1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55#include <linux/ethtool.h>
56#include <linux/mm.h>
57#include <linux/socket.h>
58#include <linux/file.h>
59#include <linux/net.h>
60#include <linux/interrupt.h>
61#include <linux/thread_info.h>
62#include <linux/rcupdate.h>
63#include <linux/netdevice.h>
64#include <linux/proc_fs.h>
65#include <linux/seq_file.h>
66#include <linux/mutex.h>
67#include <linux/if_bridge.h>
68#include <linux/if_vlan.h>
69#include <linux/ptp_classify.h>
70#include <linux/init.h>
71#include <linux/poll.h>
72#include <linux/cache.h>
73#include <linux/module.h>
74#include <linux/highmem.h>
75#include <linux/mount.h>
76#include <linux/pseudo_fs.h>
77#include <linux/security.h>
78#include <linux/syscalls.h>
79#include <linux/compat.h>
80#include <linux/kmod.h>
81#include <linux/audit.h>
82#include <linux/wireless.h>
83#include <linux/nsproxy.h>
84#include <linux/magic.h>
85#include <linux/slab.h>
86#include <linux/xattr.h>
87#include <linux/nospec.h>
88#include <linux/indirect_call_wrapper.h>
89
90#include <linux/uaccess.h>
91#include <asm/unistd.h>
92
93#include <net/compat.h>
94#include <net/wext.h>
95#include <net/cls_cgroup.h>
96
97#include <net/sock.h>
98#include <linux/netfilter.h>
99
100#include <linux/if_tun.h>
101#include <linux/ipv6_route.h>
102#include <linux/route.h>
103#include <linux/termios.h>
104#include <linux/sockios.h>
105#include <net/busy_poll.h>
106#include <linux/errqueue.h>
107#include <linux/ptp_clock_kernel.h>
108
109#ifdef CONFIG_NET_RX_BUSY_POLL
110unsigned int sysctl_net_busy_read __read_mostly;
111unsigned int sysctl_net_busy_poll __read_mostly;
112#endif
113
114static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
115static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
116static int sock_mmap(struct file *file, struct vm_area_struct *vma);
117
118static int sock_close(struct inode *inode, struct file *file);
119static __poll_t sock_poll(struct file *file,
120 struct poll_table_struct *wait);
121static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
122#ifdef CONFIG_COMPAT
123static long compat_sock_ioctl(struct file *file,
124 unsigned int cmd, unsigned long arg);
125#endif
126static int sock_fasync(int fd, struct file *filp, int on);
127static ssize_t sock_sendpage(struct file *file, struct page *page,
128 int offset, size_t size, loff_t *ppos, int more);
129static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
130 struct pipe_inode_info *pipe, size_t len,
131 unsigned int flags);
132
133#ifdef CONFIG_PROC_FS
134static void sock_show_fdinfo(struct seq_file *m, struct file *f)
135{
136 struct socket *sock = f->private_data;
137
138 if (sock->ops->show_fdinfo)
139 sock->ops->show_fdinfo(m, sock);
140}
141#else
142#define sock_show_fdinfo NULL
143#endif
144
145
146
147
148
149
150static const struct file_operations socket_file_ops = {
151 .owner = THIS_MODULE,
152 .llseek = no_llseek,
153 .read_iter = sock_read_iter,
154 .write_iter = sock_write_iter,
155 .poll = sock_poll,
156 .unlocked_ioctl = sock_ioctl,
157#ifdef CONFIG_COMPAT
158 .compat_ioctl = compat_sock_ioctl,
159#endif
160 .mmap = sock_mmap,
161 .release = sock_close,
162 .fasync = sock_fasync,
163 .sendpage = sock_sendpage,
164 .splice_write = generic_splice_sendpage,
165 .splice_read = sock_splice_read,
166 .show_fdinfo = sock_show_fdinfo,
167};
168
169static const char * const pf_family_names[] = {
170 [PF_UNSPEC] = "PF_UNSPEC",
171 [PF_UNIX] = "PF_UNIX/PF_LOCAL",
172 [PF_INET] = "PF_INET",
173 [PF_AX25] = "PF_AX25",
174 [PF_IPX] = "PF_IPX",
175 [PF_APPLETALK] = "PF_APPLETALK",
176 [PF_NETROM] = "PF_NETROM",
177 [PF_BRIDGE] = "PF_BRIDGE",
178 [PF_ATMPVC] = "PF_ATMPVC",
179 [PF_X25] = "PF_X25",
180 [PF_INET6] = "PF_INET6",
181 [PF_ROSE] = "PF_ROSE",
182 [PF_DECnet] = "PF_DECnet",
183 [PF_NETBEUI] = "PF_NETBEUI",
184 [PF_SECURITY] = "PF_SECURITY",
185 [PF_KEY] = "PF_KEY",
186 [PF_NETLINK] = "PF_NETLINK/PF_ROUTE",
187 [PF_PACKET] = "PF_PACKET",
188 [PF_ASH] = "PF_ASH",
189 [PF_ECONET] = "PF_ECONET",
190 [PF_ATMSVC] = "PF_ATMSVC",
191 [PF_RDS] = "PF_RDS",
192 [PF_SNA] = "PF_SNA",
193 [PF_IRDA] = "PF_IRDA",
194 [PF_PPPOX] = "PF_PPPOX",
195 [PF_WANPIPE] = "PF_WANPIPE",
196 [PF_LLC] = "PF_LLC",
197 [PF_IB] = "PF_IB",
198 [PF_MPLS] = "PF_MPLS",
199 [PF_CAN] = "PF_CAN",
200 [PF_TIPC] = "PF_TIPC",
201 [PF_BLUETOOTH] = "PF_BLUETOOTH",
202 [PF_IUCV] = "PF_IUCV",
203 [PF_RXRPC] = "PF_RXRPC",
204 [PF_ISDN] = "PF_ISDN",
205 [PF_PHONET] = "PF_PHONET",
206 [PF_IEEE802154] = "PF_IEEE802154",
207 [PF_CAIF] = "PF_CAIF",
208 [PF_ALG] = "PF_ALG",
209 [PF_NFC] = "PF_NFC",
210 [PF_VSOCK] = "PF_VSOCK",
211 [PF_KCM] = "PF_KCM",
212 [PF_QIPCRTR] = "PF_QIPCRTR",
213 [PF_SMC] = "PF_SMC",
214 [PF_XDP] = "PF_XDP",
215};
216
217
218
219
220
221static DEFINE_SPINLOCK(net_family_lock);
222static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
242{
243 if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
244 return -EINVAL;
245 if (ulen == 0)
246 return 0;
247 if (copy_from_user(kaddr, uaddr, ulen))
248 return -EFAULT;
249 return audit_sockaddr(ulen, kaddr);
250}
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
270 void __user *uaddr, int __user *ulen)
271{
272 int err;
273 int len;
274
275 BUG_ON(klen > sizeof(struct sockaddr_storage));
276 err = get_user(len, ulen);
277 if (err)
278 return err;
279 if (len > klen)
280 len = klen;
281 if (len < 0)
282 return -EINVAL;
283 if (len) {
284 if (audit_sockaddr(klen, kaddr))
285 return -ENOMEM;
286 if (copy_to_user(uaddr, kaddr, len))
287 return -EFAULT;
288 }
289
290
291
292
293 return __put_user(klen, ulen);
294}
295
296static struct kmem_cache *sock_inode_cachep __ro_after_init;
297
298static struct inode *sock_alloc_inode(struct super_block *sb)
299{
300 struct socket_alloc *ei;
301
302 ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
303 if (!ei)
304 return NULL;
305 init_waitqueue_head(&ei->socket.wq.wait);
306 ei->socket.wq.fasync_list = NULL;
307 ei->socket.wq.flags = 0;
308
309 ei->socket.state = SS_UNCONNECTED;
310 ei->socket.flags = 0;
311 ei->socket.ops = NULL;
312 ei->socket.sk = NULL;
313 ei->socket.file = NULL;
314
315 return &ei->vfs_inode;
316}
317
318static void sock_free_inode(struct inode *inode)
319{
320 struct socket_alloc *ei;
321
322 ei = container_of(inode, struct socket_alloc, vfs_inode);
323 kmem_cache_free(sock_inode_cachep, ei);
324}
325
326static void init_once(void *foo)
327{
328 struct socket_alloc *ei = (struct socket_alloc *)foo;
329
330 inode_init_once(&ei->vfs_inode);
331}
332
333static void init_inodecache(void)
334{
335 sock_inode_cachep = kmem_cache_create("sock_inode_cache",
336 sizeof(struct socket_alloc),
337 0,
338 (SLAB_HWCACHE_ALIGN |
339 SLAB_RECLAIM_ACCOUNT |
340 SLAB_MEM_SPREAD | SLAB_ACCOUNT),
341 init_once);
342 BUG_ON(sock_inode_cachep == NULL);
343}
344
345static const struct super_operations sockfs_ops = {
346 .alloc_inode = sock_alloc_inode,
347 .free_inode = sock_free_inode,
348 .statfs = simple_statfs,
349};
350
351
352
353
354static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
355{
356 return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
357 d_inode(dentry)->i_ino);
358}
359
360static const struct dentry_operations sockfs_dentry_operations = {
361 .d_dname = sockfs_dname,
362};
363
364static int sockfs_xattr_get(const struct xattr_handler *handler,
365 struct dentry *dentry, struct inode *inode,
366 const char *suffix, void *value, size_t size)
367{
368 if (value) {
369 if (dentry->d_name.len + 1 > size)
370 return -ERANGE;
371 memcpy(value, dentry->d_name.name, dentry->d_name.len + 1);
372 }
373 return dentry->d_name.len + 1;
374}
375
376#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
377#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
378#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
379
380static const struct xattr_handler sockfs_xattr_handler = {
381 .name = XATTR_NAME_SOCKPROTONAME,
382 .get = sockfs_xattr_get,
383};
384
385static int sockfs_security_xattr_set(const struct xattr_handler *handler,
386 struct user_namespace *mnt_userns,
387 struct dentry *dentry, struct inode *inode,
388 const char *suffix, const void *value,
389 size_t size, int flags)
390{
391
392 return -EAGAIN;
393}
394
395static const struct xattr_handler sockfs_security_xattr_handler = {
396 .prefix = XATTR_SECURITY_PREFIX,
397 .set = sockfs_security_xattr_set,
398};
399
400static const struct xattr_handler *sockfs_xattr_handlers[] = {
401 &sockfs_xattr_handler,
402 &sockfs_security_xattr_handler,
403 NULL
404};
405
406static int sockfs_init_fs_context(struct fs_context *fc)
407{
408 struct pseudo_fs_context *ctx = init_pseudo(fc, SOCKFS_MAGIC);
409 if (!ctx)
410 return -ENOMEM;
411 ctx->ops = &sockfs_ops;
412 ctx->dops = &sockfs_dentry_operations;
413 ctx->xattr = sockfs_xattr_handlers;
414 return 0;
415}
416
417static struct vfsmount *sock_mnt __read_mostly;
418
419static struct file_system_type sock_fs_type = {
420 .name = "sockfs",
421 .init_fs_context = sockfs_init_fs_context,
422 .kill_sb = kill_anon_super,
423};
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
455{
456 struct file *file;
457
458 if (!dname)
459 dname = sock->sk ? sock->sk->sk_prot_creator->name : "";
460
461 file = alloc_file_pseudo(SOCK_INODE(sock), sock_mnt, dname,
462 O_RDWR | (flags & O_NONBLOCK),
463 &socket_file_ops);
464 if (IS_ERR(file)) {
465 sock_release(sock);
466 return file;
467 }
468
469 sock->file = file;
470 file->private_data = sock;
471 stream_open(SOCK_INODE(sock), file);
472 return file;
473}
474EXPORT_SYMBOL(sock_alloc_file);
475
476static int sock_map_fd(struct socket *sock, int flags)
477{
478 struct file *newfile;
479 int fd = get_unused_fd_flags(flags);
480 if (unlikely(fd < 0)) {
481 sock_release(sock);
482 return fd;
483 }
484
485 newfile = sock_alloc_file(sock, flags, NULL);
486 if (!IS_ERR(newfile)) {
487 fd_install(fd, newfile);
488 return fd;
489 }
490
491 put_unused_fd(fd);
492 return PTR_ERR(newfile);
493}
494
495
496
497
498
499
500
501
502struct socket *sock_from_file(struct file *file)
503{
504 if (file->f_op == &socket_file_ops)
505 return file->private_data;
506
507 return NULL;
508}
509EXPORT_SYMBOL(sock_from_file);
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524struct socket *sockfd_lookup(int fd, int *err)
525{
526 struct file *file;
527 struct socket *sock;
528
529 file = fget(fd);
530 if (!file) {
531 *err = -EBADF;
532 return NULL;
533 }
534
535 sock = sock_from_file(file);
536 if (!sock) {
537 *err = -ENOTSOCK;
538 fput(file);
539 }
540 return sock;
541}
542EXPORT_SYMBOL(sockfd_lookup);
543
544static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
545{
546 struct fd f = fdget(fd);
547 struct socket *sock;
548
549 *err = -EBADF;
550 if (f.file) {
551 sock = sock_from_file(f.file);
552 if (likely(sock)) {
553 *fput_needed = f.flags & FDPUT_FPUT;
554 return sock;
555 }
556 *err = -ENOTSOCK;
557 fdput(f);
558 }
559 return NULL;
560}
561
562static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
563 size_t size)
564{
565 ssize_t len;
566 ssize_t used = 0;
567
568 len = security_inode_listsecurity(d_inode(dentry), buffer, size);
569 if (len < 0)
570 return len;
571 used += len;
572 if (buffer) {
573 if (size < used)
574 return -ERANGE;
575 buffer += len;
576 }
577
578 len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
579 used += len;
580 if (buffer) {
581 if (size < used)
582 return -ERANGE;
583 memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
584 buffer += len;
585 }
586
587 return used;
588}
589
590static int sockfs_setattr(struct user_namespace *mnt_userns,
591 struct dentry *dentry, struct iattr *iattr)
592{
593 int err = simple_setattr(&init_user_ns, dentry, iattr);
594
595 if (!err && (iattr->ia_valid & ATTR_UID)) {
596 struct socket *sock = SOCKET_I(d_inode(dentry));
597
598 if (sock->sk)
599 sock->sk->sk_uid = iattr->ia_uid;
600 else
601 err = -ENOENT;
602 }
603
604 return err;
605}
606
607static const struct inode_operations sockfs_inode_ops = {
608 .listxattr = sockfs_listxattr,
609 .setattr = sockfs_setattr,
610};
611
612
613
614
615
616
617
618
619
620struct socket *sock_alloc(void)
621{
622 struct inode *inode;
623 struct socket *sock;
624
625 inode = new_inode_pseudo(sock_mnt->mnt_sb);
626 if (!inode)
627 return NULL;
628
629 sock = SOCKET_I(inode);
630
631 inode->i_ino = get_next_ino();
632 inode->i_mode = S_IFSOCK | S_IRWXUGO;
633 inode->i_uid = current_fsuid();
634 inode->i_gid = current_fsgid();
635 inode->i_op = &sockfs_inode_ops;
636
637 return sock;
638}
639EXPORT_SYMBOL(sock_alloc);
640
641static void __sock_release(struct socket *sock, struct inode *inode)
642{
643 if (sock->ops) {
644 struct module *owner = sock->ops->owner;
645
646 if (inode)
647 inode_lock(inode);
648 sock->ops->release(sock);
649 sock->sk = NULL;
650 if (inode)
651 inode_unlock(inode);
652 sock->ops = NULL;
653 module_put(owner);
654 }
655
656 if (sock->wq.fasync_list)
657 pr_err("%s: fasync list not empty!\n", __func__);
658
659 if (!sock->file) {
660 iput(SOCK_INODE(sock));
661 return;
662 }
663 sock->file = NULL;
664}
665
666
667
668
669
670
671
672
673
674void sock_release(struct socket *sock)
675{
676 __sock_release(sock, NULL);
677}
678EXPORT_SYMBOL(sock_release);
679
680void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags)
681{
682 u8 flags = *tx_flags;
683
684 if (tsflags & SOF_TIMESTAMPING_TX_HARDWARE)
685 flags |= SKBTX_HW_TSTAMP;
686
687 if (tsflags & SOF_TIMESTAMPING_TX_SOFTWARE)
688 flags |= SKBTX_SW_TSTAMP;
689
690 if (tsflags & SOF_TIMESTAMPING_TX_SCHED)
691 flags |= SKBTX_SCHED_TSTAMP;
692
693 *tx_flags = flags;
694}
695EXPORT_SYMBOL(__sock_tx_timestamp);
696
697INDIRECT_CALLABLE_DECLARE(int inet_sendmsg(struct socket *, struct msghdr *,
698 size_t));
699INDIRECT_CALLABLE_DECLARE(int inet6_sendmsg(struct socket *, struct msghdr *,
700 size_t));
701static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
702{
703 int ret = INDIRECT_CALL_INET(sock->ops->sendmsg, inet6_sendmsg,
704 inet_sendmsg, sock, msg,
705 msg_data_left(msg));
706 BUG_ON(ret == -EIOCBQUEUED);
707 return ret;
708}
709
710
711
712
713
714
715
716
717
718int sock_sendmsg(struct socket *sock, struct msghdr *msg)
719{
720 int err = security_socket_sendmsg(sock, msg,
721 msg_data_left(msg));
722
723 return err ?: sock_sendmsg_nosec(sock, msg);
724}
725EXPORT_SYMBOL(sock_sendmsg);
726
727
728
729
730
731
732
733
734
735
736
737
738
739int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
740 struct kvec *vec, size_t num, size_t size)
741{
742 iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
743 return sock_sendmsg(sock, msg);
744}
745EXPORT_SYMBOL(kernel_sendmsg);
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760int kernel_sendmsg_locked(struct sock *sk, struct msghdr *msg,
761 struct kvec *vec, size_t num, size_t size)
762{
763 struct socket *sock = sk->sk_socket;
764
765 if (!sock->ops->sendmsg_locked)
766 return sock_no_sendmsg_locked(sk, msg, size);
767
768 iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
769
770 return sock->ops->sendmsg_locked(sk, msg, msg_data_left(msg));
771}
772EXPORT_SYMBOL(kernel_sendmsg_locked);
773
774static bool skb_is_err_queue(const struct sk_buff *skb)
775{
776
777
778
779
780
781 return skb->pkt_type == PACKET_OUTGOING;
782}
783
784
785
786
787
788
789
790
791
792static bool skb_is_swtx_tstamp(const struct sk_buff *skb, int false_tstamp)
793{
794 return skb->tstamp && !false_tstamp && skb_is_err_queue(skb);
795}
796
797static void put_ts_pktinfo(struct msghdr *msg, struct sk_buff *skb)
798{
799 struct scm_ts_pktinfo ts_pktinfo;
800 struct net_device *orig_dev;
801
802 if (!skb_mac_header_was_set(skb))
803 return;
804
805 memset(&ts_pktinfo, 0, sizeof(ts_pktinfo));
806
807 rcu_read_lock();
808 orig_dev = dev_get_by_napi_id(skb_napi_id(skb));
809 if (orig_dev)
810 ts_pktinfo.if_index = orig_dev->ifindex;
811 rcu_read_unlock();
812
813 ts_pktinfo.pkt_length = skb->len - skb_mac_offset(skb);
814 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_PKTINFO,
815 sizeof(ts_pktinfo), &ts_pktinfo);
816}
817
818
819
820
821void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
822 struct sk_buff *skb)
823{
824 int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
825 int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
826 struct scm_timestamping_internal tss;
827
828 int empty = 1, false_tstamp = 0;
829 struct skb_shared_hwtstamps *shhwtstamps =
830 skb_hwtstamps(skb);
831
832
833
834 if (need_software_tstamp && skb->tstamp == 0) {
835 __net_timestamp(skb);
836 false_tstamp = 1;
837 }
838
839 if (need_software_tstamp) {
840 if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
841 if (new_tstamp) {
842 struct __kernel_sock_timeval tv;
843
844 skb_get_new_timestamp(skb, &tv);
845 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_NEW,
846 sizeof(tv), &tv);
847 } else {
848 struct __kernel_old_timeval tv;
849
850 skb_get_timestamp(skb, &tv);
851 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_OLD,
852 sizeof(tv), &tv);
853 }
854 } else {
855 if (new_tstamp) {
856 struct __kernel_timespec ts;
857
858 skb_get_new_timestampns(skb, &ts);
859 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_NEW,
860 sizeof(ts), &ts);
861 } else {
862 struct __kernel_old_timespec ts;
863
864 skb_get_timestampns(skb, &ts);
865 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
866 sizeof(ts), &ts);
867 }
868 }
869 }
870
871 memset(&tss, 0, sizeof(tss));
872 if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) &&
873 ktime_to_timespec64_cond(skb->tstamp, tss.ts + 0))
874 empty = 0;
875 if (shhwtstamps &&
876 (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
877 !skb_is_swtx_tstamp(skb, false_tstamp)) {
878 if (sk->sk_tsflags & SOF_TIMESTAMPING_BIND_PHC)
879 ptp_convert_timestamp(shhwtstamps, sk->sk_bind_phc);
880
881 if (ktime_to_timespec64_cond(shhwtstamps->hwtstamp,
882 tss.ts + 2)) {
883 empty = 0;
884
885 if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_PKTINFO) &&
886 !skb_is_err_queue(skb))
887 put_ts_pktinfo(msg, skb);
888 }
889 }
890 if (!empty) {
891 if (sock_flag(sk, SOCK_TSTAMP_NEW))
892 put_cmsg_scm_timestamping64(msg, &tss);
893 else
894 put_cmsg_scm_timestamping(msg, &tss);
895
896 if (skb_is_err_queue(skb) && skb->len &&
897 SKB_EXT_ERR(skb)->opt_stats)
898 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS,
899 skb->len, skb->data);
900 }
901}
902EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
903
904void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
905 struct sk_buff *skb)
906{
907 int ack;
908
909 if (!sock_flag(sk, SOCK_WIFI_STATUS))
910 return;
911 if (!skb->wifi_acked_valid)
912 return;
913
914 ack = skb->wifi_acked;
915
916 put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
917}
918EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
919
920static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
921 struct sk_buff *skb)
922{
923 if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
924 put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
925 sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
926}
927
928void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
929 struct sk_buff *skb)
930{
931 sock_recv_timestamp(msg, sk, skb);
932 sock_recv_drops(msg, sk, skb);
933}
934EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
935
936INDIRECT_CALLABLE_DECLARE(int inet_recvmsg(struct socket *, struct msghdr *,
937 size_t, int));
938INDIRECT_CALLABLE_DECLARE(int inet6_recvmsg(struct socket *, struct msghdr *,
939 size_t, int));
940static inline int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
941 int flags)
942{
943 return INDIRECT_CALL_INET(sock->ops->recvmsg, inet6_recvmsg,
944 inet_recvmsg, sock, msg, msg_data_left(msg),
945 flags);
946}
947
948
949
950
951
952
953
954
955
956
957int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags)
958{
959 int err = security_socket_recvmsg(sock, msg, msg_data_left(msg), flags);
960
961 return err ?: sock_recvmsg_nosec(sock, msg, flags);
962}
963EXPORT_SYMBOL(sock_recvmsg);
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
982 struct kvec *vec, size_t num, size_t size, int flags)
983{
984 msg->msg_control_is_user = false;
985 iov_iter_kvec(&msg->msg_iter, READ, vec, num, size);
986 return sock_recvmsg(sock, msg, flags);
987}
988EXPORT_SYMBOL(kernel_recvmsg);
989
990static ssize_t sock_sendpage(struct file *file, struct page *page,
991 int offset, size_t size, loff_t *ppos, int more)
992{
993 struct socket *sock;
994 int flags;
995
996 sock = file->private_data;
997
998 flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
999
1000 flags |= more;
1001
1002 return kernel_sendpage(sock, page, offset, size, flags);
1003}
1004
1005static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
1006 struct pipe_inode_info *pipe, size_t len,
1007 unsigned int flags)
1008{
1009 struct socket *sock = file->private_data;
1010
1011 if (unlikely(!sock->ops->splice_read))
1012 return generic_file_splice_read(file, ppos, pipe, len, flags);
1013
1014 return sock->ops->splice_read(sock, ppos, pipe, len, flags);
1015}
1016
1017static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
1018{
1019 struct file *file = iocb->ki_filp;
1020 struct socket *sock = file->private_data;
1021 struct msghdr msg = {.msg_iter = *to,
1022 .msg_iocb = iocb};
1023 ssize_t res;
1024
1025 if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
1026 msg.msg_flags = MSG_DONTWAIT;
1027
1028 if (iocb->ki_pos != 0)
1029 return -ESPIPE;
1030
1031 if (!iov_iter_count(to))
1032 return 0;
1033
1034 res = sock_recvmsg(sock, &msg, msg.msg_flags);
1035 *to = msg.msg_iter;
1036 return res;
1037}
1038
1039static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
1040{
1041 struct file *file = iocb->ki_filp;
1042 struct socket *sock = file->private_data;
1043 struct msghdr msg = {.msg_iter = *from,
1044 .msg_iocb = iocb};
1045 ssize_t res;
1046
1047 if (iocb->ki_pos != 0)
1048 return -ESPIPE;
1049
1050 if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
1051 msg.msg_flags = MSG_DONTWAIT;
1052
1053 if (sock->type == SOCK_SEQPACKET)
1054 msg.msg_flags |= MSG_EOR;
1055
1056 res = sock_sendmsg(sock, &msg);
1057 *from = msg.msg_iter;
1058 return res;
1059}
1060
1061
1062
1063
1064
1065
1066static DEFINE_MUTEX(br_ioctl_mutex);
1067static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
1068
1069void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
1070{
1071 mutex_lock(&br_ioctl_mutex);
1072 br_ioctl_hook = hook;
1073 mutex_unlock(&br_ioctl_mutex);
1074}
1075EXPORT_SYMBOL(brioctl_set);
1076
1077static DEFINE_MUTEX(vlan_ioctl_mutex);
1078static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
1079
1080void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
1081{
1082 mutex_lock(&vlan_ioctl_mutex);
1083 vlan_ioctl_hook = hook;
1084 mutex_unlock(&vlan_ioctl_mutex);
1085}
1086EXPORT_SYMBOL(vlan_ioctl_set);
1087
1088static long sock_do_ioctl(struct net *net, struct socket *sock,
1089 unsigned int cmd, unsigned long arg)
1090{
1091 int err;
1092 void __user *argp = (void __user *)arg;
1093
1094 err = sock->ops->ioctl(sock, cmd, arg);
1095
1096
1097
1098
1099
1100 if (err != -ENOIOCTLCMD)
1101 return err;
1102
1103 if (cmd == SIOCGIFCONF) {
1104 struct ifconf ifc;
1105 if (copy_from_user(&ifc, argp, sizeof(struct ifconf)))
1106 return -EFAULT;
1107 rtnl_lock();
1108 err = dev_ifconf(net, &ifc, sizeof(struct ifreq));
1109 rtnl_unlock();
1110 if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf)))
1111 err = -EFAULT;
1112 } else {
1113 struct ifreq ifr;
1114 bool need_copyout;
1115 if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1116 return -EFAULT;
1117 err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1118 if (!err && need_copyout)
1119 if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1120 return -EFAULT;
1121 }
1122 return err;
1123}
1124
1125
1126
1127
1128
1129
1130static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1131{
1132 struct socket *sock;
1133 struct sock *sk;
1134 void __user *argp = (void __user *)arg;
1135 int pid, err;
1136 struct net *net;
1137
1138 sock = file->private_data;
1139 sk = sock->sk;
1140 net = sock_net(sk);
1141 if (unlikely(cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))) {
1142 struct ifreq ifr;
1143 bool need_copyout;
1144 if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1145 return -EFAULT;
1146 err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1147 if (!err && need_copyout)
1148 if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1149 return -EFAULT;
1150 } else
1151#ifdef CONFIG_WEXT_CORE
1152 if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1153 err = wext_handle_ioctl(net, cmd, argp);
1154 } else
1155#endif
1156 switch (cmd) {
1157 case FIOSETOWN:
1158 case SIOCSPGRP:
1159 err = -EFAULT;
1160 if (get_user(pid, (int __user *)argp))
1161 break;
1162 err = f_setown(sock->file, pid, 1);
1163 break;
1164 case FIOGETOWN:
1165 case SIOCGPGRP:
1166 err = put_user(f_getown(sock->file),
1167 (int __user *)argp);
1168 break;
1169 case SIOCGIFBR:
1170 case SIOCSIFBR:
1171 case SIOCBRADDBR:
1172 case SIOCBRDELBR:
1173 err = -ENOPKG;
1174 if (!br_ioctl_hook)
1175 request_module("bridge");
1176
1177 mutex_lock(&br_ioctl_mutex);
1178 if (br_ioctl_hook)
1179 err = br_ioctl_hook(net, cmd, argp);
1180 mutex_unlock(&br_ioctl_mutex);
1181 break;
1182 case SIOCGIFVLAN:
1183 case SIOCSIFVLAN:
1184 err = -ENOPKG;
1185 if (!vlan_ioctl_hook)
1186 request_module("8021q");
1187
1188 mutex_lock(&vlan_ioctl_mutex);
1189 if (vlan_ioctl_hook)
1190 err = vlan_ioctl_hook(net, argp);
1191 mutex_unlock(&vlan_ioctl_mutex);
1192 break;
1193 case SIOCGSKNS:
1194 err = -EPERM;
1195 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1196 break;
1197
1198 err = open_related_ns(&net->ns, get_net_ns);
1199 break;
1200 case SIOCGSTAMP_OLD:
1201 case SIOCGSTAMPNS_OLD:
1202 if (!sock->ops->gettstamp) {
1203 err = -ENOIOCTLCMD;
1204 break;
1205 }
1206 err = sock->ops->gettstamp(sock, argp,
1207 cmd == SIOCGSTAMP_OLD,
1208 !IS_ENABLED(CONFIG_64BIT));
1209 break;
1210 case SIOCGSTAMP_NEW:
1211 case SIOCGSTAMPNS_NEW:
1212 if (!sock->ops->gettstamp) {
1213 err = -ENOIOCTLCMD;
1214 break;
1215 }
1216 err = sock->ops->gettstamp(sock, argp,
1217 cmd == SIOCGSTAMP_NEW,
1218 false);
1219 break;
1220 default:
1221 err = sock_do_ioctl(net, sock, cmd, arg);
1222 break;
1223 }
1224 return err;
1225}
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240int sock_create_lite(int family, int type, int protocol, struct socket **res)
1241{
1242 int err;
1243 struct socket *sock = NULL;
1244
1245 err = security_socket_create(family, type, protocol, 1);
1246 if (err)
1247 goto out;
1248
1249 sock = sock_alloc();
1250 if (!sock) {
1251 err = -ENOMEM;
1252 goto out;
1253 }
1254
1255 sock->type = type;
1256 err = security_socket_post_create(sock, family, type, protocol, 1);
1257 if (err)
1258 goto out_release;
1259
1260out:
1261 *res = sock;
1262 return err;
1263out_release:
1264 sock_release(sock);
1265 sock = NULL;
1266 goto out;
1267}
1268EXPORT_SYMBOL(sock_create_lite);
1269
1270
1271static __poll_t sock_poll(struct file *file, poll_table *wait)
1272{
1273 struct socket *sock = file->private_data;
1274 __poll_t events = poll_requested_events(wait), flag = 0;
1275
1276 if (!sock->ops->poll)
1277 return 0;
1278
1279 if (sk_can_busy_loop(sock->sk)) {
1280
1281 if (events & POLL_BUSY_LOOP)
1282 sk_busy_loop(sock->sk, 1);
1283
1284
1285 flag = POLL_BUSY_LOOP;
1286 }
1287
1288 return sock->ops->poll(file, sock, wait) | flag;
1289}
1290
1291static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1292{
1293 struct socket *sock = file->private_data;
1294
1295 return sock->ops->mmap(file, sock, vma);
1296}
1297
1298static int sock_close(struct inode *inode, struct file *filp)
1299{
1300 __sock_release(SOCKET_I(inode), inode);
1301 return 0;
1302}
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315static int sock_fasync(int fd, struct file *filp, int on)
1316{
1317 struct socket *sock = filp->private_data;
1318 struct sock *sk = sock->sk;
1319 struct socket_wq *wq = &sock->wq;
1320
1321 if (sk == NULL)
1322 return -EINVAL;
1323
1324 lock_sock(sk);
1325 fasync_helper(fd, filp, on, &wq->fasync_list);
1326
1327 if (!wq->fasync_list)
1328 sock_reset_flag(sk, SOCK_FASYNC);
1329 else
1330 sock_set_flag(sk, SOCK_FASYNC);
1331
1332 release_sock(sk);
1333 return 0;
1334}
1335
1336
1337
1338int sock_wake_async(struct socket_wq *wq, int how, int band)
1339{
1340 if (!wq || !wq->fasync_list)
1341 return -1;
1342
1343 switch (how) {
1344 case SOCK_WAKE_WAITD:
1345 if (test_bit(SOCKWQ_ASYNC_WAITDATA, &wq->flags))
1346 break;
1347 goto call_kill;
1348 case SOCK_WAKE_SPACE:
1349 if (!test_and_clear_bit(SOCKWQ_ASYNC_NOSPACE, &wq->flags))
1350 break;
1351 fallthrough;
1352 case SOCK_WAKE_IO:
1353call_kill:
1354 kill_fasync(&wq->fasync_list, SIGIO, band);
1355 break;
1356 case SOCK_WAKE_URG:
1357 kill_fasync(&wq->fasync_list, SIGURG, band);
1358 }
1359
1360 return 0;
1361}
1362EXPORT_SYMBOL(sock_wake_async);
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379int __sock_create(struct net *net, int family, int type, int protocol,
1380 struct socket **res, int kern)
1381{
1382 int err;
1383 struct socket *sock;
1384 const struct net_proto_family *pf;
1385
1386
1387
1388
1389 if (family < 0 || family >= NPROTO)
1390 return -EAFNOSUPPORT;
1391 if (type < 0 || type >= SOCK_MAX)
1392 return -EINVAL;
1393
1394
1395
1396
1397
1398
1399 if (family == PF_INET && type == SOCK_PACKET) {
1400 pr_info_once("%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1401 current->comm);
1402 family = PF_PACKET;
1403 }
1404
1405 err = security_socket_create(family, type, protocol, kern);
1406 if (err)
1407 return err;
1408
1409
1410
1411
1412
1413
1414 sock = sock_alloc();
1415 if (!sock) {
1416 net_warn_ratelimited("socket: no more sockets\n");
1417 return -ENFILE;
1418
1419 }
1420
1421 sock->type = type;
1422
1423#ifdef CONFIG_MODULES
1424
1425
1426
1427
1428
1429
1430 if (rcu_access_pointer(net_families[family]) == NULL)
1431 request_module("net-pf-%d", family);
1432#endif
1433
1434 rcu_read_lock();
1435 pf = rcu_dereference(net_families[family]);
1436 err = -EAFNOSUPPORT;
1437 if (!pf)
1438 goto out_release;
1439
1440
1441
1442
1443
1444 if (!try_module_get(pf->owner))
1445 goto out_release;
1446
1447
1448 rcu_read_unlock();
1449
1450 err = pf->create(net, sock, protocol, kern);
1451 if (err < 0)
1452 goto out_module_put;
1453
1454
1455
1456
1457
1458 if (!try_module_get(sock->ops->owner))
1459 goto out_module_busy;
1460
1461
1462
1463
1464
1465 module_put(pf->owner);
1466 err = security_socket_post_create(sock, family, type, protocol, kern);
1467 if (err)
1468 goto out_sock_release;
1469 *res = sock;
1470
1471 return 0;
1472
1473out_module_busy:
1474 err = -EAFNOSUPPORT;
1475out_module_put:
1476 sock->ops = NULL;
1477 module_put(pf->owner);
1478out_sock_release:
1479 sock_release(sock);
1480 return err;
1481
1482out_release:
1483 rcu_read_unlock();
1484 goto out_sock_release;
1485}
1486EXPORT_SYMBOL(__sock_create);
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499int sock_create(int family, int type, int protocol, struct socket **res)
1500{
1501 return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1502}
1503EXPORT_SYMBOL(sock_create);
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517int sock_create_kern(struct net *net, int family, int type, int protocol, struct socket **res)
1518{
1519 return __sock_create(net, family, type, protocol, res, 1);
1520}
1521EXPORT_SYMBOL(sock_create_kern);
1522
1523int __sys_socket(int family, int type, int protocol)
1524{
1525 int retval;
1526 struct socket *sock;
1527 int flags;
1528
1529
1530 BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1531 BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1532 BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1533 BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1534
1535 flags = type & ~SOCK_TYPE_MASK;
1536 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1537 return -EINVAL;
1538 type &= SOCK_TYPE_MASK;
1539
1540 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1541 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1542
1543 retval = sock_create(family, type, protocol, &sock);
1544 if (retval < 0)
1545 return retval;
1546
1547 return sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1548}
1549
1550SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1551{
1552 return __sys_socket(family, type, protocol);
1553}
1554
1555
1556
1557
1558
1559int __sys_socketpair(int family, int type, int protocol, int __user *usockvec)
1560{
1561 struct socket *sock1, *sock2;
1562 int fd1, fd2, err;
1563 struct file *newfile1, *newfile2;
1564 int flags;
1565
1566 flags = type & ~SOCK_TYPE_MASK;
1567 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1568 return -EINVAL;
1569 type &= SOCK_TYPE_MASK;
1570
1571 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1572 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1573
1574
1575
1576
1577
1578 fd1 = get_unused_fd_flags(flags);
1579 if (unlikely(fd1 < 0))
1580 return fd1;
1581
1582 fd2 = get_unused_fd_flags(flags);
1583 if (unlikely(fd2 < 0)) {
1584 put_unused_fd(fd1);
1585 return fd2;
1586 }
1587
1588 err = put_user(fd1, &usockvec[0]);
1589 if (err)
1590 goto out;
1591
1592 err = put_user(fd2, &usockvec[1]);
1593 if (err)
1594 goto out;
1595
1596
1597
1598
1599
1600
1601 err = sock_create(family, type, protocol, &sock1);
1602 if (unlikely(err < 0))
1603 goto out;
1604
1605 err = sock_create(family, type, protocol, &sock2);
1606 if (unlikely(err < 0)) {
1607 sock_release(sock1);
1608 goto out;
1609 }
1610
1611 err = security_socket_socketpair(sock1, sock2);
1612 if (unlikely(err)) {
1613 sock_release(sock2);
1614 sock_release(sock1);
1615 goto out;
1616 }
1617
1618 err = sock1->ops->socketpair(sock1, sock2);
1619 if (unlikely(err < 0)) {
1620 sock_release(sock2);
1621 sock_release(sock1);
1622 goto out;
1623 }
1624
1625 newfile1 = sock_alloc_file(sock1, flags, NULL);
1626 if (IS_ERR(newfile1)) {
1627 err = PTR_ERR(newfile1);
1628 sock_release(sock2);
1629 goto out;
1630 }
1631
1632 newfile2 = sock_alloc_file(sock2, flags, NULL);
1633 if (IS_ERR(newfile2)) {
1634 err = PTR_ERR(newfile2);
1635 fput(newfile1);
1636 goto out;
1637 }
1638
1639 audit_fd_pair(fd1, fd2);
1640
1641 fd_install(fd1, newfile1);
1642 fd_install(fd2, newfile2);
1643 return 0;
1644
1645out:
1646 put_unused_fd(fd2);
1647 put_unused_fd(fd1);
1648 return err;
1649}
1650
1651SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1652 int __user *, usockvec)
1653{
1654 return __sys_socketpair(family, type, protocol, usockvec);
1655}
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1666{
1667 struct socket *sock;
1668 struct sockaddr_storage address;
1669 int err, fput_needed;
1670
1671 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1672 if (sock) {
1673 err = move_addr_to_kernel(umyaddr, addrlen, &address);
1674 if (!err) {
1675 err = security_socket_bind(sock,
1676 (struct sockaddr *)&address,
1677 addrlen);
1678 if (!err)
1679 err = sock->ops->bind(sock,
1680 (struct sockaddr *)
1681 &address, addrlen);
1682 }
1683 fput_light(sock->file, fput_needed);
1684 }
1685 return err;
1686}
1687
1688SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1689{
1690 return __sys_bind(fd, umyaddr, addrlen);
1691}
1692
1693
1694
1695
1696
1697
1698
1699int __sys_listen(int fd, int backlog)
1700{
1701 struct socket *sock;
1702 int err, fput_needed;
1703 int somaxconn;
1704
1705 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1706 if (sock) {
1707 somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1708 if ((unsigned int)backlog > somaxconn)
1709 backlog = somaxconn;
1710
1711 err = security_socket_listen(sock, backlog);
1712 if (!err)
1713 err = sock->ops->listen(sock, backlog);
1714
1715 fput_light(sock->file, fput_needed);
1716 }
1717 return err;
1718}
1719
1720SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1721{
1722 return __sys_listen(fd, backlog);
1723}
1724
1725int __sys_accept4_file(struct file *file, unsigned file_flags,
1726 struct sockaddr __user *upeer_sockaddr,
1727 int __user *upeer_addrlen, int flags,
1728 unsigned long nofile)
1729{
1730 struct socket *sock, *newsock;
1731 struct file *newfile;
1732 int err, len, newfd;
1733 struct sockaddr_storage address;
1734
1735 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1736 return -EINVAL;
1737
1738 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1739 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1740
1741 sock = sock_from_file(file);
1742 if (!sock) {
1743 err = -ENOTSOCK;
1744 goto out;
1745 }
1746
1747 err = -ENFILE;
1748 newsock = sock_alloc();
1749 if (!newsock)
1750 goto out;
1751
1752 newsock->type = sock->type;
1753 newsock->ops = sock->ops;
1754
1755
1756
1757
1758
1759 __module_get(newsock->ops->owner);
1760
1761 newfd = __get_unused_fd_flags(flags, nofile);
1762 if (unlikely(newfd < 0)) {
1763 err = newfd;
1764 sock_release(newsock);
1765 goto out;
1766 }
1767 newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
1768 if (IS_ERR(newfile)) {
1769 err = PTR_ERR(newfile);
1770 put_unused_fd(newfd);
1771 goto out;
1772 }
1773
1774 err = security_socket_accept(sock, newsock);
1775 if (err)
1776 goto out_fd;
1777
1778 err = sock->ops->accept(sock, newsock, sock->file->f_flags | file_flags,
1779 false);
1780 if (err < 0)
1781 goto out_fd;
1782
1783 if (upeer_sockaddr) {
1784 len = newsock->ops->getname(newsock,
1785 (struct sockaddr *)&address, 2);
1786 if (len < 0) {
1787 err = -ECONNABORTED;
1788 goto out_fd;
1789 }
1790 err = move_addr_to_user(&address,
1791 len, upeer_sockaddr, upeer_addrlen);
1792 if (err < 0)
1793 goto out_fd;
1794 }
1795
1796
1797
1798 fd_install(newfd, newfile);
1799 err = newfd;
1800out:
1801 return err;
1802out_fd:
1803 fput(newfile);
1804 put_unused_fd(newfd);
1805 goto out;
1806
1807}
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr,
1822 int __user *upeer_addrlen, int flags)
1823{
1824 int ret = -EBADF;
1825 struct fd f;
1826
1827 f = fdget(fd);
1828 if (f.file) {
1829 ret = __sys_accept4_file(f.file, 0, upeer_sockaddr,
1830 upeer_addrlen, flags,
1831 rlimit(RLIMIT_NOFILE));
1832 fdput(f);
1833 }
1834
1835 return ret;
1836}
1837
1838SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1839 int __user *, upeer_addrlen, int, flags)
1840{
1841 return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, flags);
1842}
1843
1844SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1845 int __user *, upeer_addrlen)
1846{
1847 return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1848}
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862int __sys_connect_file(struct file *file, struct sockaddr_storage *address,
1863 int addrlen, int file_flags)
1864{
1865 struct socket *sock;
1866 int err;
1867
1868 sock = sock_from_file(file);
1869 if (!sock) {
1870 err = -ENOTSOCK;
1871 goto out;
1872 }
1873
1874 err =
1875 security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1876 if (err)
1877 goto out;
1878
1879 err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1880 sock->file->f_flags | file_flags);
1881out:
1882 return err;
1883}
1884
1885int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
1886{
1887 int ret = -EBADF;
1888 struct fd f;
1889
1890 f = fdget(fd);
1891 if (f.file) {
1892 struct sockaddr_storage address;
1893
1894 ret = move_addr_to_kernel(uservaddr, addrlen, &address);
1895 if (!ret)
1896 ret = __sys_connect_file(f.file, &address, addrlen, 0);
1897 fdput(f);
1898 }
1899
1900 return ret;
1901}
1902
1903SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1904 int, addrlen)
1905{
1906 return __sys_connect(fd, uservaddr, addrlen);
1907}
1908
1909
1910
1911
1912
1913
1914int __sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1915 int __user *usockaddr_len)
1916{
1917 struct socket *sock;
1918 struct sockaddr_storage address;
1919 int err, fput_needed;
1920
1921 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1922 if (!sock)
1923 goto out;
1924
1925 err = security_socket_getsockname(sock);
1926 if (err)
1927 goto out_put;
1928
1929 err = sock->ops->getname(sock, (struct sockaddr *)&address, 0);
1930 if (err < 0)
1931 goto out_put;
1932
1933 err = move_addr_to_user(&address, err, usockaddr, usockaddr_len);
1934
1935out_put:
1936 fput_light(sock->file, fput_needed);
1937out:
1938 return err;
1939}
1940
1941SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1942 int __user *, usockaddr_len)
1943{
1944 return __sys_getsockname(fd, usockaddr, usockaddr_len);
1945}
1946
1947
1948
1949
1950
1951
1952int __sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1953 int __user *usockaddr_len)
1954{
1955 struct socket *sock;
1956 struct sockaddr_storage address;
1957 int err, fput_needed;
1958
1959 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1960 if (sock != NULL) {
1961 err = security_socket_getpeername(sock);
1962 if (err) {
1963 fput_light(sock->file, fput_needed);
1964 return err;
1965 }
1966
1967 err = sock->ops->getname(sock, (struct sockaddr *)&address, 1);
1968 if (err >= 0)
1969
1970 err = move_addr_to_user(&address, err, usockaddr,
1971 usockaddr_len);
1972 fput_light(sock->file, fput_needed);
1973 }
1974 return err;
1975}
1976
1977SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1978 int __user *, usockaddr_len)
1979{
1980 return __sys_getpeername(fd, usockaddr, usockaddr_len);
1981}
1982
1983
1984
1985
1986
1987
1988int __sys_sendto(int fd, void __user *buff, size_t len, unsigned int flags,
1989 struct sockaddr __user *addr, int addr_len)
1990{
1991 struct socket *sock;
1992 struct sockaddr_storage address;
1993 int err;
1994 struct msghdr msg;
1995 struct iovec iov;
1996 int fput_needed;
1997
1998 err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
1999 if (unlikely(err))
2000 return err;
2001 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2002 if (!sock)
2003 goto out;
2004
2005 msg.msg_name = NULL;
2006 msg.msg_control = NULL;
2007 msg.msg_controllen = 0;
2008 msg.msg_namelen = 0;
2009 if (addr) {
2010 err = move_addr_to_kernel(addr, addr_len, &address);
2011 if (err < 0)
2012 goto out_put;
2013 msg.msg_name = (struct sockaddr *)&address;
2014 msg.msg_namelen = addr_len;
2015 }
2016 if (sock->file->f_flags & O_NONBLOCK)
2017 flags |= MSG_DONTWAIT;
2018 msg.msg_flags = flags;
2019 err = sock_sendmsg(sock, &msg);
2020
2021out_put:
2022 fput_light(sock->file, fput_needed);
2023out:
2024 return err;
2025}
2026
2027SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
2028 unsigned int, flags, struct sockaddr __user *, addr,
2029 int, addr_len)
2030{
2031 return __sys_sendto(fd, buff, len, flags, addr, addr_len);
2032}
2033
2034
2035
2036
2037
2038SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
2039 unsigned int, flags)
2040{
2041 return __sys_sendto(fd, buff, len, flags, NULL, 0);
2042}
2043
2044
2045
2046
2047
2048
2049int __sys_recvfrom(int fd, void __user *ubuf, size_t size, unsigned int flags,
2050 struct sockaddr __user *addr, int __user *addr_len)
2051{
2052 struct socket *sock;
2053 struct iovec iov;
2054 struct msghdr msg;
2055 struct sockaddr_storage address;
2056 int err, err2;
2057 int fput_needed;
2058
2059 err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
2060 if (unlikely(err))
2061 return err;
2062 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2063 if (!sock)
2064 goto out;
2065
2066 msg.msg_control = NULL;
2067 msg.msg_controllen = 0;
2068
2069 msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
2070
2071 msg.msg_namelen = 0;
2072 msg.msg_iocb = NULL;
2073 msg.msg_flags = 0;
2074 if (sock->file->f_flags & O_NONBLOCK)
2075 flags |= MSG_DONTWAIT;
2076 err = sock_recvmsg(sock, &msg, flags);
2077
2078 if (err >= 0 && addr != NULL) {
2079 err2 = move_addr_to_user(&address,
2080 msg.msg_namelen, addr, addr_len);
2081 if (err2 < 0)
2082 err = err2;
2083 }
2084
2085 fput_light(sock->file, fput_needed);
2086out:
2087 return err;
2088}
2089
2090SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
2091 unsigned int, flags, struct sockaddr __user *, addr,
2092 int __user *, addr_len)
2093{
2094 return __sys_recvfrom(fd, ubuf, size, flags, addr, addr_len);
2095}
2096
2097
2098
2099
2100
2101SYSCALL_DEFINE4(recv, int, fd, void __user *, ubuf, size_t, size,
2102 unsigned int, flags)
2103{
2104 return __sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
2105}
2106
2107static bool sock_use_custom_sol_socket(const struct socket *sock)
2108{
2109 const struct sock *sk = sock->sk;
2110
2111
2112 return IS_ENABLED(CONFIG_MPTCP) &&
2113 sk->sk_protocol == IPPROTO_MPTCP &&
2114 sk->sk_type == SOCK_STREAM &&
2115 (sk->sk_family == AF_INET || sk->sk_family == AF_INET6);
2116}
2117
2118
2119
2120
2121
2122int __sys_setsockopt(int fd, int level, int optname, char __user *user_optval,
2123 int optlen)
2124{
2125 sockptr_t optval = USER_SOCKPTR(user_optval);
2126 char *kernel_optval = NULL;
2127 int err, fput_needed;
2128 struct socket *sock;
2129
2130 if (optlen < 0)
2131 return -EINVAL;
2132
2133 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2134 if (!sock)
2135 return err;
2136
2137 err = security_socket_setsockopt(sock, level, optname);
2138 if (err)
2139 goto out_put;
2140
2141 if (!in_compat_syscall())
2142 err = BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock->sk, &level, &optname,
2143 user_optval, &optlen,
2144 &kernel_optval);
2145 if (err < 0)
2146 goto out_put;
2147 if (err > 0) {
2148 err = 0;
2149 goto out_put;
2150 }
2151
2152 if (kernel_optval)
2153 optval = KERNEL_SOCKPTR(kernel_optval);
2154 if (level == SOL_SOCKET && !sock_use_custom_sol_socket(sock))
2155 err = sock_setsockopt(sock, level, optname, optval, optlen);
2156 else if (unlikely(!sock->ops->setsockopt))
2157 err = -EOPNOTSUPP;
2158 else
2159 err = sock->ops->setsockopt(sock, level, optname, optval,
2160 optlen);
2161 kfree(kernel_optval);
2162out_put:
2163 fput_light(sock->file, fput_needed);
2164 return err;
2165}
2166
2167SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
2168 char __user *, optval, int, optlen)
2169{
2170 return __sys_setsockopt(fd, level, optname, optval, optlen);
2171}
2172
2173INDIRECT_CALLABLE_DECLARE(bool tcp_bpf_bypass_getsockopt(int level,
2174 int optname));
2175
2176
2177
2178
2179
2180int __sys_getsockopt(int fd, int level, int optname, char __user *optval,
2181 int __user *optlen)
2182{
2183 int err, fput_needed;
2184 struct socket *sock;
2185 int max_optlen;
2186
2187 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2188 if (!sock)
2189 return err;
2190
2191 err = security_socket_getsockopt(sock, level, optname);
2192 if (err)
2193 goto out_put;
2194
2195 if (!in_compat_syscall())
2196 max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);
2197
2198 if (level == SOL_SOCKET)
2199 err = sock_getsockopt(sock, level, optname, optval, optlen);
2200 else if (unlikely(!sock->ops->getsockopt))
2201 err = -EOPNOTSUPP;
2202 else
2203 err = sock->ops->getsockopt(sock, level, optname, optval,
2204 optlen);
2205
2206 if (!in_compat_syscall())
2207 err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
2208 optval, optlen, max_optlen,
2209 err);
2210out_put:
2211 fput_light(sock->file, fput_needed);
2212 return err;
2213}
2214
2215SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
2216 char __user *, optval, int __user *, optlen)
2217{
2218 return __sys_getsockopt(fd, level, optname, optval, optlen);
2219}
2220
2221
2222
2223
2224
2225int __sys_shutdown_sock(struct socket *sock, int how)
2226{
2227 int err;
2228
2229 err = security_socket_shutdown(sock, how);
2230 if (!err)
2231 err = sock->ops->shutdown(sock, how);
2232
2233 return err;
2234}
2235
2236int __sys_shutdown(int fd, int how)
2237{
2238 int err, fput_needed;
2239 struct socket *sock;
2240
2241 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2242 if (sock != NULL) {
2243 err = __sys_shutdown_sock(sock, how);
2244 fput_light(sock->file, fput_needed);
2245 }
2246 return err;
2247}
2248
2249SYSCALL_DEFINE2(shutdown, int, fd, int, how)
2250{
2251 return __sys_shutdown(fd, how);
2252}
2253
2254
2255
2256
2257#define COMPAT_MSG(msg, member) ((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
2258#define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen)
2259#define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags)
2260
2261struct used_address {
2262 struct sockaddr_storage name;
2263 unsigned int name_len;
2264};
2265
2266int __copy_msghdr_from_user(struct msghdr *kmsg,
2267 struct user_msghdr __user *umsg,
2268 struct sockaddr __user **save_addr,
2269 struct iovec __user **uiov, size_t *nsegs)
2270{
2271 struct user_msghdr msg;
2272 ssize_t err;
2273
2274 if (copy_from_user(&msg, umsg, sizeof(*umsg)))
2275 return -EFAULT;
2276
2277 kmsg->msg_control_is_user = true;
2278 kmsg->msg_control_user = msg.msg_control;
2279 kmsg->msg_controllen = msg.msg_controllen;
2280 kmsg->msg_flags = msg.msg_flags;
2281
2282 kmsg->msg_namelen = msg.msg_namelen;
2283 if (!msg.msg_name)
2284 kmsg->msg_namelen = 0;
2285
2286 if (kmsg->msg_namelen < 0)
2287 return -EINVAL;
2288
2289 if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
2290 kmsg->msg_namelen = sizeof(struct sockaddr_storage);
2291
2292 if (save_addr)
2293 *save_addr = msg.msg_name;
2294
2295 if (msg.msg_name && kmsg->msg_namelen) {
2296 if (!save_addr) {
2297 err = move_addr_to_kernel(msg.msg_name,
2298 kmsg->msg_namelen,
2299 kmsg->msg_name);
2300 if (err < 0)
2301 return err;
2302 }
2303 } else {
2304 kmsg->msg_name = NULL;
2305 kmsg->msg_namelen = 0;
2306 }
2307
2308 if (msg.msg_iovlen > UIO_MAXIOV)
2309 return -EMSGSIZE;
2310
2311 kmsg->msg_iocb = NULL;
2312 *uiov = msg.msg_iov;
2313 *nsegs = msg.msg_iovlen;
2314 return 0;
2315}
2316
2317static int copy_msghdr_from_user(struct msghdr *kmsg,
2318 struct user_msghdr __user *umsg,
2319 struct sockaddr __user **save_addr,
2320 struct iovec **iov)
2321{
2322 struct user_msghdr msg;
2323 ssize_t err;
2324
2325 err = __copy_msghdr_from_user(kmsg, umsg, save_addr, &msg.msg_iov,
2326 &msg.msg_iovlen);
2327 if (err)
2328 return err;
2329
2330 err = import_iovec(save_addr ? READ : WRITE,
2331 msg.msg_iov, msg.msg_iovlen,
2332 UIO_FASTIOV, iov, &kmsg->msg_iter);
2333 return err < 0 ? err : 0;
2334}
2335
2336static int ____sys_sendmsg(struct socket *sock, struct msghdr *msg_sys,
2337 unsigned int flags, struct used_address *used_address,
2338 unsigned int allowed_msghdr_flags)
2339{
2340 unsigned char ctl[sizeof(struct cmsghdr) + 20]
2341 __aligned(sizeof(__kernel_size_t));
2342
2343 unsigned char *ctl_buf = ctl;
2344 int ctl_len;
2345 ssize_t err;
2346
2347 err = -ENOBUFS;
2348
2349 if (msg_sys->msg_controllen > INT_MAX)
2350 goto out;
2351 flags |= (msg_sys->msg_flags & allowed_msghdr_flags);
2352 ctl_len = msg_sys->msg_controllen;
2353 if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
2354 err =
2355 cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
2356 sizeof(ctl));
2357 if (err)
2358 goto out;
2359 ctl_buf = msg_sys->msg_control;
2360 ctl_len = msg_sys->msg_controllen;
2361 } else if (ctl_len) {
2362 BUILD_BUG_ON(sizeof(struct cmsghdr) !=
2363 CMSG_ALIGN(sizeof(struct cmsghdr)));
2364 if (ctl_len > sizeof(ctl)) {
2365 ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
2366 if (ctl_buf == NULL)
2367 goto out;
2368 }
2369 err = -EFAULT;
2370 if (copy_from_user(ctl_buf, msg_sys->msg_control_user, ctl_len))
2371 goto out_freectl;
2372 msg_sys->msg_control = ctl_buf;
2373 msg_sys->msg_control_is_user = false;
2374 }
2375 msg_sys->msg_flags = flags;
2376
2377 if (sock->file->f_flags & O_NONBLOCK)
2378 msg_sys->msg_flags |= MSG_DONTWAIT;
2379
2380
2381
2382
2383
2384
2385 if (used_address && msg_sys->msg_name &&
2386 used_address->name_len == msg_sys->msg_namelen &&
2387 !memcmp(&used_address->name, msg_sys->msg_name,
2388 used_address->name_len)) {
2389 err = sock_sendmsg_nosec(sock, msg_sys);
2390 goto out_freectl;
2391 }
2392 err = sock_sendmsg(sock, msg_sys);
2393
2394
2395
2396
2397 if (used_address && err >= 0) {
2398 used_address->name_len = msg_sys->msg_namelen;
2399 if (msg_sys->msg_name)
2400 memcpy(&used_address->name, msg_sys->msg_name,
2401 used_address->name_len);
2402 }
2403
2404out_freectl:
2405 if (ctl_buf != ctl)
2406 sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2407out:
2408 return err;
2409}
2410
2411int sendmsg_copy_msghdr(struct msghdr *msg,
2412 struct user_msghdr __user *umsg, unsigned flags,
2413 struct iovec **iov)
2414{
2415 int err;
2416
2417 if (flags & MSG_CMSG_COMPAT) {
2418 struct compat_msghdr __user *msg_compat;
2419
2420 msg_compat = (struct compat_msghdr __user *) umsg;
2421 err = get_compat_msghdr(msg, msg_compat, NULL, iov);
2422 } else {
2423 err = copy_msghdr_from_user(msg, umsg, NULL, iov);
2424 }
2425 if (err < 0)
2426 return err;
2427
2428 return 0;
2429}
2430
2431static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
2432 struct msghdr *msg_sys, unsigned int flags,
2433 struct used_address *used_address,
2434 unsigned int allowed_msghdr_flags)
2435{
2436 struct sockaddr_storage address;
2437 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2438 ssize_t err;
2439
2440 msg_sys->msg_name = &address;
2441
2442 err = sendmsg_copy_msghdr(msg_sys, msg, flags, &iov);
2443 if (err < 0)
2444 return err;
2445
2446 err = ____sys_sendmsg(sock, msg_sys, flags, used_address,
2447 allowed_msghdr_flags);
2448 kfree(iov);
2449 return err;
2450}
2451
2452
2453
2454
2455long __sys_sendmsg_sock(struct socket *sock, struct msghdr *msg,
2456 unsigned int flags)
2457{
2458 return ____sys_sendmsg(sock, msg, flags, NULL, 0);
2459}
2460
2461long __sys_sendmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2462 bool forbid_cmsg_compat)
2463{
2464 int fput_needed, err;
2465 struct msghdr msg_sys;
2466 struct socket *sock;
2467
2468 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2469 return -EINVAL;
2470
2471 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2472 if (!sock)
2473 goto out;
2474
2475 err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL, 0);
2476
2477 fput_light(sock->file, fput_needed);
2478out:
2479 return err;
2480}
2481
2482SYSCALL_DEFINE3(sendmsg, int, fd, struct user_msghdr __user *, msg, unsigned int, flags)
2483{
2484 return __sys_sendmsg(fd, msg, flags, true);
2485}
2486
2487
2488
2489
2490
2491int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2492 unsigned int flags, bool forbid_cmsg_compat)
2493{
2494 int fput_needed, err, datagrams;
2495 struct socket *sock;
2496 struct mmsghdr __user *entry;
2497 struct compat_mmsghdr __user *compat_entry;
2498 struct msghdr msg_sys;
2499 struct used_address used_address;
2500 unsigned int oflags = flags;
2501
2502 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2503 return -EINVAL;
2504
2505 if (vlen > UIO_MAXIOV)
2506 vlen = UIO_MAXIOV;
2507
2508 datagrams = 0;
2509
2510 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2511 if (!sock)
2512 return err;
2513
2514 used_address.name_len = UINT_MAX;
2515 entry = mmsg;
2516 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2517 err = 0;
2518 flags |= MSG_BATCH;
2519
2520 while (datagrams < vlen) {
2521 if (datagrams == vlen - 1)
2522 flags = oflags;
2523
2524 if (MSG_CMSG_COMPAT & flags) {
2525 err = ___sys_sendmsg(sock, (struct user_msghdr __user *)compat_entry,
2526 &msg_sys, flags, &used_address, MSG_EOR);
2527 if (err < 0)
2528 break;
2529 err = __put_user(err, &compat_entry->msg_len);
2530 ++compat_entry;
2531 } else {
2532 err = ___sys_sendmsg(sock,
2533 (struct user_msghdr __user *)entry,
2534 &msg_sys, flags, &used_address, MSG_EOR);
2535 if (err < 0)
2536 break;
2537 err = put_user(err, &entry->msg_len);
2538 ++entry;
2539 }
2540
2541 if (err)
2542 break;
2543 ++datagrams;
2544 if (msg_data_left(&msg_sys))
2545 break;
2546 cond_resched();
2547 }
2548
2549 fput_light(sock->file, fput_needed);
2550
2551
2552 if (datagrams != 0)
2553 return datagrams;
2554
2555 return err;
2556}
2557
2558SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2559 unsigned int, vlen, unsigned int, flags)
2560{
2561 return __sys_sendmmsg(fd, mmsg, vlen, flags, true);
2562}
2563
2564int recvmsg_copy_msghdr(struct msghdr *msg,
2565 struct user_msghdr __user *umsg, unsigned flags,
2566 struct sockaddr __user **uaddr,
2567 struct iovec **iov)
2568{
2569 ssize_t err;
2570
2571 if (MSG_CMSG_COMPAT & flags) {
2572 struct compat_msghdr __user *msg_compat;
2573
2574 msg_compat = (struct compat_msghdr __user *) umsg;
2575 err = get_compat_msghdr(msg, msg_compat, uaddr, iov);
2576 } else {
2577 err = copy_msghdr_from_user(msg, umsg, uaddr, iov);
2578 }
2579 if (err < 0)
2580 return err;
2581
2582 return 0;
2583}
2584
2585static int ____sys_recvmsg(struct socket *sock, struct msghdr *msg_sys,
2586 struct user_msghdr __user *msg,
2587 struct sockaddr __user *uaddr,
2588 unsigned int flags, int nosec)
2589{
2590 struct compat_msghdr __user *msg_compat =
2591 (struct compat_msghdr __user *) msg;
2592 int __user *uaddr_len = COMPAT_NAMELEN(msg);
2593 struct sockaddr_storage addr;
2594 unsigned long cmsg_ptr;
2595 int len;
2596 ssize_t err;
2597
2598 msg_sys->msg_name = &addr;
2599 cmsg_ptr = (unsigned long)msg_sys->msg_control;
2600 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2601
2602
2603 msg_sys->msg_namelen = 0;
2604
2605 if (sock->file->f_flags & O_NONBLOCK)
2606 flags |= MSG_DONTWAIT;
2607
2608 if (unlikely(nosec))
2609 err = sock_recvmsg_nosec(sock, msg_sys, flags);
2610 else
2611 err = sock_recvmsg(sock, msg_sys, flags);
2612
2613 if (err < 0)
2614 goto out;
2615 len = err;
2616
2617 if (uaddr != NULL) {
2618 err = move_addr_to_user(&addr,
2619 msg_sys->msg_namelen, uaddr,
2620 uaddr_len);
2621 if (err < 0)
2622 goto out;
2623 }
2624 err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
2625 COMPAT_FLAGS(msg));
2626 if (err)
2627 goto out;
2628 if (MSG_CMSG_COMPAT & flags)
2629 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2630 &msg_compat->msg_controllen);
2631 else
2632 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2633 &msg->msg_controllen);
2634 if (err)
2635 goto out;
2636 err = len;
2637out:
2638 return err;
2639}
2640
2641static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
2642 struct msghdr *msg_sys, unsigned int flags, int nosec)
2643{
2644 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2645
2646 struct sockaddr __user *uaddr;
2647 ssize_t err;
2648
2649 err = recvmsg_copy_msghdr(msg_sys, msg, flags, &uaddr, &iov);
2650 if (err < 0)
2651 return err;
2652
2653 err = ____sys_recvmsg(sock, msg_sys, msg, uaddr, flags, nosec);
2654 kfree(iov);
2655 return err;
2656}
2657
2658
2659
2660
2661
2662long __sys_recvmsg_sock(struct socket *sock, struct msghdr *msg,
2663 struct user_msghdr __user *umsg,
2664 struct sockaddr __user *uaddr, unsigned int flags)
2665{
2666 return ____sys_recvmsg(sock, msg, umsg, uaddr, flags, 0);
2667}
2668
2669long __sys_recvmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2670 bool forbid_cmsg_compat)
2671{
2672 int fput_needed, err;
2673 struct msghdr msg_sys;
2674 struct socket *sock;
2675
2676 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2677 return -EINVAL;
2678
2679 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2680 if (!sock)
2681 goto out;
2682
2683 err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2684
2685 fput_light(sock->file, fput_needed);
2686out:
2687 return err;
2688}
2689
2690SYSCALL_DEFINE3(recvmsg, int, fd, struct user_msghdr __user *, msg,
2691 unsigned int, flags)
2692{
2693 return __sys_recvmsg(fd, msg, flags, true);
2694}
2695
2696
2697
2698
2699
2700static int do_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2701 unsigned int vlen, unsigned int flags,
2702 struct timespec64 *timeout)
2703{
2704 int fput_needed, err, datagrams;
2705 struct socket *sock;
2706 struct mmsghdr __user *entry;
2707 struct compat_mmsghdr __user *compat_entry;
2708 struct msghdr msg_sys;
2709 struct timespec64 end_time;
2710 struct timespec64 timeout64;
2711
2712 if (timeout &&
2713 poll_select_set_timeout(&end_time, timeout->tv_sec,
2714 timeout->tv_nsec))
2715 return -EINVAL;
2716
2717 datagrams = 0;
2718
2719 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2720 if (!sock)
2721 return err;
2722
2723 if (likely(!(flags & MSG_ERRQUEUE))) {
2724 err = sock_error(sock->sk);
2725 if (err) {
2726 datagrams = err;
2727 goto out_put;
2728 }
2729 }
2730
2731 entry = mmsg;
2732 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2733
2734 while (datagrams < vlen) {
2735
2736
2737
2738 if (MSG_CMSG_COMPAT & flags) {
2739 err = ___sys_recvmsg(sock, (struct user_msghdr __user *)compat_entry,
2740 &msg_sys, flags & ~MSG_WAITFORONE,
2741 datagrams);
2742 if (err < 0)
2743 break;
2744 err = __put_user(err, &compat_entry->msg_len);
2745 ++compat_entry;
2746 } else {
2747 err = ___sys_recvmsg(sock,
2748 (struct user_msghdr __user *)entry,
2749 &msg_sys, flags & ~MSG_WAITFORONE,
2750 datagrams);
2751 if (err < 0)
2752 break;
2753 err = put_user(err, &entry->msg_len);
2754 ++entry;
2755 }
2756
2757 if (err)
2758 break;
2759 ++datagrams;
2760
2761
2762 if (flags & MSG_WAITFORONE)
2763 flags |= MSG_DONTWAIT;
2764
2765 if (timeout) {
2766 ktime_get_ts64(&timeout64);
2767 *timeout = timespec64_sub(end_time, timeout64);
2768 if (timeout->tv_sec < 0) {
2769 timeout->tv_sec = timeout->tv_nsec = 0;
2770 break;
2771 }
2772
2773
2774 if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2775 break;
2776 }
2777
2778
2779 if (msg_sys.msg_flags & MSG_OOB)
2780 break;
2781 cond_resched();
2782 }
2783
2784 if (err == 0)
2785 goto out_put;
2786
2787 if (datagrams == 0) {
2788 datagrams = err;
2789 goto out_put;
2790 }
2791
2792
2793
2794
2795
2796 if (err != -EAGAIN) {
2797
2798
2799
2800
2801
2802
2803 sock->sk->sk_err = -err;
2804 }
2805out_put:
2806 fput_light(sock->file, fput_needed);
2807
2808 return datagrams;
2809}
2810
2811int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2812 unsigned int vlen, unsigned int flags,
2813 struct __kernel_timespec __user *timeout,
2814 struct old_timespec32 __user *timeout32)
2815{
2816 int datagrams;
2817 struct timespec64 timeout_sys;
2818
2819 if (timeout && get_timespec64(&timeout_sys, timeout))
2820 return -EFAULT;
2821
2822 if (timeout32 && get_old_timespec32(&timeout_sys, timeout32))
2823 return -EFAULT;
2824
2825 if (!timeout && !timeout32)
2826 return do_recvmmsg(fd, mmsg, vlen, flags, NULL);
2827
2828 datagrams = do_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2829
2830 if (datagrams <= 0)
2831 return datagrams;
2832
2833 if (timeout && put_timespec64(&timeout_sys, timeout))
2834 datagrams = -EFAULT;
2835
2836 if (timeout32 && put_old_timespec32(&timeout_sys, timeout32))
2837 datagrams = -EFAULT;
2838
2839 return datagrams;
2840}
2841
2842SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2843 unsigned int, vlen, unsigned int, flags,
2844 struct __kernel_timespec __user *, timeout)
2845{
2846 if (flags & MSG_CMSG_COMPAT)
2847 return -EINVAL;
2848
2849 return __sys_recvmmsg(fd, mmsg, vlen, flags, timeout, NULL);
2850}
2851
2852#ifdef CONFIG_COMPAT_32BIT_TIME
2853SYSCALL_DEFINE5(recvmmsg_time32, int, fd, struct mmsghdr __user *, mmsg,
2854 unsigned int, vlen, unsigned int, flags,
2855 struct old_timespec32 __user *, timeout)
2856{
2857 if (flags & MSG_CMSG_COMPAT)
2858 return -EINVAL;
2859
2860 return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL, timeout);
2861}
2862#endif
2863
2864#ifdef __ARCH_WANT_SYS_SOCKETCALL
2865
2866#define AL(x) ((x) * sizeof(unsigned long))
2867static const unsigned char nargs[21] = {
2868 AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2869 AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2870 AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2871 AL(4), AL(5), AL(4)
2872};
2873
2874#undef AL
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2885{
2886 unsigned long a[AUDITSC_ARGS];
2887 unsigned long a0, a1;
2888 int err;
2889 unsigned int len;
2890
2891 if (call < 1 || call > SYS_SENDMMSG)
2892 return -EINVAL;
2893 call = array_index_nospec(call, SYS_SENDMMSG + 1);
2894
2895 len = nargs[call];
2896 if (len > sizeof(a))
2897 return -EINVAL;
2898
2899
2900 if (copy_from_user(a, args, len))
2901 return -EFAULT;
2902
2903 err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2904 if (err)
2905 return err;
2906
2907 a0 = a[0];
2908 a1 = a[1];
2909
2910 switch (call) {
2911 case SYS_SOCKET:
2912 err = __sys_socket(a0, a1, a[2]);
2913 break;
2914 case SYS_BIND:
2915 err = __sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2916 break;
2917 case SYS_CONNECT:
2918 err = __sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2919 break;
2920 case SYS_LISTEN:
2921 err = __sys_listen(a0, a1);
2922 break;
2923 case SYS_ACCEPT:
2924 err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2925 (int __user *)a[2], 0);
2926 break;
2927 case SYS_GETSOCKNAME:
2928 err =
2929 __sys_getsockname(a0, (struct sockaddr __user *)a1,
2930 (int __user *)a[2]);
2931 break;
2932 case SYS_GETPEERNAME:
2933 err =
2934 __sys_getpeername(a0, (struct sockaddr __user *)a1,
2935 (int __user *)a[2]);
2936 break;
2937 case SYS_SOCKETPAIR:
2938 err = __sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2939 break;
2940 case SYS_SEND:
2941 err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2942 NULL, 0);
2943 break;
2944 case SYS_SENDTO:
2945 err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2946 (struct sockaddr __user *)a[4], a[5]);
2947 break;
2948 case SYS_RECV:
2949 err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2950 NULL, NULL);
2951 break;
2952 case SYS_RECVFROM:
2953 err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2954 (struct sockaddr __user *)a[4],
2955 (int __user *)a[5]);
2956 break;
2957 case SYS_SHUTDOWN:
2958 err = __sys_shutdown(a0, a1);
2959 break;
2960 case SYS_SETSOCKOPT:
2961 err = __sys_setsockopt(a0, a1, a[2], (char __user *)a[3],
2962 a[4]);
2963 break;
2964 case SYS_GETSOCKOPT:
2965 err =
2966 __sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2967 (int __user *)a[4]);
2968 break;
2969 case SYS_SENDMSG:
2970 err = __sys_sendmsg(a0, (struct user_msghdr __user *)a1,
2971 a[2], true);
2972 break;
2973 case SYS_SENDMMSG:
2974 err = __sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2],
2975 a[3], true);
2976 break;
2977 case SYS_RECVMSG:
2978 err = __sys_recvmsg(a0, (struct user_msghdr __user *)a1,
2979 a[2], true);
2980 break;
2981 case SYS_RECVMMSG:
2982 if (IS_ENABLED(CONFIG_64BIT))
2983 err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2984 a[2], a[3],
2985 (struct __kernel_timespec __user *)a[4],
2986 NULL);
2987 else
2988 err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2989 a[2], a[3], NULL,
2990 (struct old_timespec32 __user *)a[4]);
2991 break;
2992 case SYS_ACCEPT4:
2993 err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2994 (int __user *)a[2], a[3]);
2995 break;
2996 default:
2997 err = -EINVAL;
2998 break;
2999 }
3000 return err;
3001}
3002
3003#endif
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014int sock_register(const struct net_proto_family *ops)
3015{
3016 int err;
3017
3018 if (ops->family >= NPROTO) {
3019 pr_crit("protocol %d >= NPROTO(%d)\n", ops->family, NPROTO);
3020 return -ENOBUFS;
3021 }
3022
3023 spin_lock(&net_family_lock);
3024 if (rcu_dereference_protected(net_families[ops->family],
3025 lockdep_is_held(&net_family_lock)))
3026 err = -EEXIST;
3027 else {
3028 rcu_assign_pointer(net_families[ops->family], ops);
3029 err = 0;
3030 }
3031 spin_unlock(&net_family_lock);
3032
3033 pr_info("NET: Registered %s protocol family\n", pf_family_names[ops->family]);
3034 return err;
3035}
3036EXPORT_SYMBOL(sock_register);
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051void sock_unregister(int family)
3052{
3053 BUG_ON(family < 0 || family >= NPROTO);
3054
3055 spin_lock(&net_family_lock);
3056 RCU_INIT_POINTER(net_families[family], NULL);
3057 spin_unlock(&net_family_lock);
3058
3059 synchronize_rcu();
3060
3061 pr_info("NET: Unregistered %s protocol family\n", pf_family_names[family]);
3062}
3063EXPORT_SYMBOL(sock_unregister);
3064
3065bool sock_is_registered(int family)
3066{
3067 return family < NPROTO && rcu_access_pointer(net_families[family]);
3068}
3069
3070static int __init sock_init(void)
3071{
3072 int err;
3073
3074
3075
3076 err = net_sysctl_init();
3077 if (err)
3078 goto out;
3079
3080
3081
3082
3083 skb_init();
3084
3085
3086
3087
3088
3089 init_inodecache();
3090
3091 err = register_filesystem(&sock_fs_type);
3092 if (err)
3093 goto out;
3094 sock_mnt = kern_mount(&sock_fs_type);
3095 if (IS_ERR(sock_mnt)) {
3096 err = PTR_ERR(sock_mnt);
3097 goto out_mount;
3098 }
3099
3100
3101
3102
3103#ifdef CONFIG_NETFILTER
3104 err = netfilter_init();
3105 if (err)
3106 goto out;
3107#endif
3108
3109 ptp_classifier_init();
3110
3111out:
3112 return err;
3113
3114out_mount:
3115 unregister_filesystem(&sock_fs_type);
3116 goto out;
3117}
3118
3119core_initcall(sock_init);
3120
3121#ifdef CONFIG_PROC_FS
3122void socket_seq_show(struct seq_file *seq)
3123{
3124 seq_printf(seq, "sockets: used %d\n",
3125 sock_inuse_get(seq->private));
3126}
3127#endif
3128
3129#ifdef CONFIG_COMPAT
3130static int compat_dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
3131{
3132 struct compat_ifconf ifc32;
3133 struct ifconf ifc;
3134 int err;
3135
3136 if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
3137 return -EFAULT;
3138
3139 ifc.ifc_len = ifc32.ifc_len;
3140 ifc.ifc_req = compat_ptr(ifc32.ifcbuf);
3141
3142 rtnl_lock();
3143 err = dev_ifconf(net, &ifc, sizeof(struct compat_ifreq));
3144 rtnl_unlock();
3145 if (err)
3146 return err;
3147
3148 ifc32.ifc_len = ifc.ifc_len;
3149 if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
3150 return -EFAULT;
3151
3152 return 0;
3153}
3154
3155static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
3156{
3157 struct compat_ethtool_rxnfc __user *compat_rxnfc;
3158 bool convert_in = false, convert_out = false;
3159 size_t buf_size = 0;
3160 struct ethtool_rxnfc __user *rxnfc = NULL;
3161 struct ifreq ifr;
3162 u32 rule_cnt = 0, actual_rule_cnt;
3163 u32 ethcmd;
3164 u32 data;
3165 int ret;
3166
3167 if (get_user(data, &ifr32->ifr_ifru.ifru_data))
3168 return -EFAULT;
3169
3170 compat_rxnfc = compat_ptr(data);
3171
3172 if (get_user(ethcmd, &compat_rxnfc->cmd))
3173 return -EFAULT;
3174
3175
3176
3177
3178 switch (ethcmd) {
3179 default:
3180 break;
3181 case ETHTOOL_GRXCLSRLALL:
3182
3183 if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
3184 return -EFAULT;
3185 if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
3186 return -ENOMEM;
3187 buf_size += rule_cnt * sizeof(u32);
3188 fallthrough;
3189 case ETHTOOL_GRXRINGS:
3190 case ETHTOOL_GRXCLSRLCNT:
3191 case ETHTOOL_GRXCLSRULE:
3192 case ETHTOOL_SRXCLSRLINS:
3193 convert_out = true;
3194 fallthrough;
3195 case ETHTOOL_SRXCLSRLDEL:
3196 buf_size += sizeof(struct ethtool_rxnfc);
3197 convert_in = true;
3198 rxnfc = compat_alloc_user_space(buf_size);
3199 break;
3200 }
3201
3202 if (copy_from_user(&ifr.ifr_name, &ifr32->ifr_name, IFNAMSIZ))
3203 return -EFAULT;
3204
3205 ifr.ifr_data = convert_in ? rxnfc : (void __user *)compat_rxnfc;
3206
3207 if (convert_in) {
3208
3209
3210
3211 BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
3212 sizeof(compat_rxnfc->fs.m_ext) !=
3213 offsetof(struct ethtool_rxnfc, fs.m_ext) +
3214 sizeof(rxnfc->fs.m_ext));
3215 BUILD_BUG_ON(
3216 offsetof(struct compat_ethtool_rxnfc, fs.location) -
3217 offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
3218 offsetof(struct ethtool_rxnfc, fs.location) -
3219 offsetof(struct ethtool_rxnfc, fs.ring_cookie));
3220
3221 if (copy_in_user(rxnfc, compat_rxnfc,
3222 (void __user *)(&rxnfc->fs.m_ext + 1) -
3223 (void __user *)rxnfc) ||
3224 copy_in_user(&rxnfc->fs.ring_cookie,
3225 &compat_rxnfc->fs.ring_cookie,
3226 (void __user *)(&rxnfc->fs.location + 1) -
3227 (void __user *)&rxnfc->fs.ring_cookie))
3228 return -EFAULT;
3229 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3230 if (put_user(rule_cnt, &rxnfc->rule_cnt))
3231 return -EFAULT;
3232 } else if (copy_in_user(&rxnfc->rule_cnt,
3233 &compat_rxnfc->rule_cnt,
3234 sizeof(rxnfc->rule_cnt)))
3235 return -EFAULT;
3236 }
3237
3238 ret = dev_ioctl(net, SIOCETHTOOL, &ifr, NULL);
3239 if (ret)
3240 return ret;
3241
3242 if (convert_out) {
3243 if (copy_in_user(compat_rxnfc, rxnfc,
3244 (const void __user *)(&rxnfc->fs.m_ext + 1) -
3245 (const void __user *)rxnfc) ||
3246 copy_in_user(&compat_rxnfc->fs.ring_cookie,
3247 &rxnfc->fs.ring_cookie,
3248 (const void __user *)(&rxnfc->fs.location + 1) -
3249 (const void __user *)&rxnfc->fs.ring_cookie) ||
3250 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
3251 sizeof(rxnfc->rule_cnt)))
3252 return -EFAULT;
3253
3254 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3255
3256
3257
3258
3259
3260
3261
3262
3263 if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
3264 return -EFAULT;
3265 if (actual_rule_cnt < rule_cnt)
3266 rule_cnt = actual_rule_cnt;
3267 if (copy_in_user(&compat_rxnfc->rule_locs[0],
3268 &rxnfc->rule_locs[0],
3269 rule_cnt * sizeof(u32)))
3270 return -EFAULT;
3271 }
3272 }
3273
3274 return 0;
3275}
3276
3277static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
3278{
3279 compat_uptr_t uptr32;
3280 struct ifreq ifr;
3281 void __user *saved;
3282 int err;
3283
3284 if (copy_from_user(&ifr, uifr32, sizeof(struct compat_ifreq)))
3285 return -EFAULT;
3286
3287 if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
3288 return -EFAULT;
3289
3290 saved = ifr.ifr_settings.ifs_ifsu.raw_hdlc;
3291 ifr.ifr_settings.ifs_ifsu.raw_hdlc = compat_ptr(uptr32);
3292
3293 err = dev_ioctl(net, SIOCWANDEV, &ifr, NULL);
3294 if (!err) {
3295 ifr.ifr_settings.ifs_ifsu.raw_hdlc = saved;
3296 if (copy_to_user(uifr32, &ifr, sizeof(struct compat_ifreq)))
3297 err = -EFAULT;
3298 }
3299 return err;
3300}
3301
3302
3303static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd,
3304 struct compat_ifreq __user *u_ifreq32)
3305{
3306 struct ifreq ifreq;
3307 u32 data32;
3308
3309 if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ))
3310 return -EFAULT;
3311 if (get_user(data32, &u_ifreq32->ifr_data))
3312 return -EFAULT;
3313 ifreq.ifr_data = compat_ptr(data32);
3314
3315 return dev_ioctl(net, cmd, &ifreq, NULL);
3316}
3317
3318static int compat_ifreq_ioctl(struct net *net, struct socket *sock,
3319 unsigned int cmd,
3320 struct compat_ifreq __user *uifr32)
3321{
3322 struct ifreq __user *uifr;
3323 int err;
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335 uifr = compat_alloc_user_space(sizeof(*uifr));
3336 if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
3337 return -EFAULT;
3338
3339 err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
3340
3341 if (!err) {
3342 switch (cmd) {
3343 case SIOCGIFFLAGS:
3344 case SIOCGIFMETRIC:
3345 case SIOCGIFMTU:
3346 case SIOCGIFMEM:
3347 case SIOCGIFHWADDR:
3348 case SIOCGIFINDEX:
3349 case SIOCGIFADDR:
3350 case SIOCGIFBRDADDR:
3351 case SIOCGIFDSTADDR:
3352 case SIOCGIFNETMASK:
3353 case SIOCGIFPFLAGS:
3354 case SIOCGIFTXQLEN:
3355 case SIOCGMIIPHY:
3356 case SIOCGMIIREG:
3357 case SIOCGIFNAME:
3358 if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
3359 err = -EFAULT;
3360 break;
3361 }
3362 }
3363 return err;
3364}
3365
3366static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3367 struct compat_ifreq __user *uifr32)
3368{
3369 struct ifreq ifr;
3370 struct compat_ifmap __user *uifmap32;
3371 int err;
3372
3373 uifmap32 = &uifr32->ifr_ifru.ifru_map;
3374 err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3375 err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3376 err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3377 err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3378 err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3379 err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3380 err |= get_user(ifr.ifr_map.port, &uifmap32->port);
3381 if (err)
3382 return -EFAULT;
3383
3384 err = dev_ioctl(net, cmd, &ifr, NULL);
3385
3386 if (cmd == SIOCGIFMAP && !err) {
3387 err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3388 err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3389 err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3390 err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3391 err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3392 err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3393 err |= put_user(ifr.ifr_map.port, &uifmap32->port);
3394 if (err)
3395 err = -EFAULT;
3396 }
3397 return err;
3398}
3399
3400
3401
3402
3403
3404static int old_bridge_ioctl(compat_ulong_t __user *argp)
3405{
3406 compat_ulong_t tmp;
3407
3408 if (get_user(tmp, argp))
3409 return -EFAULT;
3410 if (tmp == BRCTL_GET_VERSION)
3411 return BRCTL_VERSION + 1;
3412 return -EINVAL;
3413}
3414
3415static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3416 unsigned int cmd, unsigned long arg)
3417{
3418 void __user *argp = compat_ptr(arg);
3419 struct sock *sk = sock->sk;
3420 struct net *net = sock_net(sk);
3421
3422 if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
3423 return compat_ifr_data_ioctl(net, cmd, argp);
3424
3425 switch (cmd) {
3426 case SIOCSIFBR:
3427 case SIOCGIFBR:
3428 return old_bridge_ioctl(argp);
3429 case SIOCGIFCONF:
3430 return compat_dev_ifconf(net, argp);
3431 case SIOCETHTOOL:
3432 return ethtool_ioctl(net, argp);
3433 case SIOCWANDEV:
3434 return compat_siocwandev(net, argp);
3435 case SIOCGIFMAP:
3436 case SIOCSIFMAP:
3437 return compat_sioc_ifmap(net, cmd, argp);
3438 case SIOCGSTAMP_OLD:
3439 case SIOCGSTAMPNS_OLD:
3440 if (!sock->ops->gettstamp)
3441 return -ENOIOCTLCMD;
3442 return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP_OLD,
3443 !COMPAT_USE_64BIT_TIME);
3444
3445 case SIOCBONDSLAVEINFOQUERY:
3446 case SIOCBONDINFOQUERY:
3447 case SIOCSHWTSTAMP:
3448 case SIOCGHWTSTAMP:
3449 return compat_ifr_data_ioctl(net, cmd, argp);
3450
3451 case FIOSETOWN:
3452 case SIOCSPGRP:
3453 case FIOGETOWN:
3454 case SIOCGPGRP:
3455 case SIOCBRADDBR:
3456 case SIOCBRDELBR:
3457 case SIOCGIFVLAN:
3458 case SIOCSIFVLAN:
3459 case SIOCGSKNS:
3460 case SIOCGSTAMP_NEW:
3461 case SIOCGSTAMPNS_NEW:
3462 return sock_ioctl(file, cmd, arg);
3463
3464 case SIOCGIFFLAGS:
3465 case SIOCSIFFLAGS:
3466 case SIOCGIFMETRIC:
3467 case SIOCSIFMETRIC:
3468 case SIOCGIFMTU:
3469 case SIOCSIFMTU:
3470 case SIOCGIFMEM:
3471 case SIOCSIFMEM:
3472 case SIOCGIFHWADDR:
3473 case SIOCSIFHWADDR:
3474 case SIOCADDMULTI:
3475 case SIOCDELMULTI:
3476 case SIOCGIFINDEX:
3477 case SIOCGIFADDR:
3478 case SIOCSIFADDR:
3479 case SIOCSIFHWBROADCAST:
3480 case SIOCDIFADDR:
3481 case SIOCGIFBRDADDR:
3482 case SIOCSIFBRDADDR:
3483 case SIOCGIFDSTADDR:
3484 case SIOCSIFDSTADDR:
3485 case SIOCGIFNETMASK:
3486 case SIOCSIFNETMASK:
3487 case SIOCSIFPFLAGS:
3488 case SIOCGIFPFLAGS:
3489 case SIOCGIFTXQLEN:
3490 case SIOCSIFTXQLEN:
3491 case SIOCBRADDIF:
3492 case SIOCBRDELIF:
3493 case SIOCGIFNAME:
3494 case SIOCSIFNAME:
3495 case SIOCGMIIPHY:
3496 case SIOCGMIIREG:
3497 case SIOCSMIIREG:
3498 case SIOCBONDENSLAVE:
3499 case SIOCBONDRELEASE:
3500 case SIOCBONDSETHWADDR:
3501 case SIOCBONDCHANGEACTIVE:
3502 return compat_ifreq_ioctl(net, sock, cmd, argp);
3503
3504 case SIOCSARP:
3505 case SIOCGARP:
3506 case SIOCDARP:
3507 case SIOCOUTQ:
3508 case SIOCOUTQNSD:
3509 case SIOCATMARK:
3510 return sock_do_ioctl(net, sock, cmd, arg);
3511 }
3512
3513 return -ENOIOCTLCMD;
3514}
3515
3516static long compat_sock_ioctl(struct file *file, unsigned int cmd,
3517 unsigned long arg)
3518{
3519 struct socket *sock = file->private_data;
3520 int ret = -ENOIOCTLCMD;
3521 struct sock *sk;
3522 struct net *net;
3523
3524 sk = sock->sk;
3525 net = sock_net(sk);
3526
3527 if (sock->ops->compat_ioctl)
3528 ret = sock->ops->compat_ioctl(sock, cmd, arg);
3529
3530 if (ret == -ENOIOCTLCMD &&
3531 (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3532 ret = compat_wext_handle_ioctl(net, cmd, arg);
3533
3534 if (ret == -ENOIOCTLCMD)
3535 ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3536
3537 return ret;
3538}
3539#endif
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3551{
3552 return sock->ops->bind(sock, addr, addrlen);
3553}
3554EXPORT_SYMBOL(kernel_bind);
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564int kernel_listen(struct socket *sock, int backlog)
3565{
3566 return sock->ops->listen(sock, backlog);
3567}
3568EXPORT_SYMBOL(kernel_listen);
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3582{
3583 struct sock *sk = sock->sk;
3584 int err;
3585
3586 err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3587 newsock);
3588 if (err < 0)
3589 goto done;
3590
3591 err = sock->ops->accept(sock, *newsock, flags, true);
3592 if (err < 0) {
3593 sock_release(*newsock);
3594 *newsock = NULL;
3595 goto done;
3596 }
3597
3598 (*newsock)->ops = sock->ops;
3599 __module_get((*newsock)->ops->owner);
3600
3601done:
3602 return err;
3603}
3604EXPORT_SYMBOL(kernel_accept);
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
3620 int flags)
3621{
3622 return sock->ops->connect(sock, addr, addrlen, flags);
3623}
3624EXPORT_SYMBOL(kernel_connect);
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635int kernel_getsockname(struct socket *sock, struct sockaddr *addr)
3636{
3637 return sock->ops->getname(sock, addr, 0);
3638}
3639EXPORT_SYMBOL(kernel_getsockname);
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650int kernel_getpeername(struct socket *sock, struct sockaddr *addr)
3651{
3652 return sock->ops->getname(sock, addr, 1);
3653}
3654EXPORT_SYMBOL(kernel_getpeername);
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3668 size_t size, int flags)
3669{
3670 if (sock->ops->sendpage) {
3671
3672 WARN_ONCE(!sendpage_ok(page), "improper page for zero-copy send");
3673 return sock->ops->sendpage(sock, page, offset, size, flags);
3674 }
3675 return sock_no_sendpage(sock, page, offset, size, flags);
3676}
3677EXPORT_SYMBOL(kernel_sendpage);
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691int kernel_sendpage_locked(struct sock *sk, struct page *page, int offset,
3692 size_t size, int flags)
3693{
3694 struct socket *sock = sk->sk_socket;
3695
3696 if (sock->ops->sendpage_locked)
3697 return sock->ops->sendpage_locked(sk, page, offset, size,
3698 flags);
3699
3700 return sock_no_sendpage_locked(sk, page, offset, size, flags);
3701}
3702EXPORT_SYMBOL(kernel_sendpage_locked);
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3713{
3714 return sock->ops->shutdown(sock, how);
3715}
3716EXPORT_SYMBOL(kernel_sock_shutdown);
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728u32 kernel_sock_ip_overhead(struct sock *sk)
3729{
3730 struct inet_sock *inet;
3731 struct ip_options_rcu *opt;
3732 u32 overhead = 0;
3733#if IS_ENABLED(CONFIG_IPV6)
3734 struct ipv6_pinfo *np;
3735 struct ipv6_txoptions *optv6 = NULL;
3736#endif
3737
3738 if (!sk)
3739 return overhead;
3740
3741 switch (sk->sk_family) {
3742 case AF_INET:
3743 inet = inet_sk(sk);
3744 overhead += sizeof(struct iphdr);
3745 opt = rcu_dereference_protected(inet->inet_opt,
3746 sock_owned_by_user(sk));
3747 if (opt)
3748 overhead += opt->opt.optlen;
3749 return overhead;
3750#if IS_ENABLED(CONFIG_IPV6)
3751 case AF_INET6:
3752 np = inet6_sk(sk);
3753 overhead += sizeof(struct ipv6hdr);
3754 if (np)
3755 optv6 = rcu_dereference_protected(np->opt,
3756 sock_owned_by_user(sk));
3757 if (optv6)
3758 overhead += (optv6->opt_flen + optv6->opt_nflen);
3759 return overhead;
3760#endif
3761 default:
3762 return overhead;
3763 }
3764}
3765EXPORT_SYMBOL(kernel_sock_ip_overhead);
3766