1 #include <linux/types.h> 2 #include <linux/spinlock.h> 3 #include <linux/sock_diag.h> 4 #include <linux/unix_diag.h> 5 #include <linux/skbuff.h> 6 #include <linux/module.h> 7 #include <net/netlink.h> 8 #include <net/af_unix.h> 9 #include <net/tcp_states.h> 10 11 static int sk_diag_dump_name(struct sock *sk, struct sk_buff *nlskb) 12 { 13 /* might or might not have unix_table_lock */ 14 struct unix_address *addr = smp_load_acquire(&unix_sk(sk)->addr); 15 16 if (!addr) 17 return 0; 18 19 return nla_put(nlskb, UNIX_DIAG_NAME, addr->len - sizeof(short), 20 addr->name->sun_path); 21 } 22 23 static int sk_diag_dump_vfs(struct sock *sk, struct sk_buff *nlskb) 24 { 25 struct dentry *dentry = unix_sk(sk)->path.dentry; 26 27 if (dentry) { 28 struct unix_diag_vfs uv = { 29 .udiag_vfs_ino = d_backing_inode(dentry)->i_ino, 30 .udiag_vfs_dev = dentry->d_sb->s_dev, 31 }; 32 33 return nla_put(nlskb, UNIX_DIAG_VFS, sizeof(uv), &uv); 34 } 35 36 return 0; 37 } 38 39 static int sk_diag_dump_peer(struct sock *sk, struct sk_buff *nlskb) 40 { 41 struct sock *peer; 42 int ino; 43 44 peer = unix_peer_get(sk); 45 if (peer) { 46 unix_state_lock(peer); 47 ino = sock_i_ino(peer); 48 unix_state_unlock(peer); 49 sock_put(peer); 50 51 return nla_put_u32(nlskb, UNIX_DIAG_PEER, ino); 52 } 53 54 return 0; 55 } 56 57 static int sk_diag_dump_icons(struct sock *sk, struct sk_buff *nlskb) 58 { 59 struct sk_buff *skb; 60 struct nlattr *attr; 61 u32 *buf; 62 int i; 63 64 if (sk->sk_state == TCP_LISTEN) { 65 spin_lock(&sk->sk_receive_queue.lock); 66 67 attr = nla_reserve(nlskb, UNIX_DIAG_ICONS, 68 sk->sk_receive_queue.qlen * sizeof(u32)); 69 if (!attr) 70 goto errout; 71 72 buf = nla_data(attr); 73 i = 0; 74 skb_queue_walk(&sk->sk_receive_queue, skb) { 75 struct sock *req, *peer; 76 77 req = skb->sk; 78 /* 79 * The state lock is outer for the same sk's 80 * queue lock. With the other's queue locked it's 81 * OK to lock the state. 82 */ 83 unix_state_lock_nested(req); 84 peer = unix_sk(req)->peer; 85 buf[i++] = (peer ? sock_i_ino(peer) : 0); 86 unix_state_unlock(req); 87 } 88 spin_unlock(&sk->sk_receive_queue.lock); 89 } 90 91 return 0; 92 93 errout: 94 spin_unlock(&sk->sk_receive_queue.lock); 95 return -EMSGSIZE; 96 } 97 98 static int sk_diag_show_rqlen(struct sock *sk, struct sk_buff *nlskb) 99 { 100 struct unix_diag_rqlen rql; 101 102 if (sk->sk_state == TCP_LISTEN) { 103 rql.udiag_rqueue = sk->sk_receive_queue.qlen; 104 rql.udiag_wqueue = sk->sk_max_ack_backlog; 105 } else { 106 rql.udiag_rqueue = (u32) unix_inq_len(sk); 107 rql.udiag_wqueue = (u32) unix_outq_len(sk); 108 } 109 110 return nla_put(nlskb, UNIX_DIAG_RQLEN, sizeof(rql), &rql); 111 } 112 113 static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, 114 u32 portid, u32 seq, u32 flags, int sk_ino) 115 { 116 struct nlmsghdr *nlh; 117 struct unix_diag_msg *rep; 118 119 nlh = nlmsg_put(skb, portid, seq, SOCK_DIAG_BY_FAMILY, sizeof(*rep), 120 flags); 121 if (!nlh) 122 return -EMSGSIZE; 123 124 rep = nlmsg_data(nlh); 125 rep->udiag_family = AF_UNIX; 126 rep->udiag_type = sk->sk_type; 127 rep->udiag_state = sk->sk_state; 128 rep->pad = 0; 129 rep->udiag_ino = sk_ino; 130 sock_diag_save_cookie(sk, rep->udiag_cookie); 131 132 if ((req->udiag_show & UDIAG_SHOW_NAME) && 133 sk_diag_dump_name(sk, skb)) 134 goto out_nlmsg_trim; 135 136 if ((req->udiag_show & UDIAG_SHOW_VFS) && 137 sk_diag_dump_vfs(sk, skb)) 138 goto out_nlmsg_trim; 139 140 if ((req->udiag_show & UDIAG_SHOW_PEER) && 141 sk_diag_dump_peer(sk, skb)) 142 goto out_nlmsg_trim; 143 144 if ((req->udiag_show & UDIAG_SHOW_ICONS) && 145 sk_diag_dump_icons(sk, skb)) 146 goto out_nlmsg_trim; 147 148 if ((req->udiag_show & UDIAG_SHOW_RQLEN) && 149 sk_diag_show_rqlen(sk, skb)) 150 goto out_nlmsg_trim; 151 152 if ((req->udiag_show & UDIAG_SHOW_MEMINFO) && 153 sock_diag_put_meminfo(sk, skb, UNIX_DIAG_MEMINFO)) 154 goto out_nlmsg_trim; 155 156 if (nla_put_u8(skb, UNIX_DIAG_SHUTDOWN, sk->sk_shutdown)) 157 goto out_nlmsg_trim; 158 159 nlmsg_end(skb, nlh); 160 return 0; 161 162 out_nlmsg_trim: 163 nlmsg_cancel(skb, nlh); 164 return -EMSGSIZE; 165 } 166 167 static int sk_diag_dump(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, 168 u32 portid, u32 seq, u32 flags) 169 { 170 int sk_ino; 171 172 unix_state_lock(sk); 173 sk_ino = sock_i_ino(sk); 174 unix_state_unlock(sk); 175 176 if (!sk_ino) 177 return 0; 178 179 return sk_diag_fill(sk, skb, req, portid, seq, flags, sk_ino); 180 } 181 182 static int unix_diag_dump(struct sk_buff *skb, struct netlink_callback *cb) 183 { 184 struct unix_diag_req *req; 185 int num, s_num, slot, s_slot; 186 struct net *net = sock_net(skb->sk); 187 188 req = nlmsg_data(cb->nlh); 189 190 s_slot = cb->args[0]; 191 num = s_num = cb->args[1]; 192 193 spin_lock(&unix_table_lock); 194 for (slot = s_slot; 195 slot < ARRAY_SIZE(unix_socket_table); 196 s_num = 0, slot++) { 197 struct sock *sk; 198 199 num = 0; 200 sk_for_each(sk, &unix_socket_table[slot]) { 201 if (!net_eq(sock_net(sk), net)) 202 continue; 203 if (num < s_num) 204 goto next; 205 if (!(req->udiag_states & (1 << sk->sk_state))) 206 goto next; 207 if (sk_diag_dump(sk, skb, req, 208 NETLINK_CB(cb->skb).portid, 209 cb->nlh->nlmsg_seq, 210 NLM_F_MULTI) < 0) 211 goto done; 212 next: 213 num++; 214 } 215 } 216 done: 217 spin_unlock(&unix_table_lock); 218 cb->args[0] = slot; 219 cb->args[1] = num; 220 221 return skb->len; 222 } 223 224 static struct sock *unix_lookup_by_ino(unsigned int ino) 225 { 226 int i; 227 struct sock *sk; 228 229 spin_lock(&unix_table_lock); 230 for (i = 0; i < ARRAY_SIZE(unix_socket_table); i++) { 231 sk_for_each(sk, &unix_socket_table[i]) 232 if (ino == sock_i_ino(sk)) { 233 sock_hold(sk); 234 spin_unlock(&unix_table_lock); 235 236 return sk; 237 } 238 } 239 240 spin_unlock(&unix_table_lock); 241 return NULL; 242 } 243 244 static int unix_diag_get_exact(struct sk_buff *in_skb, 245 const struct nlmsghdr *nlh, 246 struct unix_diag_req *req) 247 { 248 int err = -EINVAL; 249 struct sock *sk; 250 struct sk_buff *rep; 251 unsigned int extra_len; 252 struct net *net = sock_net(in_skb->sk); 253 254 if (req->udiag_ino == 0) 255 goto out_nosk; 256 257 sk = unix_lookup_by_ino(req->udiag_ino); 258 err = -ENOENT; 259 if (sk == NULL) 260 goto out_nosk; 261 if (!net_eq(sock_net(sk), net)) 262 goto out; 263 264 err = sock_diag_check_cookie(sk, req->udiag_cookie); 265 if (err) 266 goto out; 267 268 extra_len = 256; 269 again: 270 err = -ENOMEM; 271 rep = nlmsg_new(sizeof(struct unix_diag_msg) + extra_len, GFP_KERNEL); 272 if (!rep) 273 goto out; 274 275 err = sk_diag_fill(sk, rep, req, NETLINK_CB(in_skb).portid, 276 nlh->nlmsg_seq, 0, req->udiag_ino); 277 if (err < 0) { 278 nlmsg_free(rep); 279 extra_len += 256; 280 if (extra_len >= PAGE_SIZE) 281 goto out; 282 283 goto again; 284 } 285 err = netlink_unicast(net->diag_nlsk, rep, NETLINK_CB(in_skb).portid, 286 MSG_DONTWAIT); 287 if (err > 0) 288 err = 0; 289 out: 290 if (sk) 291 sock_put(sk); 292 out_nosk: 293 return err; 294 } 295 296 static int unix_diag_handler_dump(struct sk_buff *skb, struct nlmsghdr *h) 297 { 298 int hdrlen = sizeof(struct unix_diag_req); 299 struct net *net = sock_net(skb->sk); 300 301 if (nlmsg_len(h) < hdrlen) 302 return -EINVAL; 303 304 if (h->nlmsg_flags & NLM_F_DUMP) { 305 struct netlink_dump_control c = { 306 .dump = unix_diag_dump, 307 }; 308 return netlink_dump_start(net->diag_nlsk, skb, h, &c); 309 } else 310 return unix_diag_get_exact(skb, h, nlmsg_data(h)); 311 } 312 313 static const struct sock_diag_handler unix_diag_handler = { 314 .family = AF_UNIX, 315 .dump = unix_diag_handler_dump, 316 }; 317 318 static int __init unix_diag_init(void) 319 { 320 return sock_diag_register(&unix_diag_handler); 321 } 322 323 static void __exit unix_diag_exit(void) 324 { 325 sock_diag_unregister(&unix_diag_handler); 326 } 327 328 module_init(unix_diag_init); 329 module_exit(unix_diag_exit); 330 MODULE_LICENSE("GPL"); 331 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 1 /* AF_LOCAL */); 332