1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55#include <linux/ethtool.h>
56#include <linux/mm.h>
57#include <linux/socket.h>
58#include <linux/file.h>
59#include <linux/net.h>
60#include <linux/interrupt.h>
61#include <linux/thread_info.h>
62#include <linux/rcupdate.h>
63#include <linux/netdevice.h>
64#include <linux/proc_fs.h>
65#include <linux/seq_file.h>
66#include <linux/mutex.h>
67#include <linux/if_bridge.h>
68#include <linux/if_vlan.h>
69#include <linux/ptp_classify.h>
70#include <linux/init.h>
71#include <linux/poll.h>
72#include <linux/cache.h>
73#include <linux/module.h>
74#include <linux/highmem.h>
75#include <linux/mount.h>
76#include <linux/pseudo_fs.h>
77#include <linux/security.h>
78#include <linux/syscalls.h>
79#include <linux/compat.h>
80#include <linux/kmod.h>
81#include <linux/audit.h>
82#include <linux/wireless.h>
83#include <linux/nsproxy.h>
84#include <linux/magic.h>
85#include <linux/slab.h>
86#include <linux/xattr.h>
87#include <linux/nospec.h>
88#include <linux/indirect_call_wrapper.h>
89
90#include <linux/uaccess.h>
91#include <asm/unistd.h>
92
93#include <net/compat.h>
94#include <net/wext.h>
95#include <net/cls_cgroup.h>
96
97#include <net/sock.h>
98#include <linux/netfilter.h>
99
100#include <linux/if_tun.h>
101#include <linux/ipv6_route.h>
102#include <linux/route.h>
103#include <linux/termios.h>
104#include <linux/sockios.h>
105#include <net/busy_poll.h>
106#include <linux/errqueue.h>
107
108#ifdef CONFIG_NET_RX_BUSY_POLL
109unsigned int sysctl_net_busy_read __read_mostly;
110unsigned int sysctl_net_busy_poll __read_mostly;
111#endif
112
113static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
114static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
115static int sock_mmap(struct file *file, struct vm_area_struct *vma);
116
117static int sock_close(struct inode *inode, struct file *file);
118static __poll_t sock_poll(struct file *file,
119 struct poll_table_struct *wait);
120static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
121#ifdef CONFIG_COMPAT
122static long compat_sock_ioctl(struct file *file,
123 unsigned int cmd, unsigned long arg);
124#endif
125static int sock_fasync(int fd, struct file *filp, int on);
126static ssize_t sock_sendpage(struct file *file, struct page *page,
127 int offset, size_t size, loff_t *ppos, int more);
128static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
129 struct pipe_inode_info *pipe, size_t len,
130 unsigned int flags);
131
132#ifdef CONFIG_PROC_FS
133static void sock_show_fdinfo(struct seq_file *m, struct file *f)
134{
135 struct socket *sock = f->private_data;
136
137 if (sock->ops->show_fdinfo)
138 sock->ops->show_fdinfo(m, sock);
139}
140#else
141#define sock_show_fdinfo NULL
142#endif
143
144
145
146
147
148
149static const struct file_operations socket_file_ops = {
150 .owner = THIS_MODULE,
151 .llseek = no_llseek,
152 .read_iter = sock_read_iter,
153 .write_iter = sock_write_iter,
154 .poll = sock_poll,
155 .unlocked_ioctl = sock_ioctl,
156#ifdef CONFIG_COMPAT
157 .compat_ioctl = compat_sock_ioctl,
158#endif
159 .mmap = sock_mmap,
160 .release = sock_close,
161 .fasync = sock_fasync,
162 .sendpage = sock_sendpage,
163 .splice_write = generic_splice_sendpage,
164 .splice_read = sock_splice_read,
165 .show_fdinfo = sock_show_fdinfo,
166};
167
168
169
170
171
172static DEFINE_SPINLOCK(net_family_lock);
173static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
193{
194 if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
195 return -EINVAL;
196 if (ulen == 0)
197 return 0;
198 if (copy_from_user(kaddr, uaddr, ulen))
199 return -EFAULT;
200 return audit_sockaddr(ulen, kaddr);
201}
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
221 void __user *uaddr, int __user *ulen)
222{
223 int err;
224 int len;
225
226 BUG_ON(klen > sizeof(struct sockaddr_storage));
227 err = get_user(len, ulen);
228 if (err)
229 return err;
230 if (len > klen)
231 len = klen;
232 if (len < 0)
233 return -EINVAL;
234 if (len) {
235 if (audit_sockaddr(klen, kaddr))
236 return -ENOMEM;
237 if (copy_to_user(uaddr, kaddr, len))
238 return -EFAULT;
239 }
240
241
242
243
244 return __put_user(klen, ulen);
245}
246
247static struct kmem_cache *sock_inode_cachep __ro_after_init;
248
249static struct inode *sock_alloc_inode(struct super_block *sb)
250{
251 struct socket_alloc *ei;
252
253 ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
254 if (!ei)
255 return NULL;
256 init_waitqueue_head(&ei->socket.wq.wait);
257 ei->socket.wq.fasync_list = NULL;
258 ei->socket.wq.flags = 0;
259
260 ei->socket.state = SS_UNCONNECTED;
261 ei->socket.flags = 0;
262 ei->socket.ops = NULL;
263 ei->socket.sk = NULL;
264 ei->socket.file = NULL;
265
266 return &ei->vfs_inode;
267}
268
269static void sock_free_inode(struct inode *inode)
270{
271 struct socket_alloc *ei;
272
273 ei = container_of(inode, struct socket_alloc, vfs_inode);
274 kmem_cache_free(sock_inode_cachep, ei);
275}
276
277static void init_once(void *foo)
278{
279 struct socket_alloc *ei = (struct socket_alloc *)foo;
280
281 inode_init_once(&ei->vfs_inode);
282}
283
284static void init_inodecache(void)
285{
286 sock_inode_cachep = kmem_cache_create("sock_inode_cache",
287 sizeof(struct socket_alloc),
288 0,
289 (SLAB_HWCACHE_ALIGN |
290 SLAB_RECLAIM_ACCOUNT |
291 SLAB_MEM_SPREAD | SLAB_ACCOUNT),
292 init_once);
293 BUG_ON(sock_inode_cachep == NULL);
294}
295
296static const struct super_operations sockfs_ops = {
297 .alloc_inode = sock_alloc_inode,
298 .free_inode = sock_free_inode,
299 .statfs = simple_statfs,
300};
301
302
303
304
305static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
306{
307 return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
308 d_inode(dentry)->i_ino);
309}
310
311static const struct dentry_operations sockfs_dentry_operations = {
312 .d_dname = sockfs_dname,
313};
314
315static int sockfs_xattr_get(const struct xattr_handler *handler,
316 struct dentry *dentry, struct inode *inode,
317 const char *suffix, void *value, size_t size)
318{
319 if (value) {
320 if (dentry->d_name.len + 1 > size)
321 return -ERANGE;
322 memcpy(value, dentry->d_name.name, dentry->d_name.len + 1);
323 }
324 return dentry->d_name.len + 1;
325}
326
327#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
328#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
329#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
330
331static const struct xattr_handler sockfs_xattr_handler = {
332 .name = XATTR_NAME_SOCKPROTONAME,
333 .get = sockfs_xattr_get,
334};
335
336static int sockfs_security_xattr_set(const struct xattr_handler *handler,
337 struct user_namespace *mnt_userns,
338 struct dentry *dentry, struct inode *inode,
339 const char *suffix, const void *value,
340 size_t size, int flags)
341{
342
343 return -EAGAIN;
344}
345
346static const struct xattr_handler sockfs_security_xattr_handler = {
347 .prefix = XATTR_SECURITY_PREFIX,
348 .set = sockfs_security_xattr_set,
349};
350
351static const struct xattr_handler *sockfs_xattr_handlers[] = {
352 &sockfs_xattr_handler,
353 &sockfs_security_xattr_handler,
354 NULL
355};
356
357static int sockfs_init_fs_context(struct fs_context *fc)
358{
359 struct pseudo_fs_context *ctx = init_pseudo(fc, SOCKFS_MAGIC);
360 if (!ctx)
361 return -ENOMEM;
362 ctx->ops = &sockfs_ops;
363 ctx->dops = &sockfs_dentry_operations;
364 ctx->xattr = sockfs_xattr_handlers;
365 return 0;
366}
367
368static struct vfsmount *sock_mnt __read_mostly;
369
370static struct file_system_type sock_fs_type = {
371 .name = "sockfs",
372 .init_fs_context = sockfs_init_fs_context,
373 .kill_sb = kill_anon_super,
374};
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
406{
407 struct file *file;
408
409 if (!dname)
410 dname = sock->sk ? sock->sk->sk_prot_creator->name : "";
411
412 file = alloc_file_pseudo(SOCK_INODE(sock), sock_mnt, dname,
413 O_RDWR | (flags & O_NONBLOCK),
414 &socket_file_ops);
415 if (IS_ERR(file)) {
416 sock_release(sock);
417 return file;
418 }
419
420 sock->file = file;
421 file->private_data = sock;
422 stream_open(SOCK_INODE(sock), file);
423 return file;
424}
425EXPORT_SYMBOL(sock_alloc_file);
426
427static int sock_map_fd(struct socket *sock, int flags)
428{
429 struct file *newfile;
430 int fd = get_unused_fd_flags(flags);
431 if (unlikely(fd < 0)) {
432 sock_release(sock);
433 return fd;
434 }
435
436 newfile = sock_alloc_file(sock, flags, NULL);
437 if (!IS_ERR(newfile)) {
438 fd_install(fd, newfile);
439 return fd;
440 }
441
442 put_unused_fd(fd);
443 return PTR_ERR(newfile);
444}
445
446
447
448
449
450
451
452
453struct socket *sock_from_file(struct file *file)
454{
455 if (file->f_op == &socket_file_ops)
456 return file->private_data;
457
458 return NULL;
459}
460EXPORT_SYMBOL(sock_from_file);
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475struct socket *sockfd_lookup(int fd, int *err)
476{
477 struct file *file;
478 struct socket *sock;
479
480 file = fget(fd);
481 if (!file) {
482 *err = -EBADF;
483 return NULL;
484 }
485
486 sock = sock_from_file(file);
487 if (!sock) {
488 *err = -ENOTSOCK;
489 fput(file);
490 }
491 return sock;
492}
493EXPORT_SYMBOL(sockfd_lookup);
494
495static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
496{
497 struct fd f = fdget(fd);
498 struct socket *sock;
499
500 *err = -EBADF;
501 if (f.file) {
502 sock = sock_from_file(f.file);
503 if (likely(sock)) {
504 *fput_needed = f.flags & FDPUT_FPUT;
505 return sock;
506 }
507 *err = -ENOTSOCK;
508 fdput(f);
509 }
510 return NULL;
511}
512
513static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
514 size_t size)
515{
516 ssize_t len;
517 ssize_t used = 0;
518
519 len = security_inode_listsecurity(d_inode(dentry), buffer, size);
520 if (len < 0)
521 return len;
522 used += len;
523 if (buffer) {
524 if (size < used)
525 return -ERANGE;
526 buffer += len;
527 }
528
529 len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
530 used += len;
531 if (buffer) {
532 if (size < used)
533 return -ERANGE;
534 memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
535 buffer += len;
536 }
537
538 return used;
539}
540
541static int sockfs_setattr(struct user_namespace *mnt_userns,
542 struct dentry *dentry, struct iattr *iattr)
543{
544 int err = simple_setattr(&init_user_ns, dentry, iattr);
545
546 if (!err && (iattr->ia_valid & ATTR_UID)) {
547 struct socket *sock = SOCKET_I(d_inode(dentry));
548
549 if (sock->sk)
550 sock->sk->sk_uid = iattr->ia_uid;
551 else
552 err = -ENOENT;
553 }
554
555 return err;
556}
557
558static const struct inode_operations sockfs_inode_ops = {
559 .listxattr = sockfs_listxattr,
560 .setattr = sockfs_setattr,
561};
562
563
564
565
566
567
568
569
570
571struct socket *sock_alloc(void)
572{
573 struct inode *inode;
574 struct socket *sock;
575
576 inode = new_inode_pseudo(sock_mnt->mnt_sb);
577 if (!inode)
578 return NULL;
579
580 sock = SOCKET_I(inode);
581
582 inode->i_ino = get_next_ino();
583 inode->i_mode = S_IFSOCK | S_IRWXUGO;
584 inode->i_uid = current_fsuid();
585 inode->i_gid = current_fsgid();
586 inode->i_op = &sockfs_inode_ops;
587
588 return sock;
589}
590EXPORT_SYMBOL(sock_alloc);
591
592static void __sock_release(struct socket *sock, struct inode *inode)
593{
594 if (sock->ops) {
595 struct module *owner = sock->ops->owner;
596
597 if (inode)
598 inode_lock(inode);
599 sock->ops->release(sock);
600 sock->sk = NULL;
601 if (inode)
602 inode_unlock(inode);
603 sock->ops = NULL;
604 module_put(owner);
605 }
606
607 if (sock->wq.fasync_list)
608 pr_err("%s: fasync list not empty!\n", __func__);
609
610 if (!sock->file) {
611 iput(SOCK_INODE(sock));
612 return;
613 }
614 sock->file = NULL;
615}
616
617
618
619
620
621
622
623
624
625void sock_release(struct socket *sock)
626{
627 __sock_release(sock, NULL);
628}
629EXPORT_SYMBOL(sock_release);
630
631void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags)
632{
633 u8 flags = *tx_flags;
634
635 if (tsflags & SOF_TIMESTAMPING_TX_HARDWARE)
636 flags |= SKBTX_HW_TSTAMP;
637
638 if (tsflags & SOF_TIMESTAMPING_TX_SOFTWARE)
639 flags |= SKBTX_SW_TSTAMP;
640
641 if (tsflags & SOF_TIMESTAMPING_TX_SCHED)
642 flags |= SKBTX_SCHED_TSTAMP;
643
644 *tx_flags = flags;
645}
646EXPORT_SYMBOL(__sock_tx_timestamp);
647
648INDIRECT_CALLABLE_DECLARE(int inet_sendmsg(struct socket *, struct msghdr *,
649 size_t));
650INDIRECT_CALLABLE_DECLARE(int inet6_sendmsg(struct socket *, struct msghdr *,
651 size_t));
652static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
653{
654 int ret = INDIRECT_CALL_INET(sock->ops->sendmsg, inet6_sendmsg,
655 inet_sendmsg, sock, msg,
656 msg_data_left(msg));
657 BUG_ON(ret == -EIOCBQUEUED);
658 return ret;
659}
660
661
662
663
664
665
666
667
668
669int sock_sendmsg(struct socket *sock, struct msghdr *msg)
670{
671 int err = security_socket_sendmsg(sock, msg,
672 msg_data_left(msg));
673
674 return err ?: sock_sendmsg_nosec(sock, msg);
675}
676EXPORT_SYMBOL(sock_sendmsg);
677
678
679
680
681
682
683
684
685
686
687
688
689
690int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
691 struct kvec *vec, size_t num, size_t size)
692{
693 iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
694 return sock_sendmsg(sock, msg);
695}
696EXPORT_SYMBOL(kernel_sendmsg);
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711int kernel_sendmsg_locked(struct sock *sk, struct msghdr *msg,
712 struct kvec *vec, size_t num, size_t size)
713{
714 struct socket *sock = sk->sk_socket;
715
716 if (!sock->ops->sendmsg_locked)
717 return sock_no_sendmsg_locked(sk, msg, size);
718
719 iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
720
721 return sock->ops->sendmsg_locked(sk, msg, msg_data_left(msg));
722}
723EXPORT_SYMBOL(kernel_sendmsg_locked);
724
725static bool skb_is_err_queue(const struct sk_buff *skb)
726{
727
728
729
730
731
732 return skb->pkt_type == PACKET_OUTGOING;
733}
734
735
736
737
738
739
740
741
742
743static bool skb_is_swtx_tstamp(const struct sk_buff *skb, int false_tstamp)
744{
745 return skb->tstamp && !false_tstamp && skb_is_err_queue(skb);
746}
747
748static void put_ts_pktinfo(struct msghdr *msg, struct sk_buff *skb)
749{
750 struct scm_ts_pktinfo ts_pktinfo;
751 struct net_device *orig_dev;
752
753 if (!skb_mac_header_was_set(skb))
754 return;
755
756 memset(&ts_pktinfo, 0, sizeof(ts_pktinfo));
757
758 rcu_read_lock();
759 orig_dev = dev_get_by_napi_id(skb_napi_id(skb));
760 if (orig_dev)
761 ts_pktinfo.if_index = orig_dev->ifindex;
762 rcu_read_unlock();
763
764 ts_pktinfo.pkt_length = skb->len - skb_mac_offset(skb);
765 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_PKTINFO,
766 sizeof(ts_pktinfo), &ts_pktinfo);
767}
768
769
770
771
772void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
773 struct sk_buff *skb)
774{
775 int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
776 int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
777 struct scm_timestamping_internal tss;
778
779 int empty = 1, false_tstamp = 0;
780 struct skb_shared_hwtstamps *shhwtstamps =
781 skb_hwtstamps(skb);
782
783
784
785 if (need_software_tstamp && skb->tstamp == 0) {
786 __net_timestamp(skb);
787 false_tstamp = 1;
788 }
789
790 if (need_software_tstamp) {
791 if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
792 if (new_tstamp) {
793 struct __kernel_sock_timeval tv;
794
795 skb_get_new_timestamp(skb, &tv);
796 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_NEW,
797 sizeof(tv), &tv);
798 } else {
799 struct __kernel_old_timeval tv;
800
801 skb_get_timestamp(skb, &tv);
802 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_OLD,
803 sizeof(tv), &tv);
804 }
805 } else {
806 if (new_tstamp) {
807 struct __kernel_timespec ts;
808
809 skb_get_new_timestampns(skb, &ts);
810 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_NEW,
811 sizeof(ts), &ts);
812 } else {
813 struct __kernel_old_timespec ts;
814
815 skb_get_timestampns(skb, &ts);
816 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
817 sizeof(ts), &ts);
818 }
819 }
820 }
821
822 memset(&tss, 0, sizeof(tss));
823 if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) &&
824 ktime_to_timespec64_cond(skb->tstamp, tss.ts + 0))
825 empty = 0;
826 if (shhwtstamps &&
827 (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
828 !skb_is_swtx_tstamp(skb, false_tstamp) &&
829 ktime_to_timespec64_cond(shhwtstamps->hwtstamp, tss.ts + 2)) {
830 empty = 0;
831 if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_PKTINFO) &&
832 !skb_is_err_queue(skb))
833 put_ts_pktinfo(msg, skb);
834 }
835 if (!empty) {
836 if (sock_flag(sk, SOCK_TSTAMP_NEW))
837 put_cmsg_scm_timestamping64(msg, &tss);
838 else
839 put_cmsg_scm_timestamping(msg, &tss);
840
841 if (skb_is_err_queue(skb) && skb->len &&
842 SKB_EXT_ERR(skb)->opt_stats)
843 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS,
844 skb->len, skb->data);
845 }
846}
847EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
848
849void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
850 struct sk_buff *skb)
851{
852 int ack;
853
854 if (!sock_flag(sk, SOCK_WIFI_STATUS))
855 return;
856 if (!skb->wifi_acked_valid)
857 return;
858
859 ack = skb->wifi_acked;
860
861 put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
862}
863EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
864
865static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
866 struct sk_buff *skb)
867{
868 if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
869 put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
870 sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
871}
872
873void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
874 struct sk_buff *skb)
875{
876 sock_recv_timestamp(msg, sk, skb);
877 sock_recv_drops(msg, sk, skb);
878}
879EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
880
881INDIRECT_CALLABLE_DECLARE(int inet_recvmsg(struct socket *, struct msghdr *,
882 size_t, int));
883INDIRECT_CALLABLE_DECLARE(int inet6_recvmsg(struct socket *, struct msghdr *,
884 size_t, int));
885static inline int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
886 int flags)
887{
888 return INDIRECT_CALL_INET(sock->ops->recvmsg, inet6_recvmsg,
889 inet_recvmsg, sock, msg, msg_data_left(msg),
890 flags);
891}
892
893
894
895
896
897
898
899
900
901
902int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags)
903{
904 int err = security_socket_recvmsg(sock, msg, msg_data_left(msg), flags);
905
906 return err ?: sock_recvmsg_nosec(sock, msg, flags);
907}
908EXPORT_SYMBOL(sock_recvmsg);
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
927 struct kvec *vec, size_t num, size_t size, int flags)
928{
929 msg->msg_control_is_user = false;
930 iov_iter_kvec(&msg->msg_iter, READ, vec, num, size);
931 return sock_recvmsg(sock, msg, flags);
932}
933EXPORT_SYMBOL(kernel_recvmsg);
934
935static ssize_t sock_sendpage(struct file *file, struct page *page,
936 int offset, size_t size, loff_t *ppos, int more)
937{
938 struct socket *sock;
939 int flags;
940
941 sock = file->private_data;
942
943 flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
944
945 flags |= more;
946
947 return kernel_sendpage(sock, page, offset, size, flags);
948}
949
950static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
951 struct pipe_inode_info *pipe, size_t len,
952 unsigned int flags)
953{
954 struct socket *sock = file->private_data;
955
956 if (unlikely(!sock->ops->splice_read))
957 return generic_file_splice_read(file, ppos, pipe, len, flags);
958
959 return sock->ops->splice_read(sock, ppos, pipe, len, flags);
960}
961
962static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
963{
964 struct file *file = iocb->ki_filp;
965 struct socket *sock = file->private_data;
966 struct msghdr msg = {.msg_iter = *to,
967 .msg_iocb = iocb};
968 ssize_t res;
969
970 if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
971 msg.msg_flags = MSG_DONTWAIT;
972
973 if (iocb->ki_pos != 0)
974 return -ESPIPE;
975
976 if (!iov_iter_count(to))
977 return 0;
978
979 res = sock_recvmsg(sock, &msg, msg.msg_flags);
980 *to = msg.msg_iter;
981 return res;
982}
983
984static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
985{
986 struct file *file = iocb->ki_filp;
987 struct socket *sock = file->private_data;
988 struct msghdr msg = {.msg_iter = *from,
989 .msg_iocb = iocb};
990 ssize_t res;
991
992 if (iocb->ki_pos != 0)
993 return -ESPIPE;
994
995 if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
996 msg.msg_flags = MSG_DONTWAIT;
997
998 if (sock->type == SOCK_SEQPACKET)
999 msg.msg_flags |= MSG_EOR;
1000
1001 res = sock_sendmsg(sock, &msg);
1002 *from = msg.msg_iter;
1003 return res;
1004}
1005
1006
1007
1008
1009
1010
1011static DEFINE_MUTEX(br_ioctl_mutex);
1012static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
1013
1014void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
1015{
1016 mutex_lock(&br_ioctl_mutex);
1017 br_ioctl_hook = hook;
1018 mutex_unlock(&br_ioctl_mutex);
1019}
1020EXPORT_SYMBOL(brioctl_set);
1021
1022static DEFINE_MUTEX(vlan_ioctl_mutex);
1023static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
1024
1025void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
1026{
1027 mutex_lock(&vlan_ioctl_mutex);
1028 vlan_ioctl_hook = hook;
1029 mutex_unlock(&vlan_ioctl_mutex);
1030}
1031EXPORT_SYMBOL(vlan_ioctl_set);
1032
1033static long sock_do_ioctl(struct net *net, struct socket *sock,
1034 unsigned int cmd, unsigned long arg)
1035{
1036 int err;
1037 void __user *argp = (void __user *)arg;
1038
1039 err = sock->ops->ioctl(sock, cmd, arg);
1040
1041
1042
1043
1044
1045 if (err != -ENOIOCTLCMD)
1046 return err;
1047
1048 if (cmd == SIOCGIFCONF) {
1049 struct ifconf ifc;
1050 if (copy_from_user(&ifc, argp, sizeof(struct ifconf)))
1051 return -EFAULT;
1052 rtnl_lock();
1053 err = dev_ifconf(net, &ifc, sizeof(struct ifreq));
1054 rtnl_unlock();
1055 if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf)))
1056 err = -EFAULT;
1057 } else if (is_socket_ioctl_cmd(cmd)) {
1058 struct ifreq ifr;
1059 bool need_copyout;
1060 if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1061 return -EFAULT;
1062 err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1063 if (!err && need_copyout)
1064 if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1065 return -EFAULT;
1066 } else {
1067 err = -ENOTTY;
1068 }
1069 return err;
1070}
1071
1072
1073
1074
1075
1076
1077static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1078{
1079 struct socket *sock;
1080 struct sock *sk;
1081 void __user *argp = (void __user *)arg;
1082 int pid, err;
1083 struct net *net;
1084
1085 sock = file->private_data;
1086 sk = sock->sk;
1087 net = sock_net(sk);
1088 if (unlikely(cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))) {
1089 struct ifreq ifr;
1090 bool need_copyout;
1091 if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1092 return -EFAULT;
1093 err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1094 if (!err && need_copyout)
1095 if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1096 return -EFAULT;
1097 } else
1098#ifdef CONFIG_WEXT_CORE
1099 if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1100 err = wext_handle_ioctl(net, cmd, argp);
1101 } else
1102#endif
1103 switch (cmd) {
1104 case FIOSETOWN:
1105 case SIOCSPGRP:
1106 err = -EFAULT;
1107 if (get_user(pid, (int __user *)argp))
1108 break;
1109 err = f_setown(sock->file, pid, 1);
1110 break;
1111 case FIOGETOWN:
1112 case SIOCGPGRP:
1113 err = put_user(f_getown(sock->file),
1114 (int __user *)argp);
1115 break;
1116 case SIOCGIFBR:
1117 case SIOCSIFBR:
1118 case SIOCBRADDBR:
1119 case SIOCBRDELBR:
1120 err = -ENOPKG;
1121 if (!br_ioctl_hook)
1122 request_module("bridge");
1123
1124 mutex_lock(&br_ioctl_mutex);
1125 if (br_ioctl_hook)
1126 err = br_ioctl_hook(net, cmd, argp);
1127 mutex_unlock(&br_ioctl_mutex);
1128 break;
1129 case SIOCGIFVLAN:
1130 case SIOCSIFVLAN:
1131 err = -ENOPKG;
1132 if (!vlan_ioctl_hook)
1133 request_module("8021q");
1134
1135 mutex_lock(&vlan_ioctl_mutex);
1136 if (vlan_ioctl_hook)
1137 err = vlan_ioctl_hook(net, argp);
1138 mutex_unlock(&vlan_ioctl_mutex);
1139 break;
1140 case SIOCGSKNS:
1141 err = -EPERM;
1142 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1143 break;
1144
1145 err = open_related_ns(&net->ns, get_net_ns);
1146 break;
1147 case SIOCGSTAMP_OLD:
1148 case SIOCGSTAMPNS_OLD:
1149 if (!sock->ops->gettstamp) {
1150 err = -ENOIOCTLCMD;
1151 break;
1152 }
1153 err = sock->ops->gettstamp(sock, argp,
1154 cmd == SIOCGSTAMP_OLD,
1155 !IS_ENABLED(CONFIG_64BIT));
1156 break;
1157 case SIOCGSTAMP_NEW:
1158 case SIOCGSTAMPNS_NEW:
1159 if (!sock->ops->gettstamp) {
1160 err = -ENOIOCTLCMD;
1161 break;
1162 }
1163 err = sock->ops->gettstamp(sock, argp,
1164 cmd == SIOCGSTAMP_NEW,
1165 false);
1166 break;
1167 default:
1168 err = sock_do_ioctl(net, sock, cmd, arg);
1169 break;
1170 }
1171 return err;
1172}
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187int sock_create_lite(int family, int type, int protocol, struct socket **res)
1188{
1189 int err;
1190 struct socket *sock = NULL;
1191
1192 err = security_socket_create(family, type, protocol, 1);
1193 if (err)
1194 goto out;
1195
1196 sock = sock_alloc();
1197 if (!sock) {
1198 err = -ENOMEM;
1199 goto out;
1200 }
1201
1202 sock->type = type;
1203 err = security_socket_post_create(sock, family, type, protocol, 1);
1204 if (err)
1205 goto out_release;
1206
1207out:
1208 *res = sock;
1209 return err;
1210out_release:
1211 sock_release(sock);
1212 sock = NULL;
1213 goto out;
1214}
1215EXPORT_SYMBOL(sock_create_lite);
1216
1217
1218static __poll_t sock_poll(struct file *file, poll_table *wait)
1219{
1220 struct socket *sock = file->private_data;
1221 __poll_t events = poll_requested_events(wait), flag = 0;
1222
1223 if (!sock->ops->poll)
1224 return 0;
1225
1226 if (sk_can_busy_loop(sock->sk)) {
1227
1228 if (events & POLL_BUSY_LOOP)
1229 sk_busy_loop(sock->sk, 1);
1230
1231
1232 flag = POLL_BUSY_LOOP;
1233 }
1234
1235 return sock->ops->poll(file, sock, wait) | flag;
1236}
1237
1238static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1239{
1240 struct socket *sock = file->private_data;
1241
1242 return sock->ops->mmap(file, sock, vma);
1243}
1244
1245static int sock_close(struct inode *inode, struct file *filp)
1246{
1247 __sock_release(SOCKET_I(inode), inode);
1248 return 0;
1249}
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262static int sock_fasync(int fd, struct file *filp, int on)
1263{
1264 struct socket *sock = filp->private_data;
1265 struct sock *sk = sock->sk;
1266 struct socket_wq *wq = &sock->wq;
1267
1268 if (sk == NULL)
1269 return -EINVAL;
1270
1271 lock_sock(sk);
1272 fasync_helper(fd, filp, on, &wq->fasync_list);
1273
1274 if (!wq->fasync_list)
1275 sock_reset_flag(sk, SOCK_FASYNC);
1276 else
1277 sock_set_flag(sk, SOCK_FASYNC);
1278
1279 release_sock(sk);
1280 return 0;
1281}
1282
1283
1284
1285int sock_wake_async(struct socket_wq *wq, int how, int band)
1286{
1287 if (!wq || !wq->fasync_list)
1288 return -1;
1289
1290 switch (how) {
1291 case SOCK_WAKE_WAITD:
1292 if (test_bit(SOCKWQ_ASYNC_WAITDATA, &wq->flags))
1293 break;
1294 goto call_kill;
1295 case SOCK_WAKE_SPACE:
1296 if (!test_and_clear_bit(SOCKWQ_ASYNC_NOSPACE, &wq->flags))
1297 break;
1298 fallthrough;
1299 case SOCK_WAKE_IO:
1300call_kill:
1301 kill_fasync(&wq->fasync_list, SIGIO, band);
1302 break;
1303 case SOCK_WAKE_URG:
1304 kill_fasync(&wq->fasync_list, SIGURG, band);
1305 }
1306
1307 return 0;
1308}
1309EXPORT_SYMBOL(sock_wake_async);
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326int __sock_create(struct net *net, int family, int type, int protocol,
1327 struct socket **res, int kern)
1328{
1329 int err;
1330 struct socket *sock;
1331 const struct net_proto_family *pf;
1332
1333
1334
1335
1336 if (family < 0 || family >= NPROTO)
1337 return -EAFNOSUPPORT;
1338 if (type < 0 || type >= SOCK_MAX)
1339 return -EINVAL;
1340
1341
1342
1343
1344
1345
1346 if (family == PF_INET && type == SOCK_PACKET) {
1347 pr_info_once("%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1348 current->comm);
1349 family = PF_PACKET;
1350 }
1351
1352 err = security_socket_create(family, type, protocol, kern);
1353 if (err)
1354 return err;
1355
1356
1357
1358
1359
1360
1361 sock = sock_alloc();
1362 if (!sock) {
1363 net_warn_ratelimited("socket: no more sockets\n");
1364 return -ENFILE;
1365
1366 }
1367
1368 sock->type = type;
1369
1370#ifdef CONFIG_MODULES
1371
1372
1373
1374
1375
1376
1377 if (rcu_access_pointer(net_families[family]) == NULL)
1378 request_module("net-pf-%d", family);
1379#endif
1380
1381 rcu_read_lock();
1382 pf = rcu_dereference(net_families[family]);
1383 err = -EAFNOSUPPORT;
1384 if (!pf)
1385 goto out_release;
1386
1387
1388
1389
1390
1391 if (!try_module_get(pf->owner))
1392 goto out_release;
1393
1394
1395 rcu_read_unlock();
1396
1397 err = pf->create(net, sock, protocol, kern);
1398 if (err < 0)
1399 goto out_module_put;
1400
1401
1402
1403
1404
1405 if (!try_module_get(sock->ops->owner))
1406 goto out_module_busy;
1407
1408
1409
1410
1411
1412 module_put(pf->owner);
1413 err = security_socket_post_create(sock, family, type, protocol, kern);
1414 if (err)
1415 goto out_sock_release;
1416 *res = sock;
1417
1418 return 0;
1419
1420out_module_busy:
1421 err = -EAFNOSUPPORT;
1422out_module_put:
1423 sock->ops = NULL;
1424 module_put(pf->owner);
1425out_sock_release:
1426 sock_release(sock);
1427 return err;
1428
1429out_release:
1430 rcu_read_unlock();
1431 goto out_sock_release;
1432}
1433EXPORT_SYMBOL(__sock_create);
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446int sock_create(int family, int type, int protocol, struct socket **res)
1447{
1448 return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1449}
1450EXPORT_SYMBOL(sock_create);
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464int sock_create_kern(struct net *net, int family, int type, int protocol, struct socket **res)
1465{
1466 return __sock_create(net, family, type, protocol, res, 1);
1467}
1468EXPORT_SYMBOL(sock_create_kern);
1469
1470int __sys_socket(int family, int type, int protocol)
1471{
1472 int retval;
1473 struct socket *sock;
1474 int flags;
1475
1476
1477 BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1478 BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1479 BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1480 BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1481
1482 flags = type & ~SOCK_TYPE_MASK;
1483 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1484 return -EINVAL;
1485 type &= SOCK_TYPE_MASK;
1486
1487 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1488 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1489
1490 retval = sock_create(family, type, protocol, &sock);
1491 if (retval < 0)
1492 return retval;
1493
1494 return sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1495}
1496
1497SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1498{
1499 return __sys_socket(family, type, protocol);
1500}
1501
1502
1503
1504
1505
1506int __sys_socketpair(int family, int type, int protocol, int __user *usockvec)
1507{
1508 struct socket *sock1, *sock2;
1509 int fd1, fd2, err;
1510 struct file *newfile1, *newfile2;
1511 int flags;
1512
1513 flags = type & ~SOCK_TYPE_MASK;
1514 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1515 return -EINVAL;
1516 type &= SOCK_TYPE_MASK;
1517
1518 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1519 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1520
1521
1522
1523
1524
1525 fd1 = get_unused_fd_flags(flags);
1526 if (unlikely(fd1 < 0))
1527 return fd1;
1528
1529 fd2 = get_unused_fd_flags(flags);
1530 if (unlikely(fd2 < 0)) {
1531 put_unused_fd(fd1);
1532 return fd2;
1533 }
1534
1535 err = put_user(fd1, &usockvec[0]);
1536 if (err)
1537 goto out;
1538
1539 err = put_user(fd2, &usockvec[1]);
1540 if (err)
1541 goto out;
1542
1543
1544
1545
1546
1547
1548 err = sock_create(family, type, protocol, &sock1);
1549 if (unlikely(err < 0))
1550 goto out;
1551
1552 err = sock_create(family, type, protocol, &sock2);
1553 if (unlikely(err < 0)) {
1554 sock_release(sock1);
1555 goto out;
1556 }
1557
1558 err = security_socket_socketpair(sock1, sock2);
1559 if (unlikely(err)) {
1560 sock_release(sock2);
1561 sock_release(sock1);
1562 goto out;
1563 }
1564
1565 err = sock1->ops->socketpair(sock1, sock2);
1566 if (unlikely(err < 0)) {
1567 sock_release(sock2);
1568 sock_release(sock1);
1569 goto out;
1570 }
1571
1572 newfile1 = sock_alloc_file(sock1, flags, NULL);
1573 if (IS_ERR(newfile1)) {
1574 err = PTR_ERR(newfile1);
1575 sock_release(sock2);
1576 goto out;
1577 }
1578
1579 newfile2 = sock_alloc_file(sock2, flags, NULL);
1580 if (IS_ERR(newfile2)) {
1581 err = PTR_ERR(newfile2);
1582 fput(newfile1);
1583 goto out;
1584 }
1585
1586 audit_fd_pair(fd1, fd2);
1587
1588 fd_install(fd1, newfile1);
1589 fd_install(fd2, newfile2);
1590 return 0;
1591
1592out:
1593 put_unused_fd(fd2);
1594 put_unused_fd(fd1);
1595 return err;
1596}
1597
1598SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1599 int __user *, usockvec)
1600{
1601 return __sys_socketpair(family, type, protocol, usockvec);
1602}
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1613{
1614 struct socket *sock;
1615 struct sockaddr_storage address;
1616 int err, fput_needed;
1617
1618 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1619 if (sock) {
1620 err = move_addr_to_kernel(umyaddr, addrlen, &address);
1621 if (!err) {
1622 err = security_socket_bind(sock,
1623 (struct sockaddr *)&address,
1624 addrlen);
1625 if (!err)
1626 err = sock->ops->bind(sock,
1627 (struct sockaddr *)
1628 &address, addrlen);
1629 }
1630 fput_light(sock->file, fput_needed);
1631 }
1632 return err;
1633}
1634
1635SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1636{
1637 return __sys_bind(fd, umyaddr, addrlen);
1638}
1639
1640
1641
1642
1643
1644
1645
1646int __sys_listen(int fd, int backlog)
1647{
1648 struct socket *sock;
1649 int err, fput_needed;
1650 int somaxconn;
1651
1652 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1653 if (sock) {
1654 somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1655 if ((unsigned int)backlog > somaxconn)
1656 backlog = somaxconn;
1657
1658 err = security_socket_listen(sock, backlog);
1659 if (!err)
1660 err = sock->ops->listen(sock, backlog);
1661
1662 fput_light(sock->file, fput_needed);
1663 }
1664 return err;
1665}
1666
1667SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1668{
1669 return __sys_listen(fd, backlog);
1670}
1671
1672int __sys_accept4_file(struct file *file, unsigned file_flags,
1673 struct sockaddr __user *upeer_sockaddr,
1674 int __user *upeer_addrlen, int flags,
1675 unsigned long nofile)
1676{
1677 struct socket *sock, *newsock;
1678 struct file *newfile;
1679 int err, len, newfd;
1680 struct sockaddr_storage address;
1681
1682 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1683 return -EINVAL;
1684
1685 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1686 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1687
1688 sock = sock_from_file(file);
1689 if (!sock) {
1690 err = -ENOTSOCK;
1691 goto out;
1692 }
1693
1694 err = -ENFILE;
1695 newsock = sock_alloc();
1696 if (!newsock)
1697 goto out;
1698
1699 newsock->type = sock->type;
1700 newsock->ops = sock->ops;
1701
1702
1703
1704
1705
1706 __module_get(newsock->ops->owner);
1707
1708 newfd = __get_unused_fd_flags(flags, nofile);
1709 if (unlikely(newfd < 0)) {
1710 err = newfd;
1711 sock_release(newsock);
1712 goto out;
1713 }
1714 newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
1715 if (IS_ERR(newfile)) {
1716 err = PTR_ERR(newfile);
1717 put_unused_fd(newfd);
1718 goto out;
1719 }
1720
1721 err = security_socket_accept(sock, newsock);
1722 if (err)
1723 goto out_fd;
1724
1725 err = sock->ops->accept(sock, newsock, sock->file->f_flags | file_flags,
1726 false);
1727 if (err < 0)
1728 goto out_fd;
1729
1730 if (upeer_sockaddr) {
1731 len = newsock->ops->getname(newsock,
1732 (struct sockaddr *)&address, 2);
1733 if (len < 0) {
1734 err = -ECONNABORTED;
1735 goto out_fd;
1736 }
1737 err = move_addr_to_user(&address,
1738 len, upeer_sockaddr, upeer_addrlen);
1739 if (err < 0)
1740 goto out_fd;
1741 }
1742
1743
1744
1745 fd_install(newfd, newfile);
1746 err = newfd;
1747out:
1748 return err;
1749out_fd:
1750 fput(newfile);
1751 put_unused_fd(newfd);
1752 goto out;
1753
1754}
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr,
1769 int __user *upeer_addrlen, int flags)
1770{
1771 int ret = -EBADF;
1772 struct fd f;
1773
1774 f = fdget(fd);
1775 if (f.file) {
1776 ret = __sys_accept4_file(f.file, 0, upeer_sockaddr,
1777 upeer_addrlen, flags,
1778 rlimit(RLIMIT_NOFILE));
1779 fdput(f);
1780 }
1781
1782 return ret;
1783}
1784
1785SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1786 int __user *, upeer_addrlen, int, flags)
1787{
1788 return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, flags);
1789}
1790
1791SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1792 int __user *, upeer_addrlen)
1793{
1794 return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1795}
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809int __sys_connect_file(struct file *file, struct sockaddr_storage *address,
1810 int addrlen, int file_flags)
1811{
1812 struct socket *sock;
1813 int err;
1814
1815 sock = sock_from_file(file);
1816 if (!sock) {
1817 err = -ENOTSOCK;
1818 goto out;
1819 }
1820
1821 err =
1822 security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1823 if (err)
1824 goto out;
1825
1826 err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1827 sock->file->f_flags | file_flags);
1828out:
1829 return err;
1830}
1831
1832int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
1833{
1834 int ret = -EBADF;
1835 struct fd f;
1836
1837 f = fdget(fd);
1838 if (f.file) {
1839 struct sockaddr_storage address;
1840
1841 ret = move_addr_to_kernel(uservaddr, addrlen, &address);
1842 if (!ret)
1843 ret = __sys_connect_file(f.file, &address, addrlen, 0);
1844 fdput(f);
1845 }
1846
1847 return ret;
1848}
1849
1850SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1851 int, addrlen)
1852{
1853 return __sys_connect(fd, uservaddr, addrlen);
1854}
1855
1856
1857
1858
1859
1860
1861int __sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1862 int __user *usockaddr_len)
1863{
1864 struct socket *sock;
1865 struct sockaddr_storage address;
1866 int err, fput_needed;
1867
1868 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1869 if (!sock)
1870 goto out;
1871
1872 err = security_socket_getsockname(sock);
1873 if (err)
1874 goto out_put;
1875
1876 err = sock->ops->getname(sock, (struct sockaddr *)&address, 0);
1877 if (err < 0)
1878 goto out_put;
1879
1880 err = move_addr_to_user(&address, err, usockaddr, usockaddr_len);
1881
1882out_put:
1883 fput_light(sock->file, fput_needed);
1884out:
1885 return err;
1886}
1887
1888SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1889 int __user *, usockaddr_len)
1890{
1891 return __sys_getsockname(fd, usockaddr, usockaddr_len);
1892}
1893
1894
1895
1896
1897
1898
1899int __sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1900 int __user *usockaddr_len)
1901{
1902 struct socket *sock;
1903 struct sockaddr_storage address;
1904 int err, fput_needed;
1905
1906 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1907 if (sock != NULL) {
1908 err = security_socket_getpeername(sock);
1909 if (err) {
1910 fput_light(sock->file, fput_needed);
1911 return err;
1912 }
1913
1914 err = sock->ops->getname(sock, (struct sockaddr *)&address, 1);
1915 if (err >= 0)
1916
1917 err = move_addr_to_user(&address, err, usockaddr,
1918 usockaddr_len);
1919 fput_light(sock->file, fput_needed);
1920 }
1921 return err;
1922}
1923
1924SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1925 int __user *, usockaddr_len)
1926{
1927 return __sys_getpeername(fd, usockaddr, usockaddr_len);
1928}
1929
1930
1931
1932
1933
1934
1935int __sys_sendto(int fd, void __user *buff, size_t len, unsigned int flags,
1936 struct sockaddr __user *addr, int addr_len)
1937{
1938 struct socket *sock;
1939 struct sockaddr_storage address;
1940 int err;
1941 struct msghdr msg;
1942 struct iovec iov;
1943 int fput_needed;
1944
1945 err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
1946 if (unlikely(err))
1947 return err;
1948 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1949 if (!sock)
1950 goto out;
1951
1952 msg.msg_name = NULL;
1953 msg.msg_control = NULL;
1954 msg.msg_controllen = 0;
1955 msg.msg_namelen = 0;
1956 if (addr) {
1957 err = move_addr_to_kernel(addr, addr_len, &address);
1958 if (err < 0)
1959 goto out_put;
1960 msg.msg_name = (struct sockaddr *)&address;
1961 msg.msg_namelen = addr_len;
1962 }
1963 if (sock->file->f_flags & O_NONBLOCK)
1964 flags |= MSG_DONTWAIT;
1965 msg.msg_flags = flags;
1966 err = sock_sendmsg(sock, &msg);
1967
1968out_put:
1969 fput_light(sock->file, fput_needed);
1970out:
1971 return err;
1972}
1973
1974SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
1975 unsigned int, flags, struct sockaddr __user *, addr,
1976 int, addr_len)
1977{
1978 return __sys_sendto(fd, buff, len, flags, addr, addr_len);
1979}
1980
1981
1982
1983
1984
1985SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
1986 unsigned int, flags)
1987{
1988 return __sys_sendto(fd, buff, len, flags, NULL, 0);
1989}
1990
1991
1992
1993
1994
1995
1996int __sys_recvfrom(int fd, void __user *ubuf, size_t size, unsigned int flags,
1997 struct sockaddr __user *addr, int __user *addr_len)
1998{
1999 struct socket *sock;
2000 struct iovec iov;
2001 struct msghdr msg;
2002 struct sockaddr_storage address;
2003 int err, err2;
2004 int fput_needed;
2005
2006 err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
2007 if (unlikely(err))
2008 return err;
2009 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2010 if (!sock)
2011 goto out;
2012
2013 msg.msg_control = NULL;
2014 msg.msg_controllen = 0;
2015
2016 msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
2017
2018 msg.msg_namelen = 0;
2019 msg.msg_iocb = NULL;
2020 msg.msg_flags = 0;
2021 if (sock->file->f_flags & O_NONBLOCK)
2022 flags |= MSG_DONTWAIT;
2023 err = sock_recvmsg(sock, &msg, flags);
2024
2025 if (err >= 0 && addr != NULL) {
2026 err2 = move_addr_to_user(&address,
2027 msg.msg_namelen, addr, addr_len);
2028 if (err2 < 0)
2029 err = err2;
2030 }
2031
2032 fput_light(sock->file, fput_needed);
2033out:
2034 return err;
2035}
2036
2037SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
2038 unsigned int, flags, struct sockaddr __user *, addr,
2039 int __user *, addr_len)
2040{
2041 return __sys_recvfrom(fd, ubuf, size, flags, addr, addr_len);
2042}
2043
2044
2045
2046
2047
2048SYSCALL_DEFINE4(recv, int, fd, void __user *, ubuf, size_t, size,
2049 unsigned int, flags)
2050{
2051 return __sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
2052}
2053
2054static bool sock_use_custom_sol_socket(const struct socket *sock)
2055{
2056 const struct sock *sk = sock->sk;
2057
2058
2059 return IS_ENABLED(CONFIG_MPTCP) &&
2060 sk->sk_protocol == IPPROTO_MPTCP &&
2061 sk->sk_type == SOCK_STREAM &&
2062 (sk->sk_family == AF_INET || sk->sk_family == AF_INET6);
2063}
2064
2065
2066
2067
2068
2069int __sys_setsockopt(int fd, int level, int optname, char __user *user_optval,
2070 int optlen)
2071{
2072 sockptr_t optval = USER_SOCKPTR(user_optval);
2073 char *kernel_optval = NULL;
2074 int err, fput_needed;
2075 struct socket *sock;
2076
2077 if (optlen < 0)
2078 return -EINVAL;
2079
2080 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2081 if (!sock)
2082 return err;
2083
2084 err = security_socket_setsockopt(sock, level, optname);
2085 if (err)
2086 goto out_put;
2087
2088 if (!in_compat_syscall())
2089 err = BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock->sk, &level, &optname,
2090 user_optval, &optlen,
2091 &kernel_optval);
2092 if (err < 0)
2093 goto out_put;
2094 if (err > 0) {
2095 err = 0;
2096 goto out_put;
2097 }
2098
2099 if (kernel_optval)
2100 optval = KERNEL_SOCKPTR(kernel_optval);
2101 if (level == SOL_SOCKET && !sock_use_custom_sol_socket(sock))
2102 err = sock_setsockopt(sock, level, optname, optval, optlen);
2103 else if (unlikely(!sock->ops->setsockopt))
2104 err = -EOPNOTSUPP;
2105 else
2106 err = sock->ops->setsockopt(sock, level, optname, optval,
2107 optlen);
2108 kfree(kernel_optval);
2109out_put:
2110 fput_light(sock->file, fput_needed);
2111 return err;
2112}
2113
2114SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
2115 char __user *, optval, int, optlen)
2116{
2117 return __sys_setsockopt(fd, level, optname, optval, optlen);
2118}
2119
2120INDIRECT_CALLABLE_DECLARE(bool tcp_bpf_bypass_getsockopt(int level,
2121 int optname));
2122
2123
2124
2125
2126
2127int __sys_getsockopt(int fd, int level, int optname, char __user *optval,
2128 int __user *optlen)
2129{
2130 int err, fput_needed;
2131 struct socket *sock;
2132 int max_optlen;
2133
2134 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2135 if (!sock)
2136 return err;
2137
2138 err = security_socket_getsockopt(sock, level, optname);
2139 if (err)
2140 goto out_put;
2141
2142 if (!in_compat_syscall())
2143 max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);
2144
2145 if (level == SOL_SOCKET)
2146 err = sock_getsockopt(sock, level, optname, optval, optlen);
2147 else if (unlikely(!sock->ops->getsockopt))
2148 err = -EOPNOTSUPP;
2149 else
2150 err = sock->ops->getsockopt(sock, level, optname, optval,
2151 optlen);
2152
2153 if (!in_compat_syscall())
2154 err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
2155 optval, optlen, max_optlen,
2156 err);
2157out_put:
2158 fput_light(sock->file, fput_needed);
2159 return err;
2160}
2161
2162SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
2163 char __user *, optval, int __user *, optlen)
2164{
2165 return __sys_getsockopt(fd, level, optname, optval, optlen);
2166}
2167
2168
2169
2170
2171
2172int __sys_shutdown_sock(struct socket *sock, int how)
2173{
2174 int err;
2175
2176 err = security_socket_shutdown(sock, how);
2177 if (!err)
2178 err = sock->ops->shutdown(sock, how);
2179
2180 return err;
2181}
2182
2183int __sys_shutdown(int fd, int how)
2184{
2185 int err, fput_needed;
2186 struct socket *sock;
2187
2188 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2189 if (sock != NULL) {
2190 err = __sys_shutdown_sock(sock, how);
2191 fput_light(sock->file, fput_needed);
2192 }
2193 return err;
2194}
2195
2196SYSCALL_DEFINE2(shutdown, int, fd, int, how)
2197{
2198 return __sys_shutdown(fd, how);
2199}
2200
2201
2202
2203
2204#define COMPAT_MSG(msg, member) ((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
2205#define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen)
2206#define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags)
2207
2208struct used_address {
2209 struct sockaddr_storage name;
2210 unsigned int name_len;
2211};
2212
2213int __copy_msghdr_from_user(struct msghdr *kmsg,
2214 struct user_msghdr __user *umsg,
2215 struct sockaddr __user **save_addr,
2216 struct iovec __user **uiov, size_t *nsegs)
2217{
2218 struct user_msghdr msg;
2219 ssize_t err;
2220
2221 if (copy_from_user(&msg, umsg, sizeof(*umsg)))
2222 return -EFAULT;
2223
2224 kmsg->msg_control_is_user = true;
2225 kmsg->msg_control_user = msg.msg_control;
2226 kmsg->msg_controllen = msg.msg_controllen;
2227 kmsg->msg_flags = msg.msg_flags;
2228
2229 kmsg->msg_namelen = msg.msg_namelen;
2230 if (!msg.msg_name)
2231 kmsg->msg_namelen = 0;
2232
2233 if (kmsg->msg_namelen < 0)
2234 return -EINVAL;
2235
2236 if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
2237 kmsg->msg_namelen = sizeof(struct sockaddr_storage);
2238
2239 if (save_addr)
2240 *save_addr = msg.msg_name;
2241
2242 if (msg.msg_name && kmsg->msg_namelen) {
2243 if (!save_addr) {
2244 err = move_addr_to_kernel(msg.msg_name,
2245 kmsg->msg_namelen,
2246 kmsg->msg_name);
2247 if (err < 0)
2248 return err;
2249 }
2250 } else {
2251 kmsg->msg_name = NULL;
2252 kmsg->msg_namelen = 0;
2253 }
2254
2255 if (msg.msg_iovlen > UIO_MAXIOV)
2256 return -EMSGSIZE;
2257
2258 kmsg->msg_iocb = NULL;
2259 *uiov = msg.msg_iov;
2260 *nsegs = msg.msg_iovlen;
2261 return 0;
2262}
2263
2264static int copy_msghdr_from_user(struct msghdr *kmsg,
2265 struct user_msghdr __user *umsg,
2266 struct sockaddr __user **save_addr,
2267 struct iovec **iov)
2268{
2269 struct user_msghdr msg;
2270 ssize_t err;
2271
2272 err = __copy_msghdr_from_user(kmsg, umsg, save_addr, &msg.msg_iov,
2273 &msg.msg_iovlen);
2274 if (err)
2275 return err;
2276
2277 err = import_iovec(save_addr ? READ : WRITE,
2278 msg.msg_iov, msg.msg_iovlen,
2279 UIO_FASTIOV, iov, &kmsg->msg_iter);
2280 return err < 0 ? err : 0;
2281}
2282
2283static int ____sys_sendmsg(struct socket *sock, struct msghdr *msg_sys,
2284 unsigned int flags, struct used_address *used_address,
2285 unsigned int allowed_msghdr_flags)
2286{
2287 unsigned char ctl[sizeof(struct cmsghdr) + 20]
2288 __aligned(sizeof(__kernel_size_t));
2289
2290 unsigned char *ctl_buf = ctl;
2291 int ctl_len;
2292 ssize_t err;
2293
2294 err = -ENOBUFS;
2295
2296 if (msg_sys->msg_controllen > INT_MAX)
2297 goto out;
2298 flags |= (msg_sys->msg_flags & allowed_msghdr_flags);
2299 ctl_len = msg_sys->msg_controllen;
2300 if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
2301 err =
2302 cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
2303 sizeof(ctl));
2304 if (err)
2305 goto out;
2306 ctl_buf = msg_sys->msg_control;
2307 ctl_len = msg_sys->msg_controllen;
2308 } else if (ctl_len) {
2309 BUILD_BUG_ON(sizeof(struct cmsghdr) !=
2310 CMSG_ALIGN(sizeof(struct cmsghdr)));
2311 if (ctl_len > sizeof(ctl)) {
2312 ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
2313 if (ctl_buf == NULL)
2314 goto out;
2315 }
2316 err = -EFAULT;
2317 if (copy_from_user(ctl_buf, msg_sys->msg_control_user, ctl_len))
2318 goto out_freectl;
2319 msg_sys->msg_control = ctl_buf;
2320 msg_sys->msg_control_is_user = false;
2321 }
2322 msg_sys->msg_flags = flags;
2323
2324 if (sock->file->f_flags & O_NONBLOCK)
2325 msg_sys->msg_flags |= MSG_DONTWAIT;
2326
2327
2328
2329
2330
2331
2332 if (used_address && msg_sys->msg_name &&
2333 used_address->name_len == msg_sys->msg_namelen &&
2334 !memcmp(&used_address->name, msg_sys->msg_name,
2335 used_address->name_len)) {
2336 err = sock_sendmsg_nosec(sock, msg_sys);
2337 goto out_freectl;
2338 }
2339 err = sock_sendmsg(sock, msg_sys);
2340
2341
2342
2343
2344 if (used_address && err >= 0) {
2345 used_address->name_len = msg_sys->msg_namelen;
2346 if (msg_sys->msg_name)
2347 memcpy(&used_address->name, msg_sys->msg_name,
2348 used_address->name_len);
2349 }
2350
2351out_freectl:
2352 if (ctl_buf != ctl)
2353 sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2354out:
2355 return err;
2356}
2357
2358int sendmsg_copy_msghdr(struct msghdr *msg,
2359 struct user_msghdr __user *umsg, unsigned flags,
2360 struct iovec **iov)
2361{
2362 int err;
2363
2364 if (flags & MSG_CMSG_COMPAT) {
2365 struct compat_msghdr __user *msg_compat;
2366
2367 msg_compat = (struct compat_msghdr __user *) umsg;
2368 err = get_compat_msghdr(msg, msg_compat, NULL, iov);
2369 } else {
2370 err = copy_msghdr_from_user(msg, umsg, NULL, iov);
2371 }
2372 if (err < 0)
2373 return err;
2374
2375 return 0;
2376}
2377
2378static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
2379 struct msghdr *msg_sys, unsigned int flags,
2380 struct used_address *used_address,
2381 unsigned int allowed_msghdr_flags)
2382{
2383 struct sockaddr_storage address;
2384 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2385 ssize_t err;
2386
2387 msg_sys->msg_name = &address;
2388
2389 err = sendmsg_copy_msghdr(msg_sys, msg, flags, &iov);
2390 if (err < 0)
2391 return err;
2392
2393 err = ____sys_sendmsg(sock, msg_sys, flags, used_address,
2394 allowed_msghdr_flags);
2395 kfree(iov);
2396 return err;
2397}
2398
2399
2400
2401
2402long __sys_sendmsg_sock(struct socket *sock, struct msghdr *msg,
2403 unsigned int flags)
2404{
2405 return ____sys_sendmsg(sock, msg, flags, NULL, 0);
2406}
2407
2408long __sys_sendmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2409 bool forbid_cmsg_compat)
2410{
2411 int fput_needed, err;
2412 struct msghdr msg_sys;
2413 struct socket *sock;
2414
2415 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2416 return -EINVAL;
2417
2418 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2419 if (!sock)
2420 goto out;
2421
2422 err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL, 0);
2423
2424 fput_light(sock->file, fput_needed);
2425out:
2426 return err;
2427}
2428
2429SYSCALL_DEFINE3(sendmsg, int, fd, struct user_msghdr __user *, msg, unsigned int, flags)
2430{
2431 return __sys_sendmsg(fd, msg, flags, true);
2432}
2433
2434
2435
2436
2437
2438int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2439 unsigned int flags, bool forbid_cmsg_compat)
2440{
2441 int fput_needed, err, datagrams;
2442 struct socket *sock;
2443 struct mmsghdr __user *entry;
2444 struct compat_mmsghdr __user *compat_entry;
2445 struct msghdr msg_sys;
2446 struct used_address used_address;
2447 unsigned int oflags = flags;
2448
2449 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2450 return -EINVAL;
2451
2452 if (vlen > UIO_MAXIOV)
2453 vlen = UIO_MAXIOV;
2454
2455 datagrams = 0;
2456
2457 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2458 if (!sock)
2459 return err;
2460
2461 used_address.name_len = UINT_MAX;
2462 entry = mmsg;
2463 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2464 err = 0;
2465 flags |= MSG_BATCH;
2466
2467 while (datagrams < vlen) {
2468 if (datagrams == vlen - 1)
2469 flags = oflags;
2470
2471 if (MSG_CMSG_COMPAT & flags) {
2472 err = ___sys_sendmsg(sock, (struct user_msghdr __user *)compat_entry,
2473 &msg_sys, flags, &used_address, MSG_EOR);
2474 if (err < 0)
2475 break;
2476 err = __put_user(err, &compat_entry->msg_len);
2477 ++compat_entry;
2478 } else {
2479 err = ___sys_sendmsg(sock,
2480 (struct user_msghdr __user *)entry,
2481 &msg_sys, flags, &used_address, MSG_EOR);
2482 if (err < 0)
2483 break;
2484 err = put_user(err, &entry->msg_len);
2485 ++entry;
2486 }
2487
2488 if (err)
2489 break;
2490 ++datagrams;
2491 if (msg_data_left(&msg_sys))
2492 break;
2493 cond_resched();
2494 }
2495
2496 fput_light(sock->file, fput_needed);
2497
2498
2499 if (datagrams != 0)
2500 return datagrams;
2501
2502 return err;
2503}
2504
2505SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2506 unsigned int, vlen, unsigned int, flags)
2507{
2508 return __sys_sendmmsg(fd, mmsg, vlen, flags, true);
2509}
2510
2511int recvmsg_copy_msghdr(struct msghdr *msg,
2512 struct user_msghdr __user *umsg, unsigned flags,
2513 struct sockaddr __user **uaddr,
2514 struct iovec **iov)
2515{
2516 ssize_t err;
2517
2518 if (MSG_CMSG_COMPAT & flags) {
2519 struct compat_msghdr __user *msg_compat;
2520
2521 msg_compat = (struct compat_msghdr __user *) umsg;
2522 err = get_compat_msghdr(msg, msg_compat, uaddr, iov);
2523 } else {
2524 err = copy_msghdr_from_user(msg, umsg, uaddr, iov);
2525 }
2526 if (err < 0)
2527 return err;
2528
2529 return 0;
2530}
2531
2532static int ____sys_recvmsg(struct socket *sock, struct msghdr *msg_sys,
2533 struct user_msghdr __user *msg,
2534 struct sockaddr __user *uaddr,
2535 unsigned int flags, int nosec)
2536{
2537 struct compat_msghdr __user *msg_compat =
2538 (struct compat_msghdr __user *) msg;
2539 int __user *uaddr_len = COMPAT_NAMELEN(msg);
2540 struct sockaddr_storage addr;
2541 unsigned long cmsg_ptr;
2542 int len;
2543 ssize_t err;
2544
2545 msg_sys->msg_name = &addr;
2546 cmsg_ptr = (unsigned long)msg_sys->msg_control;
2547 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2548
2549
2550 msg_sys->msg_namelen = 0;
2551
2552 if (sock->file->f_flags & O_NONBLOCK)
2553 flags |= MSG_DONTWAIT;
2554
2555 if (unlikely(nosec))
2556 err = sock_recvmsg_nosec(sock, msg_sys, flags);
2557 else
2558 err = sock_recvmsg(sock, msg_sys, flags);
2559
2560 if (err < 0)
2561 goto out;
2562 len = err;
2563
2564 if (uaddr != NULL) {
2565 err = move_addr_to_user(&addr,
2566 msg_sys->msg_namelen, uaddr,
2567 uaddr_len);
2568 if (err < 0)
2569 goto out;
2570 }
2571 err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
2572 COMPAT_FLAGS(msg));
2573 if (err)
2574 goto out;
2575 if (MSG_CMSG_COMPAT & flags)
2576 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2577 &msg_compat->msg_controllen);
2578 else
2579 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2580 &msg->msg_controllen);
2581 if (err)
2582 goto out;
2583 err = len;
2584out:
2585 return err;
2586}
2587
2588static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
2589 struct msghdr *msg_sys, unsigned int flags, int nosec)
2590{
2591 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2592
2593 struct sockaddr __user *uaddr;
2594 ssize_t err;
2595
2596 err = recvmsg_copy_msghdr(msg_sys, msg, flags, &uaddr, &iov);
2597 if (err < 0)
2598 return err;
2599
2600 err = ____sys_recvmsg(sock, msg_sys, msg, uaddr, flags, nosec);
2601 kfree(iov);
2602 return err;
2603}
2604
2605
2606
2607
2608
2609long __sys_recvmsg_sock(struct socket *sock, struct msghdr *msg,
2610 struct user_msghdr __user *umsg,
2611 struct sockaddr __user *uaddr, unsigned int flags)
2612{
2613 return ____sys_recvmsg(sock, msg, umsg, uaddr, flags, 0);
2614}
2615
2616long __sys_recvmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2617 bool forbid_cmsg_compat)
2618{
2619 int fput_needed, err;
2620 struct msghdr msg_sys;
2621 struct socket *sock;
2622
2623 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2624 return -EINVAL;
2625
2626 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2627 if (!sock)
2628 goto out;
2629
2630 err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2631
2632 fput_light(sock->file, fput_needed);
2633out:
2634 return err;
2635}
2636
2637SYSCALL_DEFINE3(recvmsg, int, fd, struct user_msghdr __user *, msg,
2638 unsigned int, flags)
2639{
2640 return __sys_recvmsg(fd, msg, flags, true);
2641}
2642
2643
2644
2645
2646
2647static int do_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2648 unsigned int vlen, unsigned int flags,
2649 struct timespec64 *timeout)
2650{
2651 int fput_needed, err, datagrams;
2652 struct socket *sock;
2653 struct mmsghdr __user *entry;
2654 struct compat_mmsghdr __user *compat_entry;
2655 struct msghdr msg_sys;
2656 struct timespec64 end_time;
2657 struct timespec64 timeout64;
2658
2659 if (timeout &&
2660 poll_select_set_timeout(&end_time, timeout->tv_sec,
2661 timeout->tv_nsec))
2662 return -EINVAL;
2663
2664 datagrams = 0;
2665
2666 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2667 if (!sock)
2668 return err;
2669
2670 if (likely(!(flags & MSG_ERRQUEUE))) {
2671 err = sock_error(sock->sk);
2672 if (err) {
2673 datagrams = err;
2674 goto out_put;
2675 }
2676 }
2677
2678 entry = mmsg;
2679 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2680
2681 while (datagrams < vlen) {
2682
2683
2684
2685 if (MSG_CMSG_COMPAT & flags) {
2686 err = ___sys_recvmsg(sock, (struct user_msghdr __user *)compat_entry,
2687 &msg_sys, flags & ~MSG_WAITFORONE,
2688 datagrams);
2689 if (err < 0)
2690 break;
2691 err = __put_user(err, &compat_entry->msg_len);
2692 ++compat_entry;
2693 } else {
2694 err = ___sys_recvmsg(sock,
2695 (struct user_msghdr __user *)entry,
2696 &msg_sys, flags & ~MSG_WAITFORONE,
2697 datagrams);
2698 if (err < 0)
2699 break;
2700 err = put_user(err, &entry->msg_len);
2701 ++entry;
2702 }
2703
2704 if (err)
2705 break;
2706 ++datagrams;
2707
2708
2709 if (flags & MSG_WAITFORONE)
2710 flags |= MSG_DONTWAIT;
2711
2712 if (timeout) {
2713 ktime_get_ts64(&timeout64);
2714 *timeout = timespec64_sub(end_time, timeout64);
2715 if (timeout->tv_sec < 0) {
2716 timeout->tv_sec = timeout->tv_nsec = 0;
2717 break;
2718 }
2719
2720
2721 if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2722 break;
2723 }
2724
2725
2726 if (msg_sys.msg_flags & MSG_OOB)
2727 break;
2728 cond_resched();
2729 }
2730
2731 if (err == 0)
2732 goto out_put;
2733
2734 if (datagrams == 0) {
2735 datagrams = err;
2736 goto out_put;
2737 }
2738
2739
2740
2741
2742
2743 if (err != -EAGAIN) {
2744
2745
2746
2747
2748
2749
2750 sock->sk->sk_err = -err;
2751 }
2752out_put:
2753 fput_light(sock->file, fput_needed);
2754
2755 return datagrams;
2756}
2757
2758int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2759 unsigned int vlen, unsigned int flags,
2760 struct __kernel_timespec __user *timeout,
2761 struct old_timespec32 __user *timeout32)
2762{
2763 int datagrams;
2764 struct timespec64 timeout_sys;
2765
2766 if (timeout && get_timespec64(&timeout_sys, timeout))
2767 return -EFAULT;
2768
2769 if (timeout32 && get_old_timespec32(&timeout_sys, timeout32))
2770 return -EFAULT;
2771
2772 if (!timeout && !timeout32)
2773 return do_recvmmsg(fd, mmsg, vlen, flags, NULL);
2774
2775 datagrams = do_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2776
2777 if (datagrams <= 0)
2778 return datagrams;
2779
2780 if (timeout && put_timespec64(&timeout_sys, timeout))
2781 datagrams = -EFAULT;
2782
2783 if (timeout32 && put_old_timespec32(&timeout_sys, timeout32))
2784 datagrams = -EFAULT;
2785
2786 return datagrams;
2787}
2788
2789SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2790 unsigned int, vlen, unsigned int, flags,
2791 struct __kernel_timespec __user *, timeout)
2792{
2793 if (flags & MSG_CMSG_COMPAT)
2794 return -EINVAL;
2795
2796 return __sys_recvmmsg(fd, mmsg, vlen, flags, timeout, NULL);
2797}
2798
2799#ifdef CONFIG_COMPAT_32BIT_TIME
2800SYSCALL_DEFINE5(recvmmsg_time32, int, fd, struct mmsghdr __user *, mmsg,
2801 unsigned int, vlen, unsigned int, flags,
2802 struct old_timespec32 __user *, timeout)
2803{
2804 if (flags & MSG_CMSG_COMPAT)
2805 return -EINVAL;
2806
2807 return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL, timeout);
2808}
2809#endif
2810
2811#ifdef __ARCH_WANT_SYS_SOCKETCALL
2812
2813#define AL(x) ((x) * sizeof(unsigned long))
2814static const unsigned char nargs[21] = {
2815 AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2816 AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2817 AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2818 AL(4), AL(5), AL(4)
2819};
2820
2821#undef AL
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2832{
2833 unsigned long a[AUDITSC_ARGS];
2834 unsigned long a0, a1;
2835 int err;
2836 unsigned int len;
2837
2838 if (call < 1 || call > SYS_SENDMMSG)
2839 return -EINVAL;
2840 call = array_index_nospec(call, SYS_SENDMMSG + 1);
2841
2842 len = nargs[call];
2843 if (len > sizeof(a))
2844 return -EINVAL;
2845
2846
2847 if (copy_from_user(a, args, len))
2848 return -EFAULT;
2849
2850 err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2851 if (err)
2852 return err;
2853
2854 a0 = a[0];
2855 a1 = a[1];
2856
2857 switch (call) {
2858 case SYS_SOCKET:
2859 err = __sys_socket(a0, a1, a[2]);
2860 break;
2861 case SYS_BIND:
2862 err = __sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2863 break;
2864 case SYS_CONNECT:
2865 err = __sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2866 break;
2867 case SYS_LISTEN:
2868 err = __sys_listen(a0, a1);
2869 break;
2870 case SYS_ACCEPT:
2871 err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2872 (int __user *)a[2], 0);
2873 break;
2874 case SYS_GETSOCKNAME:
2875 err =
2876 __sys_getsockname(a0, (struct sockaddr __user *)a1,
2877 (int __user *)a[2]);
2878 break;
2879 case SYS_GETPEERNAME:
2880 err =
2881 __sys_getpeername(a0, (struct sockaddr __user *)a1,
2882 (int __user *)a[2]);
2883 break;
2884 case SYS_SOCKETPAIR:
2885 err = __sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2886 break;
2887 case SYS_SEND:
2888 err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2889 NULL, 0);
2890 break;
2891 case SYS_SENDTO:
2892 err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2893 (struct sockaddr __user *)a[4], a[5]);
2894 break;
2895 case SYS_RECV:
2896 err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2897 NULL, NULL);
2898 break;
2899 case SYS_RECVFROM:
2900 err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2901 (struct sockaddr __user *)a[4],
2902 (int __user *)a[5]);
2903 break;
2904 case SYS_SHUTDOWN:
2905 err = __sys_shutdown(a0, a1);
2906 break;
2907 case SYS_SETSOCKOPT:
2908 err = __sys_setsockopt(a0, a1, a[2], (char __user *)a[3],
2909 a[4]);
2910 break;
2911 case SYS_GETSOCKOPT:
2912 err =
2913 __sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2914 (int __user *)a[4]);
2915 break;
2916 case SYS_SENDMSG:
2917 err = __sys_sendmsg(a0, (struct user_msghdr __user *)a1,
2918 a[2], true);
2919 break;
2920 case SYS_SENDMMSG:
2921 err = __sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2],
2922 a[3], true);
2923 break;
2924 case SYS_RECVMSG:
2925 err = __sys_recvmsg(a0, (struct user_msghdr __user *)a1,
2926 a[2], true);
2927 break;
2928 case SYS_RECVMMSG:
2929 if (IS_ENABLED(CONFIG_64BIT))
2930 err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2931 a[2], a[3],
2932 (struct __kernel_timespec __user *)a[4],
2933 NULL);
2934 else
2935 err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2936 a[2], a[3], NULL,
2937 (struct old_timespec32 __user *)a[4]);
2938 break;
2939 case SYS_ACCEPT4:
2940 err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2941 (int __user *)a[2], a[3]);
2942 break;
2943 default:
2944 err = -EINVAL;
2945 break;
2946 }
2947 return err;
2948}
2949
2950#endif
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961int sock_register(const struct net_proto_family *ops)
2962{
2963 int err;
2964
2965 if (ops->family >= NPROTO) {
2966 pr_crit("protocol %d >= NPROTO(%d)\n", ops->family, NPROTO);
2967 return -ENOBUFS;
2968 }
2969
2970 spin_lock(&net_family_lock);
2971 if (rcu_dereference_protected(net_families[ops->family],
2972 lockdep_is_held(&net_family_lock)))
2973 err = -EEXIST;
2974 else {
2975 rcu_assign_pointer(net_families[ops->family], ops);
2976 err = 0;
2977 }
2978 spin_unlock(&net_family_lock);
2979
2980 pr_info("NET: Registered protocol family %d\n", ops->family);
2981 return err;
2982}
2983EXPORT_SYMBOL(sock_register);
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998void sock_unregister(int family)
2999{
3000 BUG_ON(family < 0 || family >= NPROTO);
3001
3002 spin_lock(&net_family_lock);
3003 RCU_INIT_POINTER(net_families[family], NULL);
3004 spin_unlock(&net_family_lock);
3005
3006 synchronize_rcu();
3007
3008 pr_info("NET: Unregistered protocol family %d\n", family);
3009}
3010EXPORT_SYMBOL(sock_unregister);
3011
3012bool sock_is_registered(int family)
3013{
3014 return family < NPROTO && rcu_access_pointer(net_families[family]);
3015}
3016
3017static int __init sock_init(void)
3018{
3019 int err;
3020
3021
3022
3023 err = net_sysctl_init();
3024 if (err)
3025 goto out;
3026
3027
3028
3029
3030 skb_init();
3031
3032
3033
3034
3035
3036 init_inodecache();
3037
3038 err = register_filesystem(&sock_fs_type);
3039 if (err)
3040 goto out;
3041 sock_mnt = kern_mount(&sock_fs_type);
3042 if (IS_ERR(sock_mnt)) {
3043 err = PTR_ERR(sock_mnt);
3044 goto out_mount;
3045 }
3046
3047
3048
3049
3050#ifdef CONFIG_NETFILTER
3051 err = netfilter_init();
3052 if (err)
3053 goto out;
3054#endif
3055
3056 ptp_classifier_init();
3057
3058out:
3059 return err;
3060
3061out_mount:
3062 unregister_filesystem(&sock_fs_type);
3063 goto out;
3064}
3065
3066core_initcall(sock_init);
3067
3068#ifdef CONFIG_PROC_FS
3069void socket_seq_show(struct seq_file *seq)
3070{
3071 seq_printf(seq, "sockets: used %d\n",
3072 sock_inuse_get(seq->private));
3073}
3074#endif
3075
3076#ifdef CONFIG_COMPAT
3077static int compat_dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
3078{
3079 struct compat_ifconf ifc32;
3080 struct ifconf ifc;
3081 int err;
3082
3083 if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
3084 return -EFAULT;
3085
3086 ifc.ifc_len = ifc32.ifc_len;
3087 ifc.ifc_req = compat_ptr(ifc32.ifcbuf);
3088
3089 rtnl_lock();
3090 err = dev_ifconf(net, &ifc, sizeof(struct compat_ifreq));
3091 rtnl_unlock();
3092 if (err)
3093 return err;
3094
3095 ifc32.ifc_len = ifc.ifc_len;
3096 if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
3097 return -EFAULT;
3098
3099 return 0;
3100}
3101
3102static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
3103{
3104 struct compat_ethtool_rxnfc __user *compat_rxnfc;
3105 bool convert_in = false, convert_out = false;
3106 size_t buf_size = 0;
3107 struct ethtool_rxnfc __user *rxnfc = NULL;
3108 struct ifreq ifr;
3109 u32 rule_cnt = 0, actual_rule_cnt;
3110 u32 ethcmd;
3111 u32 data;
3112 int ret;
3113
3114 if (get_user(data, &ifr32->ifr_ifru.ifru_data))
3115 return -EFAULT;
3116
3117 compat_rxnfc = compat_ptr(data);
3118
3119 if (get_user(ethcmd, &compat_rxnfc->cmd))
3120 return -EFAULT;
3121
3122
3123
3124
3125 switch (ethcmd) {
3126 default:
3127 break;
3128 case ETHTOOL_GRXCLSRLALL:
3129
3130 if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
3131 return -EFAULT;
3132 if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
3133 return -ENOMEM;
3134 buf_size += rule_cnt * sizeof(u32);
3135 fallthrough;
3136 case ETHTOOL_GRXRINGS:
3137 case ETHTOOL_GRXCLSRLCNT:
3138 case ETHTOOL_GRXCLSRULE:
3139 case ETHTOOL_SRXCLSRLINS:
3140 convert_out = true;
3141 fallthrough;
3142 case ETHTOOL_SRXCLSRLDEL:
3143 buf_size += sizeof(struct ethtool_rxnfc);
3144 convert_in = true;
3145 rxnfc = compat_alloc_user_space(buf_size);
3146 break;
3147 }
3148
3149 if (copy_from_user(&ifr.ifr_name, &ifr32->ifr_name, IFNAMSIZ))
3150 return -EFAULT;
3151
3152 ifr.ifr_data = convert_in ? rxnfc : (void __user *)compat_rxnfc;
3153
3154 if (convert_in) {
3155
3156
3157
3158 BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
3159 sizeof(compat_rxnfc->fs.m_ext) !=
3160 offsetof(struct ethtool_rxnfc, fs.m_ext) +
3161 sizeof(rxnfc->fs.m_ext));
3162 BUILD_BUG_ON(
3163 offsetof(struct compat_ethtool_rxnfc, fs.location) -
3164 offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
3165 offsetof(struct ethtool_rxnfc, fs.location) -
3166 offsetof(struct ethtool_rxnfc, fs.ring_cookie));
3167
3168 if (copy_in_user(rxnfc, compat_rxnfc,
3169 (void __user *)(&rxnfc->fs.m_ext + 1) -
3170 (void __user *)rxnfc) ||
3171 copy_in_user(&rxnfc->fs.ring_cookie,
3172 &compat_rxnfc->fs.ring_cookie,
3173 (void __user *)(&rxnfc->fs.location + 1) -
3174 (void __user *)&rxnfc->fs.ring_cookie))
3175 return -EFAULT;
3176 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3177 if (put_user(rule_cnt, &rxnfc->rule_cnt))
3178 return -EFAULT;
3179 } else if (copy_in_user(&rxnfc->rule_cnt,
3180 &compat_rxnfc->rule_cnt,
3181 sizeof(rxnfc->rule_cnt)))
3182 return -EFAULT;
3183 }
3184
3185 ret = dev_ioctl(net, SIOCETHTOOL, &ifr, NULL);
3186 if (ret)
3187 return ret;
3188
3189 if (convert_out) {
3190 if (copy_in_user(compat_rxnfc, rxnfc,
3191 (const void __user *)(&rxnfc->fs.m_ext + 1) -
3192 (const void __user *)rxnfc) ||
3193 copy_in_user(&compat_rxnfc->fs.ring_cookie,
3194 &rxnfc->fs.ring_cookie,
3195 (const void __user *)(&rxnfc->fs.location + 1) -
3196 (const void __user *)&rxnfc->fs.ring_cookie) ||
3197 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
3198 sizeof(rxnfc->rule_cnt)))
3199 return -EFAULT;
3200
3201 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3202
3203
3204
3205
3206
3207
3208
3209
3210 if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
3211 return -EFAULT;
3212 if (actual_rule_cnt < rule_cnt)
3213 rule_cnt = actual_rule_cnt;
3214 if (copy_in_user(&compat_rxnfc->rule_locs[0],
3215 &rxnfc->rule_locs[0],
3216 rule_cnt * sizeof(u32)))
3217 return -EFAULT;
3218 }
3219 }
3220
3221 return 0;
3222}
3223
3224static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
3225{
3226 compat_uptr_t uptr32;
3227 struct ifreq ifr;
3228 void __user *saved;
3229 int err;
3230
3231 if (copy_from_user(&ifr, uifr32, sizeof(struct compat_ifreq)))
3232 return -EFAULT;
3233
3234 if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
3235 return -EFAULT;
3236
3237 saved = ifr.ifr_settings.ifs_ifsu.raw_hdlc;
3238 ifr.ifr_settings.ifs_ifsu.raw_hdlc = compat_ptr(uptr32);
3239
3240 err = dev_ioctl(net, SIOCWANDEV, &ifr, NULL);
3241 if (!err) {
3242 ifr.ifr_settings.ifs_ifsu.raw_hdlc = saved;
3243 if (copy_to_user(uifr32, &ifr, sizeof(struct compat_ifreq)))
3244 err = -EFAULT;
3245 }
3246 return err;
3247}
3248
3249
3250static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd,
3251 struct compat_ifreq __user *u_ifreq32)
3252{
3253 struct ifreq ifreq;
3254 u32 data32;
3255
3256 if (!is_socket_ioctl_cmd(cmd))
3257 return -ENOTTY;
3258 if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ))
3259 return -EFAULT;
3260 if (get_user(data32, &u_ifreq32->ifr_data))
3261 return -EFAULT;
3262 ifreq.ifr_data = compat_ptr(data32);
3263
3264 return dev_ioctl(net, cmd, &ifreq, NULL);
3265}
3266
3267static int compat_ifreq_ioctl(struct net *net, struct socket *sock,
3268 unsigned int cmd,
3269 struct compat_ifreq __user *uifr32)
3270{
3271 struct ifreq __user *uifr;
3272 int err;
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284 uifr = compat_alloc_user_space(sizeof(*uifr));
3285 if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
3286 return -EFAULT;
3287
3288 err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
3289
3290 if (!err) {
3291 switch (cmd) {
3292 case SIOCGIFFLAGS:
3293 case SIOCGIFMETRIC:
3294 case SIOCGIFMTU:
3295 case SIOCGIFMEM:
3296 case SIOCGIFHWADDR:
3297 case SIOCGIFINDEX:
3298 case SIOCGIFADDR:
3299 case SIOCGIFBRDADDR:
3300 case SIOCGIFDSTADDR:
3301 case SIOCGIFNETMASK:
3302 case SIOCGIFPFLAGS:
3303 case SIOCGIFTXQLEN:
3304 case SIOCGMIIPHY:
3305 case SIOCGMIIREG:
3306 case SIOCGIFNAME:
3307 if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
3308 err = -EFAULT;
3309 break;
3310 }
3311 }
3312 return err;
3313}
3314
3315static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3316 struct compat_ifreq __user *uifr32)
3317{
3318 struct ifreq ifr;
3319 struct compat_ifmap __user *uifmap32;
3320 int err;
3321
3322 uifmap32 = &uifr32->ifr_ifru.ifru_map;
3323 err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3324 err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3325 err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3326 err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3327 err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3328 err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3329 err |= get_user(ifr.ifr_map.port, &uifmap32->port);
3330 if (err)
3331 return -EFAULT;
3332
3333 err = dev_ioctl(net, cmd, &ifr, NULL);
3334
3335 if (cmd == SIOCGIFMAP && !err) {
3336 err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3337 err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3338 err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3339 err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3340 err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3341 err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3342 err |= put_user(ifr.ifr_map.port, &uifmap32->port);
3343 if (err)
3344 err = -EFAULT;
3345 }
3346 return err;
3347}
3348
3349
3350
3351
3352
3353static int old_bridge_ioctl(compat_ulong_t __user *argp)
3354{
3355 compat_ulong_t tmp;
3356
3357 if (get_user(tmp, argp))
3358 return -EFAULT;
3359 if (tmp == BRCTL_GET_VERSION)
3360 return BRCTL_VERSION + 1;
3361 return -EINVAL;
3362}
3363
3364static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3365 unsigned int cmd, unsigned long arg)
3366{
3367 void __user *argp = compat_ptr(arg);
3368 struct sock *sk = sock->sk;
3369 struct net *net = sock_net(sk);
3370
3371 if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
3372 return compat_ifr_data_ioctl(net, cmd, argp);
3373
3374 switch (cmd) {
3375 case SIOCSIFBR:
3376 case SIOCGIFBR:
3377 return old_bridge_ioctl(argp);
3378 case SIOCGIFCONF:
3379 return compat_dev_ifconf(net, argp);
3380 case SIOCETHTOOL:
3381 return ethtool_ioctl(net, argp);
3382 case SIOCWANDEV:
3383 return compat_siocwandev(net, argp);
3384 case SIOCGIFMAP:
3385 case SIOCSIFMAP:
3386 return compat_sioc_ifmap(net, cmd, argp);
3387 case SIOCGSTAMP_OLD:
3388 case SIOCGSTAMPNS_OLD:
3389 if (!sock->ops->gettstamp)
3390 return -ENOIOCTLCMD;
3391 return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP_OLD,
3392 !COMPAT_USE_64BIT_TIME);
3393
3394 case SIOCBONDSLAVEINFOQUERY:
3395 case SIOCBONDINFOQUERY:
3396 case SIOCSHWTSTAMP:
3397 case SIOCGHWTSTAMP:
3398 return compat_ifr_data_ioctl(net, cmd, argp);
3399
3400 case FIOSETOWN:
3401 case SIOCSPGRP:
3402 case FIOGETOWN:
3403 case SIOCGPGRP:
3404 case SIOCBRADDBR:
3405 case SIOCBRDELBR:
3406 case SIOCGIFVLAN:
3407 case SIOCSIFVLAN:
3408 case SIOCGSKNS:
3409 case SIOCGSTAMP_NEW:
3410 case SIOCGSTAMPNS_NEW:
3411 return sock_ioctl(file, cmd, arg);
3412
3413 case SIOCGIFFLAGS:
3414 case SIOCSIFFLAGS:
3415 case SIOCGIFMETRIC:
3416 case SIOCSIFMETRIC:
3417 case SIOCGIFMTU:
3418 case SIOCSIFMTU:
3419 case SIOCGIFMEM:
3420 case SIOCSIFMEM:
3421 case SIOCGIFHWADDR:
3422 case SIOCSIFHWADDR:
3423 case SIOCADDMULTI:
3424 case SIOCDELMULTI:
3425 case SIOCGIFINDEX:
3426 case SIOCGIFADDR:
3427 case SIOCSIFADDR:
3428 case SIOCSIFHWBROADCAST:
3429 case SIOCDIFADDR:
3430 case SIOCGIFBRDADDR:
3431 case SIOCSIFBRDADDR:
3432 case SIOCGIFDSTADDR:
3433 case SIOCSIFDSTADDR:
3434 case SIOCGIFNETMASK:
3435 case SIOCSIFNETMASK:
3436 case SIOCSIFPFLAGS:
3437 case SIOCGIFPFLAGS:
3438 case SIOCGIFTXQLEN:
3439 case SIOCSIFTXQLEN:
3440 case SIOCBRADDIF:
3441 case SIOCBRDELIF:
3442 case SIOCGIFNAME:
3443 case SIOCSIFNAME:
3444 case SIOCGMIIPHY:
3445 case SIOCGMIIREG:
3446 case SIOCSMIIREG:
3447 case SIOCBONDENSLAVE:
3448 case SIOCBONDRELEASE:
3449 case SIOCBONDSETHWADDR:
3450 case SIOCBONDCHANGEACTIVE:
3451 return compat_ifreq_ioctl(net, sock, cmd, argp);
3452
3453 case SIOCSARP:
3454 case SIOCGARP:
3455 case SIOCDARP:
3456 case SIOCOUTQ:
3457 case SIOCOUTQNSD:
3458 case SIOCATMARK:
3459 return sock_do_ioctl(net, sock, cmd, arg);
3460 }
3461
3462 return -ENOIOCTLCMD;
3463}
3464
3465static long compat_sock_ioctl(struct file *file, unsigned int cmd,
3466 unsigned long arg)
3467{
3468 struct socket *sock = file->private_data;
3469 int ret = -ENOIOCTLCMD;
3470 struct sock *sk;
3471 struct net *net;
3472
3473 sk = sock->sk;
3474 net = sock_net(sk);
3475
3476 if (sock->ops->compat_ioctl)
3477 ret = sock->ops->compat_ioctl(sock, cmd, arg);
3478
3479 if (ret == -ENOIOCTLCMD &&
3480 (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3481 ret = compat_wext_handle_ioctl(net, cmd, arg);
3482
3483 if (ret == -ENOIOCTLCMD)
3484 ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3485
3486 return ret;
3487}
3488#endif
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3500{
3501 return sock->ops->bind(sock, addr, addrlen);
3502}
3503EXPORT_SYMBOL(kernel_bind);
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513int kernel_listen(struct socket *sock, int backlog)
3514{
3515 return sock->ops->listen(sock, backlog);
3516}
3517EXPORT_SYMBOL(kernel_listen);
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3531{
3532 struct sock *sk = sock->sk;
3533 int err;
3534
3535 err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3536 newsock);
3537 if (err < 0)
3538 goto done;
3539
3540 err = sock->ops->accept(sock, *newsock, flags, true);
3541 if (err < 0) {
3542 sock_release(*newsock);
3543 *newsock = NULL;
3544 goto done;
3545 }
3546
3547 (*newsock)->ops = sock->ops;
3548 __module_get((*newsock)->ops->owner);
3549
3550done:
3551 return err;
3552}
3553EXPORT_SYMBOL(kernel_accept);
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
3569 int flags)
3570{
3571 return sock->ops->connect(sock, addr, addrlen, flags);
3572}
3573EXPORT_SYMBOL(kernel_connect);
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584int kernel_getsockname(struct socket *sock, struct sockaddr *addr)
3585{
3586 return sock->ops->getname(sock, addr, 0);
3587}
3588EXPORT_SYMBOL(kernel_getsockname);
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599int kernel_getpeername(struct socket *sock, struct sockaddr *addr)
3600{
3601 return sock->ops->getname(sock, addr, 1);
3602}
3603EXPORT_SYMBOL(kernel_getpeername);
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3617 size_t size, int flags)
3618{
3619 if (sock->ops->sendpage) {
3620
3621 WARN_ONCE(!sendpage_ok(page), "improper page for zero-copy send");
3622 return sock->ops->sendpage(sock, page, offset, size, flags);
3623 }
3624 return sock_no_sendpage(sock, page, offset, size, flags);
3625}
3626EXPORT_SYMBOL(kernel_sendpage);
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640int kernel_sendpage_locked(struct sock *sk, struct page *page, int offset,
3641 size_t size, int flags)
3642{
3643 struct socket *sock = sk->sk_socket;
3644
3645 if (sock->ops->sendpage_locked)
3646 return sock->ops->sendpage_locked(sk, page, offset, size,
3647 flags);
3648
3649 return sock_no_sendpage_locked(sk, page, offset, size, flags);
3650}
3651EXPORT_SYMBOL(kernel_sendpage_locked);
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3662{
3663 return sock->ops->shutdown(sock, how);
3664}
3665EXPORT_SYMBOL(kernel_sock_shutdown);
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677u32 kernel_sock_ip_overhead(struct sock *sk)
3678{
3679 struct inet_sock *inet;
3680 struct ip_options_rcu *opt;
3681 u32 overhead = 0;
3682#if IS_ENABLED(CONFIG_IPV6)
3683 struct ipv6_pinfo *np;
3684 struct ipv6_txoptions *optv6 = NULL;
3685#endif
3686
3687 if (!sk)
3688 return overhead;
3689
3690 switch (sk->sk_family) {
3691 case AF_INET:
3692 inet = inet_sk(sk);
3693 overhead += sizeof(struct iphdr);
3694 opt = rcu_dereference_protected(inet->inet_opt,
3695 sock_owned_by_user(sk));
3696 if (opt)
3697 overhead += opt->opt.optlen;
3698 return overhead;
3699#if IS_ENABLED(CONFIG_IPV6)
3700 case AF_INET6:
3701 np = inet6_sk(sk);
3702 overhead += sizeof(struct ipv6hdr);
3703 if (np)
3704 optv6 = rcu_dereference_protected(np->opt,
3705 sock_owned_by_user(sk));
3706 if (optv6)
3707 overhead += (optv6->opt_flen + optv6->opt_nflen);
3708 return overhead;
3709#endif
3710 default:
3711 return overhead;
3712 }
3713}
3714EXPORT_SYMBOL(kernel_sock_ip_overhead);
3715