2 * NET3: Garbage Collector For AF_UNIX sockets
5 * Copyright (C) Barak A. Pearlmutter.
6 * Released under the GPL version 2 or later.
8 * Chopped about by Alan Cox 22/3/96 to make it fit the AF_UNIX socket problem.
9 * If it doesn't work blame me, it worked when Barak sent it.
16 * Current optimizations:
18 * - explicit stack instead of recursion
19 * - tail recurse on first born instead of immediate push/pop
20 * - we gather the stuff that should not be killed into tree
21 * and stack is just a path from root to the current pointer.
23 * Future optimizations:
25 * - don't just push entire root set; process in place
27 * This program is free software; you can redistribute it and/or
28 * modify it under the terms of the GNU General Public License
29 * as published by the Free Software Foundation; either version
30 * 2 of the License, or (at your option) any later version.
33 * Alan Cox 07 Sept 1997 Vmalloc internal stack as needed.
34 * Cope with changing max_files.
36 * Graph may have cycles. That is, we can send the descriptor
37 * of foo to bar and vice versa. Current code chokes on that.
38 * Fix: move SCM_RIGHTS ones into the separate list and then
39 * skb_free() them all instead of doing explicit fput's.
40 * Another problem: since fput() may block somebody may
41 * create a new unix_socket when we are in the middle of sweep
42 * phase. Fix: revert the logic wrt MARKED. Mark everything
43 * upon the beginning and unmark non-junk ones.
45 * [12 Oct 1998] AAARGH! New code purges all SCM_RIGHTS
46 * sent to connect()'ed but still not accept()'ed sockets.
47 * Fixed. Old code had slightly different problem here:
48 * extra fput() in situation when we passed the descriptor via
49 * such socket and closed it (descriptor). That would happen on
50 * each unix_gc() until the accept(). Since the struct file in
51 * question would go to the free list and might be reused...
52 * That might be the reason of random oopses on filp_close()
53 * in unrelated processes.
56 * Kill the explicit allocation of stack. Now we keep the tree
57 * with root in dummy + pointer (gc_current) to one of the nodes.
58 * Stack is represented as path from gc_current to dummy. Unmark
59 * now means "add to tree". Push == "make it a son of gc_current".
60 * Pop == "move gc_current to parent". We keep only pointers to
61 * parents (->gc_tree).
63 * Damn. Added missing check for ->dead in listen queues scanning.
67 #include <linux/kernel.h>
68 #include <linux/sched.h>
69 #include <linux/string.h>
70 #include <linux/socket.h>
72 #include <linux/net.h>
74 #include <linux/slab.h>
75 #include <linux/skbuff.h>
76 #include <linux/netdevice.h>
77 #include <linux/file.h>
78 #include <linux/proc_fs.h>
79 #include <linux/tcp.h>
82 #include <net/af_unix.h>
85 /* Internal data structures and random procedures: */
87 #define GC_HEAD ((unix_socket *)(-1))
88 #define GC_ORPHAN ((unix_socket *)(-3))
90 static unix_socket *gc_current=GC_HEAD; /* stack of objects to mark */
92 atomic_t unix_tot_inflight = ATOMIC_INIT(0);
95 extern inline unix_socket *unix_get_socket(struct file *filp)
97 unix_socket * u_sock = NULL;
98 struct inode *inode = filp->f_dentry->d_inode;
104 struct socket * sock = &inode->u.socket_i;
105 struct sock * s = sock->sk;
110 if (s && sock->ops && sock->ops->family == PF_UNIX)
117 * Keep the number of times in flight count for the file
118 * descriptor if it is for an AF_UNIX socket.
121 void unix_inflight(struct file *fp)
123 unix_socket *s=unix_get_socket(fp);
125 atomic_inc(&s->protinfo.af_unix.inflight);
126 atomic_inc(&unix_tot_inflight);
130 void unix_notinflight(struct file *fp)
132 unix_socket *s=unix_get_socket(fp);
134 atomic_dec(&s->protinfo.af_unix.inflight);
135 atomic_dec(&unix_tot_inflight);
141 * Garbage Collector Support Functions
144 extern inline unix_socket *pop_stack(void)
146 unix_socket *p=gc_current;
147 gc_current = p->protinfo.af_unix.gc_tree;
151 extern inline int empty_stack(void)
153 return gc_current == GC_HEAD;
156 extern inline void maybe_unmark_and_push(unix_socket *x)
158 if (x->protinfo.af_unix.gc_tree != GC_ORPHAN)
161 x->protinfo.af_unix.gc_tree = gc_current;
166 /* The external entry point: unix_gc() */
170 static DECLARE_MUTEX(unix_gc_sem);
173 struct sk_buff_head hitlist;
177 * Avoid a recursive GC.
180 if (down_trylock(&unix_gc_sem))
183 read_lock(&unix_table_lock);
185 forall_unix_sockets(i, s)
187 s->protinfo.af_unix.gc_tree=GC_ORPHAN;
190 * Everything is now marked
193 /* Invariant to be maintained:
194 - everything unmarked is either:
195 -- (a) on the stack, or
196 -- (b) has all of its children unmarked
197 - everything on the stack is always unmarked
198 - nothing is ever pushed onto the stack twice, because:
199 -- nothing previously unmarked is ever pushed on the stack
206 forall_unix_sockets(i, s)
211 * If all instances of the descriptor are not
212 * in flight we are in use.
214 * Special case: when socket s is embrion, it may be
215 * hashed but still not in queue of listening socket.
216 * In this case (see unix_create1()) we set artificial
217 * negative inflight counter to close race window.
218 * It is trick of course and dirty one.
220 if(s->socket && s->socket->file)
221 open_count = file_count(s->socket->file);
222 if (open_count > atomic_read(&s->protinfo.af_unix.inflight))
223 maybe_unmark_and_push(s);
230 while (!empty_stack())
232 unix_socket *x = pop_stack();
235 spin_lock(&x->receive_queue.lock);
236 skb=skb_peek(&x->receive_queue);
239 * Loop through all but first born
242 while(skb && skb != (struct sk_buff *)&x->receive_queue)
245 * Do we have file descriptors ?
250 * Process the descriptors of this socket
252 int nfd=UNIXCB(skb).fp->count;
253 struct file **fp = UNIXCB(skb).fp->fp;
257 * Get the socket the fd matches if
260 if((sk=unix_get_socket(*fp++))!=NULL)
262 maybe_unmark_and_push(sk);
266 /* We have to scan not-yet-accepted ones too */
267 if (x->state == TCP_LISTEN) {
268 maybe_unmark_and_push(skb->sk);
272 spin_unlock(&x->receive_queue.lock);
276 skb_queue_head_init(&hitlist);
278 forall_unix_sockets(i, s)
280 if (s->protinfo.af_unix.gc_tree == GC_ORPHAN)
282 struct sk_buff *nextsk;
283 spin_lock(&s->receive_queue.lock);
284 skb=skb_peek(&s->receive_queue);
285 while(skb && skb != (struct sk_buff *)&s->receive_queue)
289 * Do we have file descriptors ?
293 __skb_unlink(skb, skb->list);
294 __skb_queue_tail(&hitlist,skb);
298 spin_unlock(&s->receive_queue.lock);
300 s->protinfo.af_unix.gc_tree = GC_ORPHAN;
302 read_unlock(&unix_table_lock);
305 * Here we are. Hitlist is filled. Die.
308 __skb_queue_purge(&hitlist);