net: split out functions related to registering inflight socket files

void unix_inflight(struct user_struct *user, struct file *fp);

void unix_inflight(struct user_struct *user, struct file *fp);

void unix_notinflight(struct user_struct *user, struct file *fp);

void unix_notinflight(struct user_struct *user, struct file *fp);

void unix_destruct_scm(struct sk_buff *skb);

void unix_gc(void);

void unix_gc(void);

void wait_for_unix_gc(void);

void wait_for_unix_gc(void);

struct sock *unix_get_socket(struct file *filp);

struct sock *unix_get_socket(struct file *filp);

obj-$(CONFIG_NETFILTER)		+= netfilter/

obj-$(CONFIG_NETFILTER)		+= netfilter/

obj-$(CONFIG_INET)		+= ipv4/

obj-$(CONFIG_INET)		+= ipv4/

obj-$(CONFIG_XFRM)		+= xfrm/

obj-$(CONFIG_XFRM)		+= xfrm/

obj-$(CONFIG_UNIX)		+= unix/

obj-$(CONFIG_UNIX_SCM)		+= unix/

obj-$(CONFIG_NET)		+= ipv6/

obj-$(CONFIG_NET)		+= ipv6/

obj-$(CONFIG_PACKET)		+= packet/

obj-$(CONFIG_PACKET)		+= packet/

obj-$(CONFIG_NET_KEY)		+= key/

obj-$(CONFIG_NET_KEY)		+= key/

	  Say Y unless you know what you are doing.

	  Say Y unless you know what you are doing.

config UNIX_SCM

	bool

	depends on UNIX

	default y

config UNIX_DIAG

config UNIX_DIAG

	tristate "UNIX: socket monitoring interface"

	tristate "UNIX: socket monitoring interface"

	depends on UNIX

	depends on UNIX

obj-$(CONFIG_UNIX_DIAG)	+= unix_diag.o

obj-$(CONFIG_UNIX_DIAG)	+= unix_diag.o

unix_diag-y		:= diag.o

unix_diag-y		:= diag.o

obj-$(CONFIG_UNIX_SCM)	+= scm.o

#include <linux/security.h>

#include <linux/security.h>

#include <linux/freezer.h>

#include <linux/freezer.h>

#include "scm.h"

struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];

struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];

EXPORT_SYMBOL_GPL(unix_socket_table);

EXPORT_SYMBOL_GPL(unix_socket_table);

DEFINE_SPINLOCK(unix_table_lock);

DEFINE_SPINLOCK(unix_table_lock);

	return err;

	return err;

}

}

static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)

{

	int i;

	scm->fp = UNIXCB(skb).fp;

	UNIXCB(skb).fp = NULL;

	for (i = scm->fp->count-1; i >= 0; i--)

		unix_notinflight(scm->fp->user, scm->fp->fp[i]);

}

static void unix_destruct_scm(struct sk_buff *skb)

{

	struct scm_cookie scm;

	memset(&scm, 0, sizeof(scm));

	scm.pid  = UNIXCB(skb).pid;

	if (UNIXCB(skb).fp)

		unix_detach_fds(&scm, skb);

	/* Alas, it calls VFS */

	/* So fscking what? fput() had been SMP-safe since the last Summer */

	scm_destroy(&scm);

	sock_wfree(skb);

}

/*

 * The "user->unix_inflight" variable is protected by the garbage

 * collection lock, and we just read it locklessly here. If you go

 * over the limit, there might be a tiny race in actually noticing

 * it across threads. Tough.

 */

static inline bool too_many_unix_fds(struct task_struct *p)

{

	struct user_struct *user = current_user();

	if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE)))

		return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN);

	return false;

}

#define MAX_RECURSION_LEVEL 4

static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)

{

	int i;

	unsigned char max_level = 0;

	if (too_many_unix_fds(current))

		return -ETOOMANYREFS;

	for (i = scm->fp->count - 1; i >= 0; i--) {

		struct sock *sk = unix_get_socket(scm->fp->fp[i]);

		if (sk)

			max_level = max(max_level,

					unix_sk(sk)->recursion_level);

	}

	if (unlikely(max_level > MAX_RECURSION_LEVEL))

		return -ETOOMANYREFS;

	/*

	 * Need to duplicate file references for the sake of garbage

	 * collection.  Otherwise a socket in the fps might become a

	 * candidate for GC while the skb is not yet queued.

	 */

	UNIXCB(skb).fp = scm_fp_dup(scm->fp);

	if (!UNIXCB(skb).fp)

		return -ENOMEM;

	for (i = scm->fp->count - 1; i >= 0; i--)

		unix_inflight(scm->fp->user, scm->fp->fp[i]);

	return max_level;

}

static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)

static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)

{

{

	int err = 0;

	int err = 0;