linux/net/socket.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 * NET          An implementation of the SOCKET network access protocol.
   4 *
   5 * Version:     @(#)socket.c    1.1.93  18/02/95
   6 *
   7 * Authors:     Orest Zborowski, <obz@Kodak.COM>
   8 *              Ross Biro
   9 *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
  10 *
  11 * Fixes:
  12 *              Anonymous       :       NOTSOCK/BADF cleanup. Error fix in
  13 *                                      shutdown()
  14 *              Alan Cox        :       verify_area() fixes
  15 *              Alan Cox        :       Removed DDI
  16 *              Jonathan Kamens :       SOCK_DGRAM reconnect bug
  17 *              Alan Cox        :       Moved a load of checks to the very
  18 *                                      top level.
  19 *              Alan Cox        :       Move address structures to/from user
  20 *                                      mode above the protocol layers.
  21 *              Rob Janssen     :       Allow 0 length sends.
  22 *              Alan Cox        :       Asynchronous I/O support (cribbed from the
  23 *                                      tty drivers).
  24 *              Niibe Yutaka    :       Asynchronous I/O for writes (4.4BSD style)
  25 *              Jeff Uphoff     :       Made max number of sockets command-line
  26 *                                      configurable.
  27 *              Matti Aarnio    :       Made the number of sockets dynamic,
  28 *                                      to be allocated when needed, and mr.
  29 *                                      Uphoff's max is used as max to be
  30 *                                      allowed to allocate.
  31 *              Linus           :       Argh. removed all the socket allocation
  32 *                                      altogether: it's in the inode now.
  33 *              Alan Cox        :       Made sock_alloc()/sock_release() public
  34 *                                      for NetROM and future kernel nfsd type
  35 *                                      stuff.
  36 *              Alan Cox        :       sendmsg/recvmsg basics.
  37 *              Tom Dyas        :       Export net symbols.
  38 *              Marcin Dalecki  :       Fixed problems with CONFIG_NET="n".
  39 *              Alan Cox        :       Added thread locking to sys_* calls
  40 *                                      for sockets. May have errors at the
  41 *                                      moment.
  42 *              Kevin Buhr      :       Fixed the dumb errors in the above.
  43 *              Andi Kleen      :       Some small cleanups, optimizations,
  44 *                                      and fixed a copy_from_user() bug.
  45 *              Tigran Aivazian :       sys_send(args) calls sys_sendto(args, NULL, 0)
  46 *              Tigran Aivazian :       Made listen(2) backlog sanity checks
  47 *                                      protocol-independent
  48 *
  49 *      This module is effectively the top level interface to the BSD socket
  50 *      paradigm.
  51 *
  52 *      Based upon Swansea University Computer Society NET3.039
  53 */
  54
  55#include <linux/ethtool.h>
  56#include <linux/mm.h>
  57#include <linux/socket.h>
  58#include <linux/file.h>
  59#include <linux/net.h>
  60#include <linux/interrupt.h>
  61#include <linux/thread_info.h>
  62#include <linux/rcupdate.h>
  63#include <linux/netdevice.h>
  64#include <linux/proc_fs.h>
  65#include <linux/seq_file.h>
  66#include <linux/mutex.h>
  67#include <linux/if_bridge.h>
  68#include <linux/if_vlan.h>
  69#include <linux/ptp_classify.h>
  70#include <linux/init.h>
  71#include <linux/poll.h>
  72#include <linux/cache.h>
  73#include <linux/module.h>
  74#include <linux/highmem.h>
  75#include <linux/mount.h>
  76#include <linux/pseudo_fs.h>
  77#include <linux/security.h>
  78#include <linux/syscalls.h>
  79#include <linux/compat.h>
  80#include <linux/kmod.h>
  81#include <linux/audit.h>
  82#include <linux/wireless.h>
  83#include <linux/nsproxy.h>
  84#include <linux/magic.h>
  85#include <linux/slab.h>
  86#include <linux/xattr.h>
  87#include <linux/nospec.h>
  88#include <linux/indirect_call_wrapper.h>
  89
  90#include <linux/uaccess.h>
  91#include <asm/unistd.h>
  92
  93#include <net/compat.h>
  94#include <net/wext.h>
  95#include <net/cls_cgroup.h>
  96
  97#include <net/sock.h>
  98#include <linux/netfilter.h>
  99
 100#include <linux/if_tun.h>
 101#include <linux/ipv6_route.h>
 102#include <linux/route.h>
 103#include <linux/termios.h>
 104#include <linux/sockios.h>
 105#include <net/busy_poll.h>
 106#include <linux/errqueue.h>
 107
 108#ifdef CONFIG_NET_RX_BUSY_POLL
 109unsigned int sysctl_net_busy_read __read_mostly;
 110unsigned int sysctl_net_busy_poll __read_mostly;
 111#endif
 112
 113static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
 114static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
 115static int sock_mmap(struct file *file, struct vm_area_struct *vma);
 116
 117static int sock_close(struct inode *inode, struct file *file);
 118static __poll_t sock_poll(struct file *file,
 119                              struct poll_table_struct *wait);
 120static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
 121#ifdef CONFIG_COMPAT
 122static long compat_sock_ioctl(struct file *file,
 123                              unsigned int cmd, unsigned long arg);
 124#endif
 125static int sock_fasync(int fd, struct file *filp, int on);
 126static ssize_t sock_sendpage(struct file *file, struct page *page,
 127                             int offset, size_t size, loff_t *ppos, int more);
 128static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
 129                                struct pipe_inode_info *pipe, size_t len,
 130                                unsigned int flags);
 131
 132#ifdef CONFIG_PROC_FS
 133static void sock_show_fdinfo(struct seq_file *m, struct file *f)
 134{
 135        struct socket *sock = f->private_data;
 136
 137        if (sock->ops->show_fdinfo)
 138                sock->ops->show_fdinfo(m, sock);
 139}
 140#else
 141#define sock_show_fdinfo NULL
 142#endif
 143
 144/*
 145 *      Socket files have a set of 'special' operations as well as the generic file ones. These don't appear
 146 *      in the operation structures but are done directly via the socketcall() multiplexor.
 147 */
 148
 149static const struct file_operations socket_file_ops = {
 150        .owner =        THIS_MODULE,
 151        .llseek =       no_llseek,
 152        .read_iter =    sock_read_iter,
 153        .write_iter =   sock_write_iter,
 154        .poll =         sock_poll,
 155        .unlocked_ioctl = sock_ioctl,
 156#ifdef CONFIG_COMPAT
 157        .compat_ioctl = compat_sock_ioctl,
 158#endif
 159        .mmap =         sock_mmap,
 160        .release =      sock_close,
 161        .fasync =       sock_fasync,
 162        .sendpage =     sock_sendpage,
 163        .splice_write = generic_splice_sendpage,
 164        .splice_read =  sock_splice_read,
 165        .show_fdinfo =  sock_show_fdinfo,
 166};
 167
 168/*
 169 *      The protocol list. Each protocol is registered in here.
 170 */
 171
 172static DEFINE_SPINLOCK(net_family_lock);
 173static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
 174
 175/*
 176 * Support routines.
 177 * Move socket addresses back and forth across the kernel/user
 178 * divide and look after the messy bits.
 179 */
 180
 181/**
 182 *      move_addr_to_kernel     -       copy a socket address into kernel space
 183 *      @uaddr: Address in user space
 184 *      @kaddr: Address in kernel space
 185 *      @ulen: Length in user space
 186 *
 187 *      The address is copied into kernel space. If the provided address is
 188 *      too long an error code of -EINVAL is returned. If the copy gives
 189 *      invalid addresses -EFAULT is returned. On a success 0 is returned.
 190 */
 191
 192int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
 193{
 194        if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
 195                return -EINVAL;
 196        if (ulen == 0)
 197                return 0;
 198        if (copy_from_user(kaddr, uaddr, ulen))
 199                return -EFAULT;
 200        return audit_sockaddr(ulen, kaddr);
 201}
 202
 203/**
 204 *      move_addr_to_user       -       copy an address to user space
 205 *      @kaddr: kernel space address
 206 *      @klen: length of address in kernel
 207 *      @uaddr: user space address
 208 *      @ulen: pointer to user length field
 209 *
 210 *      The value pointed to by ulen on entry is the buffer length available.
 211 *      This is overwritten with the buffer space used. -EINVAL is returned
 212 *      if an overlong buffer is specified or a negative buffer size. -EFAULT
 213 *      is returned if either the buffer or the length field are not
 214 *      accessible.
 215 *      After copying the data up to the limit the user specifies, the true
 216 *      length of the data is written over the length limit the user
 217 *      specified. Zero is returned for a success.
 218 */
 219
 220static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
 221                             void __user *uaddr, int __user *ulen)
 222{
 223        int err;
 224        int len;
 225
 226        BUG_ON(klen > sizeof(struct sockaddr_storage));
 227        err = get_user(len, ulen);
 228        if (err)
 229                return err;
 230        if (len > klen)
 231                len = klen;
 232        if (len < 0)
 233                return -EINVAL;
 234        if (len) {
 235                if (audit_sockaddr(klen, kaddr))
 236                        return -ENOMEM;
 237                if (copy_to_user(uaddr, kaddr, len))
 238                        return -EFAULT;
 239        }
 240        /*
 241         *      "fromlen shall refer to the value before truncation.."
 242         *                      1003.1g
 243         */
 244        return __put_user(klen, ulen);
 245}
 246
 247static struct kmem_cache *sock_inode_cachep __ro_after_init;
 248
 249static struct inode *sock_alloc_inode(struct super_block *sb)
 250{
 251        struct socket_alloc *ei;
 252
 253        ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
 254        if (!ei)
 255                return NULL;
 256        init_waitqueue_head(&ei->socket.wq.wait);
 257        ei->socket.wq.fasync_list = NULL;
 258        ei->socket.wq.flags = 0;
 259
 260        ei->socket.state = SS_UNCONNECTED;
 261        ei->socket.flags = 0;
 262        ei->socket.ops = NULL;
 263        ei->socket.sk = NULL;
 264        ei->socket.file = NULL;
 265
 266        return &ei->vfs_inode;
 267}
 268
 269static void sock_free_inode(struct inode *inode)
 270{
 271        struct socket_alloc *ei;
 272
 273        ei = container_of(inode, struct socket_alloc, vfs_inode);
 274        kmem_cache_free(sock_inode_cachep, ei);
 275}
 276
 277static void init_once(void *foo)
 278{
 279        struct socket_alloc *ei = (struct socket_alloc *)foo;
 280
 281        inode_init_once(&ei->vfs_inode);
 282}
 283
 284static void init_inodecache(void)
 285{
 286        sock_inode_cachep = kmem_cache_create("sock_inode_cache",
 287                                              sizeof(struct socket_alloc),
 288                                              0,
 289                                              (SLAB_HWCACHE_ALIGN |
 290                                               SLAB_RECLAIM_ACCOUNT |
 291                                               SLAB_MEM_SPREAD | SLAB_ACCOUNT),
 292                                              init_once);
 293        BUG_ON(sock_inode_cachep == NULL);
 294}
 295
 296static const struct super_operations sockfs_ops = {
 297        .alloc_inode    = sock_alloc_inode,
 298        .free_inode     = sock_free_inode,
 299        .statfs         = simple_statfs,
 300};
 301
 302/*
 303 * sockfs_dname() is called from d_path().
 304 */
 305static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
 306{
 307        return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
 308                                d_inode(dentry)->i_ino);
 309}
 310
 311static const struct dentry_operations sockfs_dentry_operations = {
 312        .d_dname  = sockfs_dname,
 313};
 314
 315static int sockfs_xattr_get(const struct xattr_handler *handler,
 316                            struct dentry *dentry, struct inode *inode,
 317                            const char *suffix, void *value, size_t size)
 318{
 319        if (value) {
 320                if (dentry->d_name.len + 1 > size)
 321                        return -ERANGE;
 322                memcpy(value, dentry->d_name.name, dentry->d_name.len + 1);
 323        }
 324        return dentry->d_name.len + 1;
 325}
 326
 327#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
 328#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
 329#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
 330
 331static const struct xattr_handler sockfs_xattr_handler = {
 332        .name = XATTR_NAME_SOCKPROTONAME,
 333        .get = sockfs_xattr_get,
 334};
 335
 336static int sockfs_security_xattr_set(const struct xattr_handler *handler,
 337                                     struct user_namespace *mnt_userns,
 338                                     struct dentry *dentry, struct inode *inode,
 339                                     const char *suffix, const void *value,
 340                                     size_t size, int flags)
 341{
 342        /* Handled by LSM. */
 343        return -EAGAIN;
 344}
 345
 346static const struct xattr_handler sockfs_security_xattr_handler = {
 347        .prefix = XATTR_SECURITY_PREFIX,
 348        .set = sockfs_security_xattr_set,
 349};
 350
 351static const struct xattr_handler *sockfs_xattr_handlers[] = {
 352        &sockfs_xattr_handler,
 353        &sockfs_security_xattr_handler,
 354        NULL
 355};
 356
 357static int sockfs_init_fs_context(struct fs_context *fc)
 358{
 359        struct pseudo_fs_context *ctx = init_pseudo(fc, SOCKFS_MAGIC);
 360        if (!ctx)
 361                return -ENOMEM;
 362        ctx->ops = &sockfs_ops;
 363        ctx->dops = &sockfs_dentry_operations;
 364        ctx->xattr = sockfs_xattr_handlers;
 365        return 0;
 366}
 367
 368static struct vfsmount *sock_mnt __read_mostly;
 369
 370static struct file_system_type sock_fs_type = {
 371        .name =         "sockfs",
 372        .init_fs_context = sockfs_init_fs_context,
 373        .kill_sb =      kill_anon_super,
 374};
 375
 376/*
 377 *      Obtains the first available file descriptor and sets it up for use.
 378 *
 379 *      These functions create file structures and maps them to fd space
 380 *      of the current process. On success it returns file descriptor
 381 *      and file struct implicitly stored in sock->file.
 382 *      Note that another thread may close file descriptor before we return
 383 *      from this function. We use the fact that now we do not refer
 384 *      to socket after mapping. If one day we will need it, this
 385 *      function will increment ref. count on file by 1.
 386 *
 387 *      In any case returned fd MAY BE not valid!
 388 *      This race condition is unavoidable
 389 *      with shared fd spaces, we cannot solve it inside kernel,
 390 *      but we take care of internal coherence yet.
 391 */
 392
 393/**
 394 *      sock_alloc_file - Bind a &socket to a &file
 395 *      @sock: socket
 396 *      @flags: file status flags
 397 *      @dname: protocol name
 398 *
 399 *      Returns the &file bound with @sock, implicitly storing it
 400 *      in sock->file. If dname is %NULL, sets to "".
 401 *      On failure the return is a ERR pointer (see linux/err.h).
 402 *      This function uses GFP_KERNEL internally.
 403 */
 404
 405struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
 406{
 407        struct file *file;
 408
 409        if (!dname)
 410                dname = sock->sk ? sock->sk->sk_prot_creator->name : "";
 411
 412        file = alloc_file_pseudo(SOCK_INODE(sock), sock_mnt, dname,
 413                                O_RDWR | (flags & O_NONBLOCK),
 414                                &socket_file_ops);
 415        if (IS_ERR(file)) {
 416                sock_release(sock);
 417                return file;
 418        }
 419
 420        sock->file = file;
 421        file->private_data = sock;
 422        stream_open(SOCK_INODE(sock), file);
 423        return file;
 424}
 425EXPORT_SYMBOL(sock_alloc_file);
 426
 427static int sock_map_fd(struct socket *sock, int flags)
 428{
 429        struct file *newfile;
 430        int fd = get_unused_fd_flags(flags);
 431        if (unlikely(fd < 0)) {
 432                sock_release(sock);
 433                return fd;
 434        }
 435
 436        newfile = sock_alloc_file(sock, flags, NULL);
 437        if (!IS_ERR(newfile)) {
 438                fd_install(fd, newfile);
 439                return fd;
 440        }
 441
 442        put_unused_fd(fd);
 443        return PTR_ERR(newfile);
 444}
 445
 446/**
 447 *      sock_from_file - Return the &socket bounded to @file.
 448 *      @file: file
 449 *
 450 *      On failure returns %NULL.
 451 */
 452
 453struct socket *sock_from_file(struct file *file)
 454{
 455        if (file->f_op == &socket_file_ops)
 456                return file->private_data;      /* set in sock_map_fd */
 457
 458        return NULL;
 459}
 460EXPORT_SYMBOL(sock_from_file);
 461
 462/**
 463 *      sockfd_lookup - Go from a file number to its socket slot
 464 *      @fd: file handle
 465 *      @err: pointer to an error code return
 466 *
 467 *      The file handle passed in is locked and the socket it is bound
 468 *      to is returned. If an error occurs the err pointer is overwritten
 469 *      with a negative errno code and NULL is returned. The function checks
 470 *      for both invalid handles and passing a handle which is not a socket.
 471 *
 472 *      On a success the socket object pointer is returned.
 473 */
 474
 475struct socket *sockfd_lookup(int fd, int *err)
 476{
 477        struct file *file;
 478        struct socket *sock;
 479
 480        file = fget(fd);
 481        if (!file) {
 482                *err = -EBADF;
 483                return NULL;
 484        }
 485
 486        sock = sock_from_file(file);
 487        if (!sock) {
 488                *err = -ENOTSOCK;
 489                fput(file);
 490        }
 491        return sock;
 492}
 493EXPORT_SYMBOL(sockfd_lookup);
 494
 495static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
 496{
 497        struct fd f = fdget(fd);
 498        struct socket *sock;
 499
 500        *err = -EBADF;
 501        if (f.file) {
 502                sock = sock_from_file(f.file);
 503                if (likely(sock)) {
 504                        *fput_needed = f.flags & FDPUT_FPUT;
 505                        return sock;
 506                }
 507                *err = -ENOTSOCK;
 508                fdput(f);
 509        }
 510        return NULL;
 511}
 512
 513static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
 514                                size_t size)
 515{
 516        ssize_t len;
 517        ssize_t used = 0;
 518
 519        len = security_inode_listsecurity(d_inode(dentry), buffer, size);
 520        if (len < 0)
 521                return len;
 522        used += len;
 523        if (buffer) {
 524                if (size < used)
 525                        return -ERANGE;
 526                buffer += len;
 527        }
 528
 529        len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
 530        used += len;
 531        if (buffer) {
 532                if (size < used)
 533                        return -ERANGE;
 534                memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
 535                buffer += len;
 536        }
 537
 538        return used;
 539}
 540
 541static int sockfs_setattr(struct user_namespace *mnt_userns,
 542                          struct dentry *dentry, struct iattr *iattr)
 543{
 544        int err = simple_setattr(&init_user_ns, dentry, iattr);
 545
 546        if (!err && (iattr->ia_valid & ATTR_UID)) {
 547                struct socket *sock = SOCKET_I(d_inode(dentry));
 548
 549                if (sock->sk)
 550                        sock->sk->sk_uid = iattr->ia_uid;
 551                else
 552                        err = -ENOENT;
 553        }
 554
 555        return err;
 556}
 557
 558static const struct inode_operations sockfs_inode_ops = {
 559        .listxattr = sockfs_listxattr,
 560        .setattr = sockfs_setattr,
 561};
 562
 563/**
 564 *      sock_alloc - allocate a socket
 565 *
 566 *      Allocate a new inode and socket object. The two are bound together
 567 *      and initialised. The socket is then returned. If we are out of inodes
 568 *      NULL is returned. This functions uses GFP_KERNEL internally.
 569 */
 570
 571struct socket *sock_alloc(void)
 572{
 573        struct inode *inode;
 574        struct socket *sock;
 575
 576        inode = new_inode_pseudo(sock_mnt->mnt_sb);
 577        if (!inode)
 578                return NULL;
 579
 580        sock = SOCKET_I(inode);
 581
 582        inode->i_ino = get_next_ino();
 583        inode->i_mode = S_IFSOCK | S_IRWXUGO;
 584        inode->i_uid = current_fsuid();
 585        inode->i_gid = current_fsgid();
 586        inode->i_op = &sockfs_inode_ops;
 587
 588        return sock;
 589}
 590EXPORT_SYMBOL(sock_alloc);
 591
 592static void __sock_release(struct socket *sock, struct inode *inode)
 593{
 594        if (sock->ops) {
 595                struct module *owner = sock->ops->owner;
 596
 597                if (inode)
 598                        inode_lock(inode);
 599                sock->ops->release(sock);
 600                sock->sk = NULL;
 601                if (inode)
 602                        inode_unlock(inode);
 603                sock->ops = NULL;
 604                module_put(owner);
 605        }
 606
 607        if (sock->wq.fasync_list)
 608                pr_err("%s: fasync list not empty!\n", __func__);
 609
 610        if (!sock->file) {
 611                iput(SOCK_INODE(sock));
 612                return;
 613        }
 614        sock->file = NULL;
 615}
 616
 617/**
 618 *      sock_release - close a socket
 619 *      @sock: socket to close
 620 *
 621 *      The socket is released from the protocol stack if it has a release
 622 *      callback, and the inode is then released if the socket is bound to
 623 *      an inode not a file.
 624 */
 625void sock_release(struct socket *sock)
 626{
 627        __sock_release(sock, NULL);
 628}
 629EXPORT_SYMBOL(sock_release);
 630
 631void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags)
 632{
 633        u8 flags = *tx_flags;
 634
 635        if (tsflags & SOF_TIMESTAMPING_TX_HARDWARE)
 636                flags |= SKBTX_HW_TSTAMP;
 637
 638        if (tsflags & SOF_TIMESTAMPING_TX_SOFTWARE)
 639                flags |= SKBTX_SW_TSTAMP;
 640
 641        if (tsflags & SOF_TIMESTAMPING_TX_SCHED)
 642                flags |= SKBTX_SCHED_TSTAMP;
 643
 644        *tx_flags = flags;
 645}
 646EXPORT_SYMBOL(__sock_tx_timestamp);
 647
 648INDIRECT_CALLABLE_DECLARE(int inet_sendmsg(struct socket *, struct msghdr *,
 649                                           size_t));
 650INDIRECT_CALLABLE_DECLARE(int inet6_sendmsg(struct socket *, struct msghdr *,
 651                                            size_t));
 652static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
 653{
 654        int ret = INDIRECT_CALL_INET(sock->ops->sendmsg, inet6_sendmsg,
 655                                     inet_sendmsg, sock, msg,
 656                                     msg_data_left(msg));
 657        BUG_ON(ret == -EIOCBQUEUED);
 658        return ret;
 659}
 660
 661/**
 662 *      sock_sendmsg - send a message through @sock
 663 *      @sock: socket
 664 *      @msg: message to send
 665 *
 666 *      Sends @msg through @sock, passing through LSM.
 667 *      Returns the number of bytes sent, or an error code.
 668 */
 669int sock_sendmsg(struct socket *sock, struct msghdr *msg)
 670{
 671        int err = security_socket_sendmsg(sock, msg,
 672                                          msg_data_left(msg));
 673
 674        return err ?: sock_sendmsg_nosec(sock, msg);
 675}
 676EXPORT_SYMBOL(sock_sendmsg);
 677
 678/**
 679 *      kernel_sendmsg - send a message through @sock (kernel-space)
 680 *      @sock: socket
 681 *      @msg: message header
 682 *      @vec: kernel vec
 683 *      @num: vec array length
 684 *      @size: total message data size
 685 *
 686 *      Builds the message data with @vec and sends it through @sock.
 687 *      Returns the number of bytes sent, or an error code.
 688 */
 689
 690int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
 691                   struct kvec *vec, size_t num, size_t size)
 692{
 693        iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
 694        return sock_sendmsg(sock, msg);
 695}
 696EXPORT_SYMBOL(kernel_sendmsg);
 697
 698/**
 699 *      kernel_sendmsg_locked - send a message through @sock (kernel-space)
 700 *      @sk: sock
 701 *      @msg: message header
 702 *      @vec: output s/g array
 703 *      @num: output s/g array length
 704 *      @size: total message data size
 705 *
 706 *      Builds the message data with @vec and sends it through @sock.
 707 *      Returns the number of bytes sent, or an error code.
 708 *      Caller must hold @sk.
 709 */
 710
 711int kernel_sendmsg_locked(struct sock *sk, struct msghdr *msg,
 712                          struct kvec *vec, size_t num, size_t size)
 713{
 714        struct socket *sock = sk->sk_socket;
 715
 716        if (!sock->ops->sendmsg_locked)
 717                return sock_no_sendmsg_locked(sk, msg, size);
 718
 719        iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
 720
 721        return sock->ops->sendmsg_locked(sk, msg, msg_data_left(msg));
 722}
 723EXPORT_SYMBOL(kernel_sendmsg_locked);
 724
 725static bool skb_is_err_queue(const struct sk_buff *skb)
 726{
 727        /* pkt_type of skbs enqueued on the error queue are set to
 728         * PACKET_OUTGOING in skb_set_err_queue(). This is only safe to do
 729         * in recvmsg, since skbs received on a local socket will never
 730         * have a pkt_type of PACKET_OUTGOING.
 731         */
 732        return skb->pkt_type == PACKET_OUTGOING;
 733}
 734
 735/* On transmit, software and hardware timestamps are returned independently.
 736 * As the two skb clones share the hardware timestamp, which may be updated
 737 * before the software timestamp is received, a hardware TX timestamp may be
 738 * returned only if there is no software TX timestamp. Ignore false software
 739 * timestamps, which may be made in the __sock_recv_timestamp() call when the
 740 * option SO_TIMESTAMP_OLD(NS) is enabled on the socket, even when the skb has a
 741 * hardware timestamp.
 742 */
 743static bool skb_is_swtx_tstamp(const struct sk_buff *skb, int false_tstamp)
 744{
 745        return skb->tstamp && !false_tstamp && skb_is_err_queue(skb);
 746}
 747
 748static void put_ts_pktinfo(struct msghdr *msg, struct sk_buff *skb)
 749{
 750        struct scm_ts_pktinfo ts_pktinfo;
 751        struct net_device *orig_dev;
 752
 753        if (!skb_mac_header_was_set(skb))
 754                return;
 755
 756        memset(&ts_pktinfo, 0, sizeof(ts_pktinfo));
 757
 758        rcu_read_lock();
 759        orig_dev = dev_get_by_napi_id(skb_napi_id(skb));
 760        if (orig_dev)
 761                ts_pktinfo.if_index = orig_dev->ifindex;
 762        rcu_read_unlock();
 763
 764        ts_pktinfo.pkt_length = skb->len - skb_mac_offset(skb);
 765        put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_PKTINFO,
 766                 sizeof(ts_pktinfo), &ts_pktinfo);
 767}
 768
 769/*
 770 * called from sock_recv_timestamp() if sock_flag(sk, SOCK_RCVTSTAMP)
 771 */
 772void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
 773        struct sk_buff *skb)
 774{
 775        int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
 776        int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
 777        struct scm_timestamping_internal tss;
 778
 779        int empty = 1, false_tstamp = 0;
 780        struct skb_shared_hwtstamps *shhwtstamps =
 781                skb_hwtstamps(skb);
 782
 783        /* Race occurred between timestamp enabling and packet
 784           receiving.  Fill in the current time for now. */
 785        if (need_software_tstamp && skb->tstamp == 0) {
 786                __net_timestamp(skb);
 787                false_tstamp = 1;
 788        }
 789
 790        if (need_software_tstamp) {
 791                if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
 792                        if (new_tstamp) {
 793                                struct __kernel_sock_timeval tv;
 794
 795                                skb_get_new_timestamp(skb, &tv);
 796                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_NEW,
 797                                         sizeof(tv), &tv);
 798                        } else {
 799                                struct __kernel_old_timeval tv;
 800
 801                                skb_get_timestamp(skb, &tv);
 802                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_OLD,
 803                                         sizeof(tv), &tv);
 804                        }
 805                } else {
 806                        if (new_tstamp) {
 807                                struct __kernel_timespec ts;
 808
 809                                skb_get_new_timestampns(skb, &ts);
 810                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_NEW,
 811                                         sizeof(ts), &ts);
 812                        } else {
 813                                struct __kernel_old_timespec ts;
 814
 815                                skb_get_timestampns(skb, &ts);
 816                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
 817                                         sizeof(ts), &ts);
 818                        }
 819                }
 820        }
 821
 822        memset(&tss, 0, sizeof(tss));
 823        if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) &&
 824            ktime_to_timespec64_cond(skb->tstamp, tss.ts + 0))
 825                empty = 0;
 826        if (shhwtstamps &&
 827            (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
 828            !skb_is_swtx_tstamp(skb, false_tstamp) &&
 829            ktime_to_timespec64_cond(shhwtstamps->hwtstamp, tss.ts + 2)) {
 830                empty = 0;
 831                if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_PKTINFO) &&
 832                    !skb_is_err_queue(skb))
 833                        put_ts_pktinfo(msg, skb);
 834        }
 835        if (!empty) {
 836                if (sock_flag(sk, SOCK_TSTAMP_NEW))
 837                        put_cmsg_scm_timestamping64(msg, &tss);
 838                else
 839                        put_cmsg_scm_timestamping(msg, &tss);
 840
 841                if (skb_is_err_queue(skb) && skb->len &&
 842                    SKB_EXT_ERR(skb)->opt_stats)
 843                        put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS,
 844                                 skb->len, skb->data);
 845        }
 846}
 847EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
 848
 849void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
 850        struct sk_buff *skb)
 851{
 852        int ack;
 853
 854        if (!sock_flag(sk, SOCK_WIFI_STATUS))
 855                return;
 856        if (!skb->wifi_acked_valid)
 857                return;
 858
 859        ack = skb->wifi_acked;
 860
 861        put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
 862}
 863EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
 864
 865static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
 866                                   struct sk_buff *skb)
 867{
 868        if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
 869                put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
 870                        sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
 871}
 872
 873void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
 874        struct sk_buff *skb)
 875{
 876        sock_recv_timestamp(msg, sk, skb);
 877        sock_recv_drops(msg, sk, skb);
 878}
 879EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
 880
 881INDIRECT_CALLABLE_DECLARE(int inet_recvmsg(struct socket *, struct msghdr *,
 882                                           size_t, int));
 883INDIRECT_CALLABLE_DECLARE(int inet6_recvmsg(struct socket *, struct msghdr *,
 884                                            size_t, int));
 885static inline int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
 886                                     int flags)
 887{
 888        return INDIRECT_CALL_INET(sock->ops->recvmsg, inet6_recvmsg,
 889                                  inet_recvmsg, sock, msg, msg_data_left(msg),
 890                                  flags);
 891}
 892
 893/**
 894 *      sock_recvmsg - receive a message from @sock
 895 *      @sock: socket
 896 *      @msg: message to receive
 897 *      @flags: message flags
 898 *
 899 *      Receives @msg from @sock, passing through LSM. Returns the total number
 900 *      of bytes received, or an error.
 901 */
 902int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags)
 903{
 904        int err = security_socket_recvmsg(sock, msg, msg_data_left(msg), flags);
 905
 906        return err ?: sock_recvmsg_nosec(sock, msg, flags);
 907}
 908EXPORT_SYMBOL(sock_recvmsg);
 909
 910/**
 911 *      kernel_recvmsg - Receive a message from a socket (kernel space)
 912 *      @sock: The socket to receive the message from
 913 *      @msg: Received message
 914 *      @vec: Input s/g array for message data
 915 *      @num: Size of input s/g array
 916 *      @size: Number of bytes to read
 917 *      @flags: Message flags (MSG_DONTWAIT, etc...)
 918 *
 919 *      On return the msg structure contains the scatter/gather array passed in the
 920 *      vec argument. The array is modified so that it consists of the unfilled
 921 *      portion of the original array.
 922 *
 923 *      The returned value is the total number of bytes received, or an error.
 924 */
 925
 926int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
 927                   struct kvec *vec, size_t num, size_t size, int flags)
 928{
 929        msg->msg_control_is_user = false;
 930        iov_iter_kvec(&msg->msg_iter, READ, vec, num, size);
 931        return sock_recvmsg(sock, msg, flags);
 932}
 933EXPORT_SYMBOL(kernel_recvmsg);
 934
 935static ssize_t sock_sendpage(struct file *file, struct page *page,
 936                             int offset, size_t size, loff_t *ppos, int more)
 937{
 938        struct socket *sock;
 939        int flags;
 940
 941        sock = file->private_data;
 942
 943        flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
 944        /* more is a combination of MSG_MORE and MSG_SENDPAGE_NOTLAST */
 945        flags |= more;
 946
 947        return kernel_sendpage(sock, page, offset, size, flags);
 948}
 949
 950static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
 951                                struct pipe_inode_info *pipe, size_t len,
 952                                unsigned int flags)
 953{
 954        struct socket *sock = file->private_data;
 955
 956        if (unlikely(!sock->ops->splice_read))
 957                return generic_file_splice_read(file, ppos, pipe, len, flags);
 958
 959        return sock->ops->splice_read(sock, ppos, pipe, len, flags);
 960}
 961
 962static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
 963{
 964        struct file *file = iocb->ki_filp;
 965        struct socket *sock = file->private_data;
 966        struct msghdr msg = {.msg_iter = *to,
 967                             .msg_iocb = iocb};
 968        ssize_t res;
 969
 970        if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
 971                msg.msg_flags = MSG_DONTWAIT;
 972
 973        if (iocb->ki_pos != 0)
 974                return -ESPIPE;
 975
 976        if (!iov_iter_count(to))        /* Match SYS5 behaviour */
 977                return 0;
 978
 979        res = sock_recvmsg(sock, &msg, msg.msg_flags);
 980        *to = msg.msg_iter;
 981        return res;
 982}
 983
 984static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
 985{
 986        struct file *file = iocb->ki_filp;
 987        struct socket *sock = file->private_data;
 988        struct msghdr msg = {.msg_iter = *from,
 989                             .msg_iocb = iocb};
 990        ssize_t res;
 991
 992        if (iocb->ki_pos != 0)
 993                return -ESPIPE;
 994
 995        if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
 996                msg.msg_flags = MSG_DONTWAIT;
 997
 998        if (sock->type == SOCK_SEQPACKET)
 999                msg.msg_flags |= MSG_EOR;
1000
1001        res = sock_sendmsg(sock, &msg);
1002        *from = msg.msg_iter;
1003        return res;
1004}
1005
1006/*
1007 * Atomic setting of ioctl hooks to avoid race
1008 * with module unload.
1009 */
1010
1011static DEFINE_MUTEX(br_ioctl_mutex);
1012static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
1013
1014void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
1015{
1016        mutex_lock(&br_ioctl_mutex);
1017        br_ioctl_hook = hook;
1018        mutex_unlock(&br_ioctl_mutex);
1019}
1020EXPORT_SYMBOL(brioctl_set);
1021
1022static DEFINE_MUTEX(vlan_ioctl_mutex);
1023static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
1024
1025void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
1026{
1027        mutex_lock(&vlan_ioctl_mutex);
1028        vlan_ioctl_hook = hook;
1029        mutex_unlock(&vlan_ioctl_mutex);
1030}
1031EXPORT_SYMBOL(vlan_ioctl_set);
1032
1033static long sock_do_ioctl(struct net *net, struct socket *sock,
1034                          unsigned int cmd, unsigned long arg)
1035{
1036        int err;
1037        void __user *argp = (void __user *)arg;
1038
1039        err = sock->ops->ioctl(sock, cmd, arg);
1040
1041        /*
1042         * If this ioctl is unknown try to hand it down
1043         * to the NIC driver.
1044         */
1045        if (err != -ENOIOCTLCMD)
1046                return err;
1047
1048        if (cmd == SIOCGIFCONF) {
1049                struct ifconf ifc;
1050                if (copy_from_user(&ifc, argp, sizeof(struct ifconf)))
1051                        return -EFAULT;
1052                rtnl_lock();
1053                err = dev_ifconf(net, &ifc, sizeof(struct ifreq));
1054                rtnl_unlock();
1055                if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf)))
1056                        err = -EFAULT;
1057        } else if (is_socket_ioctl_cmd(cmd)) {
1058                struct ifreq ifr;
1059                bool need_copyout;
1060                if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1061                        return -EFAULT;
1062                err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1063                if (!err && need_copyout)
1064                        if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1065                                return -EFAULT;
1066        } else {
1067                err = -ENOTTY;
1068        }
1069        return err;
1070}
1071
1072/*
1073 *      With an ioctl, arg may well be a user mode pointer, but we don't know
1074 *      what to do with it - that's up to the protocol still.
1075 */
1076
1077static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1078{
1079        struct socket *sock;
1080        struct sock *sk;
1081        void __user *argp = (void __user *)arg;
1082        int pid, err;
1083        struct net *net;
1084
1085        sock = file->private_data;
1086        sk = sock->sk;
1087        net = sock_net(sk);
1088        if (unlikely(cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))) {
1089                struct ifreq ifr;
1090                bool need_copyout;
1091                if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1092                        return -EFAULT;
1093                err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1094                if (!err && need_copyout)
1095                        if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1096                                return -EFAULT;
1097        } else
1098#ifdef CONFIG_WEXT_CORE
1099        if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1100                err = wext_handle_ioctl(net, cmd, argp);
1101        } else
1102#endif
1103                switch (cmd) {
1104                case FIOSETOWN:
1105                case SIOCSPGRP:
1106                        err = -EFAULT;
1107                        if (get_user(pid, (int __user *)argp))
1108                                break;
1109                        err = f_setown(sock->file, pid, 1);
1110                        break;
1111                case FIOGETOWN:
1112                case SIOCGPGRP:
1113                        err = put_user(f_getown(sock->file),
1114                                       (int __user *)argp);
1115                        break;
1116                case SIOCGIFBR:
1117                case SIOCSIFBR:
1118                case SIOCBRADDBR:
1119                case SIOCBRDELBR:
1120                        err = -ENOPKG;
1121                        if (!br_ioctl_hook)
1122                                request_module("bridge");
1123
1124                        mutex_lock(&br_ioctl_mutex);
1125                        if (br_ioctl_hook)
1126                                err = br_ioctl_hook(net, cmd, argp);
1127                        mutex_unlock(&br_ioctl_mutex);
1128                        break;
1129                case SIOCGIFVLAN:
1130                case SIOCSIFVLAN:
1131                        err = -ENOPKG;
1132                        if (!vlan_ioctl_hook)
1133                                request_module("8021q");
1134
1135                        mutex_lock(&vlan_ioctl_mutex);
1136                        if (vlan_ioctl_hook)
1137                                err = vlan_ioctl_hook(net, argp);
1138                        mutex_unlock(&vlan_ioctl_mutex);
1139                        break;
1140                case SIOCGSKNS:
1141                        err = -EPERM;
1142                        if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1143                                break;
1144
1145                        err = open_related_ns(&net->ns, get_net_ns);
1146                        break;
1147                case SIOCGSTAMP_OLD:
1148                case SIOCGSTAMPNS_OLD:
1149                        if (!sock->ops->gettstamp) {
1150                                err = -ENOIOCTLCMD;
1151                                break;
1152                        }
1153                        err = sock->ops->gettstamp(sock, argp,
1154                                                   cmd == SIOCGSTAMP_OLD,
1155                                                   !IS_ENABLED(CONFIG_64BIT));
1156                        break;
1157                case SIOCGSTAMP_NEW:
1158                case SIOCGSTAMPNS_NEW:
1159                        if (!sock->ops->gettstamp) {
1160                                err = -ENOIOCTLCMD;
1161                                break;
1162                        }
1163                        err = sock->ops->gettstamp(sock, argp,
1164                                                   cmd == SIOCGSTAMP_NEW,
1165                                                   false);
1166                        break;
1167                default:
1168                        err = sock_do_ioctl(net, sock, cmd, arg);
1169                        break;
1170                }
1171        return err;
1172}
1173
1174/**
1175 *      sock_create_lite - creates a socket
1176 *      @family: protocol family (AF_INET, ...)
1177 *      @type: communication type (SOCK_STREAM, ...)
1178 *      @protocol: protocol (0, ...)
1179 *      @res: new socket
1180 *
1181 *      Creates a new socket and assigns it to @res, passing through LSM.
1182 *      The new socket initialization is not complete, see kernel_accept().
1183 *      Returns 0 or an error. On failure @res is set to %NULL.
1184 *      This function internally uses GFP_KERNEL.
1185 */
1186
1187int sock_create_lite(int family, int type, int protocol, struct socket **res)
1188{
1189        int err;
1190        struct socket *sock = NULL;
1191
1192        err = security_socket_create(family, type, protocol, 1);
1193        if (err)
1194                goto out;
1195
1196        sock = sock_alloc();
1197        if (!sock) {
1198                err = -ENOMEM;
1199                goto out;
1200        }
1201
1202        sock->type = type;
1203        err = security_socket_post_create(sock, family, type, protocol, 1);
1204        if (err)
1205                goto out_release;
1206
1207out:
1208        *res = sock;
1209        return err;
1210out_release:
1211        sock_release(sock);
1212        sock = NULL;
1213        goto out;
1214}
1215EXPORT_SYMBOL(sock_create_lite);
1216
1217/* No kernel lock held - perfect */
1218static __poll_t sock_poll(struct file *file, poll_table *wait)
1219{
1220        struct socket *sock = file->private_data;
1221        __poll_t events = poll_requested_events(wait), flag = 0;
1222
1223        if (!sock->ops->poll)
1224                return 0;
1225
1226        if (sk_can_busy_loop(sock->sk)) {
1227                /* poll once if requested by the syscall */
1228                if (events & POLL_BUSY_LOOP)
1229                        sk_busy_loop(sock->sk, 1);
1230
1231                /* if this socket can poll_ll, tell the system call */
1232                flag = POLL_BUSY_LOOP;
1233        }
1234
1235        return sock->ops->poll(file, sock, wait) | flag;
1236}
1237
1238static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1239{
1240        struct socket *sock = file->private_data;
1241
1242        return sock->ops->mmap(file, sock, vma);
1243}
1244
1245static int sock_close(struct inode *inode, struct file *filp)
1246{
1247        __sock_release(SOCKET_I(inode), inode);
1248        return 0;
1249}
1250
1251/*
1252 *      Update the socket async list
1253 *
1254 *      Fasync_list locking strategy.
1255 *
1256 *      1. fasync_list is modified only under process context socket lock
1257 *         i.e. under semaphore.
1258 *      2. fasync_list is used under read_lock(&sk->sk_callback_lock)
1259 *         or under socket lock
1260 */
1261
1262static int sock_fasync(int fd, struct file *filp, int on)
1263{
1264        struct socket *sock = filp->private_data;
1265        struct sock *sk = sock->sk;
1266        struct socket_wq *wq = &sock->wq;
1267
1268        if (sk == NULL)
1269                return -EINVAL;
1270
1271        lock_sock(sk);
1272        fasync_helper(fd, filp, on, &wq->fasync_list);
1273
1274        if (!wq->fasync_list)
1275                sock_reset_flag(sk, SOCK_FASYNC);
1276        else
1277                sock_set_flag(sk, SOCK_FASYNC);
1278
1279        release_sock(sk);
1280        return 0;
1281}
1282
1283/* This function may be called only under rcu_lock */
1284
1285int sock_wake_async(struct socket_wq *wq, int how, int band)
1286{
1287        if (!wq || !wq->fasync_list)
1288                return -1;
1289
1290        switch (how) {
1291        case SOCK_WAKE_WAITD:
1292                if (test_bit(SOCKWQ_ASYNC_WAITDATA, &wq->flags))
1293                        break;
1294                goto call_kill;
1295        case SOCK_WAKE_SPACE:
1296                if (!test_and_clear_bit(SOCKWQ_ASYNC_NOSPACE, &wq->flags))
1297                        break;
1298                fallthrough;
1299        case SOCK_WAKE_IO:
1300call_kill:
1301                kill_fasync(&wq->fasync_list, SIGIO, band);
1302                break;
1303        case SOCK_WAKE_URG:
1304                kill_fasync(&wq->fasync_list, SIGURG, band);
1305        }
1306
1307        return 0;
1308}
1309EXPORT_SYMBOL(sock_wake_async);
1310
1311/**
1312 *      __sock_create - creates a socket
1313 *      @net: net namespace
1314 *      @family: protocol family (AF_INET, ...)
1315 *      @type: communication type (SOCK_STREAM, ...)
1316 *      @protocol: protocol (0, ...)
1317 *      @res: new socket
1318 *      @kern: boolean for kernel space sockets
1319 *
1320 *      Creates a new socket and assigns it to @res, passing through LSM.
1321 *      Returns 0 or an error. On failure @res is set to %NULL. @kern must
1322 *      be set to true if the socket resides in kernel space.
1323 *      This function internally uses GFP_KERNEL.
1324 */
1325
1326int __sock_create(struct net *net, int family, int type, int protocol,
1327                         struct socket **res, int kern)
1328{
1329        int err;
1330        struct socket *sock;
1331        const struct net_proto_family *pf;
1332
1333        /*
1334         *      Check protocol is in range
1335         */
1336        if (family < 0 || family >= NPROTO)
1337                return -EAFNOSUPPORT;
1338        if (type < 0 || type >= SOCK_MAX)
1339                return -EINVAL;
1340
1341        /* Compatibility.
1342
1343           This uglymoron is moved from INET layer to here to avoid
1344           deadlock in module load.
1345         */
1346        if (family == PF_INET && type == SOCK_PACKET) {
1347                pr_info_once("%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1348                             current->comm);
1349                family = PF_PACKET;
1350        }
1351
1352        err = security_socket_create(family, type, protocol, kern);
1353        if (err)
1354                return err;
1355
1356        /*
1357         *      Allocate the socket and allow the family to set things up. if
1358         *      the protocol is 0, the family is instructed to select an appropriate
1359         *      default.
1360         */
1361        sock = sock_alloc();
1362        if (!sock) {
1363                net_warn_ratelimited("socket: no more sockets\n");
1364                return -ENFILE; /* Not exactly a match, but its the
1365                                   closest posix thing */
1366        }
1367
1368        sock->type = type;
1369
1370#ifdef CONFIG_MODULES
1371        /* Attempt to load a protocol module if the find failed.
1372         *
1373         * 12/09/1996 Marcin: But! this makes REALLY only sense, if the user
1374         * requested real, full-featured networking support upon configuration.
1375         * Otherwise module support will break!
1376         */
1377        if (rcu_access_pointer(net_families[family]) == NULL)
1378                request_module("net-pf-%d", family);
1379#endif
1380
1381        rcu_read_lock();
1382        pf = rcu_dereference(net_families[family]);
1383        err = -EAFNOSUPPORT;
1384        if (!pf)
1385                goto out_release;
1386
1387        /*
1388         * We will call the ->create function, that possibly is in a loadable
1389         * module, so we have to bump that loadable module refcnt first.
1390         */
1391        if (!try_module_get(pf->owner))
1392                goto out_release;
1393
1394        /* Now protected by module ref count */
1395        rcu_read_unlock();
1396
1397        err = pf->create(net, sock, protocol, kern);
1398        if (err < 0)
1399                goto out_module_put;
1400
1401        /*
1402         * Now to bump the refcnt of the [loadable] module that owns this
1403         * socket at sock_release time we decrement its refcnt.
1404         */
1405        if (!try_module_get(sock->ops->owner))
1406                goto out_module_busy;
1407
1408        /*
1409         * Now that we're done with the ->create function, the [loadable]
1410         * module can have its refcnt decremented
1411         */
1412        module_put(pf->owner);
1413        err = security_socket_post_create(sock, family, type, protocol, kern);
1414        if (err)
1415                goto out_sock_release;
1416        *res = sock;
1417
1418        return 0;
1419
1420out_module_busy:
1421        err = -EAFNOSUPPORT;
1422out_module_put:
1423        sock->ops = NULL;
1424        module_put(pf->owner);
1425out_sock_release:
1426        sock_release(sock);
1427        return err;
1428
1429out_release:
1430        rcu_read_unlock();
1431        goto out_sock_release;
1432}
1433EXPORT_SYMBOL(__sock_create);
1434
1435/**
1436 *      sock_create - creates a socket
1437 *      @family: protocol family (AF_INET, ...)
1438 *      @type: communication type (SOCK_STREAM, ...)
1439 *      @protocol: protocol (0, ...)
1440 *      @res: new socket
1441 *
1442 *      A wrapper around __sock_create().
1443 *      Returns 0 or an error. This function internally uses GFP_KERNEL.
1444 */
1445
1446int sock_create(int family, int type, int protocol, struct socket **res)
1447{
1448        return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1449}
1450EXPORT_SYMBOL(sock_create);
1451
1452/**
1453 *      sock_create_kern - creates a socket (kernel space)
1454 *      @net: net namespace
1455 *      @family: protocol family (AF_INET, ...)
1456 *      @type: communication type (SOCK_STREAM, ...)
1457 *      @protocol: protocol (0, ...)
1458 *      @res: new socket
1459 *
1460 *      A wrapper around __sock_create().
1461 *      Returns 0 or an error. This function internally uses GFP_KERNEL.
1462 */
1463
1464int sock_create_kern(struct net *net, int family, int type, int protocol, struct socket **res)
1465{
1466        return __sock_create(net, family, type, protocol, res, 1);
1467}
1468EXPORT_SYMBOL(sock_create_kern);
1469
1470int __sys_socket(int family, int type, int protocol)
1471{
1472        int retval;
1473        struct socket *sock;
1474        int flags;
1475
1476        /* Check the SOCK_* constants for consistency.  */
1477        BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1478        BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1479        BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1480        BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1481
1482        flags = type & ~SOCK_TYPE_MASK;
1483        if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1484                return -EINVAL;
1485        type &= SOCK_TYPE_MASK;
1486
1487        if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1488                flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1489
1490        retval = sock_create(family, type, protocol, &sock);
1491        if (retval < 0)
1492                return retval;
1493
1494        return sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1495}
1496
1497SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1498{
1499        return __sys_socket(family, type, protocol);
1500}
1501
1502/*
1503 *      Create a pair of connected sockets.
1504 */
1505
1506int __sys_socketpair(int family, int type, int protocol, int __user *usockvec)
1507{
1508        struct socket *sock1, *sock2;
1509        int fd1, fd2, err;
1510        struct file *newfile1, *newfile2;
1511        int flags;
1512
1513        flags = type & ~SOCK_TYPE_MASK;
1514        if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1515                return -EINVAL;
1516        type &= SOCK_TYPE_MASK;
1517
1518        if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1519                flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1520
1521        /*
1522         * reserve descriptors and make sure we won't fail
1523         * to return them to userland.
1524         */
1525        fd1 = get_unused_fd_flags(flags);
1526        if (unlikely(fd1 < 0))
1527                return fd1;
1528
1529        fd2 = get_unused_fd_flags(flags);
1530        if (unlikely(fd2 < 0)) {
1531                put_unused_fd(fd1);
1532                return fd2;
1533        }
1534
1535        err = put_user(fd1, &usockvec[0]);
1536        if (err)
1537                goto out;
1538
1539        err = put_user(fd2, &usockvec[1]);
1540        if (err)
1541                goto out;
1542
1543        /*
1544         * Obtain the first socket and check if the underlying protocol
1545         * supports the socketpair call.
1546         */
1547
1548        err = sock_create(family, type, protocol, &sock1);
1549        if (unlikely(err < 0))
1550                goto out;
1551
1552        err = sock_create(family, type, protocol, &sock2);
1553        if (unlikely(err < 0)) {
1554                sock_release(sock1);
1555                goto out;
1556        }
1557
1558        err = security_socket_socketpair(sock1, sock2);
1559        if (unlikely(err)) {
1560                sock_release(sock2);
1561                sock_release(sock1);
1562                goto out;
1563        }
1564
1565        err = sock1->ops->socketpair(sock1, sock2);
1566        if (unlikely(err < 0)) {
1567                sock_release(sock2);
1568                sock_release(sock1);
1569                goto out;
1570        }
1571
1572        newfile1 = sock_alloc_file(sock1, flags, NULL);
1573        if (IS_ERR(newfile1)) {
1574                err = PTR_ERR(newfile1);
1575                sock_release(sock2);
1576                goto out;
1577        }
1578
1579        newfile2 = sock_alloc_file(sock2, flags, NULL);
1580        if (IS_ERR(newfile2)) {
1581                err = PTR_ERR(newfile2);
1582                fput(newfile1);
1583                goto out;
1584        }
1585
1586        audit_fd_pair(fd1, fd2);
1587
1588        fd_install(fd1, newfile1);
1589        fd_install(fd2, newfile2);
1590        return 0;
1591
1592out:
1593        put_unused_fd(fd2);
1594        put_unused_fd(fd1);
1595        return err;
1596}
1597
1598SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1599                int __user *, usockvec)
1600{
1601        return __sys_socketpair(family, type, protocol, usockvec);
1602}
1603
1604/*
1605 *      Bind a name to a socket. Nothing much to do here since it's
1606 *      the protocol's responsibility to handle the local address.
1607 *
1608 *      We move the socket address to kernel space before we call
1609 *      the protocol layer (having also checked the address is ok).
1610 */
1611
1612int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1613{
1614        struct socket *sock;
1615        struct sockaddr_storage address;
1616        int err, fput_needed;
1617
1618        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1619        if (sock) {
1620                err = move_addr_to_kernel(umyaddr, addrlen, &address);
1621                if (!err) {
1622                        err = security_socket_bind(sock,
1623                                                   (struct sockaddr *)&address,
1624                                                   addrlen);
1625                        if (!err)
1626                                err = sock->ops->bind(sock,
1627                                                      (struct sockaddr *)
1628                                                      &address, addrlen);
1629                }
1630                fput_light(sock->file, fput_needed);
1631        }
1632        return err;
1633}
1634
1635SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1636{
1637        return __sys_bind(fd, umyaddr, addrlen);
1638}
1639
1640/*
1641 *      Perform a listen. Basically, we allow the protocol to do anything
1642 *      necessary for a listen, and if that works, we mark the socket as
1643 *      ready for listening.
1644 */
1645
1646int __sys_listen(int fd, int backlog)
1647{
1648        struct socket *sock;
1649        int err, fput_needed;
1650        int somaxconn;
1651
1652        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1653        if (sock) {
1654                somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1655                if ((unsigned int)backlog > somaxconn)
1656                        backlog = somaxconn;
1657
1658                err = security_socket_listen(sock, backlog);
1659                if (!err)
1660                        err = sock->ops->listen(sock, backlog);
1661
1662                fput_light(sock->file, fput_needed);
1663        }
1664        return err;
1665}
1666
1667SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1668{
1669        return __sys_listen(fd, backlog);
1670}
1671
1672int __sys_accept4_file(struct file *file, unsigned file_flags,
1673                       struct sockaddr __user *upeer_sockaddr,
1674                       int __user *upeer_addrlen, int flags,
1675                       unsigned long nofile)
1676{
1677        struct socket *sock, *newsock;
1678        struct file *newfile;
1679        int err, len, newfd;
1680        struct sockaddr_storage address;
1681
1682        if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1683                return -EINVAL;
1684
1685        if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1686                flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1687
1688        sock = sock_from_file(file);
1689        if (!sock) {
1690                err = -ENOTSOCK;
1691                goto out;
1692        }
1693
1694        err = -ENFILE;
1695        newsock = sock_alloc();
1696        if (!newsock)
1697                goto out;
1698
1699        newsock->type = sock->type;
1700        newsock->ops = sock->ops;
1701
1702        /*
1703         * We don't need try_module_get here, as the listening socket (sock)
1704         * has the protocol module (sock->ops->owner) held.
1705         */
1706        __module_get(newsock->ops->owner);
1707
1708        newfd = __get_unused_fd_flags(flags, nofile);
1709        if (unlikely(newfd < 0)) {
1710                err = newfd;
1711                sock_release(newsock);
1712                goto out;
1713        }
1714        newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
1715        if (IS_ERR(newfile)) {
1716                err = PTR_ERR(newfile);
1717                put_unused_fd(newfd);
1718                goto out;
1719        }
1720
1721        err = security_socket_accept(sock, newsock);
1722        if (err)
1723                goto out_fd;
1724
1725        err = sock->ops->accept(sock, newsock, sock->file->f_flags | file_flags,
1726                                        false);
1727        if (err < 0)
1728                goto out_fd;
1729
1730        if (upeer_sockaddr) {
1731                len = newsock->ops->getname(newsock,
1732                                        (struct sockaddr *)&address, 2);
1733                if (len < 0) {
1734                        err = -ECONNABORTED;
1735                        goto out_fd;
1736                }
1737                err = move_addr_to_user(&address,
1738                                        len, upeer_sockaddr, upeer_addrlen);
1739                if (err < 0)
1740                        goto out_fd;
1741        }
1742
1743        /* File flags are not inherited via accept() unlike another OSes. */
1744
1745        fd_install(newfd, newfile);
1746        err = newfd;
1747out:
1748        return err;
1749out_fd:
1750        fput(newfile);
1751        put_unused_fd(newfd);
1752        goto out;
1753
1754}
1755
1756/*
1757 *      For accept, we attempt to create a new socket, set up the link
1758 *      with the client, wake up the client, then return the new
1759 *      connected fd. We collect the address of the connector in kernel
1760 *      space and move it to user at the very end. This is unclean because
1761 *      we open the socket then return an error.
1762 *
1763 *      1003.1g adds the ability to recvmsg() to query connection pending
1764 *      status to recvmsg. We need to add that support in a way thats
1765 *      clean when we restructure accept also.
1766 */
1767
1768int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr,
1769                  int __user *upeer_addrlen, int flags)
1770{
1771        int ret = -EBADF;
1772        struct fd f;
1773
1774        f = fdget(fd);
1775        if (f.file) {
1776                ret = __sys_accept4_file(f.file, 0, upeer_sockaddr,
1777                                                upeer_addrlen, flags,
1778                                                rlimit(RLIMIT_NOFILE));
1779                fdput(f);
1780        }
1781
1782        return ret;
1783}
1784
1785SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1786                int __user *, upeer_addrlen, int, flags)
1787{
1788        return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, flags);
1789}
1790
1791SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1792                int __user *, upeer_addrlen)
1793{
1794        return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1795}
1796
1797/*
1798 *      Attempt to connect to a socket with the server address.  The address
1799 *      is in user space so we verify it is OK and move it to kernel space.
1800 *
1801 *      For 1003.1g we need to add clean support for a bind to AF_UNSPEC to
1802 *      break bindings
1803 *
1804 *      NOTE: 1003.1g draft 6.3 is broken with respect to AX.25/NetROM and
1805 *      other SEQPACKET protocols that take time to connect() as it doesn't
1806 *      include the -EINPROGRESS status for such sockets.
1807 */
1808
1809int __sys_connect_file(struct file *file, struct sockaddr_storage *address,
1810                       int addrlen, int file_flags)
1811{
1812        struct socket *sock;
1813        int err;
1814
1815        sock = sock_from_file(file);
1816        if (!sock) {
1817                err = -ENOTSOCK;
1818                goto out;
1819        }
1820
1821        err =
1822            security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1823        if (err)
1824                goto out;
1825
1826        err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1827                                 sock->file->f_flags | file_flags);
1828out:
1829        return err;
1830}
1831
1832int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
1833{
1834        int ret = -EBADF;
1835        struct fd f;
1836
1837        f = fdget(fd);
1838        if (f.file) {
1839                struct sockaddr_storage address;
1840
1841                ret = move_addr_to_kernel(uservaddr, addrlen, &address);
1842                if (!ret)
1843                        ret = __sys_connect_file(f.file, &address, addrlen, 0);
1844                fdput(f);
1845        }
1846
1847        return ret;
1848}
1849
1850SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1851                int, addrlen)
1852{
1853        return __sys_connect(fd, uservaddr, addrlen);
1854}
1855
1856/*
1857 *      Get the local address ('name') of a socket object. Move the obtained
1858 *      name to user space.
1859 */
1860
1861int __sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1862                      int __user *usockaddr_len)
1863{
1864        struct socket *sock;
1865        struct sockaddr_storage address;
1866        int err, fput_needed;
1867
1868        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1869        if (!sock)
1870                goto out;
1871
1872        err = security_socket_getsockname(sock);
1873        if (err)
1874                goto out_put;
1875
1876        err = sock->ops->getname(sock, (struct sockaddr *)&address, 0);
1877        if (err < 0)
1878                goto out_put;
1879        /* "err" is actually length in this case */
1880        err = move_addr_to_user(&address, err, usockaddr, usockaddr_len);
1881
1882out_put:
1883        fput_light(sock->file, fput_needed);
1884out:
1885        return err;
1886}
1887
1888SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1889                int __user *, usockaddr_len)
1890{
1891        return __sys_getsockname(fd, usockaddr, usockaddr_len);
1892}
1893
1894/*
1895 *      Get the remote address ('name') of a socket object. Move the obtained
1896 *      name to user space.
1897 */
1898
1899int __sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1900                      int __user *usockaddr_len)
1901{
1902        struct socket *sock;
1903        struct sockaddr_storage address;
1904        int err, fput_needed;
1905
1906        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1907        if (sock != NULL) {
1908                err = security_socket_getpeername(sock);
1909                if (err) {
1910                        fput_light(sock->file, fput_needed);
1911                        return err;
1912                }
1913
1914                err = sock->ops->getname(sock, (struct sockaddr *)&address, 1);
1915                if (err >= 0)
1916                        /* "err" is actually length in this case */
1917                        err = move_addr_to_user(&address, err, usockaddr,
1918                                                usockaddr_len);
1919                fput_light(sock->file, fput_needed);
1920        }
1921        return err;
1922}
1923
1924SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1925                int __user *, usockaddr_len)
1926{
1927        return __sys_getpeername(fd, usockaddr, usockaddr_len);
1928}
1929
1930/*
1931 *      Send a datagram to a given address. We move the address into kernel
1932 *      space and check the user space data area is readable before invoking
1933 *      the protocol.
1934 */
1935int __sys_sendto(int fd, void __user *buff, size_t len, unsigned int flags,
1936                 struct sockaddr __user *addr,  int addr_len)
1937{
1938        struct socket *sock;
1939        struct sockaddr_storage address;
1940        int err;
1941        struct msghdr msg;
1942        struct iovec iov;
1943        int fput_needed;
1944
1945        err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
1946        if (unlikely(err))
1947                return err;
1948        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1949        if (!sock)
1950                goto out;
1951
1952        msg.msg_name = NULL;
1953        msg.msg_control = NULL;
1954        msg.msg_controllen = 0;
1955        msg.msg_namelen = 0;
1956        if (addr) {
1957                err = move_addr_to_kernel(addr, addr_len, &address);
1958                if (err < 0)
1959                        goto out_put;
1960                msg.msg_name = (struct sockaddr *)&address;
1961                msg.msg_namelen = addr_len;
1962        }
1963        if (sock->file->f_flags & O_NONBLOCK)
1964                flags |= MSG_DONTWAIT;
1965        msg.msg_flags = flags;
1966        err = sock_sendmsg(sock, &msg);
1967
1968out_put:
1969        fput_light(sock->file, fput_needed);
1970out:
1971        return err;
1972}
1973
1974SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
1975                unsigned int, flags, struct sockaddr __user *, addr,
1976                int, addr_len)
1977{
1978        return __sys_sendto(fd, buff, len, flags, addr, addr_len);
1979}
1980
1981/*
1982 *      Send a datagram down a socket.
1983 */
1984
1985SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
1986                unsigned int, flags)
1987{
1988        return __sys_sendto(fd, buff, len, flags, NULL, 0);
1989}
1990
1991/*
1992 *      Receive a frame from the socket and optionally record the address of the
1993 *      sender. We verify the buffers are writable and if needed move the
1994 *      sender address from kernel to user space.
1995 */
1996int __sys_recvfrom(int fd, void __user *ubuf, size_t size, unsigned int flags,
1997                   struct sockaddr __user *addr, int __user *addr_len)
1998{
1999        struct socket *sock;
2000        struct iovec iov;
2001        struct msghdr msg;
2002        struct sockaddr_storage address;
2003        int err, err2;
2004        int fput_needed;
2005
2006        err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
2007        if (unlikely(err))
2008                return err;
2009        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2010        if (!sock)
2011                goto out;
2012
2013        msg.msg_control = NULL;
2014        msg.msg_controllen = 0;
2015        /* Save some cycles and don't copy the address if not needed */
2016        msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
2017        /* We assume all kernel code knows the size of sockaddr_storage */
2018        msg.msg_namelen = 0;
2019        msg.msg_iocb = NULL;
2020        msg.msg_flags = 0;
2021        if (sock->file->f_flags & O_NONBLOCK)
2022                flags |= MSG_DONTWAIT;
2023        err = sock_recvmsg(sock, &msg, flags);
2024
2025        if (err >= 0 && addr != NULL) {
2026                err2 = move_addr_to_user(&address,
2027                                         msg.msg_namelen, addr, addr_len);
2028                if (err2 < 0)
2029                        err = err2;
2030        }
2031
2032        fput_light(sock->file, fput_needed);
2033out:
2034        return err;
2035}
2036
2037SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
2038                unsigned int, flags, struct sockaddr __user *, addr,
2039                int __user *, addr_len)
2040{
2041        return __sys_recvfrom(fd, ubuf, size, flags, addr, addr_len);
2042}
2043
2044/*
2045 *      Receive a datagram from a socket.
2046 */
2047
2048SYSCALL_DEFINE4(recv, int, fd, void __user *, ubuf, size_t, size,
2049                unsigned int, flags)
2050{
2051        return __sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
2052}
2053
2054static bool sock_use_custom_sol_socket(const struct socket *sock)
2055{
2056        const struct sock *sk = sock->sk;
2057
2058        /* Use sock->ops->setsockopt() for MPTCP */
2059        return IS_ENABLED(CONFIG_MPTCP) &&
2060               sk->sk_protocol == IPPROTO_MPTCP &&
2061               sk->sk_type == SOCK_STREAM &&
2062               (sk->sk_family == AF_INET || sk->sk_family == AF_INET6);
2063}
2064
2065/*
2066 *      Set a socket option. Because we don't know the option lengths we have
2067 *      to pass the user mode parameter for the protocols to sort out.
2068 */
2069int __sys_setsockopt(int fd, int level, int optname, char __user *user_optval,
2070                int optlen)
2071{
2072        sockptr_t optval = USER_SOCKPTR(user_optval);
2073        char *kernel_optval = NULL;
2074        int err, fput_needed;
2075        struct socket *sock;
2076
2077        if (optlen < 0)
2078                return -EINVAL;
2079
2080        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2081        if (!sock)
2082                return err;
2083
2084        err = security_socket_setsockopt(sock, level, optname);
2085        if (err)
2086                goto out_put;
2087
2088        if (!in_compat_syscall())
2089                err = BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock->sk, &level, &optname,
2090                                                     user_optval, &optlen,
2091                                                     &kernel_optval);
2092        if (err < 0)
2093                goto out_put;
2094        if (err > 0) {
2095                err = 0;
2096                goto out_put;
2097        }
2098
2099        if (kernel_optval)
2100                optval = KERNEL_SOCKPTR(kernel_optval);
2101        if (level == SOL_SOCKET && !sock_use_custom_sol_socket(sock))
2102                err = sock_setsockopt(sock, level, optname, optval, optlen);
2103        else if (unlikely(!sock->ops->setsockopt))
2104                err = -EOPNOTSUPP;
2105        else
2106                err = sock->ops->setsockopt(sock, level, optname, optval,
2107                                            optlen);
2108        kfree(kernel_optval);
2109out_put:
2110        fput_light(sock->file, fput_needed);
2111        return err;
2112}
2113
2114SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
2115                char __user *, optval, int, optlen)
2116{
2117        return __sys_setsockopt(fd, level, optname, optval, optlen);
2118}
2119
2120INDIRECT_CALLABLE_DECLARE(bool tcp_bpf_bypass_getsockopt(int level,
2121                                                         int optname));
2122
2123/*
2124 *      Get a socket option. Because we don't know the option lengths we have
2125 *      to pass a user mode parameter for the protocols to sort out.
2126 */
2127int __sys_getsockopt(int fd, int level, int optname, char __user *optval,
2128                int __user *optlen)
2129{
2130        int err, fput_needed;
2131        struct socket *sock;
2132        int max_optlen;
2133
2134        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2135        if (!sock)
2136                return err;
2137
2138        err = security_socket_getsockopt(sock, level, optname);
2139        if (err)
2140                goto out_put;
2141
2142        if (!in_compat_syscall())
2143                max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);
2144
2145        if (level == SOL_SOCKET)
2146                err = sock_getsockopt(sock, level, optname, optval, optlen);
2147        else if (unlikely(!sock->ops->getsockopt))
2148                err = -EOPNOTSUPP;
2149        else
2150                err = sock->ops->getsockopt(sock, level, optname, optval,
2151                                            optlen);
2152
2153        if (!in_compat_syscall())
2154                err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
2155                                                     optval, optlen, max_optlen,
2156                                                     err);
2157out_put:
2158        fput_light(sock->file, fput_needed);
2159        return err;
2160}
2161
2162SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
2163                char __user *, optval, int __user *, optlen)
2164{
2165        return __sys_getsockopt(fd, level, optname, optval, optlen);
2166}
2167
2168/*
2169 *      Shutdown a socket.
2170 */
2171
2172int __sys_shutdown_sock(struct socket *sock, int how)
2173{
2174        int err;
2175
2176        err = security_socket_shutdown(sock, how);
2177        if (!err)
2178                err = sock->ops->shutdown(sock, how);
2179
2180        return err;
2181}
2182
2183int __sys_shutdown(int fd, int how)
2184{
2185        int err, fput_needed;
2186        struct socket *sock;
2187
2188        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2189        if (sock != NULL) {
2190                err = __sys_shutdown_sock(sock, how);
2191                fput_light(sock->file, fput_needed);
2192        }
2193        return err;
2194}
2195
2196SYSCALL_DEFINE2(shutdown, int, fd, int, how)
2197{
2198        return __sys_shutdown(fd, how);
2199}
2200
2201/* A couple of helpful macros for getting the address of the 32/64 bit
2202 * fields which are the same type (int / unsigned) on our platforms.
2203 */
2204#define COMPAT_MSG(msg, member) ((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
2205#define COMPAT_NAMELEN(msg)     COMPAT_MSG(msg, msg_namelen)
2206#define COMPAT_FLAGS(msg)       COMPAT_MSG(msg, msg_flags)
2207
2208struct used_address {
2209        struct sockaddr_storage name;
2210        unsigned int name_len;
2211};
2212
2213int __copy_msghdr_from_user(struct msghdr *kmsg,
2214                            struct user_msghdr __user *umsg,
2215                            struct sockaddr __user **save_addr,
2216                            struct iovec __user **uiov, size_t *nsegs)
2217{
2218        struct user_msghdr msg;
2219        ssize_t err;
2220
2221        if (copy_from_user(&msg, umsg, sizeof(*umsg)))
2222                return -EFAULT;
2223
2224        kmsg->msg_control_is_user = true;
2225        kmsg->msg_control_user = msg.msg_control;
2226        kmsg->msg_controllen = msg.msg_controllen;
2227        kmsg->msg_flags = msg.msg_flags;
2228
2229        kmsg->msg_namelen = msg.msg_namelen;
2230        if (!msg.msg_name)
2231                kmsg->msg_namelen = 0;
2232
2233        if (kmsg->msg_namelen < 0)
2234                return -EINVAL;
2235
2236        if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
2237                kmsg->msg_namelen = sizeof(struct sockaddr_storage);
2238
2239        if (save_addr)
2240                *save_addr = msg.msg_name;
2241
2242        if (msg.msg_name && kmsg->msg_namelen) {
2243                if (!save_addr) {
2244                        err = move_addr_to_kernel(msg.msg_name,
2245                                                  kmsg->msg_namelen,
2246                                                  kmsg->msg_name);
2247                        if (err < 0)
2248                                return err;
2249                }
2250        } else {
2251                kmsg->msg_name = NULL;
2252                kmsg->msg_namelen = 0;
2253        }
2254
2255        if (msg.msg_iovlen > UIO_MAXIOV)
2256                return -EMSGSIZE;
2257
2258        kmsg->msg_iocb = NULL;
2259        *uiov = msg.msg_iov;
2260        *nsegs = msg.msg_iovlen;
2261        return 0;
2262}
2263
2264static int copy_msghdr_from_user(struct msghdr *kmsg,
2265                                 struct user_msghdr __user *umsg,
2266                                 struct sockaddr __user **save_addr,
2267                                 struct iovec **iov)
2268{
2269        struct user_msghdr msg;
2270        ssize_t err;
2271
2272        err = __copy_msghdr_from_user(kmsg, umsg, save_addr, &msg.msg_iov,
2273                                        &msg.msg_iovlen);
2274        if (err)
2275                return err;
2276
2277        err = import_iovec(save_addr ? READ : WRITE,
2278                            msg.msg_iov, msg.msg_iovlen,
2279                            UIO_FASTIOV, iov, &kmsg->msg_iter);
2280        return err < 0 ? err : 0;
2281}
2282
2283static int ____sys_sendmsg(struct socket *sock, struct msghdr *msg_sys,
2284                           unsigned int flags, struct used_address *used_address,
2285                           unsigned int allowed_msghdr_flags)
2286{
2287        unsigned char ctl[sizeof(struct cmsghdr) + 20]
2288                                __aligned(sizeof(__kernel_size_t));
2289        /* 20 is size of ipv6_pktinfo */
2290        unsigned char *ctl_buf = ctl;
2291        int ctl_len;
2292        ssize_t err;
2293
2294        err = -ENOBUFS;
2295
2296        if (msg_sys->msg_controllen > INT_MAX)
2297                goto out;
2298        flags |= (msg_sys->msg_flags & allowed_msghdr_flags);
2299        ctl_len = msg_sys->msg_controllen;
2300        if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
2301                err =
2302                    cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
2303                                                     sizeof(ctl));
2304                if (err)
2305                        goto out;
2306                ctl_buf = msg_sys->msg_control;
2307                ctl_len = msg_sys->msg_controllen;
2308        } else if (ctl_len) {
2309                BUILD_BUG_ON(sizeof(struct cmsghdr) !=
2310                             CMSG_ALIGN(sizeof(struct cmsghdr)));
2311                if (ctl_len > sizeof(ctl)) {
2312                        ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
2313                        if (ctl_buf == NULL)
2314                                goto out;
2315                }
2316                err = -EFAULT;
2317                if (copy_from_user(ctl_buf, msg_sys->msg_control_user, ctl_len))
2318                        goto out_freectl;
2319                msg_sys->msg_control = ctl_buf;
2320                msg_sys->msg_control_is_user = false;
2321        }
2322        msg_sys->msg_flags = flags;
2323
2324        if (sock->file->f_flags & O_NONBLOCK)
2325                msg_sys->msg_flags |= MSG_DONTWAIT;
2326        /*
2327         * If this is sendmmsg() and current destination address is same as
2328         * previously succeeded address, omit asking LSM's decision.
2329         * used_address->name_len is initialized to UINT_MAX so that the first
2330         * destination address never matches.
2331         */
2332        if (used_address && msg_sys->msg_name &&
2333            used_address->name_len == msg_sys->msg_namelen &&
2334            !memcmp(&used_address->name, msg_sys->msg_name,
2335                    used_address->name_len)) {
2336                err = sock_sendmsg_nosec(sock, msg_sys);
2337                goto out_freectl;
2338        }
2339        err = sock_sendmsg(sock, msg_sys);
2340        /*
2341         * If this is sendmmsg() and sending to current destination address was
2342         * successful, remember it.
2343         */
2344        if (used_address && err >= 0) {
2345                used_address->name_len = msg_sys->msg_namelen;
2346                if (msg_sys->msg_name)
2347                        memcpy(&used_address->name, msg_sys->msg_name,
2348                               used_address->name_len);
2349        }
2350
2351out_freectl:
2352        if (ctl_buf != ctl)
2353                sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2354out:
2355        return err;
2356}
2357
2358int sendmsg_copy_msghdr(struct msghdr *msg,
2359                        struct user_msghdr __user *umsg, unsigned flags,
2360                        struct iovec **iov)
2361{
2362        int err;
2363
2364        if (flags & MSG_CMSG_COMPAT) {
2365                struct compat_msghdr __user *msg_compat;
2366
2367                msg_compat = (struct compat_msghdr __user *) umsg;
2368                err = get_compat_msghdr(msg, msg_compat, NULL, iov);
2369        } else {
2370                err = copy_msghdr_from_user(msg, umsg, NULL, iov);
2371        }
2372        if (err < 0)
2373                return err;
2374
2375        return 0;
2376}
2377
2378static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
2379                         struct msghdr *msg_sys, unsigned int flags,
2380                         struct used_address *used_address,
2381                         unsigned int allowed_msghdr_flags)
2382{
2383        struct sockaddr_storage address;
2384        struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2385        ssize_t err;
2386
2387        msg_sys->msg_name = &address;
2388
2389        err = sendmsg_copy_msghdr(msg_sys, msg, flags, &iov);
2390        if (err < 0)
2391                return err;
2392
2393        err = ____sys_sendmsg(sock, msg_sys, flags, used_address,
2394                                allowed_msghdr_flags);
2395        kfree(iov);
2396        return err;
2397}
2398
2399/*
2400 *      BSD sendmsg interface
2401 */
2402long __sys_sendmsg_sock(struct socket *sock, struct msghdr *msg,
2403                        unsigned int flags)
2404{
2405        return ____sys_sendmsg(sock, msg, flags, NULL, 0);
2406}
2407
2408long __sys_sendmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2409                   bool forbid_cmsg_compat)
2410{
2411        int fput_needed, err;
2412        struct msghdr msg_sys;
2413        struct socket *sock;
2414
2415        if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2416                return -EINVAL;
2417
2418        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2419        if (!sock)
2420                goto out;
2421
2422        err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL, 0);
2423
2424        fput_light(sock->file, fput_needed);
2425out:
2426        return err;
2427}
2428
2429SYSCALL_DEFINE3(sendmsg, int, fd, struct user_msghdr __user *, msg, unsigned int, flags)
2430{
2431        return __sys_sendmsg(fd, msg, flags, true);
2432}
2433
2434/*
2435 *      Linux sendmmsg interface
2436 */
2437
2438int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2439                   unsigned int flags, bool forbid_cmsg_compat)
2440{
2441        int fput_needed, err, datagrams;
2442        struct socket *sock;
2443        struct mmsghdr __user *entry;
2444        struct compat_mmsghdr __user *compat_entry;
2445        struct msghdr msg_sys;
2446        struct used_address used_address;
2447        unsigned int oflags = flags;
2448
2449        if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2450                return -EINVAL;
2451
2452        if (vlen > UIO_MAXIOV)
2453                vlen = UIO_MAXIOV;
2454
2455        datagrams = 0;
2456
2457        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2458        if (!sock)
2459                return err;
2460
2461        used_address.name_len = UINT_MAX;
2462        entry = mmsg;
2463        compat_entry = (struct compat_mmsghdr __user *)mmsg;
2464        err = 0;
2465        flags |= MSG_BATCH;
2466
2467        while (datagrams < vlen) {
2468                if (datagrams == vlen - 1)
2469                        flags = oflags;
2470
2471                if (MSG_CMSG_COMPAT & flags) {
2472                        err = ___sys_sendmsg(sock, (struct user_msghdr __user *)compat_entry,
2473                                             &msg_sys, flags, &used_address, MSG_EOR);
2474                        if (err < 0)
2475                                break;
2476                        err = __put_user(err, &compat_entry->msg_len);
2477                        ++compat_entry;
2478                } else {
2479                        err = ___sys_sendmsg(sock,
2480                                             (struct user_msghdr __user *)entry,
2481                                             &msg_sys, flags, &used_address, MSG_EOR);
2482                        if (err < 0)
2483                                break;
2484                        err = put_user(err, &entry->msg_len);
2485                        ++entry;
2486                }
2487
2488                if (err)
2489                        break;
2490                ++datagrams;
2491                if (msg_data_left(&msg_sys))
2492                        break;
2493                cond_resched();
2494        }
2495
2496        fput_light(sock->file, fput_needed);
2497
2498        /* We only return an error if no datagrams were able to be sent */
2499        if (datagrams != 0)
2500                return datagrams;
2501
2502        return err;
2503}
2504
2505SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2506                unsigned int, vlen, unsigned int, flags)
2507{
2508        return __sys_sendmmsg(fd, mmsg, vlen, flags, true);
2509}
2510
2511int recvmsg_copy_msghdr(struct msghdr *msg,
2512                        struct user_msghdr __user *umsg, unsigned flags,
2513                        struct sockaddr __user **uaddr,
2514                        struct iovec **iov)
2515{
2516        ssize_t err;
2517
2518        if (MSG_CMSG_COMPAT & flags) {
2519                struct compat_msghdr __user *msg_compat;
2520
2521                msg_compat = (struct compat_msghdr __user *) umsg;
2522                err = get_compat_msghdr(msg, msg_compat, uaddr, iov);
2523        } else {
2524                err = copy_msghdr_from_user(msg, umsg, uaddr, iov);
2525        }
2526        if (err < 0)
2527                return err;
2528
2529        return 0;
2530}
2531
2532static int ____sys_recvmsg(struct socket *sock, struct msghdr *msg_sys,
2533                           struct user_msghdr __user *msg,
2534                           struct sockaddr __user *uaddr,
2535                           unsigned int flags, int nosec)
2536{
2537        struct compat_msghdr __user *msg_compat =
2538                                        (struct compat_msghdr __user *) msg;
2539        int __user *uaddr_len = COMPAT_NAMELEN(msg);
2540        struct sockaddr_storage addr;
2541        unsigned long cmsg_ptr;
2542        int len;
2543        ssize_t err;
2544
2545        msg_sys->msg_name = &addr;
2546        cmsg_ptr = (unsigned long)msg_sys->msg_control;
2547        msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2548
2549        /* We assume all kernel code knows the size of sockaddr_storage */
2550        msg_sys->msg_namelen = 0;
2551
2552        if (sock->file->f_flags & O_NONBLOCK)
2553                flags |= MSG_DONTWAIT;
2554
2555        if (unlikely(nosec))
2556                err = sock_recvmsg_nosec(sock, msg_sys, flags);
2557        else
2558                err = sock_recvmsg(sock, msg_sys, flags);
2559
2560        if (err < 0)
2561                goto out;
2562        len = err;
2563
2564        if (uaddr != NULL) {
2565                err = move_addr_to_user(&addr,
2566                                        msg_sys->msg_namelen, uaddr,
2567                                        uaddr_len);
2568                if (err < 0)
2569                        goto out;
2570        }
2571        err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
2572                         COMPAT_FLAGS(msg));
2573        if (err)
2574                goto out;
2575        if (MSG_CMSG_COMPAT & flags)
2576                err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2577                                 &msg_compat->msg_controllen);
2578        else
2579                err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2580                                 &msg->msg_controllen);
2581        if (err)
2582                goto out;
2583        err = len;
2584out:
2585        return err;
2586}
2587
2588static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
2589                         struct msghdr *msg_sys, unsigned int flags, int nosec)
2590{
2591        struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2592        /* user mode address pointers */
2593        struct sockaddr __user *uaddr;
2594        ssize_t err;
2595
2596        err = recvmsg_copy_msghdr(msg_sys, msg, flags, &uaddr, &iov);
2597        if (err < 0)
2598                return err;
2599
2600        err = ____sys_recvmsg(sock, msg_sys, msg, uaddr, flags, nosec);
2601        kfree(iov);
2602        return err;
2603}
2604
2605/*
2606 *      BSD recvmsg interface
2607 */
2608
2609long __sys_recvmsg_sock(struct socket *sock, struct msghdr *msg,
2610                        struct user_msghdr __user *umsg,
2611                        struct sockaddr __user *uaddr, unsigned int flags)
2612{
2613        return ____sys_recvmsg(sock, msg, umsg, uaddr, flags, 0);
2614}
2615
2616long __sys_recvmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2617                   bool forbid_cmsg_compat)
2618{
2619        int fput_needed, err;
2620        struct msghdr msg_sys;
2621        struct socket *sock;
2622
2623        if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2624                return -EINVAL;
2625
2626        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2627        if (!sock)
2628                goto out;
2629
2630        err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2631
2632        fput_light(sock->file, fput_needed);
2633out:
2634        return err;
2635}
2636
2637SYSCALL_DEFINE3(recvmsg, int, fd, struct user_msghdr __user *, msg,
2638                unsigned int, flags)
2639{
2640        return __sys_recvmsg(fd, msg, flags, true);
2641}
2642
2643/*
2644 *     Linux recvmmsg interface
2645 */
2646
2647static int do_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2648                          unsigned int vlen, unsigned int flags,
2649                          struct timespec64 *timeout)
2650{
2651        int fput_needed, err, datagrams;
2652        struct socket *sock;
2653        struct mmsghdr __user *entry;
2654        struct compat_mmsghdr __user *compat_entry;
2655        struct msghdr msg_sys;
2656        struct timespec64 end_time;
2657        struct timespec64 timeout64;
2658
2659        if (timeout &&
2660            poll_select_set_timeout(&end_time, timeout->tv_sec,
2661                                    timeout->tv_nsec))
2662                return -EINVAL;
2663
2664        datagrams = 0;
2665
2666        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2667        if (!sock)
2668                return err;
2669
2670        if (likely(!(flags & MSG_ERRQUEUE))) {
2671                err = sock_error(sock->sk);
2672                if (err) {
2673                        datagrams = err;
2674                        goto out_put;
2675                }
2676        }
2677
2678        entry = mmsg;
2679        compat_entry = (struct compat_mmsghdr __user *)mmsg;
2680
2681        while (datagrams < vlen) {
2682                /*
2683                 * No need to ask LSM for more than the first datagram.
2684                 */
2685                if (MSG_CMSG_COMPAT & flags) {
2686                        err = ___sys_recvmsg(sock, (struct user_msghdr __user *)compat_entry,
2687                                             &msg_sys, flags & ~MSG_WAITFORONE,
2688                                             datagrams);
2689                        if (err < 0)
2690                                break;
2691                        err = __put_user(err, &compat_entry->msg_len);
2692                        ++compat_entry;
2693                } else {
2694                        err = ___sys_recvmsg(sock,
2695                                             (struct user_msghdr __user *)entry,
2696                                             &msg_sys, flags & ~MSG_WAITFORONE,
2697                                             datagrams);
2698                        if (err < 0)
2699                                break;
2700                        err = put_user(err, &entry->msg_len);
2701                        ++entry;
2702                }
2703
2704                if (err)
2705                        break;
2706                ++datagrams;
2707
2708                /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
2709                if (flags & MSG_WAITFORONE)
2710                        flags |= MSG_DONTWAIT;
2711
2712                if (timeout) {
2713                        ktime_get_ts64(&timeout64);
2714                        *timeout = timespec64_sub(end_time, timeout64);
2715                        if (timeout->tv_sec < 0) {
2716                                timeout->tv_sec = timeout->tv_nsec = 0;
2717                                break;
2718                        }
2719
2720                        /* Timeout, return less than vlen datagrams */
2721                        if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2722                                break;
2723                }
2724
2725                /* Out of band data, return right away */
2726                if (msg_sys.msg_flags & MSG_OOB)
2727                        break;
2728                cond_resched();
2729        }
2730
2731        if (err == 0)
2732                goto out_put;
2733
2734        if (datagrams == 0) {
2735                datagrams = err;
2736                goto out_put;
2737        }
2738
2739        /*
2740         * We may return less entries than requested (vlen) if the
2741         * sock is non block and there aren't enough datagrams...
2742         */
2743        if (err != -EAGAIN) {
2744                /*
2745                 * ... or  if recvmsg returns an error after we
2746                 * received some datagrams, where we record the
2747                 * error to return on the next call or if the
2748                 * app asks about it using getsockopt(SO_ERROR).
2749                 */
2750                sock->sk->sk_err = -err;
2751        }
2752out_put:
2753        fput_light(sock->file, fput_needed);
2754
2755        return datagrams;
2756}
2757
2758int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2759                   unsigned int vlen, unsigned int flags,
2760                   struct __kernel_timespec __user *timeout,
2761                   struct old_timespec32 __user *timeout32)
2762{
2763        int datagrams;
2764        struct timespec64 timeout_sys;
2765
2766        if (timeout && get_timespec64(&timeout_sys, timeout))
2767                return -EFAULT;
2768
2769        if (timeout32 && get_old_timespec32(&timeout_sys, timeout32))
2770                return -EFAULT;
2771
2772        if (!timeout && !timeout32)
2773                return do_recvmmsg(fd, mmsg, vlen, flags, NULL);
2774
2775        datagrams = do_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2776
2777        if (datagrams <= 0)
2778                return datagrams;
2779
2780        if (timeout && put_timespec64(&timeout_sys, timeout))
2781                datagrams = -EFAULT;
2782
2783        if (timeout32 && put_old_timespec32(&timeout_sys, timeout32))
2784                datagrams = -EFAULT;
2785
2786        return datagrams;
2787}
2788
2789SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2790                unsigned int, vlen, unsigned int, flags,
2791                struct __kernel_timespec __user *, timeout)
2792{
2793        if (flags & MSG_CMSG_COMPAT)
2794                return -EINVAL;
2795
2796        return __sys_recvmmsg(fd, mmsg, vlen, flags, timeout, NULL);
2797}
2798
2799#ifdef CONFIG_COMPAT_32BIT_TIME
2800SYSCALL_DEFINE5(recvmmsg_time32, int, fd, struct mmsghdr __user *, mmsg,
2801                unsigned int, vlen, unsigned int, flags,
2802                struct old_timespec32 __user *, timeout)
2803{
2804        if (flags & MSG_CMSG_COMPAT)
2805                return -EINVAL;
2806
2807        return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL, timeout);
2808}
2809#endif
2810
2811#ifdef __ARCH_WANT_SYS_SOCKETCALL
2812/* Argument list sizes for sys_socketcall */
2813#define AL(x) ((x) * sizeof(unsigned long))
2814static const unsigned char nargs[21] = {
2815        AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2816        AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2817        AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2818        AL(4), AL(5), AL(4)
2819};
2820
2821#undef AL
2822
2823/*
2824 *      System call vectors.
2825 *
2826 *      Argument checking cleaned up. Saved 20% in size.
2827 *  This function doesn't need to set the kernel lock because
2828 *  it is set by the callees.
2829 */
2830
2831SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2832{
2833        unsigned long a[AUDITSC_ARGS];
2834        unsigned long a0, a1;
2835        int err;
2836        unsigned int len;
2837
2838        if (call < 1 || call > SYS_SENDMMSG)
2839                return -EINVAL;
2840        call = array_index_nospec(call, SYS_SENDMMSG + 1);
2841
2842        len = nargs[call];
2843        if (len > sizeof(a))
2844                return -EINVAL;
2845
2846        /* copy_from_user should be SMP safe. */
2847        if (copy_from_user(a, args, len))
2848                return -EFAULT;
2849
2850        err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2851        if (err)
2852                return err;
2853
2854        a0 = a[0];
2855        a1 = a[1];
2856
2857        switch (call) {
2858        case SYS_SOCKET:
2859                err = __sys_socket(a0, a1, a[2]);
2860                break;
2861        case SYS_BIND:
2862                err = __sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2863                break;
2864        case SYS_CONNECT:
2865                err = __sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2866                break;
2867        case SYS_LISTEN:
2868                err = __sys_listen(a0, a1);
2869                break;
2870        case SYS_ACCEPT:
2871                err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2872                                    (int __user *)a[2], 0);
2873                break;
2874        case SYS_GETSOCKNAME:
2875                err =
2876                    __sys_getsockname(a0, (struct sockaddr __user *)a1,
2877                                      (int __user *)a[2]);
2878                break;
2879        case SYS_GETPEERNAME:
2880                err =
2881                    __sys_getpeername(a0, (struct sockaddr __user *)a1,
2882                                      (int __user *)a[2]);
2883                break;
2884        case SYS_SOCKETPAIR:
2885                err = __sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2886                break;
2887        case SYS_SEND:
2888                err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2889                                   NULL, 0);
2890                break;
2891        case SYS_SENDTO:
2892                err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2893                                   (struct sockaddr __user *)a[4], a[5]);
2894                break;
2895        case SYS_RECV:
2896                err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2897                                     NULL, NULL);
2898                break;
2899        case SYS_RECVFROM:
2900                err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2901                                     (struct sockaddr __user *)a[4],
2902                                     (int __user *)a[5]);
2903                break;
2904        case SYS_SHUTDOWN:
2905                err = __sys_shutdown(a0, a1);
2906                break;
2907        case SYS_SETSOCKOPT:
2908                err = __sys_setsockopt(a0, a1, a[2], (char __user *)a[3],
2909                                       a[4]);
2910                break;
2911        case SYS_GETSOCKOPT:
2912                err =
2913                    __sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2914                                     (int __user *)a[4]);
2915                break;
2916        case SYS_SENDMSG:
2917                err = __sys_sendmsg(a0, (struct user_msghdr __user *)a1,
2918                                    a[2], true);
2919                break;
2920        case SYS_SENDMMSG:
2921                err = __sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2],
2922                                     a[3], true);
2923                break;
2924        case SYS_RECVMSG:
2925                err = __sys_recvmsg(a0, (struct user_msghdr __user *)a1,
2926                                    a[2], true);
2927                break;
2928        case SYS_RECVMMSG:
2929                if (IS_ENABLED(CONFIG_64BIT))
2930                        err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2931                                             a[2], a[3],
2932                                             (struct __kernel_timespec __user *)a[4],
2933                                             NULL);
2934                else
2935                        err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2936                                             a[2], a[3], NULL,
2937                                             (struct old_timespec32 __user *)a[4]);
2938                break;
2939        case SYS_ACCEPT4:
2940                err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2941                                    (int __user *)a[2], a[3]);
2942                break;
2943        default:
2944                err = -EINVAL;
2945                break;
2946        }
2947        return err;
2948}
2949
2950#endif                          /* __ARCH_WANT_SYS_SOCKETCALL */
2951
2952/**
2953 *      sock_register - add a socket protocol handler
2954 *      @ops: description of protocol
2955 *
2956 *      This function is called by a protocol handler that wants to
2957 *      advertise its address family, and have it linked into the
2958 *      socket interface. The value ops->family corresponds to the
2959 *      socket system call protocol family.
2960 */
2961int sock_register(const struct net_proto_family *ops)
2962{
2963        int err;
2964
2965        if (ops->family >= NPROTO) {
2966                pr_crit("protocol %d >= NPROTO(%d)\n", ops->family, NPROTO);
2967                return -ENOBUFS;
2968        }
2969
2970        spin_lock(&net_family_lock);
2971        if (rcu_dereference_protected(net_families[ops->family],
2972                                      lockdep_is_held(&net_family_lock)))
2973                err = -EEXIST;
2974        else {
2975                rcu_assign_pointer(net_families[ops->family], ops);
2976                err = 0;
2977        }
2978        spin_unlock(&net_family_lock);
2979
2980        pr_info("NET: Registered protocol family %d\n", ops->family);
2981        return err;
2982}
2983EXPORT_SYMBOL(sock_register);
2984
2985/**
2986 *      sock_unregister - remove a protocol handler
2987 *      @family: protocol family to remove
2988 *
2989 *      This function is called by a protocol handler that wants to
2990 *      remove its address family, and have it unlinked from the
2991 *      new socket creation.
2992 *
2993 *      If protocol handler is a module, then it can use module reference
2994 *      counts to protect against new references. If protocol handler is not
2995 *      a module then it needs to provide its own protection in
2996 *      the ops->create routine.
2997 */
2998void sock_unregister(int family)
2999{
3000        BUG_ON(family < 0 || family >= NPROTO);
3001
3002        spin_lock(&net_family_lock);
3003        RCU_INIT_POINTER(net_families[family], NULL);
3004        spin_unlock(&net_family_lock);
3005
3006        synchronize_rcu();
3007
3008        pr_info("NET: Unregistered protocol family %d\n", family);
3009}
3010EXPORT_SYMBOL(sock_unregister);
3011
3012bool sock_is_registered(int family)
3013{
3014        return family < NPROTO && rcu_access_pointer(net_families[family]);
3015}
3016
3017static int __init sock_init(void)
3018{
3019        int err;
3020        /*
3021         *      Initialize the network sysctl infrastructure.
3022         */
3023        err = net_sysctl_init();
3024        if (err)
3025                goto out;
3026
3027        /*
3028         *      Initialize skbuff SLAB cache
3029         */
3030        skb_init();
3031
3032        /*
3033         *      Initialize the protocols module.
3034         */
3035
3036        init_inodecache();
3037
3038        err = register_filesystem(&sock_fs_type);
3039        if (err)
3040                goto out;
3041        sock_mnt = kern_mount(&sock_fs_type);
3042        if (IS_ERR(sock_mnt)) {
3043                err = PTR_ERR(sock_mnt);
3044                goto out_mount;
3045        }
3046
3047        /* The real protocol initialization is performed in later initcalls.
3048         */
3049
3050#ifdef CONFIG_NETFILTER
3051        err = netfilter_init();
3052        if (err)
3053                goto out;
3054#endif
3055
3056        ptp_classifier_init();
3057
3058out:
3059        return err;
3060
3061out_mount:
3062        unregister_filesystem(&sock_fs_type);
3063        goto out;
3064}
3065
3066core_initcall(sock_init);       /* early initcall */
3067
3068#ifdef CONFIG_PROC_FS
3069void socket_seq_show(struct seq_file *seq)
3070{
3071        seq_printf(seq, "sockets: used %d\n",
3072                   sock_inuse_get(seq->private));
3073}
3074#endif                          /* CONFIG_PROC_FS */
3075
3076#ifdef CONFIG_COMPAT
3077static int compat_dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
3078{
3079        struct compat_ifconf ifc32;
3080        struct ifconf ifc;
3081        int err;
3082
3083        if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
3084                return -EFAULT;
3085
3086        ifc.ifc_len = ifc32.ifc_len;
3087        ifc.ifc_req = compat_ptr(ifc32.ifcbuf);
3088
3089        rtnl_lock();
3090        err = dev_ifconf(net, &ifc, sizeof(struct compat_ifreq));
3091        rtnl_unlock();
3092        if (err)
3093                return err;
3094
3095        ifc32.ifc_len = ifc.ifc_len;
3096        if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
3097                return -EFAULT;
3098
3099        return 0;
3100}
3101
3102static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
3103{
3104        struct compat_ethtool_rxnfc __user *compat_rxnfc;
3105        bool convert_in = false, convert_out = false;
3106        size_t buf_size = 0;
3107        struct ethtool_rxnfc __user *rxnfc = NULL;
3108        struct ifreq ifr;
3109        u32 rule_cnt = 0, actual_rule_cnt;
3110        u32 ethcmd;
3111        u32 data;
3112        int ret;
3113
3114        if (get_user(data, &ifr32->ifr_ifru.ifru_data))
3115                return -EFAULT;
3116
3117        compat_rxnfc = compat_ptr(data);
3118
3119        if (get_user(ethcmd, &compat_rxnfc->cmd))
3120                return -EFAULT;
3121
3122        /* Most ethtool structures are defined without padding.
3123         * Unfortunately struct ethtool_rxnfc is an exception.
3124         */
3125        switch (ethcmd) {
3126        default:
3127                break;
3128        case ETHTOOL_GRXCLSRLALL:
3129                /* Buffer size is variable */
3130                if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
3131                        return -EFAULT;
3132                if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
3133                        return -ENOMEM;
3134                buf_size += rule_cnt * sizeof(u32);
3135                fallthrough;
3136        case ETHTOOL_GRXRINGS:
3137        case ETHTOOL_GRXCLSRLCNT:
3138        case ETHTOOL_GRXCLSRULE:
3139        case ETHTOOL_SRXCLSRLINS:
3140                convert_out = true;
3141                fallthrough;
3142        case ETHTOOL_SRXCLSRLDEL:
3143                buf_size += sizeof(struct ethtool_rxnfc);
3144                convert_in = true;
3145                rxnfc = compat_alloc_user_space(buf_size);
3146                break;
3147        }
3148
3149        if (copy_from_user(&ifr.ifr_name, &ifr32->ifr_name, IFNAMSIZ))
3150                return -EFAULT;
3151
3152        ifr.ifr_data = convert_in ? rxnfc : (void __user *)compat_rxnfc;
3153
3154        if (convert_in) {
3155                /* We expect there to be holes between fs.m_ext and
3156                 * fs.ring_cookie and at the end of fs, but nowhere else.
3157                 */
3158                BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
3159                             sizeof(compat_rxnfc->fs.m_ext) !=
3160                             offsetof(struct ethtool_rxnfc, fs.m_ext) +
3161                             sizeof(rxnfc->fs.m_ext));
3162                BUILD_BUG_ON(
3163                        offsetof(struct compat_ethtool_rxnfc, fs.location) -
3164                        offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
3165                        offsetof(struct ethtool_rxnfc, fs.location) -
3166                        offsetof(struct ethtool_rxnfc, fs.ring_cookie));
3167
3168                if (copy_in_user(rxnfc, compat_rxnfc,
3169                                 (void __user *)(&rxnfc->fs.m_ext + 1) -
3170                                 (void __user *)rxnfc) ||
3171                    copy_in_user(&rxnfc->fs.ring_cookie,
3172                                 &compat_rxnfc->fs.ring_cookie,
3173                                 (void __user *)(&rxnfc->fs.location + 1) -
3174                                 (void __user *)&rxnfc->fs.ring_cookie))
3175                        return -EFAULT;
3176                if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3177                        if (put_user(rule_cnt, &rxnfc->rule_cnt))
3178                                return -EFAULT;
3179                } else if (copy_in_user(&rxnfc->rule_cnt,
3180                                        &compat_rxnfc->rule_cnt,
3181                                        sizeof(rxnfc->rule_cnt)))
3182                        return -EFAULT;
3183        }
3184
3185        ret = dev_ioctl(net, SIOCETHTOOL, &ifr, NULL);
3186        if (ret)
3187                return ret;
3188
3189        if (convert_out) {
3190                if (copy_in_user(compat_rxnfc, rxnfc,
3191                                 (const void __user *)(&rxnfc->fs.m_ext + 1) -
3192                                 (const void __user *)rxnfc) ||
3193                    copy_in_user(&compat_rxnfc->fs.ring_cookie,
3194                                 &rxnfc->fs.ring_cookie,
3195                                 (const void __user *)(&rxnfc->fs.location + 1) -
3196                                 (const void __user *)&rxnfc->fs.ring_cookie) ||
3197                    copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
3198                                 sizeof(rxnfc->rule_cnt)))
3199                        return -EFAULT;
3200
3201                if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3202                        /* As an optimisation, we only copy the actual
3203                         * number of rules that the underlying
3204                         * function returned.  Since Mallory might
3205                         * change the rule count in user memory, we
3206                         * check that it is less than the rule count
3207                         * originally given (as the user buffer size),
3208                         * which has been range-checked.
3209                         */
3210                        if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
3211                                return -EFAULT;
3212                        if (actual_rule_cnt < rule_cnt)
3213                                rule_cnt = actual_rule_cnt;
3214                        if (copy_in_user(&compat_rxnfc->rule_locs[0],
3215                                         &rxnfc->rule_locs[0],
3216                                         rule_cnt * sizeof(u32)))
3217                                return -EFAULT;
3218                }
3219        }
3220
3221        return 0;
3222}
3223
3224static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
3225{
3226        compat_uptr_t uptr32;
3227        struct ifreq ifr;
3228        void __user *saved;
3229        int err;
3230
3231        if (copy_from_user(&ifr, uifr32, sizeof(struct compat_ifreq)))
3232                return -EFAULT;
3233
3234        if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
3235                return -EFAULT;
3236
3237        saved = ifr.ifr_settings.ifs_ifsu.raw_hdlc;
3238        ifr.ifr_settings.ifs_ifsu.raw_hdlc = compat_ptr(uptr32);
3239
3240        err = dev_ioctl(net, SIOCWANDEV, &ifr, NULL);
3241        if (!err) {
3242                ifr.ifr_settings.ifs_ifsu.raw_hdlc = saved;
3243                if (copy_to_user(uifr32, &ifr, sizeof(struct compat_ifreq)))
3244                        err = -EFAULT;
3245        }
3246        return err;
3247}
3248
3249/* Handle ioctls that use ifreq::ifr_data and just need struct ifreq converted */
3250static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd,
3251                                 struct compat_ifreq __user *u_ifreq32)
3252{
3253        struct ifreq ifreq;
3254        u32 data32;
3255
3256        if (!is_socket_ioctl_cmd(cmd))
3257                return -ENOTTY;
3258        if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ))
3259                return -EFAULT;
3260        if (get_user(data32, &u_ifreq32->ifr_data))
3261                return -EFAULT;
3262        ifreq.ifr_data = compat_ptr(data32);
3263
3264        return dev_ioctl(net, cmd, &ifreq, NULL);
3265}
3266
3267static int compat_ifreq_ioctl(struct net *net, struct socket *sock,
3268                              unsigned int cmd,
3269                              struct compat_ifreq __user *uifr32)
3270{
3271        struct ifreq __user *uifr;
3272        int err;
3273
3274        /* Handle the fact that while struct ifreq has the same *layout* on
3275         * 32/64 for everything but ifreq::ifru_ifmap and ifreq::ifru_data,
3276         * which are handled elsewhere, it still has different *size* due to
3277         * ifreq::ifru_ifmap (which is 16 bytes on 32 bit, 24 bytes on 64-bit,
3278         * resulting in struct ifreq being 32 and 40 bytes respectively).
3279         * As a result, if the struct happens to be at the end of a page and
3280         * the next page isn't readable/writable, we get a fault. To prevent
3281         * that, copy back and forth to the full size.
3282         */
3283
3284        uifr = compat_alloc_user_space(sizeof(*uifr));
3285        if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
3286                return -EFAULT;
3287
3288        err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
3289
3290        if (!err) {
3291                switch (cmd) {
3292                case SIOCGIFFLAGS:
3293                case SIOCGIFMETRIC:
3294                case SIOCGIFMTU:
3295                case SIOCGIFMEM:
3296                case SIOCGIFHWADDR:
3297                case SIOCGIFINDEX:
3298                case SIOCGIFADDR:
3299                case SIOCGIFBRDADDR:
3300                case SIOCGIFDSTADDR:
3301                case SIOCGIFNETMASK:
3302                case SIOCGIFPFLAGS:
3303                case SIOCGIFTXQLEN:
3304                case SIOCGMIIPHY:
3305                case SIOCGMIIREG:
3306                case SIOCGIFNAME:
3307                        if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
3308                                err = -EFAULT;
3309                        break;
3310                }
3311        }
3312        return err;
3313}
3314
3315static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3316                        struct compat_ifreq __user *uifr32)
3317{
3318        struct ifreq ifr;
3319        struct compat_ifmap __user *uifmap32;
3320        int err;
3321
3322        uifmap32 = &uifr32->ifr_ifru.ifru_map;
3323        err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3324        err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3325        err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3326        err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3327        err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3328        err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3329        err |= get_user(ifr.ifr_map.port, &uifmap32->port);
3330        if (err)
3331                return -EFAULT;
3332
3333        err = dev_ioctl(net, cmd, &ifr, NULL);
3334
3335        if (cmd == SIOCGIFMAP && !err) {
3336                err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3337                err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3338                err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3339                err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3340                err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3341                err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3342                err |= put_user(ifr.ifr_map.port, &uifmap32->port);
3343                if (err)
3344                        err = -EFAULT;
3345        }
3346        return err;
3347}
3348
3349/* Since old style bridge ioctl's endup using SIOCDEVPRIVATE
3350 * for some operations; this forces use of the newer bridge-utils that
3351 * use compatible ioctls
3352 */
3353static int old_bridge_ioctl(compat_ulong_t __user *argp)
3354{
3355        compat_ulong_t tmp;
3356
3357        if (get_user(tmp, argp))
3358                return -EFAULT;
3359        if (tmp == BRCTL_GET_VERSION)
3360                return BRCTL_VERSION + 1;
3361        return -EINVAL;
3362}
3363
3364static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3365                         unsigned int cmd, unsigned long arg)
3366{
3367        void __user *argp = compat_ptr(arg);
3368        struct sock *sk = sock->sk;
3369        struct net *net = sock_net(sk);
3370
3371        if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
3372                return compat_ifr_data_ioctl(net, cmd, argp);
3373
3374        switch (cmd) {
3375        case SIOCSIFBR:
3376        case SIOCGIFBR:
3377                return old_bridge_ioctl(argp);
3378        case SIOCGIFCONF:
3379                return compat_dev_ifconf(net, argp);
3380        case SIOCETHTOOL:
3381                return ethtool_ioctl(net, argp);
3382        case SIOCWANDEV:
3383                return compat_siocwandev(net, argp);
3384        case SIOCGIFMAP:
3385        case SIOCSIFMAP:
3386                return compat_sioc_ifmap(net, cmd, argp);
3387        case SIOCGSTAMP_OLD:
3388        case SIOCGSTAMPNS_OLD:
3389                if (!sock->ops->gettstamp)
3390                        return -ENOIOCTLCMD;
3391                return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP_OLD,
3392                                            !COMPAT_USE_64BIT_TIME);
3393
3394        case SIOCBONDSLAVEINFOQUERY:
3395        case SIOCBONDINFOQUERY:
3396        case SIOCSHWTSTAMP:
3397        case SIOCGHWTSTAMP:
3398                return compat_ifr_data_ioctl(net, cmd, argp);
3399
3400        case FIOSETOWN:
3401        case SIOCSPGRP:
3402        case FIOGETOWN:
3403        case SIOCGPGRP:
3404        case SIOCBRADDBR:
3405        case SIOCBRDELBR:
3406        case SIOCGIFVLAN:
3407        case SIOCSIFVLAN:
3408        case SIOCGSKNS:
3409        case SIOCGSTAMP_NEW:
3410        case SIOCGSTAMPNS_NEW:
3411                return sock_ioctl(file, cmd, arg);
3412
3413        case SIOCGIFFLAGS:
3414        case SIOCSIFFLAGS:
3415        case SIOCGIFMETRIC:
3416        case SIOCSIFMETRIC:
3417        case SIOCGIFMTU:
3418        case SIOCSIFMTU:
3419        case SIOCGIFMEM:
3420        case SIOCSIFMEM:
3421        case SIOCGIFHWADDR:
3422        case SIOCSIFHWADDR:
3423        case SIOCADDMULTI:
3424        case SIOCDELMULTI:
3425        case SIOCGIFINDEX:
3426        case SIOCGIFADDR:
3427        case SIOCSIFADDR:
3428        case SIOCSIFHWBROADCAST:
3429        case SIOCDIFADDR:
3430        case SIOCGIFBRDADDR:
3431        case SIOCSIFBRDADDR:
3432        case SIOCGIFDSTADDR:
3433        case SIOCSIFDSTADDR:
3434        case SIOCGIFNETMASK:
3435        case SIOCSIFNETMASK:
3436        case SIOCSIFPFLAGS:
3437        case SIOCGIFPFLAGS:
3438        case SIOCGIFTXQLEN:
3439        case SIOCSIFTXQLEN:
3440        case SIOCBRADDIF:
3441        case SIOCBRDELIF:
3442        case SIOCGIFNAME:
3443        case SIOCSIFNAME:
3444        case SIOCGMIIPHY:
3445        case SIOCGMIIREG:
3446        case SIOCSMIIREG:
3447        case SIOCBONDENSLAVE:
3448        case SIOCBONDRELEASE:
3449        case SIOCBONDSETHWADDR:
3450        case SIOCBONDCHANGEACTIVE:
3451                return compat_ifreq_ioctl(net, sock, cmd, argp);
3452
3453        case SIOCSARP:
3454        case SIOCGARP:
3455        case SIOCDARP:
3456        case SIOCOUTQ:
3457        case SIOCOUTQNSD:
3458        case SIOCATMARK:
3459                return sock_do_ioctl(net, sock, cmd, arg);
3460        }
3461
3462        return -ENOIOCTLCMD;
3463}
3464
3465static long compat_sock_ioctl(struct file *file, unsigned int cmd,
3466                              unsigned long arg)
3467{
3468        struct socket *sock = file->private_data;
3469        int ret = -ENOIOCTLCMD;
3470        struct sock *sk;
3471        struct net *net;
3472
3473        sk = sock->sk;
3474        net = sock_net(sk);
3475
3476        if (sock->ops->compat_ioctl)
3477                ret = sock->ops->compat_ioctl(sock, cmd, arg);
3478
3479        if (ret == -ENOIOCTLCMD &&
3480            (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3481                ret = compat_wext_handle_ioctl(net, cmd, arg);
3482
3483        if (ret == -ENOIOCTLCMD)
3484                ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3485
3486        return ret;
3487}
3488#endif
3489
3490/**
3491 *      kernel_bind - bind an address to a socket (kernel space)
3492 *      @sock: socket
3493 *      @addr: address
3494 *      @addrlen: length of address
3495 *
3496 *      Returns 0 or an error.
3497 */
3498
3499int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3500{
3501        return sock->ops->bind(sock, addr, addrlen);
3502}
3503EXPORT_SYMBOL(kernel_bind);
3504
3505/**
3506 *      kernel_listen - move socket to listening state (kernel space)
3507 *      @sock: socket
3508 *      @backlog: pending connections queue size
3509 *
3510 *      Returns 0 or an error.
3511 */
3512
3513int kernel_listen(struct socket *sock, int backlog)
3514{
3515        return sock->ops->listen(sock, backlog);
3516}
3517EXPORT_SYMBOL(kernel_listen);
3518
3519/**
3520 *      kernel_accept - accept a connection (kernel space)
3521 *      @sock: listening socket
3522 *      @newsock: new connected socket
3523 *      @flags: flags
3524 *
3525 *      @flags must be SOCK_CLOEXEC, SOCK_NONBLOCK or 0.
3526 *      If it fails, @newsock is guaranteed to be %NULL.
3527 *      Returns 0 or an error.
3528 */
3529
3530int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3531{
3532        struct sock *sk = sock->sk;
3533        int err;
3534
3535        err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3536                               newsock);
3537        if (err < 0)
3538                goto done;
3539
3540        err = sock->ops->accept(sock, *newsock, flags, true);
3541        if (err < 0) {
3542                sock_release(*newsock);
3543                *newsock = NULL;
3544                goto done;
3545        }
3546
3547        (*newsock)->ops = sock->ops;
3548        __module_get((*newsock)->ops->owner);
3549
3550done:
3551        return err;
3552}
3553EXPORT_SYMBOL(kernel_accept);
3554
3555/**
3556 *      kernel_connect - connect a socket (kernel space)
3557 *      @sock: socket
3558 *      @addr: address
3559 *      @addrlen: address length
3560 *      @flags: flags (O_NONBLOCK, ...)
3561 *
3562 *      For datagram sockets, @addr is the address to which datagrams are sent
3563 *      by default, and the only address from which datagrams are received.
3564 *      For stream sockets, attempts to connect to @addr.
3565 *      Returns 0 or an error code.
3566 */
3567
3568int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
3569                   int flags)
3570{
3571        return sock->ops->connect(sock, addr, addrlen, flags);
3572}
3573EXPORT_SYMBOL(kernel_connect);
3574
3575/**
3576 *      kernel_getsockname - get the address which the socket is bound (kernel space)
3577 *      @sock: socket
3578 *      @addr: address holder
3579 *
3580 *      Fills the @addr pointer with the address which the socket is bound.
3581 *      Returns 0 or an error code.
3582 */
3583
3584int kernel_getsockname(struct socket *sock, struct sockaddr *addr)
3585{
3586        return sock->ops->getname(sock, addr, 0);
3587}
3588EXPORT_SYMBOL(kernel_getsockname);
3589
3590/**
3591 *      kernel_getpeername - get the address which the socket is connected (kernel space)
3592 *      @sock: socket
3593 *      @addr: address holder
3594 *
3595 *      Fills the @addr pointer with the address which the socket is connected.
3596 *      Returns 0 or an error code.
3597 */
3598
3599int kernel_getpeername(struct socket *sock, struct sockaddr *addr)
3600{
3601        return sock->ops->getname(sock, addr, 1);
3602}
3603EXPORT_SYMBOL(kernel_getpeername);
3604
3605/**
3606 *      kernel_sendpage - send a &page through a socket (kernel space)
3607 *      @sock: socket
3608 *      @page: page
3609 *      @offset: page offset
3610 *      @size: total size in bytes
3611 *      @flags: flags (MSG_DONTWAIT, ...)
3612 *
3613 *      Returns the total amount sent in bytes or an error.
3614 */
3615
3616int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3617                    size_t size, int flags)
3618{
3619        if (sock->ops->sendpage) {
3620                /* Warn in case the improper page to zero-copy send */
3621                WARN_ONCE(!sendpage_ok(page), "improper page for zero-copy send");
3622                return sock->ops->sendpage(sock, page, offset, size, flags);
3623        }
3624        return sock_no_sendpage(sock, page, offset, size, flags);
3625}
3626EXPORT_SYMBOL(kernel_sendpage);
3627
3628/**
3629 *      kernel_sendpage_locked - send a &page through the locked sock (kernel space)
3630 *      @sk: sock
3631 *      @page: page
3632 *      @offset: page offset
3633 *      @size: total size in bytes
3634 *      @flags: flags (MSG_DONTWAIT, ...)
3635 *
3636 *      Returns the total amount sent in bytes or an error.
3637 *      Caller must hold @sk.
3638 */
3639
3640int kernel_sendpage_locked(struct sock *sk, struct page *page, int offset,
3641                           size_t size, int flags)
3642{
3643        struct socket *sock = sk->sk_socket;
3644
3645        if (sock->ops->sendpage_locked)
3646                return sock->ops->sendpage_locked(sk, page, offset, size,
3647                                                  flags);
3648
3649        return sock_no_sendpage_locked(sk, page, offset, size, flags);
3650}
3651EXPORT_SYMBOL(kernel_sendpage_locked);
3652
3653/**
3654 *      kernel_sock_shutdown - shut down part of a full-duplex connection (kernel space)
3655 *      @sock: socket
3656 *      @how: connection part
3657 *
3658 *      Returns 0 or an error.
3659 */
3660
3661int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3662{
3663        return sock->ops->shutdown(sock, how);
3664}
3665EXPORT_SYMBOL(kernel_sock_shutdown);
3666
3667/**
3668 *      kernel_sock_ip_overhead - returns the IP overhead imposed by a socket
3669 *      @sk: socket
3670 *
3671 *      This routine returns the IP overhead imposed by a socket i.e.
3672 *      the length of the underlying IP header, depending on whether
3673 *      this is an IPv4 or IPv6 socket and the length from IP options turned
3674 *      on at the socket. Assumes that the caller has a lock on the socket.
3675 */
3676
3677u32 kernel_sock_ip_overhead(struct sock *sk)
3678{
3679        struct inet_sock *inet;
3680        struct ip_options_rcu *opt;
3681        u32 overhead = 0;
3682#if IS_ENABLED(CONFIG_IPV6)
3683        struct ipv6_pinfo *np;
3684        struct ipv6_txoptions *optv6 = NULL;
3685#endif /* IS_ENABLED(CONFIG_IPV6) */
3686
3687        if (!sk)
3688                return overhead;
3689
3690        switch (sk->sk_family) {
3691        case AF_INET:
3692                inet = inet_sk(sk);
3693                overhead += sizeof(struct iphdr);
3694                opt = rcu_dereference_protected(inet->inet_opt,
3695                                                sock_owned_by_user(sk));
3696                if (opt)
3697                        overhead += opt->opt.optlen;
3698                return overhead;
3699#if IS_ENABLED(CONFIG_IPV6)
3700        case AF_INET6:
3701                np = inet6_sk(sk);
3702                overhead += sizeof(struct ipv6hdr);
3703                if (np)
3704                        optv6 = rcu_dereference_protected(np->opt,
3705                                                          sock_owned_by_user(sk));
3706                if (optv6)
3707                        overhead += (optv6->opt_flen + optv6->opt_nflen);
3708                return overhead;
3709#endif /* IS_ENABLED(CONFIG_IPV6) */
3710        default: /* Returns 0 overhead if the socket is not ipv4 or ipv6 */
3711                return overhead;
3712        }
3713}
3714EXPORT_SYMBOL(kernel_sock_ip_overhead);
3715