Merge branch 'af_unix-replace-unix_table_lock-with-per-hash-locks'

#define UNIX_HASH_BITS	8

extern unsigned int unix_tot_inflight;

extern spinlock_t unix_table_lock;

extern spinlock_t unix_table_locks[2 * UNIX_HASH_SIZE];

extern struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];

struct unix_address {

	refcount_t	refcnt;

	int		len;

	unsigned int	hash;

	struct sockaddr_un name[];

};

#include "scm.h"

spinlock_t unix_table_locks[2 * UNIX_HASH_SIZE];

EXPORT_SYMBOL_GPL(unix_table_locks);

struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];

EXPORT_SYMBOL_GPL(unix_socket_table);

DEFINE_SPINLOCK(unix_table_lock);

EXPORT_SYMBOL_GPL(unix_table_lock);

static atomic_long_t unix_nr_socks;

/* SMP locking strategy:

 *    hash table is protected with spinlock unix_table_locks

 *    each socket state is protected by separate spin lock.

 */

static struct hlist_head *unix_sockets_unbound(void *addr)

static unsigned int unix_unbound_hash(struct sock *sk)

{

	unsigned long hash = (unsigned long)addr;

	unsigned long hash = (unsigned long)sk;

	hash ^= hash >> 16;

	hash ^= hash >> 8;

	hash %= UNIX_HASH_SIZE;

	return &unix_socket_table[UNIX_HASH_SIZE + hash];

	hash ^= sk->sk_type;

	return UNIX_HASH_SIZE + (hash & (UNIX_HASH_SIZE - 1));

}

static unsigned int unix_bsd_hash(struct inode *i)

{

	return i->i_ino & (UNIX_HASH_SIZE - 1);

}

static unsigned int unix_abstract_hash(struct sockaddr_un *sunaddr,

				       int addr_len, int type)

{

	__wsum csum = csum_partial(sunaddr, addr_len, 0);

	unsigned int hash;

	hash = (__force unsigned int)csum_fold(csum);

	hash ^= hash >> 8;

	hash ^= type;

	return hash & (UNIX_HASH_SIZE - 1);

}

#define UNIX_ABSTRACT(sk)	(unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)

static void unix_table_double_lock(unsigned int hash1, unsigned int hash2)

{

	/* hash1 and hash2 is never the same because

	 * one is between 0 and UNIX_HASH_SIZE - 1, and

	 * another is between UNIX_HASH_SIZE and UNIX_HASH_SIZE * 2.

	 */

	if (hash1 > hash2)

		swap(hash1, hash2);

	spin_lock(&unix_table_locks[hash1]);

	spin_lock_nested(&unix_table_locks[hash2], SINGLE_DEPTH_NESTING);

}

static void unix_table_double_unlock(unsigned int hash1, unsigned int hash2)

{

	spin_unlock(&unix_table_locks[hash1]);

	spin_unlock(&unix_table_locks[hash2]);

}

#ifdef CONFIG_SECURITY_NETWORK

static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)

}

#endif /* CONFIG_SECURITY_NETWORK */

/*

 *  SMP locking strategy:

 *    hash table is protected with spinlock unix_table_lock

 *    each socket state is protected by separate spin lock.

 */

static inline unsigned int unix_hash_fold(__wsum n)

{

	unsigned int hash = (__force unsigned int)csum_fold(n);

	hash ^= hash>>8;

	return hash&(UNIX_HASH_SIZE-1);

}

#define unix_peer(sk) (unix_sk(sk)->peer)

static inline int unix_our_peer(struct sock *sk, struct sock *osk)

}

EXPORT_SYMBOL_GPL(unix_peer_get);

static struct unix_address *unix_create_addr(struct sockaddr_un *sunaddr,

					     int addr_len)

{

	struct unix_address *addr;

	addr = kmalloc(sizeof(*addr) + addr_len, GFP_KERNEL);

	if (!addr)

		return NULL;

	refcount_set(&addr->refcnt, 1);

	addr->len = addr_len;

	memcpy(addr->name, sunaddr, addr_len);

	return addr;

}

static inline void unix_release_addr(struct unix_address *addr)

{

	if (refcount_dec_and_test(&addr->refcnt))

 *		- if started by zero, it is abstract name.

 */

static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp)

static int unix_validate_addr(struct sockaddr_un *sunaddr, int addr_len)

{

	*hashp = 0;

	if (len <= sizeof(short) || len > sizeof(*sunaddr))

	if (addr_len <= offsetof(struct sockaddr_un, sun_path) ||

	    addr_len > sizeof(*sunaddr))

		return -EINVAL;

	if (!sunaddr || sunaddr->sun_family != AF_UNIX)

	if (sunaddr->sun_family != AF_UNIX)

		return -EINVAL;

	if (sunaddr->sun_path[0]) {

		/*

		 * This may look like an off by one error but it is a bit more

	return 0;

}

static void unix_mkname_bsd(struct sockaddr_un *sunaddr, int addr_len)

{

	/* This may look like an off by one error but it is a bit more

	 * subtle.  108 is the longest valid AF_UNIX path for a binding.

	 * sun_path[108] doesn't as such exist.  However in kernel space

	 * we are guaranteed that it is a valid memory location in our

		 * kernel address buffer.

	 * kernel address buffer because syscall functions always pass

	 * a pointer of struct sockaddr_storage which has a bigger buffer

	 * than 108.

	 */

		((char *)sunaddr)[len] = 0;

		len = strlen(sunaddr->sun_path)+1+sizeof(short);

		return len;

	}

	*hashp = unix_hash_fold(csum_partial(sunaddr, len, 0));

	return len;

	((char *)sunaddr)[addr_len] = 0;

}

static void __unix_remove_socket(struct sock *sk)

	sk_del_node_init(sk);

}

static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)

static void __unix_insert_socket(struct sock *sk)

{

	WARN_ON(!sk_unhashed(sk));

	sk_add_node(sk, list);

	sk_add_node(sk, &unix_socket_table[sk->sk_hash]);

}

static void __unix_set_addr(struct sock *sk, struct unix_address *addr,

			    unsigned hash)

static void __unix_set_addr_hash(struct sock *sk, struct unix_address *addr,

				 unsigned int hash)

{

	__unix_remove_socket(sk);

	smp_store_release(&unix_sk(sk)->addr, addr);

	__unix_insert_socket(&unix_socket_table[hash], sk);

	sk->sk_hash = hash;

	__unix_insert_socket(sk);

}

static inline void unix_remove_socket(struct sock *sk)

static void unix_remove_socket(struct sock *sk)

{

	spin_lock(&unix_table_lock);

	spin_lock(&unix_table_locks[sk->sk_hash]);

	__unix_remove_socket(sk);

	spin_unlock(&unix_table_lock);

	spin_unlock(&unix_table_locks[sk->sk_hash]);

}

static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk)

static void unix_insert_unbound_socket(struct sock *sk)

{

	spin_lock(&unix_table_lock);

	__unix_insert_socket(list, sk);

	spin_unlock(&unix_table_lock);

	spin_lock(&unix_table_locks[sk->sk_hash]);

	__unix_insert_socket(sk);

	spin_unlock(&unix_table_locks[sk->sk_hash]);

}

static struct sock *__unix_find_socket_byname(struct net *net,

{

	struct sock *s;

	spin_lock(&unix_table_lock);

	spin_lock(&unix_table_locks[hash]);

	s = __unix_find_socket_byname(net, sunname, len, hash);

	if (s)

		sock_hold(s);

	spin_unlock(&unix_table_lock);

	spin_unlock(&unix_table_locks[hash]);

	return s;

}

static struct sock *unix_find_socket_byinode(struct inode *i)

{

	unsigned int hash = unix_bsd_hash(i);

	struct sock *s;

	spin_lock(&unix_table_lock);

	sk_for_each(s,

		    &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {

	spin_lock(&unix_table_locks[hash]);

	sk_for_each(s, &unix_socket_table[hash]) {

		struct dentry *dentry = unix_sk(s)->path.dentry;

		if (dentry && d_backing_inode(dentry) == i) {

			sock_hold(s);

			goto found;

			spin_unlock(&unix_table_locks[hash]);

			return s;

		}

	}

	s = NULL;

found:

	spin_unlock(&unix_table_lock);

	return s;

	spin_unlock(&unix_table_locks[hash]);

	return NULL;

}

/* Support code for asymmetrically connected dgram sockets

	sock_init_data(sock, sk);

	sk->sk_hash		= unix_unbound_hash(sk);

	sk->sk_allocation	= GFP_KERNEL_ACCOUNT;

	sk->sk_write_space	= unix_write_space;

	sk->sk_max_ack_backlog	= net->unx.sysctl_max_dgram_qlen;

	init_waitqueue_head(&u->peer_wait);

	init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);

	memset(&u->scm_stat, 0, sizeof(struct scm_stat));

	unix_insert_socket(unix_sockets_unbound(sk), sk);

	unix_insert_unbound_socket(sk);

	sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);

	return 0;

}

static int unix_autobind(struct socket *sock)

static struct sock *unix_find_bsd(struct net *net, struct sockaddr_un *sunaddr,

				  int addr_len, int type)

{

	struct sock *sk = sock->sk;

	struct net *net = sock_net(sk);

	struct inode *inode;

	struct path path;

	struct sock *sk;

	int err;

	unix_mkname_bsd(sunaddr, addr_len);

	err = kern_path(sunaddr->sun_path, LOOKUP_FOLLOW, &path);

	if (err)

		goto fail;

	err = path_permission(&path, MAY_WRITE);

	if (err)

		goto path_put;

	err = -ECONNREFUSED;

	inode = d_backing_inode(path.dentry);

	if (!S_ISSOCK(inode->i_mode))

		goto path_put;

	sk = unix_find_socket_byinode(inode);

	if (!sk)

		goto path_put;

	err = -EPROTOTYPE;

	if (sk->sk_type == type)

		touch_atime(&path);

	else

		goto sock_put;

	path_put(&path);

	return sk;

sock_put:

	sock_put(sk);

path_put:

	path_put(&path);

fail:

	return ERR_PTR(err);

}

static struct sock *unix_find_abstract(struct net *net,

				       struct sockaddr_un *sunaddr,

				       int addr_len, int type)

{

	unsigned int hash = unix_abstract_hash(sunaddr, addr_len, type);

	struct dentry *dentry;

	struct sock *sk;

	sk = unix_find_socket_byname(net, sunaddr, addr_len, hash);

	if (!sk)

		return ERR_PTR(-ECONNREFUSED);

	dentry = unix_sk(sk)->path.dentry;

	if (dentry)

		touch_atime(&unix_sk(sk)->path);

	return sk;

}

static struct sock *unix_find_other(struct net *net,

				    struct sockaddr_un *sunaddr,

				    int addr_len, int type)

{

	struct sock *sk;

	if (sunaddr->sun_path[0])

		sk = unix_find_bsd(net, sunaddr, addr_len, type);

	else

		sk = unix_find_abstract(net, sunaddr, addr_len, type);

	return sk;

}

static int unix_autobind(struct sock *sk)

{

	unsigned int new_hash, old_hash = sk->sk_hash;

	struct unix_sock *u = unix_sk(sk);

	static u32 ordernum = 1;

	struct unix_address *addr;

	u32 lastnum, ordernum;

	int err;

	unsigned int retries = 0;

	err = mutex_lock_interruptible(&u->bindlock);

	if (err)

		goto out;

	err = -ENOMEM;

	addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);

	addr = kzalloc(sizeof(*addr) +

		       offsetof(struct sockaddr_un, sun_path) + 16, GFP_KERNEL);

	if (!addr)

		goto out;

	addr->len = offsetof(struct sockaddr_un, sun_path) + 6;

	addr->name->sun_family = AF_UNIX;

	refcount_set(&addr->refcnt, 1);

	ordernum = prandom_u32();

	lastnum = ordernum & 0xFFFFF;

retry:

	addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);

	addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));

	addr->hash ^= sk->sk_type;

	spin_lock(&unix_table_lock);

	ordernum = (ordernum + 1) & 0xFFFFF;

	sprintf(addr->name->sun_path + 1, "%05x", ordernum);

	if (__unix_find_socket_byname(net, addr->name, addr->len, addr->hash)) {

		spin_unlock(&unix_table_lock);

		/*

		 * __unix_find_socket_byname() may take long time if many names

	new_hash = unix_abstract_hash(addr->name, addr->len, sk->sk_type);

	unix_table_double_lock(old_hash, new_hash);

	if (__unix_find_socket_byname(sock_net(sk), addr->name, addr->len,

				      new_hash)) {

		unix_table_double_unlock(old_hash, new_hash);

		/* __unix_find_socket_byname() may take long time if many names

		 * are already in use.

		 */

		cond_resched();

		if (ordernum == lastnum) {

			/* Give up if all names seems to be in use. */

		if (retries++ == 0xFFFFF) {

			err = -ENOSPC;

			kfree(addr);

			unix_release_addr(addr);

			goto out;

		}

		goto retry;

	}

	__unix_set_addr(sk, addr, addr->hash);

	spin_unlock(&unix_table_lock);

	__unix_set_addr_hash(sk, addr, new_hash);

	unix_table_double_unlock(old_hash, new_hash);

	err = 0;

out:	mutex_unlock(&u->bindlock);

	return err;

}

static struct sock *unix_find_other(struct net *net,

				    struct sockaddr_un *sunname, int len,

				    int type, unsigned int hash, int *error)

{

	struct sock *u;

	struct path path;

	int err = 0;

	if (sunname->sun_path[0]) {

		struct inode *inode;

		err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path);

		if (err)

			goto fail;

		inode = d_backing_inode(path.dentry);

		err = path_permission(&path, MAY_WRITE);

		if (err)

			goto put_fail;

		err = -ECONNREFUSED;

		if (!S_ISSOCK(inode->i_mode))

			goto put_fail;

		u = unix_find_socket_byinode(inode);

		if (!u)

			goto put_fail;

		if (u->sk_type == type)

			touch_atime(&path);

		path_put(&path);

		err = -EPROTOTYPE;

		if (u->sk_type != type) {

			sock_put(u);

			goto fail;

		}

	} else {

		err = -ECONNREFUSED;

		u = unix_find_socket_byname(net, sunname, len, type ^ hash);

		if (u) {

			struct dentry *dentry;

			dentry = unix_sk(u)->path.dentry;

			if (dentry)

				touch_atime(&unix_sk(u)->path);

		} else

			goto fail;

	}

	return u;

put_fail:

	path_put(&path);

fail:

	*error = err;

	return NULL;

}

static int unix_bind_bsd(struct sock *sk, struct unix_address *addr)

static int unix_bind_bsd(struct sock *sk, struct sockaddr_un *sunaddr,

			 int addr_len)

{

	struct unix_sock *u = unix_sk(sk);

	umode_t mode = S_IFSOCK |

	       (SOCK_INODE(sk->sk_socket)->i_mode & ~current_umask());

	unsigned int new_hash, old_hash = sk->sk_hash;

	struct unix_sock *u = unix_sk(sk);

	struct user_namespace *ns; // barf...

	struct path parent;

	struct unix_address *addr;

	struct dentry *dentry;

	unsigned int hash;

	struct path parent;

	int err;

	unix_mkname_bsd(sunaddr, addr_len);

	addr_len = strlen(sunaddr->sun_path) +

		offsetof(struct sockaddr_un, sun_path) + 1;

	addr = unix_create_addr(sunaddr, addr_len);

	if (!addr)

		return -ENOMEM;

	/*

	 * Get the parent directory, calculate the hash for last

	 * component.

	 */

	dentry = kern_path_create(AT_FDCWD, addr->name->sun_path, &parent, 0);

	if (IS_ERR(dentry))

		return PTR_ERR(dentry);

	ns = mnt_user_ns(parent.mnt);

	if (IS_ERR(dentry)) {

		err = PTR_ERR(dentry);

		goto out;

	}

	/*

	 * All right, let's create it.

	 */

	ns = mnt_user_ns(parent.mnt);

	err = security_path_mknod(&parent, dentry, mode, 0);

	if (!err)

		err = vfs_mknod(ns, d_inode(parent.dentry), dentry, mode, 0);

	if (err)

		goto out;

		goto out_path;

	err = mutex_lock_interruptible(&u->bindlock);

	if (err)

		goto out_unlink;

	if (u->addr)

		goto out_unlock;

	addr->hash = UNIX_HASH_SIZE;

	hash = d_backing_inode(dentry)->i_ino & (UNIX_HASH_SIZE - 1);

	spin_lock(&unix_table_lock);

	new_hash = unix_bsd_hash(d_backing_inode(dentry));

	unix_table_double_lock(old_hash, new_hash);

	u->path.mnt = mntget(parent.mnt);

	u->path.dentry = dget(dentry);

	__unix_set_addr(sk, addr, hash);

	spin_unlock(&unix_table_lock);

	__unix_set_addr_hash(sk, addr, new_hash);

	unix_table_double_unlock(old_hash, new_hash);

	mutex_unlock(&u->bindlock);

	done_path_create(&parent, dentry);

	return 0;

out_unlink:

	/* failed after successful mknod?  unlink what we'd created... */

	vfs_unlink(ns, d_inode(parent.dentry), dentry, NULL);

out:

out_path:

	done_path_create(&parent, dentry);

	return err;

out:

	unix_release_addr(addr);

	return err == -EEXIST ? -EADDRINUSE : err;

}

static int unix_bind_abstract(struct sock *sk, struct unix_address *addr)

static int unix_bind_abstract(struct sock *sk, struct sockaddr_un *sunaddr,

			      int addr_len)

{

	unsigned int new_hash, old_hash = sk->sk_hash;

	struct unix_sock *u = unix_sk(sk);

	struct unix_address *addr;

	int err;

	addr = unix_create_addr(sunaddr, addr_len);

	if (!addr)

		return -ENOMEM;

	err = mutex_lock_interruptible(&u->bindlock);

	if (err)

		return err;

		goto out;

	if (u->addr) {

		mutex_unlock(&u->bindlock);

		return -EINVAL;

		err = -EINVAL;

		goto out_mutex;

	}

	spin_lock(&unix_table_lock);

	new_hash = unix_abstract_hash(addr->name, addr->len, sk->sk_type);

	unix_table_double_lock(old_hash, new_hash);

	if (__unix_find_socket_byname(sock_net(sk), addr->name, addr->len,

				      addr->hash)) {

		spin_unlock(&unix_table_lock);

		mutex_unlock(&u->bindlock);

		return -EADDRINUSE;

	}

	__unix_set_addr(sk, addr, addr->hash);

	spin_unlock(&unix_table_lock);

				      new_hash))

		goto out_spin;

	__unix_set_addr_hash(sk, addr, new_hash);

	unix_table_double_unlock(old_hash, new_hash);

	mutex_unlock(&u->bindlock);

	return 0;

out_spin:

	unix_table_double_unlock(old_hash, new_hash);

	err = -EADDRINUSE;

out_mutex:

	mutex_unlock(&u->bindlock);