From 22931d3b906cd0a1726a49a09713f9220a5fab8a Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Thu, 15 Dec 2011 02:44:35 +0000 Subject: unix_diag: Basic module skeleton Includes basic module_init/_exit functionality, dump/get_exact stubs and declares the basic API structures for request and response. Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- net/unix/diag.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 net/unix/diag.c (limited to 'net/unix/diag.c') diff --git a/net/unix/diag.c b/net/unix/diag.c new file mode 100644 index 000000000000..6be16c0ad38f --- /dev/null +++ b/net/unix/diag.c @@ -0,0 +1,57 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +#define UNIX_DIAG_PUT(skb, attrtype, attrlen) \ + RTA_DATA(__RTA_PUT(skb, attrtype, attrlen)) + +static int unix_diag_dump(struct sk_buff *skb, struct netlink_callback *cb) +{ + return 0; +} + +static int unix_diag_get_exact(struct sk_buff *in_skb, + const struct nlmsghdr *nlh, + struct unix_diag_req *req) +{ + return -EAFNOSUPPORT; +} + +static int unix_diag_handler_dump(struct sk_buff *skb, struct nlmsghdr *h) +{ + int hdrlen = sizeof(struct unix_diag_req); + + if (nlmsg_len(h) < hdrlen) + return -EINVAL; + + if (h->nlmsg_flags & NLM_F_DUMP) + return netlink_dump_start(sock_diag_nlsk, skb, h, + unix_diag_dump, NULL, 0); + else + return unix_diag_get_exact(skb, h, (struct unix_diag_req *)NLMSG_DATA(h)); +} + +static struct sock_diag_handler unix_diag_handler = { + .family = AF_UNIX, + .dump = unix_diag_handler_dump, +}; + +static int __init unix_diag_init(void) +{ + return sock_diag_register(&unix_diag_handler); +} + +static void __exit unix_diag_exit(void) +{ + sock_diag_unregister(&unix_diag_handler); +} + +module_init(unix_diag_init); +module_exit(unix_diag_exit); +MODULE_LICENSE("GPL"); +MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 1 /* AF_LOCAL */); -- cgit From 45a96b9be6ec1b7d248642d17ceee59ff5f64451 Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Thu, 15 Dec 2011 02:44:52 +0000 Subject: unix_diag: Dumping all sockets core Walk the unix sockets table and fill the core response structure, which includes type, state and inode. Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- net/unix/diag.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 75 insertions(+), 1 deletion(-) (limited to 'net/unix/diag.c') diff --git a/net/unix/diag.c b/net/unix/diag.c index 6be16c0ad38f..86d85abf90c6 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -10,9 +10,83 @@ #define UNIX_DIAG_PUT(skb, attrtype, attrlen) \ RTA_DATA(__RTA_PUT(skb, attrtype, attrlen)) +static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, + u32 pid, u32 seq, u32 flags, int sk_ino) +{ + unsigned char *b = skb_tail_pointer(skb); + struct nlmsghdr *nlh; + struct unix_diag_msg *rep; + + nlh = NLMSG_PUT(skb, pid, seq, SOCK_DIAG_BY_FAMILY, sizeof(*rep)); + nlh->nlmsg_flags = flags; + + rep = NLMSG_DATA(nlh); + + rep->udiag_family = AF_UNIX; + rep->udiag_type = sk->sk_type; + rep->udiag_state = sk->sk_state; + rep->udiag_ino = sk_ino; + sock_diag_save_cookie(sk, rep->udiag_cookie); + + nlh->nlmsg_len = skb_tail_pointer(skb) - b; + return skb->len; + +nlmsg_failure: + nlmsg_trim(skb, b); + return -EMSGSIZE; +} + +static int sk_diag_dump(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, + u32 pid, u32 seq, u32 flags) +{ + int sk_ino; + + unix_state_lock(sk); + sk_ino = sock_i_ino(sk); + unix_state_unlock(sk); + + if (!sk_ino) + return 0; + + return sk_diag_fill(sk, skb, req, pid, seq, flags, sk_ino); +} + static int unix_diag_dump(struct sk_buff *skb, struct netlink_callback *cb) { - return 0; + struct unix_diag_req *req; + int num, s_num, slot, s_slot; + + req = NLMSG_DATA(cb->nlh); + + s_slot = cb->args[0]; + num = s_num = cb->args[1]; + + spin_lock(&unix_table_lock); + for (slot = s_slot; slot <= UNIX_HASH_SIZE; s_num = 0, slot++) { + struct sock *sk; + struct hlist_node *node; + + num = 0; + sk_for_each(sk, node, &unix_socket_table[slot]) { + if (num < s_num) + goto next; + if (!(req->udiag_states & (1 << sk->sk_state))) + goto next; + if (sk_diag_dump(sk, skb, req, + NETLINK_CB(cb->skb).pid, + cb->nlh->nlmsg_seq, + NLM_F_MULTI) < 0) + goto done; +next: + num++; + } + } +done: + spin_unlock(&unix_table_lock); + cb->args[0] = slot; + cb->args[1] = num; + + return skb->len; } static int unix_diag_get_exact(struct sk_buff *in_skb, -- cgit From 5d3cae8bc39dd38d1aa5fd4bbc788c7b43fcaa71 Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Thu, 15 Dec 2011 02:45:07 +0000 Subject: unix_diag: Dumping exact socket core The socket inode is used as a key for lookup. This is effectively the only really unique ID of a unix socket, but using this for search currently has one problem -- it is O(number of sockets) :( Does it worth fixing this lookup or inventing some other ID for unix sockets? Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- net/unix/diag.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) (limited to 'net/unix/diag.c') diff --git a/net/unix/diag.c b/net/unix/diag.c index 86d85abf90c6..d7bd48c49ee5 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -89,11 +89,76 @@ done: return skb->len; } +static struct sock *unix_lookup_by_ino(int ino) +{ + int i; + struct sock *sk; + + spin_lock(&unix_table_lock); + for (i = 0; i <= UNIX_HASH_SIZE; i++) { + struct hlist_node *node; + + sk_for_each(sk, node, &unix_socket_table[i]) + if (ino == sock_i_ino(sk)) { + sock_hold(sk); + spin_unlock(&unix_table_lock); + + return sk; + } + } + + spin_unlock(&unix_table_lock); + return NULL; +} + static int unix_diag_get_exact(struct sk_buff *in_skb, const struct nlmsghdr *nlh, struct unix_diag_req *req) { - return -EAFNOSUPPORT; + int err = -EINVAL; + struct sock *sk; + struct sk_buff *rep; + unsigned int extra_len; + + if (req->udiag_ino == 0) + goto out_nosk; + + sk = unix_lookup_by_ino(req->udiag_ino); + err = -ENOENT; + if (sk == NULL) + goto out_nosk; + + err = sock_diag_check_cookie(sk, req->udiag_cookie); + if (err) + goto out; + + extra_len = 256; +again: + err = -ENOMEM; + rep = alloc_skb(NLMSG_SPACE((sizeof(struct unix_diag_msg) + extra_len)), + GFP_KERNEL); + if (!rep) + goto out; + + err = sk_diag_fill(sk, rep, req, NETLINK_CB(in_skb).pid, + nlh->nlmsg_seq, 0, req->udiag_ino); + if (err < 0) { + kfree_skb(rep); + extra_len += 256; + if (extra_len >= PAGE_SIZE) + goto out; + + goto again; + } + err = netlink_unicast(sock_diag_nlsk, rep, NETLINK_CB(in_skb).pid, + MSG_DONTWAIT); + if (err > 0) + err = 0; +out: + if (sk) + sock_put(sk); +out_nosk: + return err; } static int unix_diag_handler_dump(struct sk_buff *skb, struct nlmsghdr *h) -- cgit From f5248b48a64c221dd6157ab9cbee5a36ee45e6ed Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Thu, 15 Dec 2011 02:45:24 +0000 Subject: unix_diag: Unix socket name NLA Report the sun_path when requested as NLA. With leading '\0' if present but without the leading AF_UNIX bits. Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- include/linux/unix_diag.h | 8 ++++++++ net/unix/diag.c | 20 ++++++++++++++++++++ 2 files changed, 28 insertions(+) (limited to 'net/unix/diag.c') diff --git a/include/linux/unix_diag.h b/include/linux/unix_diag.h index 445184a85763..cc4df34d4c14 100644 --- a/include/linux/unix_diag.h +++ b/include/linux/unix_diag.h @@ -11,6 +11,8 @@ struct unix_diag_req { __u32 udiag_cookie[2]; }; +#define UDIAG_SHOW_NAME 0x00000001 /* show name (not path) */ + struct unix_diag_msg { __u8 udiag_family; __u8 udiag_type; @@ -21,4 +23,10 @@ struct unix_diag_msg { __u32 udiag_cookie[2]; }; +enum { + UNIX_DIAG_NAME, + + UNIX_DIAG_MAX, +}; + #endif diff --git a/net/unix/diag.c b/net/unix/diag.c index d7bd48c49ee5..161ce6c05e31 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -10,6 +10,22 @@ #define UNIX_DIAG_PUT(skb, attrtype, attrlen) \ RTA_DATA(__RTA_PUT(skb, attrtype, attrlen)) +static int sk_diag_dump_name(struct sock *sk, struct sk_buff *nlskb) +{ + struct unix_address *addr = unix_sk(sk)->addr; + char *s; + + if (addr) { + s = UNIX_DIAG_PUT(nlskb, UNIX_DIAG_NAME, addr->len - sizeof(short)); + memcpy(s, addr->name->sun_path, addr->len - sizeof(short)); + } + + return 0; + +rtattr_failure: + return -EMSGSIZE; +} + static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, u32 pid, u32 seq, u32 flags, int sk_ino) { @@ -28,6 +44,10 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r rep->udiag_ino = sk_ino; sock_diag_save_cookie(sk, rep->udiag_cookie); + if ((req->udiag_show & UDIAG_SHOW_NAME) && + sk_diag_dump_name(sk, skb)) + goto nlmsg_failure; + nlh->nlmsg_len = skb_tail_pointer(skb) - b; return skb->len; -- cgit From 5f7b0569460b7d8d01ca776430a00505a68b7584 Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Thu, 15 Dec 2011 02:45:43 +0000 Subject: unix_diag: Unix inode info NLA Actually, the socket path if it's not anonymous doesn't give a clue to which file the socket is bound to. Even if the path is absolute, it can be unlinked and then new socket can be bound to it. With this NLA it's possible to check which file a particular socket is really bound to. Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- include/linux/unix_diag.h | 7 +++++++ net/unix/diag.c | 21 +++++++++++++++++++++ 2 files changed, 28 insertions(+) (limited to 'net/unix/diag.c') diff --git a/include/linux/unix_diag.h b/include/linux/unix_diag.h index cc4df34d4c14..3e53adbe9c7f 100644 --- a/include/linux/unix_diag.h +++ b/include/linux/unix_diag.h @@ -12,6 +12,7 @@ struct unix_diag_req { }; #define UDIAG_SHOW_NAME 0x00000001 /* show name (not path) */ +#define UDIAG_SHOW_VFS 0x00000002 /* show VFS inode info */ struct unix_diag_msg { __u8 udiag_family; @@ -25,8 +26,14 @@ struct unix_diag_msg { enum { UNIX_DIAG_NAME, + UNIX_DIAG_VFS, UNIX_DIAG_MAX, }; +struct unix_diag_vfs { + __u32 udiag_vfs_ino; + __u32 udiag_vfs_dev; +}; + #endif diff --git a/net/unix/diag.c b/net/unix/diag.c index 161ce6c05e31..83799ef19b49 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -26,6 +26,23 @@ rtattr_failure: return -EMSGSIZE; } +static int sk_diag_dump_vfs(struct sock *sk, struct sk_buff *nlskb) +{ + struct dentry *dentry = unix_sk(sk)->dentry; + struct unix_diag_vfs *uv; + + if (dentry) { + uv = UNIX_DIAG_PUT(nlskb, UNIX_DIAG_VFS, sizeof(*uv)); + uv->udiag_vfs_ino = dentry->d_inode->i_ino; + uv->udiag_vfs_dev = dentry->d_sb->s_dev; + } + + return 0; + +rtattr_failure: + return -EMSGSIZE; +} + static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, u32 pid, u32 seq, u32 flags, int sk_ino) { @@ -48,6 +65,10 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r sk_diag_dump_name(sk, skb)) goto nlmsg_failure; + if ((req->udiag_show & UDIAG_SHOW_VFS) && + sk_diag_dump_vfs(sk, skb)) + goto nlmsg_failure; + nlh->nlmsg_len = skb_tail_pointer(skb) - b; return skb->len; -- cgit From ac02be8d96af9f66a4de86781ee9facc2dff99d4 Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Thu, 15 Dec 2011 02:45:58 +0000 Subject: unix_diag: Unix peer inode NLA Report the peer socket inode ID as NLA. With this it's finally possible to find out the other end of an interesting unix connection. Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- include/linux/unix_diag.h | 2 ++ net/unix/diag.c | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+) (limited to 'net/unix/diag.c') diff --git a/include/linux/unix_diag.h b/include/linux/unix_diag.h index 3e53adbe9c7f..2d74a86024ac 100644 --- a/include/linux/unix_diag.h +++ b/include/linux/unix_diag.h @@ -13,6 +13,7 @@ struct unix_diag_req { #define UDIAG_SHOW_NAME 0x00000001 /* show name (not path) */ #define UDIAG_SHOW_VFS 0x00000002 /* show VFS inode info */ +#define UDIAG_SHOW_PEER 0x00000004 /* show peer socket info */ struct unix_diag_msg { __u8 udiag_family; @@ -27,6 +28,7 @@ struct unix_diag_msg { enum { UNIX_DIAG_NAME, UNIX_DIAG_VFS, + UNIX_DIAG_PEER, UNIX_DIAG_MAX, }; diff --git a/net/unix/diag.c b/net/unix/diag.c index 83799ef19b49..0e0fda786afe 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -43,6 +43,26 @@ rtattr_failure: return -EMSGSIZE; } +static int sk_diag_dump_peer(struct sock *sk, struct sk_buff *nlskb) +{ + struct sock *peer; + int ino; + + peer = unix_peer_get(sk); + if (peer) { + unix_state_lock(peer); + ino = sock_i_ino(peer); + unix_state_unlock(peer); + sock_put(peer); + + RTA_PUT_U32(nlskb, UNIX_DIAG_PEER, ino); + } + + return 0; +rtattr_failure: + return -EMSGSIZE; +} + static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, u32 pid, u32 seq, u32 flags, int sk_ino) { @@ -69,6 +89,10 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r sk_diag_dump_vfs(sk, skb)) goto nlmsg_failure; + if ((req->udiag_show & UDIAG_SHOW_PEER) && + sk_diag_dump_peer(sk, skb)) + goto nlmsg_failure; + nlh->nlmsg_len = skb_tail_pointer(skb) - b; return skb->len; -- cgit From 2aac7a2cb0d9d8c65fc7dde3e19e46b3e878d23d Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Thu, 15 Dec 2011 02:46:14 +0000 Subject: unix_diag: Pending connections IDs NLA When establishing a unix connection on stream sockets the server end receives an skb with socket in its receive queue. Report who is waiting for these ends to be accepted for listening sockets via NLA. There's a lokcing issue with this -- the unix sk state lock is required to access the peer, and it is taken under the listening sk's queue lock. Strictly speaking the queue lock should be taken inside the state lock, but since in this case these two sockets are different it shouldn't lead to deadlock. Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- include/linux/unix_diag.h | 2 ++ net/unix/diag.c | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) (limited to 'net/unix/diag.c') diff --git a/include/linux/unix_diag.h b/include/linux/unix_diag.h index 2d74a86024ac..03ffb7de15b6 100644 --- a/include/linux/unix_diag.h +++ b/include/linux/unix_diag.h @@ -14,6 +14,7 @@ struct unix_diag_req { #define UDIAG_SHOW_NAME 0x00000001 /* show name (not path) */ #define UDIAG_SHOW_VFS 0x00000002 /* show VFS inode info */ #define UDIAG_SHOW_PEER 0x00000004 /* show peer socket info */ +#define UDIAG_SHOW_ICONS 0x00000008 /* show pending connections */ struct unix_diag_msg { __u8 udiag_family; @@ -29,6 +30,7 @@ enum { UNIX_DIAG_NAME, UNIX_DIAG_VFS, UNIX_DIAG_PEER, + UNIX_DIAG_ICONS, UNIX_DIAG_MAX, }; diff --git a/net/unix/diag.c b/net/unix/diag.c index 0e0fda786afe..24c7a65d9cb1 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -63,6 +63,41 @@ rtattr_failure: return -EMSGSIZE; } +static int sk_diag_dump_icons(struct sock *sk, struct sk_buff *nlskb) +{ + struct sk_buff *skb; + u32 *buf; + int i; + + if (sk->sk_state == TCP_LISTEN) { + spin_lock(&sk->sk_receive_queue.lock); + buf = UNIX_DIAG_PUT(nlskb, UNIX_DIAG_ICONS, sk->sk_receive_queue.qlen); + i = 0; + skb_queue_walk(&sk->sk_receive_queue, skb) { + struct sock *req, *peer; + + req = skb->sk; + /* + * The state lock is outer for the same sk's + * queue lock. With the other's queue locked it's + * OK to lock the state. + */ + unix_state_lock_nested(req); + peer = unix_sk(req)->peer; + if (peer) + buf[i++] = sock_i_ino(peer); + unix_state_unlock(req); + } + spin_unlock(&sk->sk_receive_queue.lock); + } + + return 0; + +rtattr_failure: + spin_unlock(&sk->sk_receive_queue.lock); + return -EMSGSIZE; +} + static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, u32 pid, u32 seq, u32 flags, int sk_ino) { @@ -93,6 +128,10 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r sk_diag_dump_peer(sk, skb)) goto nlmsg_failure; + if ((req->udiag_show & UDIAG_SHOW_ICONS) && + sk_diag_dump_icons(sk, skb)) + goto nlmsg_failure; + nlh->nlmsg_len = skb_tail_pointer(skb) - b; return skb->len; -- cgit From cbf391958afb9b82c72324a15891eb3102200085 Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Thu, 15 Dec 2011 02:46:31 +0000 Subject: unix_diag: Receive queue lenght NLA Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- include/linux/unix_diag.h | 2 ++ net/unix/diag.c | 13 +++++++++++++ 2 files changed, 15 insertions(+) (limited to 'net/unix/diag.c') diff --git a/include/linux/unix_diag.h b/include/linux/unix_diag.h index 03ffb7de15b6..3f7afb007d70 100644 --- a/include/linux/unix_diag.h +++ b/include/linux/unix_diag.h @@ -15,6 +15,7 @@ struct unix_diag_req { #define UDIAG_SHOW_VFS 0x00000002 /* show VFS inode info */ #define UDIAG_SHOW_PEER 0x00000004 /* show peer socket info */ #define UDIAG_SHOW_ICONS 0x00000008 /* show pending connections */ +#define UDIAG_SHOW_RQLEN 0x00000010 /* show skb receive queue len */ struct unix_diag_msg { __u8 udiag_family; @@ -31,6 +32,7 @@ enum { UNIX_DIAG_VFS, UNIX_DIAG_PEER, UNIX_DIAG_ICONS, + UNIX_DIAG_RQLEN, UNIX_DIAG_MAX, }; diff --git a/net/unix/diag.c b/net/unix/diag.c index 24c7a65d9cb1..a5c4aab0380d 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -98,6 +98,15 @@ rtattr_failure: return -EMSGSIZE; } +static int sk_diag_show_rqlen(struct sock *sk, struct sk_buff *nlskb) +{ + RTA_PUT_U32(nlskb, UNIX_DIAG_RQLEN, sk->sk_receive_queue.qlen); + return 0; + +rtattr_failure: + return -EMSGSIZE; +} + static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, u32 pid, u32 seq, u32 flags, int sk_ino) { @@ -132,6 +141,10 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r sk_diag_dump_icons(sk, skb)) goto nlmsg_failure; + if ((req->udiag_show & UDIAG_SHOW_RQLEN) && + sk_diag_show_rqlen(sk, skb)) + goto nlmsg_failure; + nlh->nlmsg_len = skb_tail_pointer(skb) - b; return skb->len; -- cgit From 2ea744a583d0f40901b2ea43059ae007d9cf2602 Mon Sep 17 00:00:00 2001 From: Cyrill Gorcunov Date: Tue, 20 Dec 2011 04:33:03 +0000 Subject: net: unix -- Add missing module.h inclusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise getting | net/unix/diag.c:312:16: error: expected declaration specifiers or ‘...’ before string constant | net/unix/diag.c:313:1: error: expected declaration specifiers or ‘...’ before string constant Signed-off-by: Cyrill Gorcunov Signed-off-by: David S. Miller --- net/unix/diag.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net/unix/diag.c') diff --git a/net/unix/diag.c b/net/unix/diag.c index a5c4aab0380d..91d57828499c 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -3,6 +3,7 @@ #include #include #include +#include #include #include #include -- cgit From 3b0723c12e825e26aa5fc0c6970108425824b51d Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Mon, 26 Dec 2011 14:08:47 -0500 Subject: unix_diag: Fix incoming connections nla length The NLA_PUT macro should accept the actual attribute length, not the amount of elements in array :( Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- net/unix/diag.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'net/unix/diag.c') diff --git a/net/unix/diag.c b/net/unix/diag.c index 91d57828499c..39e44c98176a 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -72,7 +72,8 @@ static int sk_diag_dump_icons(struct sock *sk, struct sk_buff *nlskb) if (sk->sk_state == TCP_LISTEN) { spin_lock(&sk->sk_receive_queue.lock); - buf = UNIX_DIAG_PUT(nlskb, UNIX_DIAG_ICONS, sk->sk_receive_queue.qlen); + buf = UNIX_DIAG_PUT(nlskb, UNIX_DIAG_ICONS, + sk->sk_receive_queue.qlen * sizeof(u32)); i = 0; skb_queue_walk(&sk->sk_receive_queue, skb) { struct sock *req, *peer; -- cgit From e09e9d189bc2d31dc365a3d846a09086317350b6 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Mon, 26 Dec 2011 14:41:55 -0500 Subject: unix: If we happen to find peer NULL when diag dumping, write zero. Otherwise we leave uninitialized kernel memory in there. Reported-by: Eric Dumazet Signed-off-by: David S. Miller --- net/unix/diag.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'net/unix/diag.c') diff --git a/net/unix/diag.c b/net/unix/diag.c index 39e44c98176a..c5bdbcb1c30b 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -86,8 +86,7 @@ static int sk_diag_dump_icons(struct sock *sk, struct sk_buff *nlskb) */ unix_state_lock_nested(req); peer = unix_sk(req)->peer; - if (peer) - buf[i++] = sock_i_ino(peer); + buf[i++] = (peer ? sock_i_ino(peer) : 0); unix_state_unlock(req); } spin_unlock(&sk->sk_receive_queue.lock); -- cgit From 257b529876cb45ec791eaa89e3d2ee0d16b49383 Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Fri, 30 Dec 2011 09:27:43 +0000 Subject: unix_diag: Add the MEMINFO extension [ Fix indentation of sock_diag*() calls. -DaveM ] Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- include/linux/unix_diag.h | 2 ++ net/unix/diag.c | 20 ++++++++++++-------- 2 files changed, 14 insertions(+), 8 deletions(-) (limited to 'net/unix/diag.c') diff --git a/include/linux/unix_diag.h b/include/linux/unix_diag.h index a5ce0f325745..93fdb782468a 100644 --- a/include/linux/unix_diag.h +++ b/include/linux/unix_diag.h @@ -18,6 +18,7 @@ struct unix_diag_req { #define UDIAG_SHOW_PEER 0x00000004 /* show peer socket info */ #define UDIAG_SHOW_ICONS 0x00000008 /* show pending connections */ #define UDIAG_SHOW_RQLEN 0x00000010 /* show skb receive queue len */ +#define UDIAG_SHOW_MEMINFO 0x00000020 /* show memory info of a socket */ struct unix_diag_msg { __u8 udiag_family; @@ -35,6 +36,7 @@ enum { UNIX_DIAG_PEER, UNIX_DIAG_ICONS, UNIX_DIAG_RQLEN, + UNIX_DIAG_MEMINFO, UNIX_DIAG_MAX, }; diff --git a/net/unix/diag.c b/net/unix/diag.c index c5bdbcb1c30b..98945f29da4f 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -127,23 +127,27 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r sock_diag_save_cookie(sk, rep->udiag_cookie); if ((req->udiag_show & UDIAG_SHOW_NAME) && - sk_diag_dump_name(sk, skb)) + sk_diag_dump_name(sk, skb)) goto nlmsg_failure; if ((req->udiag_show & UDIAG_SHOW_VFS) && - sk_diag_dump_vfs(sk, skb)) + sk_diag_dump_vfs(sk, skb)) goto nlmsg_failure; if ((req->udiag_show & UDIAG_SHOW_PEER) && - sk_diag_dump_peer(sk, skb)) + sk_diag_dump_peer(sk, skb)) goto nlmsg_failure; if ((req->udiag_show & UDIAG_SHOW_ICONS) && - sk_diag_dump_icons(sk, skb)) + sk_diag_dump_icons(sk, skb)) goto nlmsg_failure; if ((req->udiag_show & UDIAG_SHOW_RQLEN) && - sk_diag_show_rqlen(sk, skb)) + sk_diag_show_rqlen(sk, skb)) + goto nlmsg_failure; + + if ((req->udiag_show & UDIAG_SHOW_MEMINFO) && + sock_diag_put_meminfo(sk, skb, UNIX_DIAG_MEMINFO)) goto nlmsg_failure; nlh->nlmsg_len = skb_tail_pointer(skb) - b; @@ -191,9 +195,9 @@ static int unix_diag_dump(struct sk_buff *skb, struct netlink_callback *cb) if (!(req->udiag_states & (1 << sk->sk_state))) goto next; if (sk_diag_dump(sk, skb, req, - NETLINK_CB(cb->skb).pid, - cb->nlh->nlmsg_seq, - NLM_F_MULTI) < 0) + NETLINK_CB(cb->skb).pid, + cb->nlh->nlmsg_seq, + NLM_F_MULTI) < 0) goto done; next: num++; -- cgit From c9da99e6475f92653139e43f3c30c0cd011a0fd8 Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Fri, 30 Dec 2011 00:54:39 +0000 Subject: unix_diag: Fixup RQLEN extension report While it's not too late fix the recently added RQLEN diag extension to report rqlen and wqlen in the same way as TCP does. I.e. for listening sockets the ack backlog length (which is the input queue length for socket) in rqlen and the max ack backlog length in wqlen, and what the CINQ/OUTQ ioctls do for established. Signed-off-by: Pavel Emelyanov Signed-off-by: David S. Miller --- include/linux/unix_diag.h | 5 +++++ net/unix/diag.c | 13 ++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) (limited to 'net/unix/diag.c') diff --git a/include/linux/unix_diag.h b/include/linux/unix_diag.h index 93fdb782468a..b1d2bf16b33c 100644 --- a/include/linux/unix_diag.h +++ b/include/linux/unix_diag.h @@ -46,4 +46,9 @@ struct unix_diag_vfs { __u32 udiag_vfs_dev; }; +struct unix_diag_rqlen { + __u32 udiag_rqueue; + __u32 udiag_wqueue; +}; + #endif diff --git a/net/unix/diag.c b/net/unix/diag.c index 98945f29da4f..6b7697fd911b 100644 --- a/net/unix/diag.c +++ b/net/unix/diag.c @@ -101,7 +101,18 @@ rtattr_failure: static int sk_diag_show_rqlen(struct sock *sk, struct sk_buff *nlskb) { - RTA_PUT_U32(nlskb, UNIX_DIAG_RQLEN, sk->sk_receive_queue.qlen); + struct unix_diag_rqlen *rql; + + rql = UNIX_DIAG_PUT(nlskb, UNIX_DIAG_RQLEN, sizeof(*rql)); + + if (sk->sk_state == TCP_LISTEN) { + rql->udiag_rqueue = sk->sk_receive_queue.qlen; + rql->udiag_wqueue = sk->sk_max_ack_backlog; + } else { + rql->udiag_rqueue = (__u32)unix_inq_len(sk); + rql->udiag_wqueue = (__u32)unix_outq_len(sk); + } + return 0; rtattr_failure: -- cgit