unix socket code so it did not work. This
patch uses sk_filter() to filter buffers before delivery.
This short program demonstrates the problem on SOCK_DGRAM.
int main(void) {
int i, j, ret;
int sv[2];
struct pollfd fds[2];
char *message = "Hello world!";
char buffer[64];
struct sock_filter ins[32] = {{0,},};
struct sock_fprog filter;
socketpair(AF_UNIX, SOCK_DGRAM, 0, sv);
for (i = 0 ; i < 2 ; i++) {
fds[i].fd = sv[i];
fds[i].events = POLLIN;
fds[i].revents = 0;
}
for(j = 1 ; j < 13 ; j++) {
/* Set a socket filter to truncate the message */
memset(ins, 0, sizeof(ins));
ins[0].code = BPF_RET|BPF_K;
ins[0].k = j;
filter.len = 1;
filter.filter = ins;
setsockopt(sv[1], SOL_SOCKET, SO_ATTACH_FILTER, &filter, sizeof(filter));
/* send a message */
send(sv[0], message, strlen(message) + 1, 0);
/* The filter should let the message pass but truncated. */
poll(fds, 2, 0);
/* Receive the truncated message*/
ret = recv(sv[1], buffer, 64, 0);
printf("received %d bytes, expected %d\n", ret, j);
}
for (i = 0 ; i < 2 ; i++)
close(sv[i]);
return 0;
}
Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Ian Molton <ian.molton@collabora.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-01-18 14:39:15 +08:00
|
|
|
if (sk_filter(other, skb) < 0) {
|
|
|
|
/* Toss the packet but do not return any error to the sender */
|
|
|
|
err = len;
|
|
|
|
goto out_free;
|
|
|
|
}
|
|
|
|
|
2015-11-21 06:07:23 +08:00
|
|
|
sk_locked = 0;
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(other);
|
2015-11-21 06:07:23 +08:00
|
|
|
restart_locked:
|
2005-04-17 06:20:36 +08:00
|
|
|
err = -EPERM;
|
|
|
|
if (!unix_may_send(sk, other))
|
|
|
|
goto out_unlock;
|
|
|
|
|
2015-11-21 06:07:23 +08:00
|
|
|
if (unlikely(sock_flag(other, SOCK_DEAD))) {
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Check with 1003.1g - what should
|
|
|
|
* datagram error
|
|
|
|
*/
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_put(other);
|
|
|
|
|
2015-11-21 06:07:23 +08:00
|
|
|
if (!sk_locked)
|
|
|
|
unix_state_lock(sk);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
err = 0;
|
|
|
|
if (unix_peer(sk) == other) {
|
2008-11-02 12:38:31 +08:00
|
|
|
unix_peer(sk) = NULL;
|
2015-11-21 06:07:23 +08:00
|
|
|
unix_dgram_peer_wake_disconnect_wakeup(sk, other);
|
|
|
|
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
unix_dgram_disconnected(sk, other);
|
|
|
|
sock_put(other);
|
|
|
|
err = -ECONNREFUSED;
|
|
|
|
} else {
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
other = NULL;
|
|
|
|
if (err)
|
|
|
|
goto out_free;
|
|
|
|
goto restart;
|
|
|
|
}
|
|
|
|
|
|
|
|
err = -EPIPE;
|
|
|
|
if (other->sk_shutdown & RCV_SHUTDOWN)
|
|
|
|
goto out_unlock;
|
|
|
|
|
|
|
|
if (sk->sk_type != SOCK_SEQPACKET) {
|
|
|
|
err = security_unix_may_send(sk->sk_socket, other->sk_socket);
|
|
|
|
if (err)
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
|
|
|
|
2016-02-12 03:37:27 +08:00
|
|
|
/* other == sk && unix_peer(other) != sk if
|
|
|
|
* - unix_peer(sk) == NULL, destination address bound to sk
|
|
|
|
* - unix_peer(sk) == sk by time of get but disconnected before lock
|
|
|
|
*/
|
|
|
|
if (other != sk &&
|
|
|
|
unlikely(unix_peer(other) != sk && unix_recvq_full(other))) {
|
2015-11-21 06:07:23 +08:00
|
|
|
if (timeo) {
|
|
|
|
timeo = unix_wait_for_peer(other, timeo);
|
|
|
|
|
|
|
|
err = sock_intr_errno(timeo);
|
|
|
|
if (signal_pending(current))
|
|
|
|
goto out_free;
|
|
|
|
|
|
|
|
goto restart;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2015-11-21 06:07:23 +08:00
|
|
|
if (!sk_locked) {
|
|
|
|
unix_state_unlock(other);
|
|
|
|
unix_state_double_lock(sk, other);
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-11-21 06:07:23 +08:00
|
|
|
if (unix_peer(sk) != other ||
|
|
|
|
unix_dgram_peer_wake_me(sk, other)) {
|
|
|
|
err = -EAGAIN;
|
|
|
|
sk_locked = 1;
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-11-21 06:07:23 +08:00
|
|
|
if (!sk_locked) {
|
|
|
|
sk_locked = 1;
|
|
|
|
goto restart_locked;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2015-11-21 06:07:23 +08:00
|
|
|
if (unlikely(sk_locked))
|
|
|
|
unix_state_unlock(sk);
|
|
|
|
|
2010-10-04 16:48:28 +08:00
|
|
|
if (sock_flag(other, SOCK_RCVTSTAMP))
|
|
|
|
__net_timestamp(skb);
|
2011-09-19 13:52:27 +08:00
|
|
|
maybe_add_creds(skb, sock, other);
|
2005-04-17 06:20:36 +08:00
|
|
|
skb_queue_tail(&other->sk_receive_queue, skb);
|
2010-11-25 12:11:39 +08:00
|
|
|
if (max_level > unix_sk(other)->recursion_level)
|
|
|
|
unix_sk(other)->recursion_level = max_level;
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(other);
|
2014-04-12 04:15:36 +08:00
|
|
|
other->sk_data_ready(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_put(other);
|
2015-01-29 01:04:53 +08:00
|
|
|
scm_destroy(&scm);
|
2005-04-17 06:20:36 +08:00
|
|
|
return len;
|
|
|
|
|
|
|
|
out_unlock:
|
2015-11-21 06:07:23 +08:00
|
|
|
if (sk_locked)
|
|
|
|
unix_state_unlock(sk);
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
out_free:
|
|
|
|
kfree_skb(skb);
|
|
|
|
out:
|
|
|
|
if (other)
|
|
|
|
sock_put(other);
|
2015-01-29 01:04:53 +08:00
|
|
|
scm_destroy(&scm);
|
2005-04-17 06:20:36 +08:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2013-08-09 05:37:32 +08:00
|
|
|
/* We use paged skbs for stream sockets, and limit occupancy to 32768
|
|
|
|
* bytes, and a minimun of a full page.
|
|
|
|
*/
|
|
|
|
#define UNIX_SKB_FRAGS_SZ (PAGE_SIZE << get_order(32768))
|
2007-02-09 22:25:23 +08:00
|
|
|
|
2015-03-02 15:37:48 +08:00
|
|
|
static int unix_stream_sendmsg(struct socket *sock, struct msghdr *msg,
|
|
|
|
size_t len)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct sock *other = NULL;
|
2008-11-17 14:58:44 +08:00
|
|
|
int err, size;
|
2011-09-17 07:34:00 +08:00
|
|
|
struct sk_buff *skb;
|
2008-11-02 12:38:31 +08:00
|
|
|
int sent = 0;
|
2015-01-29 01:04:53 +08:00
|
|
|
struct scm_cookie scm;
|
net: unix: fix sending fds in multiple buffers
Kalle Olavi Niemitalo reported that:
"..., when one process calls sendmsg once to send 43804 bytes of
data and one file descriptor, and another process then calls recvmsg
three times to receive the 16032+16032+11740 bytes, each of those
recvmsg calls returns the file descriptor in the ancillary data. I
confirmed this with strace. The behaviour differs from Linux
2.6.26, where reportedly only one of those recvmsg calls (I think
the first one) returned the file descriptor."
This bug was introduced by a patch from me titled "net: unix: fix inflight
counting bug in garbage collector", commit 6209344f5.
And the reason is, quoting Kalle:
"Before your patch, unix_attach_fds() would set scm->fp = NULL, so
that if the loop in unix_stream_sendmsg() ran multiple iterations,
it could not call unix_attach_fds() again. But now,
unix_attach_fds() leaves scm->fp unchanged, and I think this causes
it to be called multiple times and duplicate the same file
descriptors to each struct sk_buff."
Fix this by introducing a flag that is cleared at the start and set
when the fds attached to the first buffer. The resulting code should
work equivalently to the one on 2.6.26.
Reported-by: Kalle Olavi Niemitalo <kon@iki.fi>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-12 02:31:45 +08:00
|
|
|
bool fds_sent = false;
|
2010-11-25 12:11:39 +08:00
|
|
|
int max_level;
|
2013-08-09 05:37:32 +08:00
|
|
|
int data_len;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-11-27 07:32:27 +08:00
|
|
|
wait_for_unix_gc();
|
2015-01-29 01:04:53 +08:00
|
|
|
err = scm_send(sock, msg, &scm, false);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (err < 0)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
err = -EOPNOTSUPP;
|
|
|
|
if (msg->msg_flags&MSG_OOB)
|
|
|
|
goto out_err;
|
|
|
|
|
|
|
|
if (msg->msg_namelen) {
|
|
|
|
err = sk->sk_state == TCP_ESTABLISHED ? -EISCONN : -EOPNOTSUPP;
|
|
|
|
goto out_err;
|
|
|
|
} else {
|
|
|
|
err = -ENOTCONN;
|
2005-12-14 15:22:32 +08:00
|
|
|
other = unix_peer(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!other)
|
|
|
|
goto out_err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sk->sk_shutdown & SEND_SHUTDOWN)
|
|
|
|
goto pipe_err;
|
|
|
|
|
2008-11-17 14:58:44 +08:00
|
|
|
while (sent < len) {
|
2013-08-09 05:37:32 +08:00
|
|
|
size = len - sent;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* Keep two messages in the pipe so it schedules better */
|
2013-08-09 05:37:32 +08:00
|
|
|
size = min_t(int, size, (sk->sk_sndbuf >> 1) - 64);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-08-09 05:37:32 +08:00
|
|
|
/* allow fallback to order-0 allocations */
|
|
|
|
size = min_t(int, size, SKB_MAX_HEAD(0) + UNIX_SKB_FRAGS_SZ);
|
2007-02-09 22:25:23 +08:00
|
|
|
|
2013-08-09 05:37:32 +08:00
|
|
|
data_len = max_t(int, 0, size - SKB_MAX_HEAD(0));
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2014-05-15 23:56:28 +08:00
|
|
|
data_len = min_t(size_t, size, PAGE_ALIGN(data_len));
|
|
|
|
|
2013-08-09 05:37:32 +08:00
|
|
|
skb = sock_alloc_send_pskb(sk, size - data_len, data_len,
|
2013-08-09 05:38:47 +08:00
|
|
|
msg->msg_flags & MSG_DONTWAIT, &err,
|
|
|
|
get_order(UNIX_SKB_FRAGS_SZ));
|
2013-08-09 05:37:32 +08:00
|
|
|
if (!skb)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out_err;
|
|
|
|
|
2011-09-17 07:34:00 +08:00
|
|
|
/* Only send the fds in the first buffer */
|
2015-01-29 01:04:53 +08:00
|
|
|
err = unix_scm_to_skb(&scm, skb, !fds_sent);
|
2010-11-25 12:11:39 +08:00
|
|
|
if (err < 0) {
|
2010-06-13 11:34:33 +08:00
|
|
|
kfree_skb(skb);
|
2011-09-17 07:34:00 +08:00
|
|
|
goto out_err;
|
2008-11-09 22:23:57 +08:00
|
|
|
}
|
2010-11-25 12:11:39 +08:00
|
|
|
max_level = err + 1;
|
2010-06-13 11:34:33 +08:00
|
|
|
fds_sent = true;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-08-09 05:37:32 +08:00
|
|
|
skb_put(skb, size - data_len);
|
|
|
|
skb->data_len = data_len;
|
|
|
|
skb->len = size;
|
2014-11-24 23:42:55 +08:00
|
|
|
err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size);
|
2008-11-17 14:58:44 +08:00
|
|
|
if (err) {
|
2005-04-17 06:20:36 +08:00
|
|
|
kfree_skb(skb);
|
2011-09-17 07:34:00 +08:00
|
|
|
goto out_err;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (sock_flag(other, SOCK_DEAD) ||
|
|
|
|
(other->sk_shutdown & RCV_SHUTDOWN))
|
|
|
|
goto pipe_err_free;
|
|
|
|
|
2011-09-19 13:52:27 +08:00
|
|
|
maybe_add_creds(skb, sock, other);
|
2005-04-17 06:20:36 +08:00
|
|
|
skb_queue_tail(&other->sk_receive_queue, skb);
|
2010-11-25 12:11:39 +08:00
|
|
|
if (max_level > unix_sk(other)->recursion_level)
|
|
|
|
unix_sk(other)->recursion_level = max_level;
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(other);
|
2014-04-12 04:15:36 +08:00
|
|
|
other->sk_data_ready(other);
|
2008-11-02 12:38:31 +08:00
|
|
|
sent += size;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2015-01-29 01:04:53 +08:00
|
|
|
scm_destroy(&scm);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
return sent;
|
|
|
|
|
|
|
|
pipe_err_free:
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(other);
|
2005-04-17 06:20:36 +08:00
|
|
|
kfree_skb(skb);
|
|
|
|
pipe_err:
|
2008-11-17 14:58:44 +08:00
|
|
|
if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
|
|
|
|
send_sig(SIGPIPE, current, 0);
|
2005-04-17 06:20:36 +08:00
|
|
|
err = -EPIPE;
|
|
|
|
out_err:
|
2015-01-29 01:04:53 +08:00
|
|
|
scm_destroy(&scm);
|
2005-04-17 06:20:36 +08:00
|
|
|
return sent ? : err;
|
|
|
|
}
|
|
|
|
|
2015-05-21 22:59:59 +08:00
|
|
|
static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page,
|
|
|
|
int offset, size_t size, int flags)
|
|
|
|
{
|
2015-11-26 19:08:18 +08:00
|
|
|
int err;
|
|
|
|
bool send_sigpipe = false;
|
|
|
|
bool init_scm = true;
|
|
|
|
struct scm_cookie scm;
|
2015-05-21 22:59:59 +08:00
|
|
|
struct sock *other, *sk = socket->sk;
|
|
|
|
struct sk_buff *skb, *newskb = NULL, *tail = NULL;
|
|
|
|
|
|
|
|
if (flags & MSG_OOB)
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
|
|
|
other = unix_peer(sk);
|
|
|
|
if (!other || sk->sk_state != TCP_ESTABLISHED)
|
|
|
|
return -ENOTCONN;
|
|
|
|
|
|
|
|
if (false) {
|
|
|
|
alloc_skb:
|
|
|
|
unix_state_unlock(other);
|
|
|
|
mutex_unlock(&unix_sk(other)->readlock);
|
|
|
|
newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT,
|
|
|
|
&err, 0);
|
|
|
|
if (!newskb)
|
2015-11-26 19:08:18 +08:00
|
|
|
goto err;
|
2015-05-21 22:59:59 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* we must acquire readlock as we modify already present
|
|
|
|
* skbs in the sk_receive_queue and mess with skb->len
|
|
|
|
*/
|
|
|
|
err = mutex_lock_interruptible(&unix_sk(other)->readlock);
|
|
|
|
if (err) {
|
|
|
|
err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sk->sk_shutdown & SEND_SHUTDOWN) {
|
|
|
|
err = -EPIPE;
|
2015-11-26 19:08:18 +08:00
|
|
|
send_sigpipe = true;
|
2015-05-21 22:59:59 +08:00
|
|
|
goto err_unlock;
|
|
|
|
}
|
|
|
|
|
|
|
|
unix_state_lock(other);
|
|
|
|
|
|
|
|
if (sock_flag(other, SOCK_DEAD) ||
|
|
|
|
other->sk_shutdown & RCV_SHUTDOWN) {
|
|
|
|
err = -EPIPE;
|
2015-11-26 19:08:18 +08:00
|
|
|
send_sigpipe = true;
|
2015-05-21 22:59:59 +08:00
|
|
|
goto err_state_unlock;
|
|
|
|
}
|
|
|
|
|
2015-11-26 19:08:18 +08:00
|
|
|
if (init_scm) {
|
|
|
|
err = maybe_init_creds(&scm, socket, other);
|
|
|
|
if (err)
|
|
|
|
goto err_state_unlock;
|
|
|
|
init_scm = false;
|
|
|
|
}
|
|
|
|
|
2015-05-21 22:59:59 +08:00
|
|
|
skb = skb_peek_tail(&other->sk_receive_queue);
|
|
|
|
if (tail && tail == skb) {
|
|
|
|
skb = newskb;
|
2015-11-26 19:08:18 +08:00
|
|
|
} else if (!skb || !unix_skb_scm_eq(skb, &scm)) {
|
|
|
|
if (newskb) {
|
2015-05-21 22:59:59 +08:00
|
|
|
skb = newskb;
|
2015-11-26 19:08:18 +08:00
|
|
|
} else {
|
|
|
|
tail = skb;
|
2015-05-21 22:59:59 +08:00
|
|
|
goto alloc_skb;
|
2015-11-26 19:08:18 +08:00
|
|
|
}
|
2015-05-21 22:59:59 +08:00
|
|
|
} else if (newskb) {
|
|
|
|
/* this is fast path, we don't necessarily need to
|
|
|
|
* call to kfree_skb even though with newskb == NULL
|
|
|
|
* this - does no harm
|
|
|
|
*/
|
|
|
|
consume_skb(newskb);
|
2015-11-16 23:25:56 +08:00
|
|
|
newskb = NULL;
|
2015-05-21 22:59:59 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (skb_append_pagefrags(skb, page, offset, size)) {
|
|
|
|
tail = skb;
|
|
|
|
goto alloc_skb;
|
|
|
|
}
|
|
|
|
|
|
|
|
skb->len += size;
|
|
|
|
skb->data_len += size;
|
|
|
|
skb->truesize += size;
|
|
|
|
atomic_add(size, &sk->sk_wmem_alloc);
|
|
|
|
|
2015-11-17 22:10:59 +08:00
|
|
|
if (newskb) {
|
2015-11-26 19:08:18 +08:00
|
|
|
err = unix_scm_to_skb(&scm, skb, false);
|
|
|
|
if (err)
|
|
|
|
goto err_state_unlock;
|
2015-11-17 22:10:59 +08:00
|
|
|
spin_lock(&other->sk_receive_queue.lock);
|
2015-05-21 22:59:59 +08:00
|
|
|
__skb_queue_tail(&other->sk_receive_queue, newskb);
|
2015-11-17 22:10:59 +08:00
|
|
|
spin_unlock(&other->sk_receive_queue.lock);
|
|
|
|
}
|
2015-05-21 22:59:59 +08:00
|
|
|
|
|
|
|
unix_state_unlock(other);
|
|
|
|
mutex_unlock(&unix_sk(other)->readlock);
|
|
|
|
|
|
|
|
other->sk_data_ready(other);
|
2015-11-26 19:08:18 +08:00
|
|
|
scm_destroy(&scm);
|
2015-05-21 22:59:59 +08:00
|
|
|
return size;
|
|
|
|
|
|
|
|
err_state_unlock:
|
|
|
|
unix_state_unlock(other);
|
|
|
|
err_unlock:
|
|
|
|
mutex_unlock(&unix_sk(other)->readlock);
|
|
|
|
err:
|
|
|
|
kfree_skb(newskb);
|
|
|
|
if (send_sigpipe && !(flags & MSG_NOSIGNAL))
|
|
|
|
send_sig(SIGPIPE, current, 0);
|
2015-11-26 19:08:18 +08:00
|
|
|
if (!init_scm)
|
|
|
|
scm_destroy(&scm);
|
2015-05-21 22:59:59 +08:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2015-03-02 15:37:48 +08:00
|
|
|
static int unix_seqpacket_sendmsg(struct socket *sock, struct msghdr *msg,
|
|
|
|
size_t len)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
int err;
|
|
|
|
struct sock *sk = sock->sk;
|
2007-02-09 22:25:23 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
err = sock_error(sk);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
if (sk->sk_state != TCP_ESTABLISHED)
|
|
|
|
return -ENOTCONN;
|
|
|
|
|
|
|
|
if (msg->msg_namelen)
|
|
|
|
msg->msg_namelen = 0;
|
|
|
|
|
2015-03-02 15:37:48 +08:00
|
|
|
return unix_dgram_sendmsg(sock, msg, len);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2007-02-09 22:25:23 +08:00
|
|
|
|
2015-03-02 15:37:48 +08:00
|
|
|
static int unix_seqpacket_recvmsg(struct socket *sock, struct msghdr *msg,
|
|
|
|
size_t size, int flags)
|
2011-04-24 09:54:57 +08:00
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
|
|
|
if (sk->sk_state != TCP_ESTABLISHED)
|
|
|
|
return -ENOTCONN;
|
|
|
|
|
2015-03-02 15:37:48 +08:00
|
|
|
return unix_dgram_recvmsg(sock, msg, size, flags);
|
2011-04-24 09:54:57 +08:00
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
|
|
|
|
{
|
|
|
|
struct unix_sock *u = unix_sk(sk);
|
|
|
|
|
|
|
|
if (u->addr) {
|
|
|
|
msg->msg_namelen = u->addr->len;
|
|
|
|
memcpy(msg->msg_name, u->addr->name, u->addr->len);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-03-02 15:37:48 +08:00
|
|
|
static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg,
|
|
|
|
size_t size, int flags)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2015-01-29 01:04:53 +08:00
|
|
|
struct scm_cookie scm;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct unix_sock *u = unix_sk(sk);
|
2015-12-07 05:11:38 +08:00
|
|
|
struct sk_buff *skb, *last;
|
|
|
|
long timeo;
|
2005-04-17 06:20:36 +08:00
|
|
|
int err;
|
2012-02-21 15:31:51 +08:00
|
|
|
int peeked, skip;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
err = -EOPNOTSUPP;
|
|
|
|
if (flags&MSG_OOB)
|
|
|
|
goto out;
|
|
|
|
|
2015-12-07 05:11:38 +08:00
|
|
|
timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-12-07 05:11:38 +08:00
|
|
|
do {
|
|
|
|
mutex_lock(&u->readlock);
|
2012-02-21 15:31:51 +08:00
|
|
|
|
2015-12-07 05:11:38 +08:00
|
|
|
skip = sk_peek_offset(sk, flags);
|
|
|
|
skb = __skb_try_recv_datagram(sk, flags, &peeked, &skip, &err,
|
|
|
|
&last);
|
|
|
|
if (skb)
|
|
|
|
break;
|
|
|
|
|
|
|
|
mutex_unlock(&u->readlock);
|
|
|
|
|
|
|
|
if (err != -EAGAIN)
|
|
|
|
break;
|
|
|
|
} while (timeo &&
|
|
|
|
!__skb_wait_for_more_packets(sk, &err, &timeo, last));
|
|
|
|
|
|
|
|
if (!skb) { /* implies readlock unlocked */
|
[UNIX]: EOF on non-blocking SOCK_SEQPACKET
I am not absolutely sure whether this actually is a bug (as in: I've got
no clue what the standards say or what other implementations do), but at
least I was pretty surprised when I noticed that a recv() on a
non-blocking unix domain socket of type SOCK_SEQPACKET (which is connection
oriented, after all) where the remote end has closed the connection
returned -1 (EAGAIN) rather than 0 to indicate end of file.
This is a test case:
| #include <sys/types.h>
| #include <unistd.h>
| #include <sys/socket.h>
| #include <sys/un.h>
| #include <fcntl.h>
| #include <string.h>
| #include <stdlib.h>
|
| int main(){
| int sock;
| struct sockaddr_un addr;
| char buf[4096];
| int pfds[2];
|
| pipe(pfds);
| sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
| addr.sun_family=AF_UNIX;
| strcpy(addr.sun_path,"/tmp/foobar_testsock");
| bind(sock,(struct sockaddr *)&addr,sizeof(addr));
| listen(sock,1);
| if(fork()){
| close(sock);
| sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
| connect(sock,(struct sockaddr *)&addr,sizeof(addr));
| fcntl(sock,F_SETFL,fcntl(sock,F_GETFL)|O_NONBLOCK);
| close(pfds[1]);
| read(pfds[0],buf,sizeof(buf));
| recv(sock,buf,sizeof(buf),0); // <-- this one
| }else accept(sock,NULL,NULL);
| exit(0);
| }
If you try it, make sure /tmp/foobar_testsock doesn't exist.
The marked recv() returns -1 (EAGAIN) on 2.6.23.9. Below you find a
patch that fixes that.
Signed-off-by: Florian Zumbiehl <florz@florz.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-11-29 20:19:23 +08:00
|
|
|
unix_state_lock(sk);
|
|
|
|
/* Signal EOF on disconnected non-blocking SEQPACKET socket. */
|
|
|
|
if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
|
|
|
|
(sk->sk_shutdown & RCV_SHUTDOWN))
|
|
|
|
err = 0;
|
|
|
|
unix_state_unlock(sk);
|
2015-12-07 05:11:38 +08:00
|
|
|
goto out;
|
[UNIX]: EOF on non-blocking SOCK_SEQPACKET
I am not absolutely sure whether this actually is a bug (as in: I've got
no clue what the standards say or what other implementations do), but at
least I was pretty surprised when I noticed that a recv() on a
non-blocking unix domain socket of type SOCK_SEQPACKET (which is connection
oriented, after all) where the remote end has closed the connection
returned -1 (EAGAIN) rather than 0 to indicate end of file.
This is a test case:
| #include <sys/types.h>
| #include <unistd.h>
| #include <sys/socket.h>
| #include <sys/un.h>
| #include <fcntl.h>
| #include <string.h>
| #include <stdlib.h>
|
| int main(){
| int sock;
| struct sockaddr_un addr;
| char buf[4096];
| int pfds[2];
|
| pipe(pfds);
| sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
| addr.sun_family=AF_UNIX;
| strcpy(addr.sun_path,"/tmp/foobar_testsock");
| bind(sock,(struct sockaddr *)&addr,sizeof(addr));
| listen(sock,1);
| if(fork()){
| close(sock);
| sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
| connect(sock,(struct sockaddr *)&addr,sizeof(addr));
| fcntl(sock,F_SETFL,fcntl(sock,F_GETFL)|O_NONBLOCK);
| close(pfds[1]);
| read(pfds[0],buf,sizeof(buf));
| recv(sock,buf,sizeof(buf),0); // <-- this one
| }else accept(sock,NULL,NULL);
| exit(0);
| }
If you try it, make sure /tmp/foobar_testsock doesn't exist.
The marked recv() returns -1 (EAGAIN) on 2.6.23.9. Below you find a
patch that fixes that.
Signed-off-by: Florian Zumbiehl <florz@florz.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-11-29 20:19:23 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-11-27 03:23:15 +08:00
|
|
|
if (wq_has_sleeper(&u->peer_wait))
|
|
|
|
wake_up_interruptible_sync_poll(&u->peer_wait,
|
|
|
|
POLLOUT | POLLWRNORM |
|
|
|
|
POLLWRBAND);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (msg->msg_name)
|
|
|
|
unix_copy_addr(msg, skb->sk);
|
|
|
|
|
2012-02-21 15:31:51 +08:00
|
|
|
if (size > skb->len - skip)
|
|
|
|
size = skb->len - skip;
|
|
|
|
else if (size < skb->len - skip)
|
2005-04-17 06:20:36 +08:00
|
|
|
msg->msg_flags |= MSG_TRUNC;
|
|
|
|
|
2014-11-06 05:46:40 +08:00
|
|
|
err = skb_copy_datagram_msg(skb, skip, msg, size);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (err)
|
|
|
|
goto out_free;
|
|
|
|
|
2010-10-04 16:48:28 +08:00
|
|
|
if (sock_flag(sk, SOCK_RCVTSTAMP))
|
|
|
|
__sock_recv_timestamp(msg, sk, skb);
|
|
|
|
|
2015-01-29 01:04:53 +08:00
|
|
|
memset(&scm, 0, sizeof(scm));
|
|
|
|
|
|
|
|
scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
|
|
|
|
unix_set_secdata(&scm, skb);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-11-17 14:58:44 +08:00
|
|
|
if (!(flags & MSG_PEEK)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (UNIXCB(skb).fp)
|
2015-01-29 01:04:53 +08:00
|
|
|
unix_detach_fds(&scm, skb);
|
2012-02-21 15:31:51 +08:00
|
|
|
|
|
|
|
sk_peek_offset_bwd(sk, skb->len);
|
2008-11-17 14:58:44 +08:00
|
|
|
} else {
|
2005-04-17 06:20:36 +08:00
|
|
|
/* It is questionable: on PEEK we could:
|
|
|
|
- do not return fds - good, but too simple 8)
|
|
|
|
- return fds, and do not return them on read (old strategy,
|
|
|
|
apparently wrong)
|
|
|
|
- clone fds (I chose it for now, it is the most universal
|
|
|
|
solution)
|
2007-02-09 22:25:23 +08:00
|
|
|
|
|
|
|
POSIX 1003.1g does not actually define this clearly
|
|
|
|
at all. POSIX 1003.1g doesn't define a lot of things
|
|
|
|
clearly however!
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2012-02-21 15:31:51 +08:00
|
|
|
|
|
|
|
sk_peek_offset_fwd(sk, size);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
if (UNIXCB(skb).fp)
|
2015-01-29 01:04:53 +08:00
|
|
|
scm.fp = scm_fp_dup(UNIXCB(skb).fp);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2012-02-22 07:24:55 +08:00
|
|
|
err = (flags & MSG_TRUNC) ? skb->len - skip : size;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-01-29 01:04:53 +08:00
|
|
|
scm_recv(sock, msg, &scm, flags);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
out_free:
|
2008-11-17 14:58:44 +08:00
|
|
|
skb_free_datagram(sk, skb);
|
2006-03-21 14:35:41 +08:00
|
|
|
mutex_unlock(&u->readlock);
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2013-04-29 19:42:14 +08:00
|
|
|
* Sleep until more data has arrived. But check for races..
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2013-04-29 19:42:14 +08:00
|
|
|
static long unix_stream_data_wait(struct sock *sk, long timeo,
|
2015-05-21 23:00:01 +08:00
|
|
|
struct sk_buff *last, unsigned int last_len)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2015-05-21 23:00:01 +08:00
|
|
|
struct sk_buff *tail;
|
2005-04-17 06:20:36 +08:00
|
|
|
DEFINE_WAIT(wait);
|
|
|
|
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
for (;;) {
|
2010-04-20 21:03:51 +08:00
|
|
|
prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-05-21 23:00:01 +08:00
|
|
|
tail = skb_peek_tail(&sk->sk_receive_queue);
|
|
|
|
if (tail != last ||
|
|
|
|
(tail && tail->len != last_len) ||
|
2005-04-17 06:20:36 +08:00
|
|
|
sk->sk_err ||
|
|
|
|
(sk->sk_shutdown & RCV_SHUTDOWN) ||
|
|
|
|
signal_pending(current) ||
|
|
|
|
!timeo)
|
|
|
|
break;
|
|
|
|
|
2015-11-30 12:03:10 +08:00
|
|
|
sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(sk);
|
2013-05-07 07:50:21 +08:00
|
|
|
timeo = freezable_schedule_timeout(timeo);
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(sk);
|
2015-05-26 23:22:19 +08:00
|
|
|
|
|
|
|
if (sock_flag(sk, SOCK_DEAD))
|
|
|
|
break;
|
|
|
|
|
2015-11-30 12:03:10 +08:00
|
|
|
sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2010-04-20 21:03:51 +08:00
|
|
|
finish_wait(sk_sleep(sk), &wait);
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
return timeo;
|
|
|
|
}
|
|
|
|
|
2013-08-09 05:37:32 +08:00
|
|
|
static unsigned int unix_skb_len(const struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
return skb->len - UNIXCB(skb).consumed;
|
|
|
|
}
|
|
|
|
|
2015-05-21 23:00:01 +08:00
|
|
|
struct unix_stream_read_state {
|
|
|
|
int (*recv_actor)(struct sk_buff *, int, int,
|
|
|
|
struct unix_stream_read_state *);
|
|
|
|
struct socket *socket;
|
|
|
|
struct msghdr *msg;
|
|
|
|
struct pipe_inode_info *pipe;
|
|
|
|
size_t size;
|
|
|
|
int flags;
|
|
|
|
unsigned int splice_flags;
|
|
|
|
};
|
|
|
|
|
|
|
|
static int unix_stream_read_generic(struct unix_stream_read_state *state)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2015-01-29 01:04:53 +08:00
|
|
|
struct scm_cookie scm;
|
2015-05-21 23:00:01 +08:00
|
|
|
struct socket *sock = state->socket;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct unix_sock *u = unix_sk(sk);
|
|
|
|
int copied = 0;
|
2015-05-21 23:00:01 +08:00
|
|
|
int flags = state->flags;
|
2014-03-26 09:42:27 +08:00
|
|
|
int noblock = flags & MSG_DONTWAIT;
|
2015-05-21 23:00:01 +08:00
|
|
|
bool check_creds = false;
|
2005-04-17 06:20:36 +08:00
|
|
|
int target;
|
|
|
|
int err = 0;
|
|
|
|
long timeo;
|
2012-02-21 15:32:06 +08:00
|
|
|
int skip;
|
2015-05-21 23:00:01 +08:00
|
|
|
size_t size = state->size;
|
|
|
|
unsigned int last_len;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-02-09 02:47:19 +08:00
|
|
|
if (unlikely(sk->sk_state != TCP_ESTABLISHED)) {
|
|
|
|
err = -EINVAL;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
2016-02-09 02:47:19 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-02-09 02:47:19 +08:00
|
|
|
if (unlikely(flags & MSG_OOB)) {
|
|
|
|
err = -EOPNOTSUPP;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
2016-02-09 02:47:19 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-05-21 23:00:01 +08:00
|
|
|
target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
|
2014-03-26 09:42:27 +08:00
|
|
|
timeo = sock_rcvtimeo(sk, noblock);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-05-21 23:00:01 +08:00
|
|
|
memset(&scm, 0, sizeof(scm));
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/* Lock the socket to prevent queue disordering
|
|
|
|
* while sleeps in memcpy_tomsg
|
|
|
|
*/
|
2015-12-17 04:09:25 +08:00
|
|
|
mutex_lock(&u->readlock);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-10-02 05:05:36 +08:00
|
|
|
if (flags & MSG_PEEK)
|
|
|
|
skip = sk_peek_offset(sk, flags);
|
|
|
|
else
|
|
|
|
skip = 0;
|
|
|
|
|
2008-11-17 14:58:44 +08:00
|
|
|
do {
|
2005-04-17 06:20:36 +08:00
|
|
|
int chunk;
|
2015-11-10 23:23:15 +08:00
|
|
|
bool drop_skb;
|
2013-04-29 19:42:14 +08:00
|
|
|
struct sk_buff *skb, *last;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-02-18 20:39:46 +08:00
|
|
|
redo:
|
2007-06-06 04:10:29 +08:00
|
|
|
unix_state_lock(sk);
|
2015-05-26 23:22:19 +08:00
|
|
|
if (sock_flag(sk, SOCK_DEAD)) {
|
|
|
|
err = -ECONNRESET;
|
|
|
|
goto unlock;
|
|
|
|
}
|
2013-04-29 19:42:14 +08:00
|
|
|
last = skb = skb_peek(&sk->sk_receive_queue);
|
2015-05-21 23:00:01 +08:00
|
|
|
last_len = last ? last->len : 0;
|
2012-02-21 15:32:06 +08:00
|
|
|
again:
|
2008-11-17 14:58:44 +08:00
|
|
|
if (skb == NULL) {
|
2010-11-25 12:11:39 +08:00
|
|
|
unix_sk(sk)->recursion_level = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
if (copied >= target)
|
2007-06-06 04:10:29 +08:00
|
|
|
goto unlock;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* POSIX 1003.1g mandates this order.
|
|
|
|
*/
|
2007-02-09 22:25:23 +08:00
|
|
|
|
2008-11-17 14:58:44 +08:00
|
|
|
err = sock_error(sk);
|
|
|
|
if (err)
|
2007-06-06 04:10:29 +08:00
|
|
|
goto unlock;
|
2005-04-17 06:20:36 +08:00
|
|
|
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
2007-06-06 04:10:29 +08:00
|
|
|
goto unlock;
|
|
|
|
|
|
|
|
unix_state_unlock(sk);
|
2016-02-09 02:47:19 +08:00
|
|
|
if (!timeo) {
|
|
|
|
err = -EAGAIN;
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
2016-02-09 02:47:19 +08:00
|
|
|
}
|
|
|
|
|
2006-03-21 14:35:41 +08:00
|
|
|
mutex_unlock(&u->readlock);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-05-21 23:00:01 +08:00
|
|
|
timeo = unix_stream_data_wait(sk, timeo, last,
|
|
|
|
last_len);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-12-17 04:09:25 +08:00
|
|
|
if (signal_pending(current)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
err = sock_intr_errno(timeo);
|
2016-01-25 05:53:50 +08:00
|
|
|
scm_destroy(&scm);
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
2011-02-28 12:50:55 +08:00
|
|
|
|
2015-12-17 04:09:25 +08:00
|
|
|
mutex_lock(&u->readlock);
|
2016-02-18 20:39:46 +08:00
|
|
|
goto redo;
|
2015-05-21 23:00:01 +08:00
|
|
|
unlock:
|
2007-06-06 04:10:29 +08:00
|
|
|
unix_state_unlock(sk);
|
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2012-02-21 15:32:06 +08:00
|
|
|
|
2013-08-09 05:37:32 +08:00
|
|
|
while (skip >= unix_skb_len(skb)) {
|
|
|
|
skip -= unix_skb_len(skb);
|
2013-04-29 19:42:14 +08:00
|
|
|
last = skb;
|
2015-05-21 23:00:01 +08:00
|
|
|
last_len = skb->len;
|
2012-02-21 15:32:06 +08:00
|
|
|
skb = skb_peek_next(skb, &sk->sk_receive_queue);
|
2013-04-29 19:42:14 +08:00
|
|
|
if (!skb)
|
|
|
|
goto again;
|
2012-02-21 15:32:06 +08:00
|
|
|
}
|
|
|
|
|
2007-06-06 04:10:29 +08:00
|
|
|
unix_state_unlock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (check_creds) {
|
|
|
|
/* Never glue messages from different writers */
|
2015-11-26 19:08:18 +08:00
|
|
|
if (!unix_skb_scm_eq(skb, &scm))
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
2013-04-04 00:14:47 +08:00
|
|
|
} else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
/* Copy credentials */
|
2015-01-29 01:04:53 +08:00
|
|
|
scm_set_cred(&scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
|
2015-06-10 20:44:59 +08:00
|
|
|
unix_set_secdata(&scm, skb);
|
2015-05-21 23:00:01 +08:00
|
|
|
check_creds = true;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Copy address just once */
|
2015-05-21 23:00:01 +08:00
|
|
|
if (state->msg && state->msg->msg_name) {
|
|
|
|
DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr,
|
|
|
|
state->msg->msg_name);
|
|
|
|
unix_copy_addr(state->msg, skb->sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
sunaddr = NULL;
|
|
|
|
}
|
|
|
|
|
2013-08-09 05:37:32 +08:00
|
|
|
chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size);
|
2015-11-10 23:23:15 +08:00
|
|
|
skb_get(skb);
|
2015-05-21 23:00:01 +08:00
|
|
|
chunk = state->recv_actor(skb, skip, chunk, state);
|
2015-11-10 23:23:15 +08:00
|
|
|
drop_skb = !unix_skb_len(skb);
|
|
|
|
/* skb is only safe to use if !drop_skb */
|
|
|
|
consume_skb(skb);
|
2015-05-21 23:00:01 +08:00
|
|
|
if (chunk < 0) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (copied == 0)
|
|
|
|
copied = -EFAULT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
copied += chunk;
|
|
|
|
size -= chunk;
|
|
|
|
|
2015-11-10 23:23:15 +08:00
|
|
|
if (drop_skb) {
|
|
|
|
/* the skb was touched by a concurrent reader;
|
|
|
|
* we should not expect anything from this skb
|
|
|
|
* anymore and assume it invalid - we can be
|
|
|
|
* sure it was dropped from the socket queue
|
|
|
|
*
|
|
|
|
* let's report a short read
|
|
|
|
*/
|
|
|
|
err = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/* Mark read part of skb as used */
|
2008-11-17 14:58:44 +08:00
|
|
|
if (!(flags & MSG_PEEK)) {
|
2013-08-09 05:37:32 +08:00
|
|
|
UNIXCB(skb).consumed += chunk;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-02-21 15:32:06 +08:00
|
|
|
sk_peek_offset_bwd(sk, chunk);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
if (UNIXCB(skb).fp)
|
2015-01-29 01:04:53 +08:00
|
|
|
unix_detach_fds(&scm, skb);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-08-09 05:37:32 +08:00
|
|
|
if (unix_skb_len(skb))
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
|
2012-01-29 00:11:03 +08:00
|
|
|
skb_unlink(skb, &sk->sk_receive_queue);
|
2010-07-20 14:45:56 +08:00
|
|
|
consume_skb(skb);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-01-29 01:04:53 +08:00
|
|
|
if (scm.fp)
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
2008-11-17 14:58:44 +08:00
|
|
|
} else {
|
2005-04-17 06:20:36 +08:00
|
|
|
/* It is questionable, see note in unix_dgram_recvmsg.
|
|
|
|
*/
|
|
|
|
if (UNIXCB(skb).fp)
|
2015-01-29 01:04:53 +08:00
|
|
|
scm.fp = scm_fp_dup(UNIXCB(skb).fp);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-10-02 05:05:36 +08:00
|
|
|
sk_peek_offset_fwd(sk, chunk);
|
2012-02-21 15:32:06 +08:00
|
|
|
|
2015-09-27 06:50:43 +08:00
|
|
|
if (UNIXCB(skb).fp)
|
|
|
|
break;
|
|
|
|
|
2015-10-02 05:05:36 +08:00
|
|
|
skip = 0;
|
2015-09-27 06:50:43 +08:00
|
|
|
last = skb;
|
|
|
|
last_len = skb->len;
|
|
|
|
unix_state_lock(sk);
|
|
|
|
skb = skb_peek_next(skb, &sk->sk_receive_queue);
|
|
|
|
if (skb)
|
|
|
|
goto again;
|
|
|
|
unix_state_unlock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
} while (size);
|
|
|
|
|
2006-03-21 14:35:41 +08:00
|
|
|
mutex_unlock(&u->readlock);
|
2015-05-21 23:00:01 +08:00
|
|
|
if (state->msg)
|
|
|
|
scm_recv(sock, state->msg, &scm, flags);
|
|
|
|
else
|
|
|
|
scm_destroy(&scm);
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
|
|
|
return copied ? : err;
|
|
|
|
}
|
|
|
|
|
2015-05-21 23:00:01 +08:00
|
|
|
static int unix_stream_read_actor(struct sk_buff *skb,
|
|
|
|
int skip, int chunk,
|
|
|
|
struct unix_stream_read_state *state)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
ret = skb_copy_datagram_msg(skb, UNIXCB(skb).consumed + skip,
|
|
|
|
state->msg, chunk);
|
|
|
|
return ret ?: chunk;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg,
|
|
|
|
size_t size, int flags)
|
|
|
|
{
|
|
|
|
struct unix_stream_read_state state = {
|
|
|
|
.recv_actor = unix_stream_read_actor,
|
|
|
|
.socket = sock,
|
|
|
|
.msg = msg,
|
|
|
|
.size = size,
|
|
|
|
.flags = flags
|
|
|
|
};
|
|
|
|
|
|
|
|
return unix_stream_read_generic(&state);
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t skb_unix_socket_splice(struct sock *sk,
|
|
|
|
struct pipe_inode_info *pipe,
|
|
|
|
struct splice_pipe_desc *spd)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
struct unix_sock *u = unix_sk(sk);
|
|
|
|
|
|
|
|
mutex_unlock(&u->readlock);
|
|
|
|
ret = splice_to_pipe(pipe, spd);
|
|
|
|
mutex_lock(&u->readlock);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int unix_stream_splice_actor(struct sk_buff *skb,
|
|
|
|
int skip, int chunk,
|
|
|
|
struct unix_stream_read_state *state)
|
|
|
|
{
|
|
|
|
return skb_splice_bits(skb, state->socket->sk,
|
|
|
|
UNIXCB(skb).consumed + skip,
|
|
|
|
state->pipe, chunk, state->splice_flags,
|
|
|
|
skb_unix_socket_splice);
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos,
|
|
|
|
struct pipe_inode_info *pipe,
|
|
|
|
size_t size, unsigned int flags)
|
|
|
|
{
|
|
|
|
struct unix_stream_read_state state = {
|
|
|
|
.recv_actor = unix_stream_splice_actor,
|
|
|
|
.socket = sock,
|
|
|
|
.pipe = pipe,
|
|
|
|
.size = size,
|
|
|
|
.splice_flags = flags,
|
|
|
|
};
|
|
|
|
|
|
|
|
if (unlikely(*ppos))
|
|
|
|
return -ESPIPE;
|
|
|
|
|
|
|
|
if (sock->file->f_flags & O_NONBLOCK ||
|
|
|
|
flags & SPLICE_F_NONBLOCK)
|
|
|
|
state.flags = MSG_DONTWAIT;
|
|
|
|
|
|
|
|
return unix_stream_read_generic(&state);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int unix_shutdown(struct socket *sock, int mode)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct sock *other;
|
|
|
|
|
2012-08-27 00:47:13 +08:00
|
|
|
if (mode < SHUT_RD || mode > SHUT_RDWR)
|
|
|
|
return -EINVAL;
|
|
|
|
/* This maps:
|
|
|
|
* SHUT_RD (0) -> RCV_SHUTDOWN (1)
|
|
|
|
* SHUT_WR (1) -> SEND_SHUTDOWN (2)
|
|
|
|
* SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
|
|
|
|
*/
|
|
|
|
++mode;
|
2011-01-19 12:56:36 +08:00
|
|
|
|
|
|
|
unix_state_lock(sk);
|
|
|
|
sk->sk_shutdown |= mode;
|
|
|
|
other = unix_peer(sk);
|
|
|
|
if (other)
|
|
|
|
sock_hold(other);
|
|
|
|
unix_state_unlock(sk);
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
|
|
|
|
if (other &&
|
|
|
|
(sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) {
|
|
|
|
|
|
|
|
int peer_mode = 0;
|
|
|
|
|
|
|
|
if (mode&RCV_SHUTDOWN)
|
|
|
|
peer_mode |= SEND_SHUTDOWN;
|
|
|
|
if (mode&SEND_SHUTDOWN)
|
|
|
|
peer_mode |= RCV_SHUTDOWN;
|
|
|
|
unix_state_lock(other);
|
|
|
|
other->sk_shutdown |= peer_mode;
|
|
|
|
unix_state_unlock(other);
|
|
|
|
other->sk_state_change(other);
|
|
|
|
if (peer_mode == SHUTDOWN_MASK)
|
|
|
|
sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP);
|
|
|
|
else if (peer_mode & RCV_SHUTDOWN)
|
|
|
|
sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2011-01-19 12:56:36 +08:00
|
|
|
if (other)
|
|
|
|
sock_put(other);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-12-30 08:54:11 +08:00
|
|
|
long unix_inq_len(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb;
|
|
|
|
long amount = 0;
|
|
|
|
|
|
|
|
if (sk->sk_state == TCP_LISTEN)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
spin_lock(&sk->sk_receive_queue.lock);
|
|
|
|
if (sk->sk_type == SOCK_STREAM ||
|
|
|
|
sk->sk_type == SOCK_SEQPACKET) {
|
|
|
|
skb_queue_walk(&sk->sk_receive_queue, skb)
|
2013-08-09 05:37:32 +08:00
|
|
|
amount += unix_skb_len(skb);
|
2011-12-30 08:54:11 +08:00
|
|
|
} else {
|
|
|
|
skb = skb_peek(&sk->sk_receive_queue);
|
|
|
|
if (skb)
|
|
|
|
amount = skb->len;
|
|
|
|
}
|
|
|
|
spin_unlock(&sk->sk_receive_queue.lock);
|
|
|
|
|
|
|
|
return amount;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(unix_inq_len);
|
|
|
|
|
|
|
|
long unix_outq_len(struct sock *sk)
|
|
|
|
{
|
|
|
|
return sk_wmem_alloc_get(sk);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(unix_outq_len);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
2008-11-02 12:38:31 +08:00
|
|
|
long amount = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
int err;
|
|
|
|
|
2008-11-17 14:58:44 +08:00
|
|
|
switch (cmd) {
|
|
|
|
case SIOCOUTQ:
|
2011-12-30 08:54:11 +08:00
|
|
|
amount = unix_outq_len(sk);
|
2008-11-17 14:58:44 +08:00
|
|
|
err = put_user(amount, (int __user *)arg);
|
|
|
|
break;
|
|
|
|
case SIOCINQ:
|
2011-12-30 08:54:11 +08:00
|
|
|
amount = unix_inq_len(sk);
|
|
|
|
if (amount < 0)
|
|
|
|
err = amount;
|
|
|
|
else
|
2005-04-17 06:20:36 +08:00
|
|
|
err = put_user(amount, (int __user *)arg);
|
2011-12-30 08:54:11 +08:00
|
|
|
break;
|
2008-11-17 14:58:44 +08:00
|
|
|
default:
|
|
|
|
err = -ENOIOCTLCMD;
|
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2008-11-17 14:58:44 +08:00
|
|
|
static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table *wait)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
unsigned int mask;
|
|
|
|
|
2010-04-20 21:03:51 +08:00
|
|
|
sock_poll_wait(file, sk_sleep(sk), wait);
|
2005-04-17 06:20:36 +08:00
|
|
|
mask = 0;
|
|
|
|
|
|
|
|
/* exceptional events? */
|
|
|
|
if (sk->sk_err)
|
|
|
|
mask |= POLLERR;
|
|
|
|
if (sk->sk_shutdown == SHUTDOWN_MASK)
|
|
|
|
mask |= POLLHUP;
|
2006-03-25 19:07:39 +08:00
|
|
|
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
2010-09-06 19:13:50 +08:00
|
|
|
mask |= POLLRDHUP | POLLIN | POLLRDNORM;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* readable? */
|
2010-09-06 19:13:50 +08:00
|
|
|
if (!skb_queue_empty(&sk->sk_receive_queue))
|
2005-04-17 06:20:36 +08:00
|
|
|
mask |= POLLIN | POLLRDNORM;
|
|
|
|
|
|
|
|
/* Connection-based need to check for termination and startup */
|
2008-11-17 14:58:44 +08:00
|
|
|
if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
|
|
|
|
sk->sk_state == TCP_CLOSE)
|
2005-04-17 06:20:36 +08:00
|
|
|
mask |= POLLHUP;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* we set writable also when the other side has shut down the
|
|
|
|
* connection. This prevents stuck sockets.
|
|
|
|
*/
|
|
|
|
if (unix_writable(sk))
|
|
|
|
mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
|
|
|
|
|
|
|
|
return mask;
|
|
|
|
}
|
|
|
|
|
af_unix: fix 'poll for write'/connected DGRAM sockets
For n:1 'datagram connections' (eg /dev/log), the unix_dgram_sendmsg
routine implements a form of receiver-imposed flow control by
comparing the length of the receive queue of the 'peer socket' with
the max_ack_backlog value stored in the corresponding sock structure,
either blocking the thread which caused the send-routine to be called
or returning EAGAIN. This routine is used by both SOCK_DGRAM and
SOCK_SEQPACKET sockets. The poll-implementation for these socket types
is datagram_poll from core/datagram.c. A socket is deemed to be
writeable by this routine when the memory presently consumed by
datagrams owned by it is less than the configured socket send buffer
size. This is always wrong for PF_UNIX non-stream sockets connected to
server sockets dealing with (potentially) multiple clients if the
abovementioned receive queue is currently considered to be full.
'poll' will then return, indicating that the socket is writeable, but
a subsequent write result in EAGAIN, effectively causing an (usual)
application to 'poll for writeability by repeated send request with
O_NONBLOCK set' until it has consumed its time quantum.
The change below uses a suitably modified variant of the datagram_poll
routines for both type of PF_UNIX sockets, which tests if the
recv-queue of the peer a socket is connected to is presently
considered to be 'full' as part of the 'is this socket
writeable'-checking code. The socket being polled is additionally
put onto the peer_wait wait queue associated with its peer, because the
unix_dgram_recvmsg routine does a wake up on this queue after a
datagram was received and the 'other wakeup call' is done implicitly
as part of skb destruction, meaning, a process blocked in poll
because of a full peer receive queue could otherwise sleep forever
if no datagram owned by its socket was already sitting on this queue.
Among this change is a small (inline) helper routine named
'unix_recvq_full', which consolidates the actual testing code (in three
different places) into a single location.
Signed-off-by: Rainer Weikusat <rweikusat@mssgmbh.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-28 10:34:18 +08:00
|
|
|
static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
|
|
|
|
poll_table *wait)
|
2008-06-18 13:28:05 +08:00
|
|
|
{
|
af_unix: fix 'poll for write'/connected DGRAM sockets
For n:1 'datagram connections' (eg /dev/log), the unix_dgram_sendmsg
routine implements a form of receiver-imposed flow control by
comparing the length of the receive queue of the 'peer socket' with
the max_ack_backlog value stored in the corresponding sock structure,
either blocking the thread which caused the send-routine to be called
or returning EAGAIN. This routine is used by both SOCK_DGRAM and
SOCK_SEQPACKET sockets. The poll-implementation for these socket types
is datagram_poll from core/datagram.c. A socket is deemed to be
writeable by this routine when the memory presently consumed by
datagrams owned by it is less than the configured socket send buffer
size. This is always wrong for PF_UNIX non-stream sockets connected to
server sockets dealing with (potentially) multiple clients if the
abovementioned receive queue is currently considered to be full.
'poll' will then return, indicating that the socket is writeable, but
a subsequent write result in EAGAIN, effectively causing an (usual)
application to 'poll for writeability by repeated send request with
O_NONBLOCK set' until it has consumed its time quantum.
The change below uses a suitably modified variant of the datagram_poll
routines for both type of PF_UNIX sockets, which tests if the
recv-queue of the peer a socket is connected to is presently
considered to be 'full' as part of the 'is this socket
writeable'-checking code. The socket being polled is additionally
put onto the peer_wait wait queue associated with its peer, because the
unix_dgram_recvmsg routine does a wake up on this queue after a
datagram was received and the 'other wakeup call' is done implicitly
as part of skb destruction, meaning, a process blocked in poll
because of a full peer receive queue could otherwise sleep forever
if no datagram owned by its socket was already sitting on this queue.
Among this change is a small (inline) helper routine named
'unix_recvq_full', which consolidates the actual testing code (in three
different places) into a single location.
Signed-off-by: Rainer Weikusat <rweikusat@mssgmbh.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-28 10:34:18 +08:00
|
|
|
struct sock *sk = sock->sk, *other;
|
|
|
|
unsigned int mask, writable;
|
2008-06-18 13:28:05 +08:00
|
|
|
|
2010-04-20 21:03:51 +08:00
|
|
|
sock_poll_wait(file, sk_sleep(sk), wait);
|
2008-06-18 13:28:05 +08:00
|
|
|
mask = 0;
|
|
|
|
|
|
|
|
/* exceptional events? */
|
|
|
|
if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
|
2013-03-28 19:19:25 +08:00
|
|
|
mask |= POLLERR |
|
2013-04-03 04:55:40 +08:00
|
|
|
(sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? POLLPRI : 0);
|
2013-03-28 19:19:25 +08:00
|
|
|
|
2008-06-18 13:28:05 +08:00
|
|
|
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
2010-10-31 13:36:23 +08:00
|
|
|
mask |= POLLRDHUP | POLLIN | POLLRDNORM;
|
2008-06-18 13:28:05 +08:00
|
|
|
if (sk->sk_shutdown == SHUTDOWN_MASK)
|
|
|
|
mask |= POLLHUP;
|
|
|
|
|
|
|
|
/* readable? */
|
2010-10-31 13:36:23 +08:00
|
|
|
if (!skb_queue_empty(&sk->sk_receive_queue))
|
2008-06-18 13:28:05 +08:00
|
|
|
mask |= POLLIN | POLLRDNORM;
|
|
|
|
|
|
|
|
/* Connection-based need to check for termination and startup */
|
|
|
|
if (sk->sk_type == SOCK_SEQPACKET) {
|
|
|
|
if (sk->sk_state == TCP_CLOSE)
|
|
|
|
mask |= POLLHUP;
|
|
|
|
/* connection hasn't started yet? */
|
|
|
|
if (sk->sk_state == TCP_SYN_SENT)
|
|
|
|
return mask;
|
|
|
|
}
|
|
|
|
|
2010-10-31 13:38:25 +08:00
|
|
|
/* No write status requested, avoid expensive OUT tests. */
|
poll: add poll_requested_events() and poll_does_not_wait() functions
In some cases the poll() implementation in a driver has to do different
things depending on the events the caller wants to poll for. An example
is when a driver needs to start a DMA engine if the caller polls for
POLLIN, but doesn't want to do that if POLLIN is not requested but instead
only POLLOUT or POLLPRI is requested. This is something that can happen
in the video4linux subsystem among others.
Unfortunately, the current epoll/poll/select implementation doesn't
provide that information reliably. The poll_table_struct does have it: it
has a key field with the event mask. But once a poll() call matches one
or more bits of that mask any following poll() calls are passed a NULL
poll_table pointer.
Also, the eventpoll implementation always left the key field at ~0 instead
of using the requested events mask.
This was changed in eventpoll.c so the key field now contains the actual
events that should be polled for as set by the caller.
The solution to the NULL poll_table pointer is to set the qproc field to
NULL in poll_table once poll() matches the events, not the poll_table
pointer itself. That way drivers can obtain the mask through a new
poll_requested_events inline.
The poll_table_struct can still be NULL since some kernel code calls it
internally (netfs_state_poll() in ./drivers/staging/pohmelfs/netfs.h). In
that case poll_requested_events() returns ~0 (i.e. all events).
Very rarely drivers might want to know whether poll_wait will actually
wait. If another earlier file descriptor in the set already matched the
events the caller wanted to wait for, then the kernel will return from the
select() call without waiting. This might be useful information in order
to avoid doing expensive work.
A new helper function poll_does_not_wait() is added that drivers can use
to detect this situation. This is now used in sock_poll_wait() in
include/net/sock.h. This was the only place in the kernel that needed
this information.
Drivers should no longer access any of the poll_table internals, but use
the poll_requested_events() and poll_does_not_wait() access functions
instead. In order to enforce that the poll_table fields are now prepended
with an underscore and a comment was added warning against using them
directly.
This required a change in unix_dgram_poll() in unix/af_unix.c which used
the key field to get the requested events. It's been replaced by a call
to poll_requested_events().
For qproc it was especially important to change its name since the
behavior of that field changes with this patch since this function pointer
can now be NULL when that wasn't possible in the past.
Any driver accessing the qproc or key fields directly will now fail to compile.
Some notes regarding the correctness of this patch: the driver's poll()
function is called with a 'struct poll_table_struct *wait' argument. This
pointer may or may not be NULL, drivers can never rely on it being one or
the other as that depends on whether or not an earlier file descriptor in
the select()'s fdset matched the requested events.
There are only three things a driver can do with the wait argument:
1) obtain the key field:
events = wait ? wait->key : ~0;
This will still work although it should be replaced with the new
poll_requested_events() function (which does exactly the same).
This will now even work better, since wait is no longer set to NULL
unnecessarily.
2) use the qproc callback. This could be deadly since qproc can now be
NULL. Renaming qproc should prevent this from happening. There are no
kernel drivers that actually access this callback directly, BTW.
3) test whether wait == NULL to determine whether poll would return without
waiting. This is no longer sufficient as the correct test is now
wait == NULL || wait->_qproc == NULL.
However, the worst that can happen here is a slight performance hit in
the case where wait != NULL and wait->_qproc == NULL. In that case the
driver will assume that poll_wait() will actually add the fd to the set
of waiting file descriptors. Of course, poll_wait() will not do that
since it tests for wait->_qproc. This will not break anything, though.
There is only one place in the whole kernel where this happens
(sock_poll_wait() in include/net/sock.h) and that code will be replaced
by a call to poll_does_not_wait() in the next patch.
Note that even if wait->_qproc != NULL drivers cannot rely on poll_wait()
actually waiting. The next file descriptor from the set might match the
event mask and thus any possible waits will never happen.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Reviewed-by: Jonathan Corbet <corbet@lwn.net>
Reviewed-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: David Miller <davem@davemloft.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-03-24 06:02:27 +08:00
|
|
|
if (!(poll_requested_events(wait) & (POLLWRBAND|POLLWRNORM|POLLOUT)))
|
2010-10-31 13:38:25 +08:00
|
|
|
return mask;
|
|
|
|
|
af_unix: fix 'poll for write'/connected DGRAM sockets
For n:1 'datagram connections' (eg /dev/log), the unix_dgram_sendmsg
routine implements a form of receiver-imposed flow control by
comparing the length of the receive queue of the 'peer socket' with
the max_ack_backlog value stored in the corresponding sock structure,
either blocking the thread which caused the send-routine to be called
or returning EAGAIN. This routine is used by both SOCK_DGRAM and
SOCK_SEQPACKET sockets. The poll-implementation for these socket types
is datagram_poll from core/datagram.c. A socket is deemed to be
writeable by this routine when the memory presently consumed by
datagrams owned by it is less than the configured socket send buffer
size. This is always wrong for PF_UNIX non-stream sockets connected to
server sockets dealing with (potentially) multiple clients if the
abovementioned receive queue is currently considered to be full.
'poll' will then return, indicating that the socket is writeable, but
a subsequent write result in EAGAIN, effectively causing an (usual)
application to 'poll for writeability by repeated send request with
O_NONBLOCK set' until it has consumed its time quantum.
The change below uses a suitably modified variant of the datagram_poll
routines for both type of PF_UNIX sockets, which tests if the
recv-queue of the peer a socket is connected to is presently
considered to be 'full' as part of the 'is this socket
writeable'-checking code. The socket being polled is additionally
put onto the peer_wait wait queue associated with its peer, because the
unix_dgram_recvmsg routine does a wake up on this queue after a
datagram was received and the 'other wakeup call' is done implicitly
as part of skb destruction, meaning, a process blocked in poll
because of a full peer receive queue could otherwise sleep forever
if no datagram owned by its socket was already sitting on this queue.
Among this change is a small (inline) helper routine named
'unix_recvq_full', which consolidates the actual testing code (in three
different places) into a single location.
Signed-off-by: Rainer Weikusat <rweikusat@mssgmbh.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-28 10:34:18 +08:00
|
|
|
writable = unix_writable(sk);
|
2015-11-21 06:07:23 +08:00
|
|
|
if (writable) {
|
|
|
|
unix_state_lock(sk);
|
|
|
|
|
|
|
|
other = unix_peer(sk);
|
|
|
|
if (other && unix_peer(other) != sk &&
|
|
|
|
unix_recvq_full(other) &&
|
|
|
|
unix_dgram_peer_wake_me(sk, other))
|
|
|
|
writable = 0;
|
|
|
|
|
|
|
|
unix_state_unlock(sk);
|
af_unix: fix 'poll for write'/connected DGRAM sockets
For n:1 'datagram connections' (eg /dev/log), the unix_dgram_sendmsg
routine implements a form of receiver-imposed flow control by
comparing the length of the receive queue of the 'peer socket' with
the max_ack_backlog value stored in the corresponding sock structure,
either blocking the thread which caused the send-routine to be called
or returning EAGAIN. This routine is used by both SOCK_DGRAM and
SOCK_SEQPACKET sockets. The poll-implementation for these socket types
is datagram_poll from core/datagram.c. A socket is deemed to be
writeable by this routine when the memory presently consumed by
datagrams owned by it is less than the configured socket send buffer
size. This is always wrong for PF_UNIX non-stream sockets connected to
server sockets dealing with (potentially) multiple clients if the
abovementioned receive queue is currently considered to be full.
'poll' will then return, indicating that the socket is writeable, but
a subsequent write result in EAGAIN, effectively causing an (usual)
application to 'poll for writeability by repeated send request with
O_NONBLOCK set' until it has consumed its time quantum.
The change below uses a suitably modified variant of the datagram_poll
routines for both type of PF_UNIX sockets, which tests if the
recv-queue of the peer a socket is connected to is presently
considered to be 'full' as part of the 'is this socket
writeable'-checking code. The socket being polled is additionally
put onto the peer_wait wait queue associated with its peer, because the
unix_dgram_recvmsg routine does a wake up on this queue after a
datagram was received and the 'other wakeup call' is done implicitly
as part of skb destruction, meaning, a process blocked in poll
because of a full peer receive queue could otherwise sleep forever
if no datagram owned by its socket was already sitting on this queue.
Among this change is a small (inline) helper routine named
'unix_recvq_full', which consolidates the actual testing code (in three
different places) into a single location.
Signed-off-by: Rainer Weikusat <rweikusat@mssgmbh.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-28 10:34:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (writable)
|
2008-06-18 13:28:05 +08:00
|
|
|
mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
|
|
|
|
else
|
2015-11-30 12:03:10 +08:00
|
|
|
sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
|
2008-06-18 13:28:05 +08:00
|
|
|
|
|
|
|
return mask;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
#ifdef CONFIG_PROC_FS
|
2007-11-23 20:30:01 +08:00
|
|
|
|
2012-06-08 13:03:21 +08:00
|
|
|
#define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
|
|
|
|
|
|
|
|
#define get_bucket(x) ((x) >> BUCKET_SPACE)
|
|
|
|
#define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
|
|
|
|
#define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
|
2007-11-23 20:30:01 +08:00
|
|
|
|
2012-06-08 13:03:21 +08:00
|
|
|
static struct sock *unix_from_bucket(struct seq_file *seq, loff_t *pos)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2012-06-08 13:03:21 +08:00
|
|
|
unsigned long offset = get_offset(*pos);
|
|
|
|
unsigned long bucket = get_bucket(*pos);
|
|
|
|
struct sock *sk;
|
|
|
|
unsigned long count = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-06-08 13:03:21 +08:00
|
|
|
for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
|
|
|
|
if (sock_net(sk) != seq_file_net(seq))
|
2007-11-20 14:29:30 +08:00
|
|
|
continue;
|
2012-06-08 13:03:21 +08:00
|
|
|
if (++count == offset)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return sk;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct sock *unix_next_socket(struct seq_file *seq,
|
|
|
|
struct sock *sk,
|
|
|
|
loff_t *pos)
|
|
|
|
{
|
|
|
|
unsigned long bucket;
|
|
|
|
|
|
|
|
while (sk > (struct sock *)SEQ_START_TOKEN) {
|
|
|
|
sk = sk_next(sk);
|
|
|
|
if (!sk)
|
|
|
|
goto next_bucket;
|
|
|
|
if (sock_net(sk) == seq_file_net(seq))
|
|
|
|
return sk;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2012-06-08 13:03:21 +08:00
|
|
|
|
|
|
|
do {
|
|
|
|
sk = unix_from_bucket(seq, pos);
|
|
|
|
if (sk)
|
|
|
|
return sk;
|
|
|
|
|
|
|
|
next_bucket:
|
|
|
|
bucket = get_bucket(*pos) + 1;
|
|
|
|
*pos = set_bucket_offset(bucket, 1);
|
|
|
|
} while (bucket < ARRAY_SIZE(unix_socket_table));
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void *unix_seq_start(struct seq_file *seq, loff_t *pos)
|
2008-01-02 13:58:02 +08:00
|
|
|
__acquires(unix_table_lock)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_lock(&unix_table_lock);
|
2012-06-08 13:03:21 +08:00
|
|
|
|
|
|
|
if (!*pos)
|
|
|
|
return SEQ_START_TOKEN;
|
|
|
|
|
|
|
|
if (get_bucket(*pos) >= ARRAY_SIZE(unix_socket_table))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
return unix_next_socket(seq, NULL, pos);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
|
|
|
|
{
|
|
|
|
++*pos;
|
2012-06-08 13:03:21 +08:00
|
|
|
return unix_next_socket(seq, v, pos);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void unix_seq_stop(struct seq_file *seq, void *v)
|
2008-01-02 13:58:02 +08:00
|
|
|
__releases(unix_table_lock)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2005-12-14 15:26:29 +08:00
|
|
|
spin_unlock(&unix_table_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int unix_seq_show(struct seq_file *seq, void *v)
|
|
|
|
{
|
2007-02-09 22:25:23 +08:00
|
|
|
|
2008-04-13 10:04:38 +08:00
|
|
|
if (v == SEQ_START_TOKEN)
|
2005-04-17 06:20:36 +08:00
|
|
|
seq_puts(seq, "Num RefCount Protocol Flags Type St "
|
|
|
|
"Inode Path\n");
|
|
|
|
else {
|
|
|
|
struct sock *s = v;
|
|
|
|
struct unix_sock *u = unix_sk(s);
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_lock(s);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
net: convert %p usage to %pK
The %pK format specifier is designed to hide exposed kernel pointers,
specifically via /proc interfaces. Exposing these pointers provides an
easy target for kernel write vulnerabilities, since they reveal the
locations of writable structures containing easily triggerable function
pointers. The behavior of %pK depends on the kptr_restrict sysctl.
If kptr_restrict is set to 0, no deviation from the standard %p behavior
occurs. If kptr_restrict is set to 1, the default, if the current user
(intended to be a reader via seq_printf(), etc.) does not have CAP_SYSLOG
(currently in the LSM tree), kernel pointers using %pK are printed as 0's.
If kptr_restrict is set to 2, kernel pointers using %pK are printed as
0's regardless of privileges. Replacing with 0's was chosen over the
default "(null)", which cannot be parsed by userland %p, which expects
"(nil)".
The supporting code for kptr_restrict and %pK are currently in the -mm
tree. This patch converts users of %p in net/ to %pK. Cases of printing
pointers to the syslog are not covered, since this would eliminate useful
information for postmortem debugging and the reading of the syslog is
already optionally protected by the dmesg_restrict sysctl.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: James Morris <jmorris@namei.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Thomas Graf <tgraf@infradead.org>
Cc: Eugene Teo <eugeneteo@kernel.org>
Cc: Kees Cook <kees.cook@canonical.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: David S. Miller <davem@davemloft.net>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Eric Paris <eparis@parisplace.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-23 20:17:35 +08:00
|
|
|
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
|
2005-04-17 06:20:36 +08:00
|
|
|
s,
|
|
|
|
atomic_read(&s->sk_refcnt),
|
|
|
|
0,
|
|
|
|
s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0,
|
|
|
|
s->sk_type,
|
|
|
|
s->sk_socket ?
|
|
|
|
(s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) :
|
|
|
|
(s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING),
|
|
|
|
sock_i_ino(s));
|
|
|
|
|
|
|
|
if (u->addr) {
|
|
|
|
int i, len;
|
|
|
|
seq_putc(seq, ' ');
|
|
|
|
|
|
|
|
i = 0;
|
|
|
|
len = u->addr->len - sizeof(short);
|
|
|
|
if (!UNIX_ABSTRACT(s))
|
|
|
|
len--;
|
|
|
|
else {
|
|
|
|
seq_putc(seq, '@');
|
|
|
|
i++;
|
|
|
|
}
|
|
|
|
for ( ; i < len; i++)
|
|
|
|
seq_putc(seq, u->addr->name->sun_path[i]);
|
|
|
|
}
|
2007-06-01 04:24:26 +08:00
|
|
|
unix_state_unlock(s);
|
2005-04-17 06:20:36 +08:00
|
|
|
seq_putc(seq, '\n');
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2007-07-11 14:07:31 +08:00
|
|
|
static const struct seq_operations unix_seq_ops = {
|
2005-04-17 06:20:36 +08:00
|
|
|
.start = unix_seq_start,
|
|
|
|
.next = unix_seq_next,
|
|
|
|
.stop = unix_seq_stop,
|
|
|
|
.show = unix_seq_show,
|
|
|
|
};
|
|
|
|
|
|
|
|
static int unix_seq_open(struct inode *inode, struct file *file)
|
|
|
|
{
|
2007-11-20 14:31:54 +08:00
|
|
|
return seq_open_net(inode, file, &unix_seq_ops,
|
2012-06-09 06:10:20 +08:00
|
|
|
sizeof(struct seq_net_private));
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2007-02-12 16:55:36 +08:00
|
|
|
static const struct file_operations unix_seq_fops = {
|
2005-04-17 06:20:36 +08:00
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.open = unix_seq_open,
|
|
|
|
.read = seq_read,
|
|
|
|
.llseek = seq_lseek,
|
2007-11-20 14:31:54 +08:00
|
|
|
.release = seq_release_net,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2009-10-05 13:58:39 +08:00
|
|
|
static const struct net_proto_family unix_family_ops = {
|
2005-04-17 06:20:36 +08:00
|
|
|
.family = PF_UNIX,
|
|
|
|
.create = unix_create,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
};
|
|
|
|
|
2007-11-20 14:29:30 +08:00
|
|
|
|
2010-01-17 11:35:32 +08:00
|
|
|
static int __net_init unix_net_init(struct net *net)
|
2007-11-20 14:29:30 +08:00
|
|
|
{
|
|
|
|
int error = -ENOMEM;
|
|
|
|
|
2007-12-11 20:19:17 +08:00
|
|
|
net->unx.sysctl_max_dgram_qlen = 10;
|
2007-12-01 20:51:01 +08:00
|
|
|
if (unix_sysctl_register(net))
|
|
|
|
goto out;
|
2007-12-01 20:44:15 +08:00
|
|
|
|
2007-11-20 14:29:30 +08:00
|
|
|
#ifdef CONFIG_PROC_FS
|
2013-02-18 09:34:54 +08:00
|
|
|
if (!proc_create("unix", 0, net->proc_net, &unix_seq_fops)) {
|
2007-12-01 20:51:01 +08:00
|
|
|
unix_sysctl_unregister(net);
|
2007-11-20 14:29:30 +08:00
|
|
|
goto out;
|
2007-12-01 20:51:01 +08:00
|
|
|
}
|
2007-11-20 14:29:30 +08:00
|
|
|
#endif
|
|
|
|
error = 0;
|
|
|
|
out:
|
2008-11-02 12:37:27 +08:00
|
|
|
return error;
|
2007-11-20 14:29:30 +08:00
|
|
|
}
|
|
|
|
|
2010-01-17 11:35:32 +08:00
|
|
|
static void __net_exit unix_net_exit(struct net *net)
|
2007-11-20 14:29:30 +08:00
|
|
|
{
|
2007-12-01 20:51:01 +08:00
|
|
|
unix_sysctl_unregister(net);
|
2013-02-18 09:34:56 +08:00
|
|
|
remove_proc_entry("unix", net->proc_net);
|
2007-11-20 14:29:30 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static struct pernet_operations unix_net_ops = {
|
|
|
|
.init = unix_net_init,
|
|
|
|
.exit = unix_net_exit,
|
|
|
|
};
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int __init af_unix_init(void)
|
|
|
|
{
|
|
|
|
int rc = -1;
|
|
|
|
|
2013-01-09 15:20:07 +08:00
|
|
|
BUILD_BUG_ON(sizeof(struct unix_skb_parms) > FIELD_SIZEOF(struct sk_buff, cb));
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
rc = proto_register(&unix_proto, 1);
|
2007-02-09 22:25:23 +08:00
|
|
|
if (rc != 0) {
|
2013-12-06 18:03:36 +08:00
|
|
|
pr_crit("%s: Cannot create unix_sock SLAB cache!\n", __func__);
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
sock_register(&unix_family_ops);
|
2007-11-20 14:29:30 +08:00
|
|
|
register_pernet_subsys(&unix_net_ops);
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __exit af_unix_exit(void)
|
|
|
|
{
|
|
|
|
sock_unregister(PF_UNIX);
|
|
|
|
proto_unregister(&unix_proto);
|
2007-11-20 14:29:30 +08:00
|
|
|
unregister_pernet_subsys(&unix_net_ops);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2008-04-24 15:59:25 +08:00
|
|
|
/* Earlier than device_initcall() so that other drivers invoking
|
|
|
|
request_module() don't end up in a loop when modprobe tries
|
|
|
|
to use a UNIX socket. But later than subsys_initcall() because
|
|
|
|
we depend on stuff initialised there */
|
|
|
|
fs_initcall(af_unix_init);
|
2005-04-17 06:20:36 +08:00
|
|
|
module_exit(af_unix_exit);
|
|
|
|
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_ALIAS_NETPROTO(PF_UNIX);
|