/* SCTP kernel implementation
 * (C) Copyright IBM Corp. 2001, 2004
 * Copyright (c) 1999-2000 Cisco, Inc.
 * Copyright (c) 1999-2001 Motorola, Inc.
 * Copyright (c) 2001-2003 Intel Corp.
 * Copyright (c) 2001-2002 Nokia, Inc.
 * Copyright (c) 2001 La Monte H.P. Yarroll
 *
 * This file is part of the SCTP kernel implementation
 *
 * These functions interface with the sockets layer to implement the
 * SCTP Extensions for the Sockets API.
 *
 * Note that the descriptions from the specification are USER level
 * functions--this file is the functions which populate the struct proto
 * for SCTP which is the BOTTOM of the sockets interface.
 *
 * This SCTP implementation is free software;
 * you can redistribute it and/or modify it under the terms of
 * the GNU General Public License as published by
 * the Free Software Foundation; either version 2, or (at your option)
 * any later version.
 *
 * This SCTP implementation is distributed in the hope that it
 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
 *                 ************************
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GNU CC; see the file COPYING.  If not, see
 * <http://www.gnu.org/licenses/>.
 *
 * Please send any bug reports or fixes you make to the
 * email address(es):
 *    lksctp developers <linux-sctp@vger.kernel.org>
 *
 * Written or modified by:
 *    La Monte H.P. Yarroll <piggy@acm.org>
 *    Narasimha Budihal     <narsi@refcode.org>
 *    Karl Knutson          <karl@athena.chicago.il.us>
 *    Jon Grimm             <jgrimm@us.ibm.com>
 *    Xingang Guo           <xingang.guo@intel.com>
 *    Daisy Chang           <daisyc@us.ibm.com>
 *    Sridhar Samudrala     <samudrala@us.ibm.com>
 *    Inaky Perez-Gonzalez  <inaky.gonzalez@intel.com>
 *    Ardelle Fan           <ardelle.fan@intel.com>
 *    Ryan Layer            <rmlayer@us.ibm.com>
 *    Anup Pemmaiah         <pemmaiah@cc.usu.edu>
 *    Kevin Gao             <kevin.gao@intel.com>
 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <crypto/hash.h>
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/wait.h>
#include <linux/time.h>
#include <linux/sched/signal.h>
#include <linux/ip.h>
#include <linux/capability.h>
#include <linux/fcntl.h>
#include <linux/poll.h>
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/file.h>
#include <linux/compat.h>
#include <linux/rhashtable.h>

#include <net/ip.h>
#include <net/icmp.h>
#include <net/route.h>
#include <net/ipv6.h>
#include <net/inet_common.h>
#include <net/busy_poll.h>

#include <linux/socket.h> /* for sa_family_t */
#include <linux/export.h>
#include <net/sock.h>
#include <net/sctp/sctp.h>
#include <net/sctp/sm.h>
#include <net/sctp/stream_sched.h>

/* Forward declarations for internal helper functions. */
static int sctp_writeable(struct sock *sk);
static void sctp_wfree(struct sk_buff *skb);
static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
                                size_t msg_len);
static int sctp_wait_for_packet(struct sock *sk, int *err, long *timeo_p);
static int sctp_wait_for_connect(struct sctp_association *, long *timeo_p);
static int sctp_wait_for_accept(struct sock *sk, long timeo);
static void sctp_wait_for_close(struct sock *sk, long timeo);
static void sctp_destruct_sock(struct sock *sk);
static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt,
                                        union sctp_addr *addr, int len);
static int sctp_bindx_add(struct sock *, struct sockaddr *, int);
static int sctp_bindx_rem(struct sock *, struct sockaddr *, int);
static int sctp_send_asconf_add_ip(struct sock *, struct sockaddr *, int);
static int sctp_send_asconf_del_ip(struct sock *, struct sockaddr *, int);
static int sctp_send_asconf(struct sctp_association *asoc,
                            struct sctp_chunk *chunk);
static int sctp_do_bind(struct sock *, union sctp_addr *, int);
static int sctp_autobind(struct sock *sk);
static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
                              struct sctp_association *assoc,
                              enum sctp_socket_type type);

static unsigned long sctp_memory_pressure;
static atomic_long_t sctp_memory_allocated;
struct percpu_counter sctp_sockets_allocated;

static void sctp_enter_memory_pressure(struct sock *sk)
{
        sctp_memory_pressure = 1;
}


/* Get the sndbuf space available at the time on the association.  */
static inline int sctp_wspace(struct sctp_association *asoc)
{
        int amt;

        if (asoc->ep->sndbuf_policy)
                amt = asoc->sndbuf_used;
        else
                amt = sk_wmem_alloc_get(asoc->base.sk);

        if (amt >= asoc->base.sk->sk_sndbuf) {
                if (asoc->base.sk->sk_userlocks & SOCK_SNDBUF_LOCK)
                        amt = 0;
                else {
                        amt = sk_stream_wspace(asoc->base.sk);
                        if (amt < 0)
                                amt = 0;
                }
        } else {
                amt = asoc->base.sk->sk_sndbuf - amt;
        }
        return amt;
}

/* Increment the used sndbuf space count of the corresponding association by
 * the size of the outgoing data chunk.
 * Also, set the skb destructor for sndbuf accounting later.
 *
 * Since it is always 1-1 between chunk and skb, and also a new skb is always
 * allocated for chunk bundling in sctp_packet_transmit(), we can use the
 * destructor in the data chunk skb for the purpose of the sndbuf space
 * tracking.
 */
static inline void sctp_set_owner_w(struct sctp_chunk *chunk)
{
        struct sctp_association *asoc = chunk->asoc;
        struct sock *sk = asoc->base.sk;

        /* The sndbuf space is tracked per association.  */
        sctp_association_hold(asoc);

        if (chunk->shkey)
                sctp_auth_shkey_hold(chunk->shkey);

        skb_set_owner_w(chunk->skb, sk);

        chunk->skb->destructor = sctp_wfree;
        /* Save the chunk pointer in skb for sctp_wfree to use later.  */
        skb_shinfo(chunk->skb)->destructor_arg = chunk;

        asoc->sndbuf_used += SCTP_DATA_SNDSIZE(chunk) +
                                sizeof(struct sk_buff) +
                                sizeof(struct sctp_chunk);

        refcount_add(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);
        sk->sk_wmem_queued += chunk->skb->truesize;
        sk_mem_charge(sk, chunk->skb->truesize);
}

static void sctp_clear_owner_w(struct sctp_chunk *chunk)
{
        skb_orphan(chunk->skb);
}

static void sctp_for_each_tx_datachunk(struct sctp_association *asoc,
                                       void (*cb)(struct sctp_chunk *))

{
        struct sctp_outq *q = &asoc->outqueue;
        struct sctp_transport *t;
        struct sctp_chunk *chunk;

        list_for_each_entry(t, &asoc->peer.transport_addr_list, transports)
                list_for_each_entry(chunk, &t->transmitted, transmitted_list)
                        cb(chunk);

        list_for_each_entry(chunk, &q->retransmit, transmitted_list)
                cb(chunk);

        list_for_each_entry(chunk, &q->sacked, transmitted_list)
                cb(chunk);

        list_for_each_entry(chunk, &q->abandoned, transmitted_list)
                cb(chunk);

        list_for_each_entry(chunk, &q->out_chunk_list, list)
                cb(chunk);
}

static void sctp_for_each_rx_skb(struct sctp_association *asoc, struct sock *sk,
                                 void (*cb)(struct sk_buff *, struct sock *))

{
        struct sk_buff *skb, *tmp;

        sctp_skb_for_each(skb, &asoc->ulpq.lobby, tmp)
                cb(skb, sk);

        sctp_skb_for_each(skb, &asoc->ulpq.reasm, tmp)
                cb(skb, sk);

        sctp_skb_for_each(skb, &asoc->ulpq.reasm_uo, tmp)
                cb(skb, sk);
}

/* Verify that this is a valid address. */
static inline int sctp_verify_addr(struct sock *sk, union sctp_addr *addr,
                                   int len)
{
        struct sctp_af *af;

        /* Verify basic sockaddr. */
        af = sctp_sockaddr_af(sctp_sk(sk), addr, len);
        if (!af)
                return -EINVAL;

        /* Is this a valid SCTP address?  */
        if (!af->addr_valid(addr, sctp_sk(sk), NULL))
                return -EINVAL;

        if (!sctp_sk(sk)->pf->send_verify(sctp_sk(sk), (addr)))
                return -EINVAL;

        return 0;
}

/* Look up the association by its id.  If this is not a UDP-style
 * socket, the ID field is always ignored.
 */
struct sctp_association *sctp_id2assoc(struct sock *sk, sctp_assoc_t id)
{
        struct sctp_association *asoc = NULL;

        /* If this is not a UDP-style socket, assoc id should be ignored. */
        if (!sctp_style(sk, UDP)) {
                /* Return NULL if the socket state is not ESTABLISHED. It
                 * could be a TCP-style listening socket or a socket which
                 * hasn't yet called connect() to establish an association.
                 */
                if (!sctp_sstate(sk, ESTABLISHED) && !sctp_sstate(sk, CLOSING))
                        return NULL;

                /* Get the first and the only association from the list. */
                if (!list_empty(&sctp_sk(sk)->ep->asocs))
                        asoc = list_entry(sctp_sk(sk)->ep->asocs.next,
                                          struct sctp_association, asocs);
                return asoc;
        }

        /* Otherwise this is a UDP-style socket. */
        if (!id || (id == (sctp_assoc_t)-1))
                return NULL;

        spin_lock_bh(&sctp_assocs_id_lock);
        asoc = (struct sctp_association *)idr_find(&sctp_assocs_id, (int)id);
        if (asoc && (asoc->base.sk != sk || asoc->base.dead))
                asoc = NULL;
        spin_unlock_bh(&sctp_assocs_id_lock);

        return asoc;
}

/* Look up the transport from an address and an assoc id. If both address and
 * id are specified, the associations matching the address and the id should be
 * the same.
 */
static struct sctp_transport *sctp_addr_id2transport(struct sock *sk,
                                              struct sockaddr_storage *addr,
                                              sctp_assoc_t id)
{
        struct sctp_association *addr_asoc = NULL, *id_asoc = NULL;
        struct sctp_af *af = sctp_get_af_specific(addr->ss_family);
        union sctp_addr *laddr = (union sctp_addr *)addr;
        struct sctp_transport *transport;

        if (!af || sctp_verify_addr(sk, laddr, af->sockaddr_len))
                return NULL;

        addr_asoc = sctp_endpoint_lookup_assoc(sctp_sk(sk)->ep,
                                               laddr,
                                               &transport);

        if (!addr_asoc)
                return NULL;

        id_asoc = sctp_id2assoc(sk, id);
        if (id_asoc && (id_asoc != addr_asoc))
                return NULL;

        sctp_get_pf_specific(sk->sk_family)->addr_to_user(sctp_sk(sk),
                                                (union sctp_addr *)addr);

        return transport;
}

/* API 3.1.2 bind() - UDP Style Syntax
 * The syntax of bind() is,
 *
 *   ret = bind(int sd, struct sockaddr *addr, int addrlen);
 *
 *   sd      - the socket descriptor returned by socket().
 *   addr    - the address structure (struct sockaddr_in or struct
 *             sockaddr_in6 [RFC 2553]),
 *   addr_len - the size of the address structure.
 */
static int sctp_bind(struct sock *sk, struct sockaddr *addr, int addr_len)
{
        int retval = 0;

        lock_sock(sk);

        pr_debug("%s: sk:%p, addr:%p, addr_len:%d\n", __func__, sk,
                 addr, addr_len);

        /* Disallow binding twice. */
        if (!sctp_sk(sk)->ep->base.bind_addr.port)
                retval = sctp_do_bind(sk, (union sctp_addr *)addr,
                                      addr_len);
        else
                retval = -EINVAL;

        release_sock(sk);

        return retval;
}

static long sctp_get_port_local(struct sock *, union sctp_addr *);

/* Verify this is a valid sockaddr. */
static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt,
                                        union sctp_addr *addr, int len)
{
        struct sctp_af *af;

        /* Check minimum size.  */
        if (len < sizeof (struct sockaddr))
                return NULL;

        if (!opt->pf->af_supported(addr->sa.sa_family, opt))
                return NULL;

        if (addr->sa.sa_family == AF_INET6) {
                if (len < SIN6_LEN_RFC2133)
                        return NULL;
                /* V4 mapped address are really of AF_INET family */
                if (ipv6_addr_v4mapped(&addr->v6.sin6_addr) &&
                    !opt->pf->af_supported(AF_INET, opt))
                        return NULL;
        }

        /* If we get this far, af is valid. */
        af = sctp_get_af_specific(addr->sa.sa_family);

        if (len < af->sockaddr_len)
                return NULL;

        return af;
}

/* Bind a local address either to an endpoint or to an association.  */
static int sctp_do_bind(struct sock *sk, union sctp_addr *addr, int len)
{
        struct net *net = sock_net(sk);
        struct sctp_sock *sp = sctp_sk(sk);
        struct sctp_endpoint *ep = sp->ep;
        struct sctp_bind_addr *bp = &ep->base.bind_addr;
        struct sctp_af *af;
        unsigned short snum;
        int ret = 0;

        /* Common sockaddr verification. */
        af = sctp_sockaddr_af(sp, addr, len);
        if (!af) {
                pr_debug("%s: sk:%p, newaddr:%p, len:%d EINVAL\n",
                         __func__, sk, addr, len);
                return -EINVAL;
        }

        snum = ntohs(addr->v4.sin_port);

        pr_debug("%s: sk:%p, new addr:%pISc, port:%d, new port:%d, len:%d\n",
                 __func__, sk, &addr->sa, bp->port, snum, len);

        /* PF specific bind() address verification. */
        if (!sp->pf->bind_verify(sp, addr))
                return -EADDRNOTAVAIL;

        /* We must either be unbound, or bind to the same port.
         * It's OK to allow 0 ports if we are already bound.
         * We'll just inhert an already bound port in this case
         */
        if (bp->port) {
                if (!snum)
                        snum = bp->port;
                else if (snum != bp->port) {
                        pr_debug("%s: new port %d doesn't match existing port "
                                 "%d\n", __func__, snum, bp->port);
                        return -EINVAL;
                }
        }

        if (snum && snum < inet_prot_sock(net) &&
            !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
                return -EACCES;

        /* See if the address matches any of the addresses we may have
         * already bound before checking against other endpoints.
         */
        if (sctp_bind_addr_match(bp, addr, sp))
                return -EINVAL;

        /* Make sure we are allowed to bind here.
         * The function sctp_get_port_local() does duplicate address
         * detection.
         */
        addr->v4.sin_port = htons(snum);
        if ((ret = sctp_get_port_local(sk, addr))) {
                return -EADDRINUSE;
        }

        /* Refresh ephemeral port.  */
        if (!bp->port)
                bp->port = inet_sk(sk)->inet_num;

        /* Add the address to the bind address list.
         * Use GFP_ATOMIC since BHs will be disabled.
         */
        ret = sctp_add_bind_addr(bp, addr, af->sockaddr_len,
                                 SCTP_ADDR_SRC, GFP_ATOMIC);

        /* Copy back into socket for getsockname() use. */
        if (!ret) {
                inet_sk(sk)->inet_sport = htons(inet_sk(sk)->inet_num);
                sp->pf->to_sk_saddr(addr, sk);
        }

        return ret;
}

 /* ADDIP Section 4.1.1 Congestion Control of ASCONF Chunks
 *
 * R1) One and only one ASCONF Chunk MAY be in transit and unacknowledged
 * at any one time.  If a sender, after sending an ASCONF chunk, decides
 * it needs to transfer another ASCONF Chunk, it MUST wait until the
 * ASCONF-ACK Chunk returns from the previous ASCONF Chunk before sending a
 * subsequent ASCONF. Note this restriction binds each side, so at any
 * time two ASCONF may be in-transit on any given association (one sent
 * from each endpoint).
 */
static int sctp_send_asconf(struct sctp_association *asoc,
                            struct sctp_chunk *chunk)
{
        struct net      *net = sock_net(asoc->base.sk);
        int             retval = 0;

        /* If there is an outstanding ASCONF chunk, queue it for later
         * transmission.
         */
        if (asoc->addip_last_asconf) {
                list_add_tail(&chunk->list, &asoc->addip_chunk_list);
                goto out;
        }

        /* Hold the chunk until an ASCONF_ACK is received. */
        sctp_chunk_hold(chunk);
        retval = sctp_primitive_ASCONF(net, asoc, chunk);
        if (retval)
                sctp_chunk_free(chunk);
        else
                asoc->addip_last_asconf = chunk;

out:
        return retval;
}

/* Add a list of addresses as bind addresses to local endpoint or
 * association.
 *
 * Basically run through each address specified in the addrs/addrcnt
 * array/length pair, determine if it is IPv6 or IPv4 and call
 * sctp_do_bind() on it.
 *
 * If any of them fails, then the operation will be reversed and the
 * ones that were added will be removed.
 *
 * Only sctp_setsockopt_bindx() is supposed to call this function.
 */
static int sctp_bindx_add(struct sock *sk, struct sockaddr *addrs, int addrcnt)
{
        int cnt;
        int retval = 0;
        void *addr_buf;
        struct sockaddr *sa_addr;
        struct sctp_af *af;

        pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n", __func__, sk,
                 addrs, addrcnt);

        addr_buf = addrs;
        for (cnt = 0; cnt < addrcnt; cnt++) {
                /* The list may contain either IPv4 or IPv6 address;
                 * determine the address length for walking thru the list.
                 */
                sa_addr = addr_buf;
                af = sctp_get_af_specific(sa_addr->sa_family);
                if (!af) {
                        retval = -EINVAL;
                        goto err_bindx_add;
                }

                retval = sctp_do_bind(sk, (union sctp_addr *)sa_addr,
                                      af->sockaddr_len);

                addr_buf += af->sockaddr_len;

err_bindx_add:
                if (retval < 0) {
                        /* Failed. Cleanup the ones that have been added */
                        if (cnt > 0)
                                sctp_bindx_rem(sk, addrs, cnt);
                        return retval;
                }
        }

        return retval;
}

/* Send an ASCONF chunk with Add IP address parameters to all the peers of the
 * associations that are part of the endpoint indicating that a list of local
 * addresses are added to the endpoint.
 *
 * If any of the addresses is already in the bind address list of the
 * association, we do not send the chunk for that association.  But it will not
 * affect other associations.
 *
 * Only sctp_setsockopt_bindx() is supposed to call this function.
 */
static int sctp_send_asconf_add_ip(struct sock          *sk,
                                   struct sockaddr      *addrs,
                                   int                  addrcnt)
{
        struct net *net = sock_net(sk);
        struct sctp_sock                *sp;
        struct sctp_endpoint            *ep;
        struct sctp_association         *asoc;
        struct sctp_bind_addr           *bp;
        struct sctp_chunk               *chunk;
        struct sctp_sockaddr_entry      *laddr;
        union sctp_addr                 *addr;
        union sctp_addr                 saveaddr;
        void                            *addr_buf;
        struct sctp_af                  *af;
        struct list_head                *p;
        int                             i;
        int                             retval = 0;

        if (!net->sctp.addip_enable)
                return retval;

        sp = sctp_sk(sk);
        ep = sp->ep;

        pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n",
                 __func__, sk, addrs, addrcnt);

        list_for_each_entry(asoc, &ep->asocs, asocs) {
                if (!asoc->peer.asconf_capable)
                        continue;

                if (asoc->peer.addip_disabled_mask & SCTP_PARAM_ADD_IP)
                        continue;

                if (!sctp_state(asoc, ESTABLISHED))
                        continue;

                /* Check if any address in the packed array of addresses is
                 * in the bind address list of the association. If so,
                 * do not send the asconf chunk to its peer, but continue with
                 * other associations.
                 */
                addr_buf = addrs;
                for (i = 0; i < addrcnt; i++) {
                        addr = addr_buf;
                        af = sctp_get_af_specific(addr->v4.sin_family);
                        if (!af) {
                                retval = -EINVAL;
                                goto out;
                        }

                        if (sctp_assoc_lookup_laddr(asoc, addr))
                                break;

                        addr_buf += af->sockaddr_len;
                }
                if (i < addrcnt)
                        continue;

                /* Use the first valid address in bind addr list of
                 * association as Address Parameter of ASCONF CHUNK.
                 */
                bp = &asoc->base.bind_addr;
                p = bp->address_list.next;
                laddr = list_entry(p, struct sctp_sockaddr_entry, list);
                chunk = sctp_make_asconf_update_ip(asoc, &laddr->a, addrs,
                                                   addrcnt, SCTP_PARAM_ADD_IP);
                if (!chunk) {
                        retval = -ENOMEM;
                        goto out;
                }

                /* Add the new addresses to the bind address list with
                 * use_as_src set to 0.
                 */
                addr_buf = addrs;
                for (i = 0; i < addrcnt; i++) {
                        addr = addr_buf;
                        af = sctp_get_af_specific(addr->v4.sin_family);
                        memcpy(&saveaddr, addr, af->sockaddr_len);
                        retval = sctp_add_bind_addr(bp, &saveaddr,
                                                    sizeof(saveaddr),
                                                    SCTP_ADDR_NEW, GFP_ATOMIC);
                        addr_buf += af->sockaddr_len;
                }
                if (asoc->src_out_of_asoc_ok) {
                        struct sctp_transport *trans;

                        list_for_each_entry(trans,
                            &asoc->peer.transport_addr_list, transports) {
                                trans->cwnd = min(4*asoc->pathmtu, max_t(__u32,
                                    2*asoc->pathmtu, 4380));
                                trans->ssthresh = asoc->peer.i.a_rwnd;
                                trans->rto = asoc->rto_initial;
                                sctp_max_rto(asoc, trans);
                                trans->rtt = trans->srtt = trans->rttvar = 0;
                                /* Clear the source and route cache */
                                sctp_transport_route(trans, NULL,
                                                     sctp_sk(asoc->base.sk));
                        }
                }
                retval = sctp_send_asconf(asoc, chunk);
        }

out:
        return retval;
}

/* Remove a list of addresses from bind addresses list.  Do not remove the
 * last address.
 *
 * Basically run through each address specified in the addrs/addrcnt
 * array/length pair, determine if it is IPv6 or IPv4 and call
 * sctp_del_bind() on it.
 *
 * If any of them fails, then the operation will be reversed and the
 * ones that were removed will be added back.
 *
 * At least one address has to be left; if only one address is
 * available, the operation will return -EBUSY.
 *
 * Only sctp_setsockopt_bindx() is supposed to call this function.
 */
static int sctp_bindx_rem(struct sock *sk, struct sockaddr *addrs, int addrcnt)
{
        struct sctp_sock *sp = sctp_sk(sk);
        struct sctp_endpoint *ep = sp->ep;
        int cnt;
        struct sctp_bind_addr *bp = &ep->base.bind_addr;
        int retval = 0;
        void *addr_buf;
        union sctp_addr *sa_addr;
        struct sctp_af *af;

        pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n",
                 __func__, sk, addrs, addrcnt);

        addr_buf = addrs;
        for (cnt = 0; cnt < addrcnt; cnt++) {
                /* If the bind address list is empty or if there is only one
                 * bind address, there is nothing more to be removed (we need
                 * at least one address here).
                 */
                if (list_empty(&bp->address_list) ||
                    (sctp_list_single_entry(&bp->address_list))) {
                        retval = -EBUSY;
                        goto err_bindx_rem;
                }

                sa_addr = addr_buf;
                af = sctp_get_af_specific(sa_addr->sa.sa_family);
                if (!af) {
                        retval = -EINVAL;
                        goto err_bindx_rem;
                }

                if (!af->addr_valid(sa_addr, sp, NULL)) {
                        retval = -EADDRNOTAVAIL;
                        goto err_bindx_rem;
                }

                if (sa_addr->v4.sin_port &&
                    sa_addr->v4.sin_port != htons(bp->port)) {
                        retval = -EINVAL;
                        goto err_bindx_rem;
                }

                if (!sa_addr->v4.sin_port)
                        sa_addr->v4.sin_port = htons(bp->port);

                /* FIXME - There is probably a need to check if sk->sk_saddr and
                 * sk->sk_rcv_addr are currently set to one of the addresses to
                 * be removed. This is something which needs to be looked into
                 * when we are fixing the outstanding issues with multi-homing
                 * socket routing and failover schemes. Refer to comments in
                 * sctp_do_bind(). -daisy
                 */
                retval = sctp_del_bind_addr(bp, sa_addr);

                addr_buf += af->sockaddr_len;
err_bindx_rem:
                if (retval < 0) {
                        /* Failed. Add the ones that has been removed back */
                        if (cnt > 0)
                                sctp_bindx_add(sk, addrs, cnt);
                        return retval;
                }
        }

        return retval;
}

/* Send an ASCONF chunk with Delete IP address parameters to all the peers of
 * the associations that are part of the endpoint indicating that a list of
 * local addresses are removed from the endpoint.
 *
 * If any of the addresses is already in the bind address list of the
 * association, we do not send the chunk for that association.  But it will not
 * affect other associations.
 *
 * Only sctp_setsockopt_bindx() is supposed to call this function.
 */
static int sctp_send_asconf_del_ip(struct sock          *sk,
                                   struct sockaddr      *addrs,
                                   int                  addrcnt)
{
        struct net *net = sock_net(sk);
        struct sctp_sock        *sp;
        struct sctp_endpoint    *ep;
        struct sctp_association *asoc;
        struct sctp_transport   *transport;
        struct sctp_bind_addr   *bp;
        struct sctp_chunk       *chunk;
        union sctp_addr         *laddr;
        void                    *addr_buf;
        struct sctp_af          *af;
        struct sctp_sockaddr_entry *saddr;
        int                     i;
        int                     retval = 0;
        int                     stored = 0;

        chunk = NULL;
        if (!net->sctp.addip_enable)
                return retval;

        sp = sctp_sk(sk);
        ep = sp->ep;

        pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n",
                 __func__, sk, addrs, addrcnt);

        list_for_each_entry(asoc, &ep->asocs, asocs) {

                if (!asoc->peer.asconf_capable)
                        continue;

                if (asoc->peer.addip_disabled_mask & SCTP_PARAM_DEL_IP)
                        continue;

                if (!sctp_state(asoc, ESTABLISHED))
                        continue;

                /* Check if any address in the packed array of addresses is
                 * not present in the bind address list of the association.
                 * If so, do not send the asconf chunk to its peer, but
                 * continue with other associations.
                 */
                addr_buf = addrs;
                for (i = 0; i < addrcnt; i++) {
                        laddr = addr_buf;
                        af = sctp_get_af_specific(laddr->v4.sin_family);
                        if (!af) {
                                retval = -EINVAL;
                                goto out;
                        }

                        if (!sctp_assoc_lookup_laddr(asoc, laddr))
                                break;

                        addr_buf += af->sockaddr_len;
                }
                if (i < addrcnt)
                        continue;

                /* Find one address in the association's bind address list
                 * that is not in the packed array of addresses. This is to
                 * make sure that we do not delete all the addresses in the
                 * association.
                 */
                bp = &asoc->base.bind_addr;
                laddr = sctp_find_unmatch_addr(bp, (union sctp_addr *)addrs,
                                               addrcnt, sp);
                if ((laddr == NULL) && (addrcnt == 1)) {
                        if (asoc->asconf_addr_del_pending)
                                continue;
                        asoc->asconf_addr_del_pending =
                            kzalloc(sizeof(union sctp_addr), GFP_ATOMIC);
                        if (asoc->asconf_addr_del_pending == NULL) {
                                retval = -ENOMEM;
                                goto out;
                        }
                        asoc->asconf_addr_del_pending->sa.sa_family =
                                    addrs->sa_family;
                        asoc->asconf_addr_del_pending->v4.sin_port =
                                    htons(bp->port);
                        if (addrs->sa_family == AF_INET) {
                                struct sockaddr_in *sin;

                                sin = (struct sockaddr_in *)addrs;
                                asoc->asconf_addr_del_pending->v4.sin_addr.s_addr = sin->sin_addr.s_addr;
                        } else if (addrs->sa_family == AF_INET6) {
                                struct sockaddr_in6 *sin6;

                                sin6 = (struct sockaddr_in6 *)addrs;
                                asoc->asconf_addr_del_pending->v6.sin6_addr = sin6->sin6_addr;
                        }

                        pr_debug("%s: keep the last address asoc:%p %pISc at %p\n",
                                 __func__, asoc, &asoc->asconf_addr_del_pending->sa,
                                 asoc->asconf_addr_del_pending);

                        asoc->src_out_of_asoc_ok = 1;
                        stored = 1;
                        goto skip_mkasconf;
                }

                if (laddr == NULL)
                        return -EINVAL;

                /* We do not need RCU protection throughout this loop
                 * because this is done under a socket lock from the
                 * setsockopt call.
                 */
                chunk = sctp_make_asconf_update_ip(asoc, laddr, addrs, addrcnt,
                                                   SCTP_PARAM_DEL_IP);
                if (!chunk) {
                        retval = -ENOMEM;
                        goto out;
                }

skip_mkasconf:
                /* Reset use_as_src flag for the addresses in the bind address
                 * list that are to be deleted.
                 */
                addr_buf = addrs;
                for (i = 0; i < addrcnt; i++) {
                        laddr = addr_buf;
                        af = sctp_get_af_specific(laddr->v4.sin_family);
                        list_for_each_entry(saddr, &bp->address_list, list) {
                                if (sctp_cmp_addr_exact(&saddr->a, laddr))
                                        saddr->state = SCTP_ADDR_DEL;
                        }
                        addr_buf += af->sockaddr_len;
                }

                /* Update the route and saddr entries for all the transports
                 * as some of the addresses in the bind address list are
                 * about to be deleted and cannot be used as source addresses.
                 */
                list_for_each_entry(transport, &asoc->peer.transport_addr_list,
                                        transports) {
                        sctp_transport_route(transport, NULL,
                                             sctp_sk(asoc->base.sk));
                }

                if (stored)
                        /* We don't need to transmit ASCONF */
                        continue;
                retval = sctp_send_asconf(asoc, chunk);
        }
out:
        return retval;
}

/* set addr events to assocs in the endpoint.  ep and addr_wq must be locked */
int sctp_asconf_mgmt(struct sctp_sock *sp, struct sctp_sockaddr_entry *addrw)
{
        struct sock *sk = sctp_opt2sk(sp);
        union sctp_addr *addr;
        struct sctp_af *af;

        /* It is safe to write port space in caller. */
        addr = &addrw->a;
        addr->v4.sin_port = htons(sp->ep->base.bind_addr.port);
        af = sctp_get_af_specific(addr->sa.sa_family);
        if (!af)
                return -EINVAL;
        if (sctp_verify_addr(sk, addr, af->sockaddr_len))
                return -EINVAL;

        if (addrw->state == SCTP_ADDR_NEW)
                return sctp_send_asconf_add_ip(sk, (struct sockaddr *)addr, 1);
        else
                return sctp_send_asconf_del_ip(sk, (struct sockaddr *)addr, 1);
}

/* Helper for tunneling sctp_bindx() requests through sctp_setsockopt()
 *
 * API 8.1
 * int sctp_bindx(int sd, struct sockaddr *addrs, int addrcnt,
 *                int flags);
 *
 * If sd is an IPv4 socket, the addresses passed must be IPv4 addresses.
 * If the sd is an IPv6 socket, the addresses passed can either be IPv4
 * or IPv6 addresses.
 *
 * A single address may be specified as INADDR_ANY or IN6ADDR_ANY, see
 * Section 3.1.2 for this usage.
 *
 * addrs is a pointer to an array of one or more socket addresses. Each
 * address is contained in its appropriate structure (i.e. struct
 * sockaddr_in or struct sockaddr_in6) the family of the address type
 * must be used to distinguish the address length (note that this
 * representation is termed a "packed array" of addresses). The caller
 * specifies the number of addresses in the array with addrcnt.
 *
 * On success, sctp_bindx() returns 0. On failure, sctp_bindx() returns
 * -1, and sets errno to the appropriate error code.
 *
 * For SCTP, the port given in each socket address must be the same, or
 * sctp_bindx() will fail, setting errno to EINVAL.
 *
 * The flags parameter is formed from the bitwise OR of zero or more of
 * the following currently defined flags:
 *
 * SCTP_BINDX_ADD_ADDR
 *
 * SCTP_BINDX_REM_ADDR
 *
 * SCTP_BINDX_ADD_ADDR directs SCTP to add the given addresses to the
 * association, and SCTP_BINDX_REM_ADDR directs SCTP to remove the given
 * addresses from the association. The two flags are mutually exclusive;
 * if both are given, sctp_bindx() will fail with EINVAL. A caller may
 * not remove all addresses from an association; sctp_bindx() will
 * reject such an attempt with EINVAL.
 *
 * An application can use sctp_bindx(SCTP_BINDX_ADD_ADDR) to associate
 * additional addresses with an endpoint after calling bind().  Or use
 * sctp_bindx(SCTP_BINDX_REM_ADDR) to remove some addresses a listening
 * socket is associated with so that no new association accepted will be
 * associated with those addresses. If the endpoint supports dynamic
 * address a SCTP_BINDX_REM_ADDR or SCTP_BINDX_ADD_ADDR may cause a
 * endpoint to send the appropriate message to the peer to change the
 * peers address lists.
 *
 * Adding and removing addresses from a connected association is
 * optional functionality. Implementations that do not support this
 * functionality should return EOPNOTSUPP.
 *
 * Basically do nothing but copying the addresses from user to kernel
 * land and invoking either sctp_bindx_add() or sctp_bindx_rem() on the sk.
 * This is used for tunneling the sctp_bindx() request through sctp_setsockopt()
 * from userspace.
 *
 * On exit there is no need to do sockfd_put(), sys_setsockopt() does
 * it.
 *
 * sk        The sk of the socket
 * addrs     The pointer to the addresses in user land
 * addrssize Size of the addrs buffer
 * op        Operation to perform (add or remove, see the flags of
 *           sctp_bindx)
 *
 * Returns 0 if ok, <0 errno code on error.

 */
static int sctp_setsockopt_bindx(struct sock *sk,
                                 struct sockaddr __user *addrs,
                                 int addrs_size, int op)
{
        struct sockaddr *kaddrs;
        int err;
        int addrcnt = 0;
        int walk_size = 0;
        struct sockaddr *sa_addr;
        void *addr_buf;
        struct sctp_af *af;

        pr_debug("%s: sk:%p addrs:%p addrs_size:%d opt:%d\n",
                 __func__, sk, addrs, addrs_size, op);

        if (unlikely(addrs_size <= 0))
                return -EINVAL;

        kaddrs = vmemdup_user(addrs, addrs_size);
        if (unlikely(IS_ERR(kaddrs)))
                return PTR_ERR(kaddrs);

        /* Walk through the addrs buffer and count the number of addresses. */
        addr_buf = kaddrs;
        while (walk_size < addrs_size) {
                if (walk_size + sizeof(sa_family_t) > addrs_size) {
                        kvfree(kaddrs);
                        return -EINVAL;
                }

                sa_addr = addr_buf;
                af = sctp_get_af_specific(sa_addr->sa_family);

                /* If the address family is not supported or if this address
                 * causes the address buffer to overflow return EINVAL.
                 */
                if (!af || (walk_size + af->sockaddr_len) > addrs_size) {
                        kvfree(kaddrs);
                        return -EINVAL;
                }
                addrcnt++;
                addr_buf += af->sockaddr_len;
                walk_size += af->sockaddr_len;
        }

        /* Do the work. */
        switch (op) {
        case SCTP_BINDX_ADD_ADDR:
                /* Allow security module to validate bindx addresses. */
                err = security_sctp_bind_connect(sk, SCTP_SOCKOPT_BINDX_ADD,
                                                 (struct sockaddr *)kaddrs,
                                                 addrs_size);
                if (err)
                        goto out;
                err = sctp_bindx_add(sk, kaddrs, addrcnt);
                if (err)
                        goto out;
                err = sctp_send_asconf_add_ip(sk, kaddrs, addrcnt);
                break;

        case SCTP_BINDX_REM_ADDR:
                err = sctp_bindx_rem(sk, kaddrs, addrcnt);
                if (err)
                        goto out;
                err = sctp_send_asconf_del_ip(sk, kaddrs, addrcnt);
                break;

        default:
                err = -EINVAL;
                break;
        }

out:
        kvfree(kaddrs);

        return err;
}

/* __sctp_connect(struct sock* sk, struct sockaddr *kaddrs, int addrs_size)
 *
 * Common routine for handling connect() and sctp_connectx().
 * Connect will come in with just a single address.
 */
static int __sctp_connect(struct sock *sk,
                          struct sockaddr *kaddrs,
                          int addrs_size, int flags,
                          sctp_assoc_t *assoc_id)
{
        struct net *net = sock_net(sk);
        struct sctp_sock *sp;
        struct sctp_endpoint *ep;
        struct sctp_association *asoc = NULL;
        struct sctp_association *asoc2;
        struct sctp_transport *transport;
        union sctp_addr to;
        enum sctp_scope scope;
        long timeo;
        int err = 0;
        int addrcnt = 0;
        int walk_size = 0;
        union sctp_addr *sa_addr = NULL;
        void *addr_buf;
        unsigned short port;

        sp = sctp_sk(sk);
        ep = sp->ep;

        /* connect() cannot be done on a socket that is already in ESTABLISHED
         * state - UDP-style peeled off socket or a TCP-style socket that
         * is already connected.
         * It cannot be done even on a TCP-style listening socket.
         */
        if (sctp_sstate(sk, ESTABLISHED) || sctp_sstate(sk, CLOSING) ||
            (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING))) {
                err = -EISCONN;
                goto out_free;
        }

        /* Walk through the addrs buffer and count the number of addresses. */
        addr_buf = kaddrs;
        while (walk_size < addrs_size) {
                struct sctp_af *af;

                if (walk_size + sizeof(sa_family_t) > addrs_size) {
                        err = -EINVAL;
                        goto out_free;
                }

                sa_addr = addr_buf;
                af = sctp_get_af_specific(sa_addr->sa.sa_family);

                /* If the address family is not supported or if this address
                 * causes the address buffer to overflow return EINVAL.
                 */
                if (!af || (walk_size + af->sockaddr_len) > addrs_size) {
                        err = -EINVAL;
                        goto out_free;
                }

                port = ntohs(sa_addr->v4.sin_port);

                /* Save current address so we can work with it */
                memcpy(&to, sa_addr, af->sockaddr_len);

                err = sctp_verify_addr(sk, &to, af->sockaddr_len);
                if (err)
                        goto out_free;

                /* Make sure the destination port is correctly set
                 * in all addresses.
                 */
                if (asoc && asoc->peer.port && asoc->peer.port != port) {
                        err = -EINVAL;
                        goto out_free;
                }

                /* Check if there already is a matching association on the
                 * endpoint (other than the one created here).
                 */
                asoc2 = sctp_endpoint_lookup_assoc(ep, &to, &transport);
                if (asoc2 && asoc2 != asoc) {
                        if (asoc2->state >= SCTP_STATE_ESTABLISHED)
                                err = -EISCONN;
                        else
                                err = -EALREADY;
                        goto out_free;
                }

                /* If we could not find a matching association on the endpoint,
                 * make sure that there is no peeled-off association matching
                 * the peer address even on another socket.
                 */
                if (sctp_endpoint_is_peeled_off(ep, &to)) {
                        err = -EADDRNOTAVAIL;
                        goto out_free;
                }

                if (!asoc) {
                        /* If a bind() or sctp_bindx() is not called prior to
                         * an sctp_connectx() call, the system picks an
                         * ephemeral port and will choose an address set
                         * equivalent to binding with a wildcard address.
                         */
                        if (!ep->base.bind_addr.port) {
                                if (sctp_autobind(sk)) {
                                        err = -EAGAIN;
                                        goto out_free;
                                }
                        } else {
                                /*
                                 * If an unprivileged user inherits a 1-many
                                 * style socket with open associations on a
                                 * privileged port, it MAY be permitted to
                                 * accept new associations, but it SHOULD NOT
                                 * be permitted to open new associations.
                                 */
                                if (ep->base.bind_addr.port <
                                    inet_prot_sock(net) &&
                                    !ns_capable(net->user_ns,
                                    CAP_NET_BIND_SERVICE)) {
                                        err = -EACCES;
                                        goto out_free;
                                }
                        }

                        scope = sctp_scope(&to);
                        asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
                        if (!asoc) {
                                err = -ENOMEM;
                                goto out_free;
                        }

                        err = sctp_assoc_set_bind_addr_from_ep(asoc, scope,
                                                              GFP_KERNEL);
                        if (err < 0) {
                                goto out_free;
                        }

                }

                /* Prime the peer's transport structures.  */
                transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL,
                                                SCTP_UNKNOWN);
                if (!transport) {
                        err = -ENOMEM;
                        goto out_free;
                }

                addrcnt++;
                addr_buf += af->sockaddr_len;
                walk_size += af->sockaddr_len;
        }

        /* In case the user of sctp_connectx() wants an association
         * id back, assign one now.
         */
        if (assoc_id) {
                err = sctp_assoc_set_id(asoc, GFP_KERNEL);
                if (err < 0)
                        goto out_free;
        }

        err = sctp_primitive_ASSOCIATE(net, asoc, NULL);
        if (err < 0) {
                goto out_free;
        }

        /* Initialize sk's dport and daddr for getpeername() */
        inet_sk(sk)->inet_dport = htons(asoc->peer.port);
        sp->pf->to_sk_daddr(sa_addr, sk);
        sk->sk_err = 0;

        timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);

        if (assoc_id)
                *assoc_id = asoc->assoc_id;

        err = sctp_wait_for_connect(asoc, &timeo);
        /* Note: the asoc may be freed after the return of
         * sctp_wait_for_connect.
         */

        /* Don't free association on exit. */
        asoc = NULL;

out_free:
        pr_debug("%s: took out_free path with asoc:%p kaddrs:%p err:%d\n",
                 __func__, asoc, kaddrs, err);

        if (asoc) {
                /* sctp_primitive_ASSOCIATE may have added this association
                 * To the hash table, try to unhash it, just in case, its a noop
                 * if it wasn't hashed so we're safe
                 */
                sctp_association_free(asoc);
        }
        return err;
}

/* Helper for tunneling sctp_connectx() requests through sctp_setsockopt()
 *
 * API 8.9
 * int sctp_connectx(int sd, struct sockaddr *addrs, int addrcnt,
 *                      sctp_assoc_t *asoc);
 *
 * If sd is an IPv4 socket, the addresses passed must be IPv4 addresses.
 * If the sd is an IPv6 socket, the addresses passed can either be IPv4
 * or IPv6 addresses.
 *
 * A single address may be specified as INADDR_ANY or IN6ADDR_ANY, see
 * Section 3.1.2 for this usage.
 *
 * addrs is a pointer to an array of one or more socket addresses. Each
 * address is contained in its appropriate structure (i.e. struct
 * sockaddr_in or struct sockaddr_in6) the family of the address type
 * must be used to distengish the address length (note that this
 * representation is termed a "packed array" of addresses). The caller
 * specifies the number of addresses in the array with addrcnt.
 *
 * On success, sctp_connectx() returns 0. It also sets the assoc_id to
 * the association id of the new association.  On failure, sctp_connectx()
 * returns -1, and sets errno to the appropriate error code.  The assoc_id
 * is not touched by the kernel.
 *
 * For SCTP, the port given in each socket address must be the same, or
 * sctp_connectx() will fail, setting errno to EINVAL.
 *
 * An application can use sctp_connectx to initiate an association with
 * an endpoint that is multi-homed.  Much like sctp_bindx() this call
 * allows a caller to specify multiple addresses at which a peer can be
 * reached.  The way the SCTP stack uses the list of addresses to set up
 * the association is implementation dependent.  This function only
 * specifies that the stack will try to make use of all the addresses in
 * the list when needed.
 *
 * Note that the list of addresses passed in is only used for setting up
 * the association.  It does not necessarily equal the set of addresses
 * the peer uses for the resulting association.  If the caller wants to
 * find out the set of peer addresses, it must use sctp_getpaddrs() to
 * retrieve them after the association has been set up.
 *
 * Basically do nothing but copying the addresses from user to kernel
 * land and invoking either sctp_connectx(). This is used for tunneling
 * the sctp_connectx() request through sctp_setsockopt() from userspace.
 *
 * On exit there is no need to do sockfd_put(), sys_setsockopt() does
 * it.
 *
 * sk        The sk of the socket
 * addrs     The pointer to the addresses in user land
 * addrssize Size of the addrs buffer
 *
 * Returns >=0 if ok, <0 errno code on error.
 */
static int __sctp_setsockopt_connectx(struct sock *sk,
                                      struct sockaddr __user *addrs,
                                      int addrs_size,
                                      sctp_assoc_t *assoc_id)
{
        struct sockaddr *kaddrs;
        int err = 0, flags = 0;

        pr_debug("%s: sk:%p addrs:%p addrs_size:%d\n",
                 __func__, sk, addrs, addrs_size);

        if (unlikely(addrs_size <= 0))
                return -EINVAL;

        kaddrs = vmemdup_user(addrs, addrs_size);
        if (unlikely(IS_ERR(kaddrs)))
                return PTR_ERR(kaddrs);

        /* Allow security module to validate connectx addresses. */
        err = security_sctp_bind_connect(sk, SCTP_SOCKOPT_CONNECTX,
                                         (struct sockaddr *)kaddrs,
                                          addrs_size);
        if (err)
                goto out_free;

        /* in-kernel sockets don't generally have a file allocated to them
         * if all they do is call sock_create_kern().
         */
        if (sk->sk_socket->file)
                flags = sk->sk_socket->file->f_flags;

        err = __sctp_connect(sk, kaddrs, addrs_size, flags, assoc_id);

out_free:
        kvfree(kaddrs);

        return err;
}

/*
 * This is an older interface.  It's kept for backward compatibility
 * to the option that doesn't provide association id.
 */
static int sctp_setsockopt_connectx_old(struct sock *sk,
                                        struct sockaddr __user *addrs,
                                        int addrs_size)
{
        return __sctp_setsockopt_connectx(sk, addrs, addrs_size, NULL);
}

/*
 * New interface for the API.  The since the API is done with a socket
 * option, to make it simple we feed back the association id is as a return
 * indication to the call.  Error is always negative and association id is
 * always positive.
 */
static int sctp_setsockopt_connectx(struct sock *sk,
                                    struct sockaddr __user *addrs,
                                    int addrs_size)
{
        sctp_assoc_t assoc_id = 0;
        int err = 0;

        err = __sctp_setsockopt_connectx(sk, addrs, addrs_size, &assoc_id);

        if (err)
                return err;
        else
                return assoc_id;
}

/*
 * New (hopefully final) interface for the API.
 * We use the sctp_getaddrs_old structure so that use-space library
 * can avoid any unnecessary allocations. The only different part
 * is that we store the actual length of the address buffer into the
 * addrs_num structure member. That way we can re-use the existing
 * code.
 */
#ifdef CONFIG_COMPAT
struct compat_sctp_getaddrs_old {
        sctp_assoc_t    assoc_id;
        s32             addr_num;
        compat_uptr_t   addrs;          /* struct sockaddr * */
};
#endif

static int sctp_getsockopt_connectx3(struct sock *sk, int len,
                                     char __user *optval,
                                     int __user *optlen)
{
        struct sctp_getaddrs_old param;
        sctp_assoc_t assoc_id = 0;
        int err = 0;

#ifdef CONFIG_COMPAT
        if (in_compat_syscall()) {
                struct compat_sctp_getaddrs_old param32;

                if (len < sizeof(param32))
                        return -EINVAL;
                if (copy_from_user(&param32, optval, sizeof(param32)))
                        return -EFAULT;

                param.assoc_id = param32.assoc_id;
                param.addr_num = param32.addr_num;
                param.addrs = compat_ptr(param32.addrs);
        } else
#endif
        {
                if (len < sizeof(param))
                        return -EINVAL;
                if (copy_from_user(&param, optval, sizeof(param)))
                        return -EFAULT;
        }

        err = __sctp_setsockopt_connectx(sk, (struct sockaddr __user *)
                                         param.addrs, param.addr_num,
                                         &assoc_id);
        if (err == 0 || err == -EINPROGRESS) {
                if (copy_to_user(optval, &assoc_id, sizeof(assoc_id)))
                        return -EFAULT;
                if (put_user(sizeof(assoc_id), optlen))
                        return -EFAULT;
        }

        return err;
}

/* API 3.1.4 close() - UDP Style Syntax
 * Applications use close() to perform graceful shutdown (as described in
 * Section 10.1 of [SCTP]) on ALL the associations currently represented
 * by a UDP-style socket.
 *
 * The syntax is
 *
 *   ret = close(int sd);
 *
 *   sd      - the socket descriptor of the associations to be closed.
 *
 * To gracefully shutdown a specific association represented by the
 * UDP-style socket, an application should use the sendmsg() call,
 * passing no user data, but including the appropriate flag in the
 * ancillary data (see Section xxxx).
 *
 * If sd in the close() call is a branched-off socket representing only
 * one association, the shutdown is performed on that association only.
 *
 * 4.1.6 close() - TCP Style Syntax
 *
 * Applications use close() to gracefully close down an association.
 *
 * The syntax is:
 *
 *    int close(int sd);
 *
 *      sd      - the socket descriptor of the association to be closed.
 *
 * After an application calls close() on a socket descriptor, no further
 * socket operations will succeed on that descriptor.
 *
 * API 7.1.4 SO_LINGER
 *
 * An application using the TCP-style socket can use this option to
 * perform the SCTP ABORT primitive.  The linger option structure is:
 *
 *  struct  linger {
 *     int     l_onoff;                // option on/off
 *     int     l_linger;               // linger time
 * };
 *
 * To enable the option, set l_onoff to 1.  If the l_linger value is set
 * to 0, calling close() is the same as the ABORT primitive.  If the
 * value is set to a negative value, the setsockopt() call will return
 * an error.  If the value is set to a positive value linger_time, the
 * close() can be blocked for at most linger_time ms.  If the graceful
 * shutdown phase does not finish during this period, close() will
 * return but the graceful shutdown phase continues in the system.
 */
static void sctp_close(struct sock *sk, long timeout)
{
        struct net *net = sock_net(sk);
        struct sctp_endpoint *ep;
        struct sctp_association *asoc;
        struct list_head *pos, *temp;
        unsigned int data_was_unread;

        pr_debug("%s: sk:%p, timeout:%ld\n", __func__, sk, timeout);

        lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
        sk->sk_shutdown = SHUTDOWN_MASK;
        inet_sk_set_state(sk, SCTP_SS_CLOSING);

        ep = sctp_sk(sk)->ep;

        /* Clean up any skbs sitting on the receive queue.  */
        data_was_unread = sctp_queue_purge_ulpevents(&sk->sk_receive_queue);
        data_was_unread += sctp_queue_purge_ulpevents(&sctp_sk(sk)->pd_lobby);

        /* Walk all associations on an endpoint.  */
        list_for_each_safe(pos, temp, &ep->asocs) {
                asoc = list_entry(pos, struct sctp_association, asocs);

                if (sctp_style(sk, TCP)) {
                        /* A closed association can still be in the list if
                         * it belongs to a TCP-style listening socket that is
                         * not yet accepted. If so, free it. If not, send an
                         * ABORT or SHUTDOWN based on the linger options.
                         */
                        if (sctp_state(asoc, CLOSED)) {
                                sctp_association_free(asoc);
                                continue;
                        }
                }

                if (data_was_unread || !skb_queue_empty(&asoc->ulpq.lobby) ||
                    !skb_queue_empty(&asoc->ulpq.reasm) ||
                    !skb_queue_empty(&asoc->ulpq.reasm_uo) ||
                    (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime)) {
                        struct sctp_chunk *chunk;

                        chunk = sctp_make_abort_user(asoc, NULL, 0);
                        sctp_primitive_ABORT(net, asoc, chunk);
                } else
                        sctp_primitive_SHUTDOWN(net, asoc, NULL);
        }

        /* On a TCP-style socket, block for at most linger_time if set. */
        if (sctp_style(sk, TCP) && timeout)
                sctp_wait_for_close(sk, timeout);

        /* This will run the backlog queue.  */
        release_sock(sk);

        /* Supposedly, no process has access to the socket, but
         * the net layers still may.
         * Also, sctp_destroy_sock() needs to be called with addr_wq_lock
         * held and that should be grabbed before socket lock.
         */
        spin_lock_bh(&net->sctp.addr_wq_lock);
        bh_lock_sock_nested(sk);

        /* Hold the sock, since sk_common_release() will put sock_put()
         * and we have just a little more cleanup.
         */
        sock_hold(sk);
        sk_common_release(sk);

        bh_unlock_sock(sk);
        spin_unlock_bh(&net->sctp.addr_wq_lock);

        sock_put(sk);

        SCTP_DBG_OBJCNT_DEC(sock);
}

/* Handle EPIPE error. */
static int sctp_error(struct sock *sk, int flags, int err)
{
        if (err == -EPIPE)
                err = sock_error(sk) ? : -EPIPE;
        if (err == -EPIPE && !(flags & MSG_NOSIGNAL))
                send_sig(SIGPIPE, current, 0);
        return err;
}

/* API 3.1.3 sendmsg() - UDP Style Syntax
 *
 * An application uses sendmsg() and recvmsg() calls to transmit data to
 * and receive data from its peer.
 *
 *  ssize_t sendmsg(int socket, const struct msghdr *message,
 *                  int flags);
 *
 *  socket  - the socket descriptor of the endpoint.
 *  message - pointer to the msghdr structure which contains a single
 *            user message and possibly some ancillary data.
 *
 *            See Section 5 for complete description of the data
 *            structures.
 *
 *  flags   - flags sent or received with the user message, see Section
 *            5 for complete description of the flags.
 *
 * Note:  This function could use a rewrite especially when explicit
 * connect support comes in.
 */
/* BUG:  We do not implement the equivalent of sk_stream_wait_memory(). */

static int sctp_msghdr_parse(const struct msghdr *msg,
                             struct sctp_cmsgs *cmsgs);

static int sctp_sendmsg_parse(struct sock *sk, struct sctp_cmsgs *cmsgs,
                              struct sctp_sndrcvinfo *srinfo,
                              const struct msghdr *msg, size_t msg_len)
{
        __u16 sflags;
        int err;

        if (sctp_sstate(sk, LISTENING) && sctp_style(sk, TCP))
                return -EPIPE;

        if (msg_len > sk->sk_sndbuf)
                return -EMSGSIZE;

        memset(cmsgs, 0, sizeof(*cmsgs));
        err = sctp_msghdr_parse(msg, cmsgs);
        if (err) {
                pr_debug("%s: msghdr parse err:%x\n", __func__, err);
                return err;
        }

        memset(srinfo, 0, sizeof(*srinfo));
        if (cmsgs->srinfo) {
                srinfo->sinfo_stream = cmsgs->srinfo->sinfo_stream;
                srinfo->sinfo_flags = cmsgs->srinfo->sinfo_flags;
                srinfo->sinfo_ppid = cmsgs->srinfo->sinfo_ppid;
                srinfo->sinfo_context = cmsgs->srinfo->sinfo_context;
                srinfo->sinfo_assoc_id = cmsgs->srinfo->sinfo_assoc_id;
                srinfo->sinfo_timetolive = cmsgs->srinfo->sinfo_timetolive;
        }

        if (cmsgs->sinfo) {
                srinfo->sinfo_stream = cmsgs->sinfo->snd_sid;
                srinfo->sinfo_flags = cmsgs->sinfo->snd_flags;
                srinfo->sinfo_ppid = cmsgs->sinfo->snd_ppid;
                srinfo->sinfo_context = cmsgs->sinfo->snd_context;
                srinfo->sinfo_assoc_id = cmsgs->sinfo->snd_assoc_id;
        }

        if (cmsgs->prinfo) {
                srinfo->sinfo_timetolive = cmsgs->prinfo->pr_value;
                SCTP_PR_SET_POLICY(srinfo->sinfo_flags,
                                   cmsgs->prinfo->pr_policy);
        }

        sflags = srinfo->sinfo_flags;
        if (!sflags && msg_len)
                return 0;

        if (sctp_style(sk, TCP) && (sflags & (SCTP_EOF | SCTP_ABORT)))
                return -EINVAL;

        if (((sflags & SCTP_EOF) && msg_len > 0) ||
            (!(sflags & (SCTP_EOF | SCTP_ABORT)) && msg_len == 0))
                return -EINVAL;

        if ((sflags & SCTP_ADDR_OVER) && !msg->msg_name)
                return -EINVAL;

        return 0;
}

static int sctp_sendmsg_new_asoc(struct sock *sk, __u16 sflags,
                                 struct sctp_cmsgs *cmsgs,
                                 union sctp_addr *daddr,
                                 struct sctp_transport **tp)
{
        struct sctp_endpoint *ep = sctp_sk(sk)->ep;
        struct net *net = sock_net(sk);
        struct sctp_association *asoc;
        enum sctp_scope scope;
        struct cmsghdr *cmsg;
        __be32 flowinfo = 0;
        struct sctp_af *af;
        int err;

        *tp = NULL;

        if (sflags & (SCTP_EOF | SCTP_ABORT))
                return -EINVAL;

        if (sctp_style(sk, TCP) && (sctp_sstate(sk, ESTABLISHED) ||
                                    sctp_sstate(sk, CLOSING)))
                return -EADDRNOTAVAIL;

        if (sctp_endpoint_is_peeled_off(ep, daddr))
                return -EADDRNOTAVAIL;

        if (!ep->base.bind_addr.port) {
                if (sctp_autobind(sk))
                        return -EAGAIN;
        } else {
                if (ep->base.bind_addr.port < inet_prot_sock(net) &&
                    !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
                        return -EACCES;
        }

        scope = sctp_scope(daddr);

        /* Label connection socket for first association 1-to-many
         * style for client sequence socket()->sendmsg(). This
         * needs to be done before sctp_assoc_add_peer() as that will
         * set up the initial packet that needs to account for any
         * security ip options (CIPSO/CALIPSO) added to the packet.
         */
        af = sctp_get_af_specific(daddr->sa.sa_family);
        if (!af)
                return -EINVAL;
        err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
                                         (struct sockaddr *)daddr,
                                         af->sockaddr_len);
        if (err < 0)
                return err;

        asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
        if (!asoc)
                return -ENOMEM;

        if (sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL) < 0) {
                err = -ENOMEM;
                goto free;
        }

        if (cmsgs->init) {
                struct sctp_initmsg *init = cmsgs->init;

                if (init->sinit_num_ostreams) {
                        __u16 outcnt = init->sinit_num_ostreams;

                        asoc->c.sinit_num_ostreams = outcnt;
                        /* outcnt has been changed, need to re-init stream */
                        err = sctp_stream_init(&asoc->stream, outcnt, 0,
                                               GFP_KERNEL);
                        if (err)
                                goto free;
                }

                if (init->sinit_max_instreams)
                        asoc->c.sinit_max_instreams = init->sinit_max_instreams;

                if (init->sinit_max_attempts)
                        asoc->max_init_attempts = init->sinit_max_attempts;

                if (init->sinit_max_init_timeo)
                        asoc->max_init_timeo =
                                msecs_to_jiffies(init->sinit_max_init_timeo);
        }

        *tp = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL, SCTP_UNKNOWN);
        if (!*tp) {
                err = -ENOMEM;
                goto free;
        }

        if (!cmsgs->addrs_msg)
                return 0;

        if (daddr->sa.sa_family == AF_INET6)
                flowinfo = daddr->v6.sin6_flowinfo;

        /* sendv addr list parse */
        for_each_cmsghdr(cmsg, cmsgs->addrs_msg) {
                struct sctp_transport *transport;
                struct sctp_association *old;
                union sctp_addr _daddr;
                int dlen;

                if (cmsg->cmsg_level != IPPROTO_SCTP ||
                    (cmsg->cmsg_type != SCTP_DSTADDRV4 &&
                     cmsg->cmsg_type != SCTP_DSTADDRV6))
                        continue;

                daddr = &_daddr;
                memset(daddr, 0, sizeof(*daddr));
                dlen = cmsg->cmsg_len - sizeof(struct cmsghdr);
                if (cmsg->cmsg_type == SCTP_DSTADDRV4) {
                        if (dlen < sizeof(struct in_addr)) {
                                err = -EINVAL;
                                goto free;
                        }

                        dlen = sizeof(struct in_addr);
                        daddr->v4.sin_family = AF_INET;
                        daddr->v4.sin_port = htons(asoc->peer.port);
                        memcpy(&daddr->v4.sin_addr, CMSG_DATA(cmsg), dlen);
                } else {
                        if (dlen < sizeof(struct in6_addr)) {
                                err = -EINVAL;
                                goto free;
                        }

                        dlen = sizeof(struct in6_addr);
                        daddr->v6.sin6_flowinfo = flowinfo;
                        daddr->v6.sin6_family = AF_INET6;
                        daddr->v6.sin6_port = htons(asoc->peer.port);
                        memcpy(&daddr->v6.sin6_addr, CMSG_DATA(cmsg), dlen);
                }
                err = sctp_verify_addr(sk, daddr, sizeof(*daddr));
                if (err)
                        goto free;

                old = sctp_endpoint_lookup_assoc(ep, daddr, &transport);
                if (old && old != asoc) {
                        if (old->state >= SCTP_STATE_ESTABLISHED)
                                err = -EISCONN;
                        else
                                err = -EALREADY;
                        goto free;
                }

                if (sctp_endpoint_is_peeled_off(ep, daddr)) {
                        err = -EADDRNOTAVAIL;
                        goto free;
                }

                transport = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL,
                                                SCTP_UNKNOWN);
                if (!transport) {
                        err = -ENOMEM;
                        goto free;
                }
        }

        return 0;

free:
        sctp_association_free(asoc);
        return err;
}

static int sctp_sendmsg_check_sflags(struct sctp_association *asoc,
                                     __u16 sflags, struct msghdr *msg,
                                     size_t msg_len)
{
        struct sock *sk = asoc->base.sk;
        struct net *net = sock_net(sk);

        if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP))
                return -EPIPE;

        if ((sflags & SCTP_SENDALL) && sctp_style(sk, UDP) &&
            !sctp_state(asoc, ESTABLISHED))
                return 0;

        if (sflags & SCTP_EOF) {
                pr_debug("%s: shutting down association:%p\n", __func__, asoc);
                sctp_primitive_SHUTDOWN(net, asoc, NULL);

                return 0;
        }

        if (sflags & SCTP_ABORT) {
                struct sctp_chunk *chunk;

                chunk = sctp_make_abort_user(asoc, msg, msg_len);
                if (!chunk)
                        return -ENOMEM;

                pr_debug("%s: aborting association:%p\n", __func__, asoc);
                sctp_primitive_ABORT(net, asoc, chunk);

                return 0;
        }

        return 1;
}

static int sctp_sendmsg_to_asoc(struct sctp_association *asoc,
                                struct msghdr *msg, size_t msg_len,
                                struct sctp_transport *transport,
                                struct sctp_sndrcvinfo *sinfo)
{
        struct sock *sk = asoc->base.sk;
        struct sctp_sock *sp = sctp_sk(sk);
        struct net *net = sock_net(sk);
        struct sctp_datamsg *datamsg;
        bool wait_connect = false;
        struct sctp_chunk *chunk;
        long timeo;
        int err;

        if (sinfo->sinfo_stream >= asoc->stream.outcnt) {
                err = -EINVAL;
                goto err;
        }

        if (unlikely(!SCTP_SO(&asoc->stream, sinfo->sinfo_stream)->ext)) {
                err = sctp_stream_init_ext(&asoc->stream, sinfo->sinfo_stream);
                if (err)
                        goto err;
        }

        if (sp->disable_fragments && msg_len > asoc->frag_point) {
                err = -EMSGSIZE;
                goto err;
        }

        if (asoc->pmtu_pending) {
                if (sp->param_flags & SPP_PMTUD_ENABLE)
                        sctp_assoc_sync_pmtu(asoc);
                asoc->pmtu_pending = 0;
        }

        if (sctp_wspace(asoc) < msg_len)
                sctp_prsctp_prune(asoc, sinfo, msg_len - sctp_wspace(asoc));

        if (!sctp_wspace(asoc)) {
                timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
                err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len);
                if (err)
                        goto err;
        }

        if (sctp_state(asoc, CLOSED)) {
                err = sctp_primitive_ASSOCIATE(net, asoc, NULL);
                if (err)
                        goto err;

                if (sp->strm_interleave) {
                        timeo = sock_sndtimeo(sk, 0);
                        err = sctp_wait_for_connect(asoc, &timeo);
                        if (err) {
                                err = -ESRCH;
                                goto err;
                        }
                } else {
                        wait_connect = true;
                }

                pr_debug("%s: we associated primitively\n", __func__);
        }

        datamsg = sctp_datamsg_from_user(asoc, sinfo, &msg->msg_iter);
        if (IS_ERR(datamsg)) {
                err = PTR_ERR(datamsg);
                goto err;
        }

        asoc->force_delay = !!(msg->msg_flags & MSG_MORE);

        list_for_each_entry(chunk, &datamsg->chunks, frag_list) {
                sctp_chunk_hold(chunk);
                sctp_set_owner_w(chunk);
                chunk->transport = transport;
        }

        err = sctp_primitive_SEND(net, asoc, datamsg);
        if (err) {
                sctp_datamsg_free(datamsg);
                goto err;
        }

        pr_debug("%s: we sent primitively\n", __func__);

        sctp_datamsg_put(datamsg);

        if (unlikely(wait_connect)) {
                timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
                sctp_wait_for_connect(asoc, &timeo);
        }

        err = msg_len;

err:
        return err;
}

static union sctp_addr *sctp_sendmsg_get_daddr(struct sock *sk,
                                               const struct msghdr *msg,
                                               struct sctp_cmsgs *cmsgs)
{
        union sctp_addr *daddr = NULL;
        int err;

        if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) {
                int len = msg->msg_namelen;

                if (len > sizeof(*daddr))
                        len = sizeof(*daddr);

                daddr = (union sctp_addr *)msg->msg_name;

                err = sctp_verify_addr(sk, daddr, len);
                if (err)
                        return ERR_PTR(err);
        }

        return daddr;
}

static void sctp_sendmsg_update_sinfo(struct sctp_association *asoc,
                                      struct sctp_sndrcvinfo *sinfo,
                                      struct sctp_cmsgs *cmsgs)
{
        if (!cmsgs->srinfo && !cmsgs->sinfo) {
                sinfo->sinfo_stream = asoc->default_stream;
                sinfo->sinfo_ppid = asoc->default_ppid;
                sinfo->sinfo_context = asoc->default_context;
                sinfo->sinfo_assoc_id = sctp_assoc2id(asoc);

                if (!cmsgs->prinfo)
                        sinfo->sinfo_flags = asoc->default_flags;
        }

        if (!cmsgs->srinfo && !cmsgs->prinfo)
                sinfo->sinfo_timetolive = asoc->default_timetolive;

        if (cmsgs->authinfo) {
                /* Reuse sinfo_tsn to indicate that authinfo was set and
                 * sinfo_ssn to save the keyid on tx path.
                 */
                sinfo->sinfo_tsn = 1;
                sinfo->sinfo_ssn = cmsgs->authinfo->auth_keynumber;
        }
}

static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
{
        struct sctp_endpoint *ep = sctp_sk(sk)->ep;
        struct sctp_transport *transport = NULL;
        struct sctp_sndrcvinfo _sinfo, *sinfo;
        struct sctp_association *asoc;
        struct sctp_cmsgs cmsgs;
        union sctp_addr *daddr;
        bool new = false;
        __u16 sflags;
        int err;

        /* Parse and get snd_info */
        err = sctp_sendmsg_parse(sk, &cmsgs, &_sinfo, msg, msg_len);
        if (err)
                goto out;

        sinfo  = &_sinfo;
        sflags = sinfo->sinfo_flags;

        /* Get daddr from msg */
        daddr = sctp_sendmsg_get_daddr(sk, msg, &cmsgs);
        if (IS_ERR(daddr)) {
                err = PTR_ERR(daddr);
                goto out;
        }

        lock_sock(sk);

        /* SCTP_SENDALL process */
        if ((sflags & SCTP_SENDALL) && sctp_style(sk, UDP)) {
                list_for_each_entry(asoc, &ep->asocs, asocs) {
                        err = sctp_sendmsg_check_sflags(asoc, sflags, msg,
                                                        msg_len);
                        if (err == 0)
                                continue;
                        if (err < 0)
                                goto out_unlock;

                        sctp_sendmsg_update_sinfo(asoc, sinfo, &cmsgs);

                        err = sctp_sendmsg_to_asoc(asoc, msg, msg_len,
                                                   NULL, sinfo);
                        if (err < 0)
                                goto out_unlock;

                        iov_iter_revert(&msg->msg_iter, err);
                }

                goto out_unlock;
        }

        /* Get and check or create asoc */
        if (daddr) {
                asoc = sctp_endpoint_lookup_assoc(ep, daddr, &transport);
                if (asoc) {
                        err = sctp_sendmsg_check_sflags(asoc, sflags, msg,
                                                        msg_len);
                        if (err <= 0)
                                goto out_unlock;
                } else {
                        err = sctp_sendmsg_new_asoc(sk, sflags, &cmsgs, daddr,
                                                    &transport);
                        if (err)
                                goto out_unlock;

                        asoc = transport->asoc;
                        new = true;
                }

                if (!sctp_style(sk, TCP) && !(sflags & SCTP_ADDR_OVER))
                        transport = NULL;
        } else {
                asoc = sctp_id2assoc(sk, sinfo->sinfo_assoc_id);
                if (!asoc) {
                        err = -EPIPE;
                        goto out_unlock;
                }

                err = sctp_sendmsg_check_sflags(asoc, sflags, msg, msg_len);
                if (err <= 0)
                        goto out_unlock;
        }

        /* Update snd_info with the asoc */
        sctp_sendmsg_update_sinfo(asoc, sinfo, &cmsgs);

        /* Send msg to the asoc */
        err = sctp_sendmsg_to_asoc(asoc, msg, msg_len, transport, sinfo);
        if (err < 0 && err != -ESRCH && new)
                sctp_association_free(asoc);

out_unlock:
        release_sock(sk);
out:
        return sctp_error(sk, msg->msg_flags, err);
}

/* This is an extended version of skb_pull() that removes the data from the
 * start of a skb even when data is spread across the list of skb's in the
 * frag_list. len specifies the total amount of data that needs to be removed.
 * when 'len' bytes could be removed from the skb, it returns 0.
 * If 'len' exceeds the total skb length,  it returns the no. of bytes that
 * could not be removed.
 */
static int sctp_skb_pull(struct sk_buff *skb, int len)
{
        struct sk_buff *list;
        int skb_len = skb_headlen(skb);
        int rlen;

        if (len <= skb_len) {
                __skb_pull(skb, len);
                return 0;
        }
        len -= skb_len;
        __skb_pull(skb, skb_len);

        skb_walk_frags(skb, list) {
                rlen = sctp_skb_pull(list, len);
                skb->len -= (len-rlen);
                skb->data_len -= (len-rlen);

                if (!rlen)
                        return 0;

                len = rlen;
        }

        return len;
}

/* API 3.1.3  recvmsg() - UDP Style Syntax
 *
 *  ssize_t recvmsg(int socket, struct msghdr *message,
 *                    int flags);
 *
 *  socket  - the socket descriptor of the endpoint.
 *  message - pointer to the msghdr structure which contains a single
 *            user message and possibly some ancillary data.
 *
 *            See Section 5 for complete description of the data
 *            structures.
 *
 *  flags   - flags sent or received with the user message, see Section
 *            5 for complete description of the flags.
 */
static int sctp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
                        int noblock, int flags, int *addr_len)
{
        struct sctp_ulpevent *event = NULL;
        struct sctp_sock *sp = sctp_sk(sk);
        struct sk_buff *skb, *head_skb;
        int copied;
        int err = 0;
        int skb_len;

        pr_debug("%s: sk:%p, msghdr:%p, len:%zd, noblock:%d, flags:0x%x, "
                 "addr_len:%p)\n", __func__, sk, msg, len, noblock, flags,
                 addr_len);

        lock_sock(sk);

        if (sctp_style(sk, TCP) && !sctp_sstate(sk, ESTABLISHED) &&
            !sctp_sstate(sk, CLOSING) && !sctp_sstate(sk, CLOSED)) {
                err = -ENOTCONN;
                goto out;
        }

        skb = sctp_skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb)
                goto out;

        /* Get the total length of the skb including any skb's in the
         * frag_list.
         */
        skb_len = skb->len;

        copied = skb_len;
        if (copied > len)
                copied = len;

        err = skb_copy_datagram_msg(skb, 0, msg, copied);

        event = sctp_skb2event(skb);

        if (err)
                goto out_free;

        if (event->chunk && event->chunk->head_skb)
                head_skb = event->chunk->head_skb;
        else
                head_skb = skb;
        sock_recv_ts_and_drops(msg, sk, head_skb);
        if (sctp_ulpevent_is_notification(event)) {
                msg->msg_flags |= MSG_NOTIFICATION;
                sp->pf->event_msgname(event, msg->msg_name, addr_len);
        } else {
                sp->pf->skb_msgname(head_skb, msg->msg_name, addr_len);
        }

        /* Check if we allow SCTP_NXTINFO. */
        if (sp->recvnxtinfo)
                sctp_ulpevent_read_nxtinfo(event, msg, sk);
        /* Check if we allow SCTP_RCVINFO. */
        if (sp->recvrcvinfo)
                sctp_ulpevent_read_rcvinfo(event, msg);
        /* Check if we allow SCTP_SNDRCVINFO. */
        if (sp->subscribe.sctp_data_io_event)
                sctp_ulpevent_read_sndrcvinfo(event, msg);

        err = copied;

        /* If skb's length exceeds the user's buffer, update the skb and
         * push it back to the receive_queue so that the next call to
         * recvmsg() will return the remaining data. Don't set MSG_EOR.
         */
        if (skb_len > copied) {
                msg->msg_flags &= ~MSG_EOR;
                if (flags & MSG_PEEK)
                        goto out_free;
                sctp_skb_pull(skb, copied);
                skb_queue_head(&sk->sk_receive_queue, skb);

                /* When only partial message is copied to the user, increase
                 * rwnd by that amount. If all the data in the skb is read,
                 * rwnd is updated when the event is freed.
                 */
                if (!sctp_ulpevent_is_notification(event))
                        sctp_assoc_rwnd_increase(event->asoc, copied);
                goto out;
        } else if ((event->msg_flags & MSG_NOTIFICATION) ||
                   (event->msg_flags & MSG_EOR))
                msg->msg_flags |= MSG_EOR;
        else
                msg->msg_flags &= ~MSG_EOR;

out_free:
        if (flags & MSG_PEEK) {
                /* Release the skb reference acquired after peeking the skb in
                 * sctp_skb_recv_datagram().
                 */
                kfree_skb(skb);
        } else {
                /* Free the event which includes releasing the reference to
                 * the owner of the skb, freeing the skb and updating the
                 * rwnd.
                 */
                sctp_ulpevent_free(event);
        }
out:
        release_sock(sk);
        return err;
}

/* 7.1.12 Enable/Disable message fragmentation (SCTP_DISABLE_FRAGMENTS)
 *
 * This option is a on/off flag.  If enabled no SCTP message
 * fragmentation will be performed.  Instead if a message being sent
 * exceeds the current PMTU size, the message will NOT be sent and
 * instead a error will be indicated to the user.
 */
static int sctp_setsockopt_disable_fragments(struct sock *sk,
                                             char __user *optval,
                                             unsigned int optlen)
{
        int val;

        if (optlen < sizeof(int))
                return -EINVAL;

        if (get_user(val, (int __user *)optval))
                return -EFAULT;

        sctp_sk(sk)->disable_fragments = (val == 0) ? 0 : 1;

        return 0;
}

static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
                                  unsigned int optlen)
{
        struct sctp_association *asoc;
        struct sctp_ulpevent *event;

        if (optlen > sizeof(struct sctp_event_subscribe))
                return -EINVAL;
        if (copy_from_user(&sctp_sk(sk)->subscribe, optval, optlen))
                return -EFAULT;

        /* At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT,
         * if there is no data to be sent or retransmit, the stack will
         * immediately send up this notification.
         */
        if (sctp_ulpevent_type_enabled(SCTP_SENDER_DRY_EVENT,
                                       &sctp_sk(sk)->subscribe)) {
                asoc = sctp_id2assoc(sk, 0);

                if (asoc && sctp_outq_is_empty(&asoc->outqueue)) {
                        event = sctp_ulpevent_make_sender_dry_event(asoc,
                                        GFP_USER | __GFP_NOWARN);
                        if (!event)
                                return -ENOMEM;

                        asoc->stream.si->enqueue_event(&asoc->ulpq, event);
                }
        }

        return 0;
}

/* 7.1.8 Automatic Close of associations (SCTP_AUTOCLOSE)
 *
 * This socket option is applicable to the UDP-style socket only.  When
 * set it will cause associations that are idle for more than the
 * specified number of seconds to automatically close.  An association
 * being idle is defined an association that has NOT sent or received
 * user data.  The special value of '0' indicates that no automatic
 * close of any associations should be performed.  The option expects an
 * integer defining the number of seconds of idle time before an
 * association is closed.
 */
static int sctp_setsockopt_autoclose(struct sock *sk, char __user *optval,
                                     unsigned int optlen)
{
        struct sctp_sock *sp = sctp_sk(sk);
        struct net *net = sock_net(sk);

        /* Applicable to UDP-style socket only */
        if (sctp_style(sk, TCP))
                return -EOPNOTSUPP;
        if (optlen != sizeof(int))
                return -EINVAL;
        if (copy_from_user(&sp->autoclose, optval, optlen))
                return -EFAULT;

        if (sp->autoclose > net->sctp.max_autoclose)
                sp->autoclose = net->sctp.max_autoclose;

        return 0;
}

/* 7.1.13 Peer Address Parameters (SCTP_PEER_ADDR_PARAMS)
 *
 * Applications can enable or disable heartbeats for any peer address of
 * an association, modify an address's heartbeat interval, force a
 * heartbeat to be sent immediately, and adjust the address's maximum
 * number of retransmissions sent before an address is considered
 * unreachable.  The following structure is used to access and modify an
 * address's parameters:
 *
 *  struct sctp_paddrparams {
 *     sctp_assoc_t            spp_assoc_id;
 *     struct sockaddr_storage spp_address;
 *     uint32_t                spp_hbinterval;
 *     uint16_t                spp_pathmaxrxt;
 *     uint32_t                spp_pathmtu;
 *     uint32_t                spp_sackdelay;
 *     uint32_t                spp_flags;
 *     uint32_t                spp_ipv6_flowlabel;
 *     uint8_t                 spp_dscp;
 * };
 *
 *   spp_assoc_id    - (one-to-many style socket) This is filled in the
 *                     application, and identifies the association for
 *                     this query.
 *   spp_address     - This specifies which address is of interest.
 *   spp_hbinterval  - This contains the value of the heartbeat interval,
 *                     in milliseconds.  If a  value of zero
 *                     is present in this field then no changes are to
 *                     be made to this parameter.
 *   spp_pathmaxrxt  - This contains the maximum number of
 *                     retransmissions before this address shall be
 *                     considered unreachable. If a  value of zero
 *                     is present in this field then no changes are to
 *                     be made to this parameter.
 *   spp_pathmtu     - When Path MTU discovery is disabled the value
 *                     specified here will be the "fixed" path mtu.
 *                     Note that if the spp_address field is empty
 *                     then all associations on this address will
 *                     have this fixed path mtu set upon them.
 *
 *   spp_sackdelay   - When delayed sack is enabled, this value specifies
 *                     the number of milliseconds that sacks will be delayed
 *                     for. This value will apply to all addresses of an
 *                     association if the spp_address field is empty. Note
 *                     also, that if delayed sack is enabled and this
 *                     value is set to 0, no change is made to the last
 *                     recorded delayed sack timer value.
 *
 *   spp_flags       - These flags are used to control various features
 *                     on an association. The flag field may contain
 *                     zero or more of the following options.
 *
 *                     SPP_HB_ENABLE  - Enable heartbeats on the
 *                     specified address. Note that if the address
 *                     field is empty all addresses for the association
 *                     have heartbeats enabled upon them.
 *
 *                     SPP_HB_DISABLE - Disable heartbeats on the
 *                     speicifed address. Note that if the address
 *                     field is empty all addresses for the association
 *                     will have their heartbeats disabled. Note also
 *                     that SPP_HB_ENABLE and SPP_HB_DISABLE are
 *                     mutually exclusive, only one of these two should
 *                     be specified. Enabling both fields will have
 *                     undetermined results.
 *
 *                     SPP_HB_DEMAND - Request a user initiated heartbeat
 *                     to be made immediately.
 *
 *                     SPP_HB_TIME_IS_ZERO - Specify's that the time for
 *                     heartbeat delayis to be set to the value of 0
 *                     milliseconds.
 *
 *                     SPP_PMTUD_ENABLE - This field will enable PMTU
 *                     discovery upon the specified address. Note that
 *                     if the address feild is empty then all addresses
 *                     on the association are effected.
 *
 *                     SPP_PMTUD_DISABLE - This field will disable PMTU
 *                     discovery upon the specified address. Note that
 *                     if the address feild is empty then all addresses
 *                     on the association are effected. Not also that
 *                     SPP_PMTUD_ENABLE and SPP_PMTUD_DISABLE are mutually
 *                     exclusive. Enabling both will have undetermined
 *                     results.
 *
 *                     SPP_SACKDELAY_ENABLE - Setting this flag turns
 *                     on delayed sack. The time specified in spp_sackdelay
 *                     is used to specify the sack delay for this address. Note
 *                     that if spp_address is empty then all addresses will
 *                     enable delayed sack and take on the sack delay
 *                     value specified in spp_sackdelay.
 *                     SPP_SACKDELAY_DISABLE - Setting this flag turns
 *                     off delayed sack. If the spp_address field is blank then
 *                     delayed sack is disabled for the entire association. Note
 *                     also that this field is mutually exclusive to
 *                     SPP_SACKDELAY_ENABLE, setting both will have undefined
 *                     results.
 *
 *                     SPP_IPV6_FLOWLABEL:  Setting this flag enables the
 *                     setting of the IPV6 flow label value.  The value is
 *                     contained in the spp_ipv6_flowlabel field.
 *                     Upon retrieval, this flag will be set to indicate that
 *                     the spp_ipv6_flowlabel field has a valid value returned.
 *                     If a specific destination address is set (in the
 *                     spp_address field), then the value returned is that of
 *                     the address.  If just an association is specified (and
 *                     no address), then the association's default flow label
 *                     is returned.  If neither an association nor a destination
 *                     is specified, then the socket's default flow label is
 *                     returned.  For non-IPv6 sockets, this flag will be left
 *                     cleared.
 *
 *                     SPP_DSCP:  Setting this flag enables the setting of the
 *                     Differentiated Services Code Point (DSCP) value
 *                     associated with either the association or a specific
 *                     address.  The value is obtained in the spp_dscp field.
 *                     Upon retrieval, this flag will be set to indicate that
 *                     the spp_dscp field has a valid value returned.  If a
 *                     specific destination address is set when called (in the
 *                     spp_address field), then that specific destination
 *                     address's DSCP value is returned.  If just an association
 *                     is specified, then the association's default DSCP is
 *                     returned.  If neither an association nor a destination is
 *                     specified, then the socket's default DSCP is returned.
 *
 *   spp_ipv6_flowlabel
 *                   - This field is used in conjunction with the
 *                     SPP_IPV6_FLOWLABEL flag and contains the IPv6 flow label.
 *                     The 20 least significant bits are used for the flow
 *                     label.  This setting has precedence over any IPv6-layer
 *                     setting.
 *
 *   spp_dscp        - This field is used in conjunction with the SPP_DSCP flag
 *                     and contains the DSCP.  The 6 most significant bits are
 *                     used for the DSCP.  This setting has precedence over any
 *                     IPv4- or IPv6- layer setting.
 */
static int sctp_apply_peer_addr_params(struct sctp_paddrparams *params,
                                       struct sctp_transport   *trans,
                                       struct sctp_association *asoc,
                                       struct sctp_sock        *sp,
                                       int                      hb_change,
                                       int                      pmtud_change,
                                       int                      sackdelay_change)
{
        int error;

        if (params->spp_flags & SPP_HB_DEMAND && trans) {
                struct net *net = sock_net(trans->asoc->base.sk);

                error = sctp_primitive_REQUESTHEARTBEAT(net, trans->asoc, trans);
                if (error)
                        return error;
        }

        /* Note that unless the spp_flag is set to SPP_HB_ENABLE the value of
         * this field is ignored.  Note also that a value of zero indicates
         * the current setting should be left unchanged.
         */
        if (params->spp_flags & SPP_HB_ENABLE) {

                /* Re-zero the interval if the SPP_HB_TIME_IS_ZERO is
                 * set.  This lets us use 0 value when this flag
                 * is set.
                 */
                if (params->spp_flags & SPP_HB_TIME_IS_ZERO)
                        params->spp_hbinterval = 0;

                if (params->spp_hbinterval ||
                    (params->spp_flags & SPP_HB_TIME_IS_ZERO)) {
                        if (trans) {
                                trans->hbinterval =
                                    msecs_to_jiffies(params->spp_hbinterval);
                        } else if (asoc) {
                                asoc->hbinterval =
                                    msecs_to_jiffies(params->spp_hbinterval);
                        } else {
                                sp->hbinterval = params->spp_hbinterval;
                        }
                }
        }

        if (hb_change) {
                if (trans) {
                        trans->param_flags =
                                (trans->param_flags & ~SPP_HB) | hb_change;
                } else if (asoc) {
                        asoc->param_flags =
                                (asoc->param_flags & ~SPP_HB) | hb_change;
                } else {
                        sp->param_flags =
                                (sp->param_flags & ~SPP_HB) | hb_change;
                }
        }

        /* When Path MTU discovery is disabled the value specified here will
         * be the "fixed" path mtu (i.e. the value of the spp_flags field must
         * include the flag SPP_PMTUD_DISABLE for this field to have any
         * effect).
         */
        if ((params->spp_flags & SPP_PMTUD_DISABLE) && params->spp_pathmtu) {
                if (trans) {
                        trans->pathmtu = params->spp_pathmtu;
                        sctp_assoc_sync_pmtu(asoc);
                } else if (asoc) {
                        sctp_assoc_set_pmtu(asoc, params->spp_pathmtu);
                } else {
                        sp->pathmtu = params->spp_pathmtu;
                }
        }

        if (pmtud_change) {
                if (trans) {
                        int update = (trans->param_flags & SPP_PMTUD_DISABLE) &&
                                (params->spp_flags & SPP_PMTUD_ENABLE);
                        trans->param_flags =
                                (trans->param_flags & ~SPP_PMTUD) | pmtud_change;
                        if (update) {
                                sctp_transport_pmtu(trans, sctp_opt2sk(sp));
                                sctp_assoc_sync_pmtu(asoc);
                        }
                } else if (asoc) {
                        asoc->param_flags =
                                (asoc->param_flags & ~SPP_PMTUD) | pmtud_change;
                } else {
                        sp->param_flags =
                                (sp->param_flags & ~SPP_PMTUD) | pmtud_change;
                }
        }

        /* Note that unless the spp_flag is set to SPP_SACKDELAY_ENABLE the
         * value of this field is ignored.  Note also that a value of zero
         * indicates the current setting should be left unchanged.
         */
        if ((params->spp_flags & SPP_SACKDELAY_ENABLE) && params->spp_sackdelay) {
                if (trans) {
                        trans->sackdelay =
                                msecs_to_jiffies(params->spp_sackdelay);
                } else if (asoc) {
                        asoc->sackdelay =
                                msecs_to_jiffies(params->spp_sackdelay);
                } else {
                        sp->sackdelay = params->spp_sackdelay;
                }
        }

        if (sackdelay_change) {
                if (trans) {
                        trans->param_flags =
                                (trans->param_flags & ~SPP_SACKDELAY) |
                                sackdelay_change;
                } else if (asoc) {
                        asoc->param_flags =
                                (asoc->param_flags & ~SPP_SACKDELAY) |
                                sackdelay_change;
                } else {
                        sp->param_flags =
                                (sp->param_flags & ~SPP_SACKDELAY) |
                                sackdelay_change;
                }
        }

        /* Note that a value of zero indicates the current setting should be
           left unchanged.
         */
        if (params->spp_pathmaxrxt) {
                if (trans) {
                        trans->pathmaxrxt = params->spp_pathmaxrxt;
                } else if (asoc) {
                        asoc->pathmaxrxt = params->spp_pathmaxrxt;
                } else {
                        sp->pathmaxrxt = params->spp_pathmaxrxt;
                }
        }

        if (params->spp_flags & SPP_IPV6_FLOWLABEL) {
                if (trans) {
                        if (trans->ipaddr.sa.sa_family == AF_INET6) {
                                trans->flowlabel = params->spp_ipv6_flowlabel &
                                                   SCTP_FLOWLABEL_VAL_MASK;
                                trans->flowlabel |= SCTP_FLOWLABEL_SET_MASK;
                        }
                } else if (asoc) {
                        struct sctp_transport *t;

                        list_for_each_entry(t, &asoc->peer.transport_addr_list,
                                            transports) {
                                if (t->ipaddr.sa.sa_family != AF_INET6)
                                        continue;
                                t->flowlabel = params->spp_ipv6_flowlabel &
                                               SCTP_FLOWLABEL_VAL_MASK;
                                t->flowlabel |= SCTP_FLOWLABEL_SET_MASK;
                        }
                        asoc->flowlabel = params->spp_ipv6_flowlabel &
                                          SCTP_FLOWLABEL_VAL_MASK;
                        asoc->flowlabel |= SCTP_FLOWLABEL_SET_MASK;
                } else if (sctp_opt2sk(sp)->sk_family == AF_INET6) {
                        sp->flowlabel = params->spp_ipv6_flowlabel &
                                        SCTP_FLOWLABEL_VAL_MASK;
                        sp->flowlabel |= SCTP_FLOWLABEL_SET_MASK;
                }
        }

        if (params->spp_flags & SPP_DSCP) {
                if (trans) {
                        trans->dscp = params->spp_dscp & SCTP_DSCP_VAL_MASK;
                        trans->dscp |= SCTP_DSCP_SET_MASK;
                } else if (asoc) {
                        struct sctp_transport *t;

                        list_for_each_entry(t, &asoc->peer.transport_addr_list,
                                            transports) {
                                t->dscp = params->spp_dscp &
                                          SCTP_DSCP_VAL_MASK;
                                t->dscp |= SCTP_DSCP_SET_MASK;
                        }
                        asoc->dscp = params->spp_dscp & SCTP_DSCP_VAL_MASK;
                        asoc->dscp |= SCTP_DSCP_SET_MASK;
                } else {
                        sp->dscp = params->spp_dscp & SCTP_DSCP_VAL_MASK;
                        sp->dscp |= SCTP_DSCP_SET_MASK;
                }
        }

        return 0;
}

static int sctp_setsockopt_peer_addr_params(struct sock *sk,
                                            char __user *optval,
                                            unsigned int optlen)
{
        struct sctp_paddrparams  params;
        struct sctp_transport   *trans = NULL;
        struct sctp_association *asoc = NULL;
        struct sctp_sock        *sp = sctp_sk(sk);
        int error;
        int hb_change, pmtud_change, sackdelay_change;

        if (optlen == sizeof(params)) {
                if (copy_from_user(&params, optval, optlen))
                        return -EFAULT;
        } else if (optlen == ALIGN(offsetof(struct sctp_paddrparams,
                                            spp_ipv6_flowlabel), 4)) {
                if (copy_from_user(&params, optval, optlen))
                        return -EFAULT;
                if (params.spp_flags & (SPP_DSCP | SPP_IPV6_FLOWLABEL))
                        return -EINVAL;
        } else {
                return -EINVAL;
        }

        /* Validate flags and value parameters. */
        hb_change        = params.spp_flags & SPP_HB;
        pmtud_change     = params.spp_flags & SPP_PMTUD;
        sackdelay_change = params.spp_flags & SPP_SACKDELAY;

        if (hb_change        == SPP_HB ||
            pmtud_change     == SPP_PMTUD ||
            sackdelay_change == SPP_SACKDELAY ||
            params.spp_sackdelay > 500 ||
            (params.spp_pathmtu &&
             params.spp_pathmtu < SCTP_DEFAULT_MINSEGMENT))
                return -EINVAL;

        /* If an address other than INADDR_ANY is specified, and
         * no transport is found, then the request is invalid.
         */
        if (!sctp_is_any(sk, (union sctp_addr *)&params.spp_address)) {
                trans = sctp_addr_id2transport(sk, &params.spp_address,
                                               params.spp_assoc_id);
                if (!trans)
                        return -EINVAL;
        }

        /* Get association, if assoc_id != 0 and the socket is a one
         * to many style socket, and an association was not found, then
         * the id was invalid.
         */
        asoc = sctp_id2assoc(sk, params.spp_assoc_id);
        if (!asoc && params.spp_assoc_id && sctp_style(sk, UDP))
                return -EINVAL;

        /* Heartbeat demand can only be sent on a transport or
         * association, but not a socket.
         */
        if (params.spp_flags & SPP_HB_DEMAND && !trans && !asoc)
                return -EINVAL;

        /* Process parameters. */
        error = sctp_apply_peer_addr_params(&params, trans, asoc, sp,
                                            hb_change, pmtud_change,
                                            sackdelay_change);

        if (error)
                return error;

        /* If changes are for association, also apply parameters to each
         * transport.
         */
        if (!trans && asoc) {
                list_for_each_entry(trans, &asoc->peer.transport_addr_list,
                                transports) {
                        sctp_apply_peer_addr_params(&params, trans, asoc, sp,
                                                    hb_change, pmtud_change,
                                                    sackdelay_change);
                }
        }

        return 0;
}

static inline __u32 sctp_spp_sackdelay_enable(__u32 param_flags)
{
        return (param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_ENABLE;
}

static inline __u32 sctp_spp_sackdelay_disable(__u32 param_flags)
{
        return (param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_DISABLE;
}

/*
 * 7.1.23.  Get or set delayed ack timer (SCTP_DELAYED_SACK)
 *
 * This option will effect the way delayed acks are performed.  This
 * option allows you to get or set the delayed ack time, in
 * milliseconds.  It also allows changing the delayed ack frequency.
 * Changing the frequency to 1 disables the delayed sack algorithm.  If
 * the assoc_id is 0, then this sets or gets the endpoints default
 * values.  If the assoc_id field is non-zero, then the set or get
 * effects the specified association for the one to many model (the
 * assoc_id field is ignored by the one to one model).  Note that if
 * sack_delay or sack_freq are 0 when setting this option, then the
 * current values will remain unchanged.
 *
 * struct sctp_sack_info {
 *     sctp_assoc_t            sack_assoc_id;
 *     uint32_t                sack_delay;
 *     uint32_t                sack_freq;
 * };
 *
 * sack_assoc_id -  This parameter, indicates which association the user
 *    is performing an action upon.  Note that if this field's value is
 *    zero then the endpoints default value is changed (effecting future
 *    associations only).
 *
 * sack_delay -  This parameter contains the number of milliseconds that
 *    the user is requesting the delayed ACK timer be set to.  Note that
 *    this value is defined in the standard to be between 200 and 500
 *    milliseconds.
 *
 * sack_freq -  This parameter contains the number of packets that must
 *    be received before a sack is sent without waiting for the delay
 *    timer to expire.  The default value for this is 2, setting this
 *    value to 1 will disable the delayed sack algorithm.
 */

static int sctp_setsockopt_delayed_ack(struct sock *sk,
                                       char __user *optval, unsigned int optlen)
{
        struct sctp_sack_info    params;
        struct sctp_transport   *trans = NULL;
        struct sctp_association *asoc = NULL;
        struct sctp_sock        *sp = sctp_sk(sk);

        if (optlen == sizeof(struct sctp_sack_info)) {
                if (copy_from_user(&params, optval, optlen))
                        return -EFAULT;

                if (params.sack_delay == 0 && params.sack_freq == 0)
                        return 0;
        } else if (optlen == sizeof(struct sctp_assoc_value)) {
                pr_warn_ratelimited(DEPRECATED
                                    "%s (pid %d) "
                                    "Use of struct sctp_assoc_value in delayed_ack socket option.\n"
                                    "Use struct sctp_sack_info instead\n",
                                    current->comm, task_pid_nr(current));
                if (copy_from_user(&params, optval, optlen))
                        return -EFAULT;

                if (params.sack_delay == 0)
                        params.sack_freq = 1;
                else
                        params.sack_freq = 0;
        } else
                return -EINVAL;

        /* Validate value parameter. */
        if (params.sack_delay > 500)
                return -EINVAL;

        /* Get association, if sack_assoc_id != 0 and the socket is a one
         * to many style socket, and an association was not found, then
         * the id was invalid.
         */
        asoc = sctp_id2assoc(sk, params.sack_assoc_id);
        if (!asoc && params.sack_assoc_id && sctp_style(sk, UDP))
                return -EINVAL;

        if (params.sack_delay) {
                if (asoc) {
                        asoc->sackdelay =
                                msecs_to_jiffies(params.sack_delay);
                        asoc->param_flags =
                                sctp_spp_sackdelay_enable(asoc->param_flags);
                } else {
                        sp->sackdelay = params.sack_delay;
                        sp->param_flags =
                                sctp_spp_sackdelay_enable(sp->param_flags);
                }
        }

        if (params.sack_freq == 1) {
                if (asoc) {
                        asoc->param_flags =
                                sctp_spp_sackdelay_disable(asoc->param_flags);
                } else {
                        sp->param_flags =
                                sctp_spp_sackdelay_disable(sp->param_flags);
                }
        } else if (params.sack_freq > 1) {
                if (asoc) {
                        asoc->sackfreq = params.sack_freq;
                        asoc->param_flags =
                                sctp_spp_sackdelay_enable(asoc->param_flags);
                } else {
                        sp->sackfreq = params.sack_freq;
                        sp->param_flags =
                                sctp_spp_sackdelay_enable(sp->param_flags);
                }
        }

        /* If change is for association, also apply to each transport. */
        if (asoc) {
                list_for_each_entry(trans, &asoc->peer.transport_addr_list,
                                transports) {
                        if (params.sack_delay) {
                                trans->sackdelay =
                                        msecs_to_jiffies(params.sack_delay);
                                trans->param_flags =
                                        sctp_spp_sackdelay_enable(trans->param_flags);
                        }
                        if (params.sack_freq == 1) {
                                trans->param_flags =
                                        sctp_spp_sackdelay_disable(trans->param_flags);
                        } else if (params.sack_freq > 1) {
                                trans->sackfreq = params.sack_freq;
                                trans->param_flags =
                                        sctp_spp_sackdelay_enable(trans->param_flags);
                        }
                }
        }

        return 0;
}

/* 7.1.3 Initialization Parameters (SCTP_INITMSG)
 *
 * Applications can specify protocol parameters for the default association
 * initialization.  The option name argument to setsockopt() and getsockopt()
 * is SCTP_INITMSG.
 *
 * Setting initialization parameters is effective only on an unconnected
 * socket (for UDP-style sockets only future associations are effected
 * by the change).  With TCP-style sockets, this option is inherited by
 * sockets derived from a listener socket.
 */
static int sctp_setsockopt_initmsg(struct sock *sk, char __user *optval, unsigned int optlen)
{
        struct sctp_initmsg sinit;
        struct sctp_sock *sp = sctp_sk(sk);

        if (optlen != sizeof(struct sctp_initmsg))
                return -EINVAL;
        if (copy_from_user(&sinit, optval, optlen))
                return -EFAULT;

        if (sinit.sinit_num_ostreams)
                sp->initmsg.sinit_num_ostreams = sinit.sinit_num_ostreams;
        if (sinit.sinit_max_instreams)
                sp->initmsg.sinit_max_instreams = sinit.sinit_max_instreams;
        if (sinit.sinit_max_attempts)
                sp->initmsg.sinit_max_attempts = sinit.sinit_max_attempts;
        if (sinit.sinit_max_init_timeo)
                sp->initmsg.sinit_max_init_timeo = sinit.sinit_max_init_timeo;

        return 0;
}

/*
 * 7.1.14 Set default send parameters (SCTP_DEFAULT_SEND_PARAM)
 *
 *   Applications that wish to use the sendto() system call may wish to
 *   specify a default set of parameters that would normally be supplied
 *   through the inclusion of ancillary data.  This socket option allows
 *   such an application to set the default sctp_sndrcvinfo structure.
 *   The application that wishes to use this socket option simply passes
 *   in to this call the sctp_sndrcvinfo structure defined in Section
 *   5.2.2) The input parameters accepted by this call include
 *   sinfo_stream, sinfo_flags, sinfo_ppid, sinfo_context,
 *   sinfo_timetolive.  The user must provide the sinfo_assoc_id field in
 *   to this call if the caller is using the UDP model.
 */
static int sctp_setsockopt_default_send_param(struct sock *sk,
                                              char __user *optval,
                                              unsigned int optlen)
{
        struct sctp_sock *sp = sctp_sk(sk);
        struct sctp_association *asoc;
        struct sctp_sndrcvinfo info;

        if (optlen != sizeof(info))
                return -EINVAL;
        if (copy_from_user(&info, optval, optlen))
                return -EFAULT;

        if (info.sinfo_flags &
            ~(SCTP_UNORDERED | SCTP_ADDR_OVER |
              SCTP_ABORT | SCTP_EOF))
                return -EINVAL;

        asoc = sctp_id2assoc(sk, info.sinfo_assoc_id);
        if (!asoc && info.sinfo_assoc_id && sctp_style(sk, UDP))
                return -EINVAL;
        if (asoc) {
                asoc->default_stream = info.sinfo_stream;
                asoc->default_flags = info.sinfo_flags;
                asoc->default_ppid = info.sinfo_ppid;
                asoc->default_context = info.sinfo_context;
                asoc->default_timetolive = info.sinfo_timetolive;
        } else {
                sp->default_stream = info.sinfo_stream;
                sp->default_flags = info.sinfo_flags;
                sp->default_ppid = info.sinfo_ppid;
                sp->default_context = info.sinfo_context;
                sp->default_timetolive = info.sinfo_timetolive;
        }

        return 0;
}

/* RFC6458, Section 8.1.31. Set/get Default Send Parameters
 * (SCTP_DEFAULT_SNDINFO)
 */
static int sctp_setsockopt_default_sndinfo(struct sock *sk,
                                           char __user *optval,
                                           unsigned int optlen)
{
        struct sctp_sock *sp = sctp_sk(sk);
        struct sctp_association *asoc;
        struct sctp_sndinfo info;

        if (optlen != sizeof(info))
                return -EINVAL;
        if (copy_from_user(&info, optval, optlen))
                return -EFAULT;
        if (info.snd_flags &
            ~(SCTP_UNORDERED | SCTP_ADDR_OVER |
              SCTP_ABORT | SCTP_EOF))
                return -EINVAL;

        asoc = sctp_id2assoc(sk, info.snd_assoc_id);
        if (!asoc && info.snd_assoc_id && sctp_style(sk, UDP))
                return -EINVAL;
        if (asoc) {
                asoc->default_stream = info.snd_sid;
                asoc->default_flags = info.snd_flags;
                asoc->default_ppid = info.snd_ppid;
                asoc->default_context = info.snd_context;
        } else {
                sp->default_stream = info.snd_sid;
                sp->default_flags = info.snd_flags;
                sp->default_ppid = info.snd_ppid;
                sp->default_context = info.snd_context;
        }

        return 0;
}

/* 7.1.10 Set Primary Address (SCTP_PRIMARY_ADDR)
 *
 * Requests that the local SCTP stack use the enclosed peer address as
 * the association primary.  The enclosed address must be one of the
 * association peer's addresses.
 */
static int sctp_setsockopt_primary_addr(struct sock *sk, char __user *optval,
                                        unsigned int optlen)
{
        struct sctp_prim prim;
        struct sctp_transport *trans;
        struct sctp_af *af;
        int err;

        if (optlen != sizeof(struct sctp_prim))
                return -EINVAL;

        if (copy_from_user(&prim, optval, sizeof(struct sctp_prim)))
                return -EFAULT;

        /* Allow security module to validate address but need address len. */
        af = sctp_get_af_specific(prim.ssp_addr.ss_family);
        if (!af)
                return -EINVAL;

        err = security_sctp_bind_connect(sk, SCTP_PRIMARY_ADDR,
                                         (struct sockaddr *)&prim.ssp_addr,
                                         af->sockaddr_len);
        if (err)
                return err;

        trans = sctp_addr_id2transport(sk, &prim.ssp_addr, prim.ssp_assoc_id);
        if (!trans)
                return -EINVAL;

        sctp_assoc_set_primary(trans->asoc, trans);

        return 0;
}

/*
 * 7.1.5 SCTP_NODELAY
 *
 * Turn on/off any Nagle-like algorithm.  This means that packets are
 * generally sent as soon as possible and no unnecessary delays are
 * introduced, at the cost of more packets in the network.  Expects an
 *  integer boolean flag.
 */
static int sctp_setsockopt_nodelay(struct sock *sk, char __user *optval,
                                   unsigned int optlen)
{
        int val;

        if (optlen < sizeof(int))
                return -EINVAL;
        if (get_user(val, (int __user *)optval))
                return -EFAULT;

        sctp_sk(sk)->nodelay = (val == 0) ? 0 : 1;
        return 0;
}

/*
 *
 * 7.1.1 SCTP_RTOINFO
 *
 * The protocol parameters used to initialize and bound retransmission
 * timeout (RTO) are tunable. sctp_rtoinfo structure is used to access
 * and modify these parameters.
 * All parameters are time values, in milliseconds.  A value of 0, when
 * modifying the parameters, indicates that the current value should not
 * be changed.
 *
 */
static int sctp_setsockopt_rtoinfo(struct sock *sk, char __user *optval, unsigned int optlen)
{
        struct sctp_rtoinfo rtoinfo;
        struct sctp_association *asoc;
        unsigned long rto_min, rto_max;
        struct sctp_sock *sp = sctp_sk(sk);

        if (optlen != sizeof (struct sctp_rtoinfo))
                return -EINVAL;

        if (copy_from_user(&rtoinfo, optval, optlen))
                return -EFAULT;

        asoc = sctp_id2assoc(sk, rtoinfo.srto_assoc_id);

        /* Set the values to the specific association */
        if (!asoc && rtoinfo.srto_assoc_id && sctp_style(sk, UDP))
                return -EINVAL;

        rto_max = rtoinfo.srto_max;
        rto_min = rtoinfo.srto_min;

        if (rto_max)
                rto_max = asoc ? msecs_to_jiffies(rto_max) : rto_max;
        else
                rto_max = asoc ? asoc->rto_max : sp->rtoinfo.srto_max;

        if (rto_min)
                rto_min = asoc ? msecs_to_jiffies(rto_min) : rto_min;
        else
                rto_min = asoc ? asoc->rto_min : sp->rtoinfo.srto_min;

        if (rto_min > rto_max)
                return -EINVAL;

        if (asoc) {
                if (rtoinfo.srto_initial != 0)
                        asoc->rto_initial =
                                msecs_to_jiffies(rtoinfo.srto_initial);
                asoc->rto_max = rto_max;
                asoc->rto_min = rto_min;
        } else {
                /* If there is no association or the association-id = 0
                 * set the values to the endpoint.
                 */
                if (rtoinfo.srto_initial != 0)
                        sp->rtoinfo.srto_initial = rtoinfo.srto_initial;
                sp->rtoinfo.srto_max = rto_max;
                sp->rtoinfo.srto_min = rto_min;
        }

        return 0;
}

/*
 *
 * 7.1.2 SCTP_ASSOCINFO
 *
 * This option is used to tune the maximum retransmission attempts
 * of the association.
 * Returns an error if the new association retransmission value is
 * greater than the sum of the retransmission value  of the peer.
 * See [SCTP] for more information.
 *
 */
static int sctp_setsockopt_associnfo(struct sock *sk, char __user *optval, unsigned int optlen)
{

        struct sctp_assocparams assocparams;
        struct sctp_association *asoc;

        if (optlen != sizeof(struct sctp_assocparams))
                return -EINVAL;
        if (copy_from_user(&assocparams, optval, optlen))
                return -EFAULT;

        asoc = sctp_id2assoc(sk, assocparams.sasoc_assoc_id);

        if (!asoc && assocparams.sasoc_assoc_id && sctp_style(sk, UDP))
                return -EINVAL;

        /* Set the values to the specific association */
        if (asoc) {
                if (assocparams.sasoc_asocmaxrxt != 0) {
                        __u32 path_sum = 0;
                        int   paths = 0;
                        struct sctp_transport *peer_addr;

                        list_for_each_entry(peer_addr, &asoc->peer.transport_addr_list,
                                        transports) {
                                path_sum += peer_addr->pathmaxrxt;
                                paths++;
                        }

                        /* Only validate asocmaxrxt if we have more than
                         * one path/transport.  We do this because path
                         * retransmissions are only counted when we have more
                         * then one path.
                         */
                        if (paths > 1 &&
                            assocparams.sasoc_asocmaxrxt > path_sum)
                                return -EINVAL;

                        asoc->max_retrans = assocparams.sasoc_asocmaxrxt;
                }

                if (assocparams.sasoc_cookie_life != 0)
                        asoc->cookie_life = ms_to_ktime(assocparams.sasoc_cookie_life);
        } else {
                /* Set the values to the endpoint */
                struct sctp_sock *sp = sctp_sk(sk);

                if (assocparams.sasoc_asocmaxrxt != 0)
                        sp->assocparams.sasoc_asocmaxrxt =
                                                assocparams.sasoc_asocmaxrxt;
                if (assocparams.sasoc_cookie_life != 0)
                        sp->assocparams.sasoc_cookie_life =
                                                assocparams.sasoc_cookie_life;
        }
        return 0;
}

/*
 * 7.1.16 Set/clear IPv4 mapped addresses (SCTP_I_WANT_MAPPED_V4_ADDR)
 *
 * This socket option is a boolean flag which turns on or off mapped V4
 * addresses.  If this option is turned on and the socket is type
 * PF_INET6, then IPv4 addresses will be mapped to V6 representation.
 * If this option is turned off, then no mapping will be done of V4
 * addresses and a user will receive both PF_INET6 and PF_INET type
 * addresses on the socket.
 */
static int sctp_setsockopt_mappedv4(struct sock *sk, char __user *optval, unsigned int optlen)
{
        int val;
        struct sctp_sock *sp = sctp_sk(sk);

        if (optlen < sizeof(int))
                return -EINVAL;
        if (get_user(val, (int __user *)optval))
                return -EFAULT;
        if (val)
                sp->v4mapped = 1;
        else
                sp->v4mapped = 0;

        return 0;
}

/*
 * 8.1.16.  Get or Set the Maximum Fragmentation Size (SCTP_MAXSEG)
 * This option will get or set the maximum size to put in any outgoing
 * SCTP DATA chunk.  If a message is larger than this size it will be
 * fragmented by SCTP into the specified size.  Note that the underlying
 * SCTP implementation may fragment into smaller sized chunks when the
 * PMTU of the underlying association is smaller than the value set by
 * the user.  The default value for this option is '0' which indicates
 * the user is NOT limiting fragmentation and only the PMTU will effect
 * SCTP's choice of DATA chunk size.  Note also that values set larger
 * than the maximum size of an IP datagram will effectively let SCTP
 * control fragmentation (i.e. the same as setting this option to 0).
 *
 * The following structure is used to access and modify this parameter:
 *
 * struct sctp_assoc_value {
 *   sctp_assoc_t assoc_id;
 *   uint32_t assoc_value;
 * };
 *
 * assoc_id:  This parameter is ignored for one-to-one style sockets.
 *    For one-to-many style sockets this parameter indicates which
 *    association the user is performing an action upon.  Note that if
 *    this field's value is zero then the endpoints default value is
 *    changed (effecting future associations only).
 * assoc_value:  This parameter specifies the maximum size in bytes.
 */
static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned int optlen)
{
        struct sctp_sock *sp = sctp_sk(sk);
        struct sctp_assoc_value params;
        struct sctp_association *asoc;
        int val;

        if (optlen == sizeof(int)) {
                pr_warn_ratelimited(DEPRECATED
                                    "%s (pid %d) "
                                    "Use of int in maxseg socket option.\n"
                                    "Use struct sctp_assoc_value instead\n",
                                    current->comm, task_pid_nr(current));
                if (copy_from_user(&val, optval, optlen))
                        return -EFAULT;
                params.assoc_id = 0;
        } else if (optlen == sizeof(struct sctp_assoc_value)) {
                if (copy_from_user(&params, optval, optlen))
                        return -EFAULT;
                val = params.assoc_value;
        } else {
                return -EINVAL;
        }

        asoc = sctp_id2assoc(sk, params.assoc_id);

        if (val) {
                int min_len, max_len;
                __u16 datasize = asoc ? sctp_datachk_len(&asoc->stream) :
                                 sizeof(struct sctp_data_chunk);

                min_len = sctp_mtu_payload(sp, SCTP_DEFAULT_MINSEGMENT,
                                           datasize);
                max_len = SCTP_MAX_CHUNK_LEN - datasize;

                if (val < min_len || val > max_len)
                        return -EINVAL;
        }

        if (asoc) {
                asoc->user_frag = val;
                sctp_assoc_update_frag_point(asoc);
        } else {
                if (params.assoc_id && sctp_style(sk, UDP))
                        return -EINVAL;
                sp->user_frag = val;
        }

        return 0;
}


/*
 *  7.1.9 Set Peer Primary Address (SCTP_SET_PEER_PRIMARY_ADDR)
 *
 *   Requests that the peer mark the enclosed address as the association
 *   primary. The enclosed address must be one of the association's
 *   locally bound addresses. The following structure is used to make a
 *   set primary request:
 */
static int sctp_setsockopt_peer_primary_addr(struct sock *sk, char __user *optval,
                                             unsigned int optlen)
{
        struct net *net = sock_net(sk);
        struct sctp_sock        *sp;
        struct sctp_association *asoc = NULL;
        struct sctp_setpeerprim prim;
        struct sctp_chunk       *chunk;
        struct sctp_af          *af;
        int                     err;

        sp = sctp_sk(sk);

        if (!net->sctp.addip_enable)
                return -EPERM;

        if (optlen != sizeof(struct sctp_setpeerprim))
                return -EINVAL;

        if (copy_from_user(&prim, optval, optlen))
                return -EFAULT;

        asoc = sctp_id2assoc(sk, prim.sspp_assoc_id);
        if (!asoc)
                return -EINVAL;

        if (!asoc->peer.asconf_capable)
                return -EPERM;

        if (asoc->peer.addip_disabled_mask & SCTP_PARAM_SET_PRIMARY)
                return -EPERM;

        if (!sctp_state(asoc, ESTABLISHED))
                return -ENOTCONN;

        af = sctp_get_af_specific(prim.sspp_addr.ss_family);
        if (!af)
                return -EINVAL;

        if (!af->addr_valid((union sctp_addr *)&prim.sspp_addr, sp, NULL))
                return -EADDRNOTAVAIL;

        if (!sctp_assoc_lookup_laddr(asoc, (union sctp_addr *)&prim.sspp_addr))
                return -EADDRNOTAVAIL;

        /* Allow security module to validate address. */
        err = security_sctp_bind_connect(sk, SCTP_SET_PEER_PRIMARY_ADDR,
                                         (struct sockaddr *)&prim.sspp_addr,
                                         af->sockaddr_len);
        if (err)
                return err;

        /* Create an ASCONF chunk with SET_PRIMARY parameter    */
        chunk = sctp_make_asconf_set_prim(asoc,
                                          (union sctp_addr *)&prim.sspp_addr);
        if (!chunk)
                return -ENOMEM;

        err = sctp_send_asconf(asoc, chunk);

        pr_debug("%s: we set peer primary addr primitively\n", __func__);

        return err;
}

static int sctp_setsockopt_adaptation_layer(struct sock *sk, char __user *optval,
                                            unsigned int optlen)
{
        struct sctp_setadaptation adaptation;

        if (optlen != sizeof(struct sctp_setadaptation))
                return -EINVAL;
        if (copy_from_user(&adaptation, optval, optlen))
                return -EFAULT;

        sctp_sk(sk)->adaptation_ind = adaptation.ssb_adaptation_ind;

        return 0;
}

/*
 * 7.1.29.  Set or Get the default context (SCTP_CONTEXT)
 *
 * The context field in the sctp_sndrcvinfo structure is normally only
 * used when a failed message is retrieved holding the value that was
 * sent down on the actual send call.  This option allows the setting of
 * a default context on an association basis that will be received on
 * reading messages from the peer.  This is especially helpful in the
 * one-2-many model for an application to keep some reference to an
 * internal state machine that is processing messages on the
 * association.  Note that the setting of this value only effects
 * received messages from the peer and does not effect the value that is
 * saved with outbound messages.
 */
static int sctp_setsockopt_context(struct sock *sk, char __user *optval,
                                   unsigned int optlen)
{
        struct sctp_assoc_value params;
        struct sctp_sock *sp;
        struct sctp_association *asoc;

        if (optlen != sizeof(struct sctp_assoc_value))
                return -EINVAL;
        if (copy_from_user(&params, optval, optlen))
                return -EFAULT;

        sp = sctp_sk(sk);

        if (params.assoc_id != 0) {
                asoc = sctp_id2assoc(sk, params.assoc_id);
                if (!asoc)
                        return -EINVAL;
                asoc->default_rcv_context = params.assoc_value;
        } else {
                sp->default_rcv_context = params.assoc_value;
        }

        return 0;
}

/*
 * 7.1.24.  Get or set fragmented interleave (SCTP_FRAGMENT_INTERLEAVE)
 *
 * This options will at a minimum specify if the implementation is doing
 * fragmented interleave.  Fragmented interleave, for a one to many
 * socket, is when subsequent calls to receive a message may return
 * parts of messages from different associations.  Some implementations
 * may allow you to turn this value on or off.  If so, when turned off,
 * no fragment interleave will occur (which will cause a head of line
 * blocking amongst multiple associations sharing the same one to many
 * socket).  When this option is turned on, then each receive call may
 * come from a different association (thus the user must receive data
 * with the extended calls (e.g. sctp_recvmsg) to keep track of which
 * association each receive belongs to.
 *
 * This option takes a boolean value.  A non-zero value indicates that
 * fragmented interleave is on.  A value of zero indicates that
 * fragmented interleave is off.
 *
 * Note that it is important that an implementation that allows this
 * option to be turned on, have it off by default.  Otherwise an unaware
 * application using the one to many model may become confused and act
 * incorrectly.
 */
static int sctp_setsockopt_fragment_interleave(struct sock *sk,
                                               char __user *optval,
                                               unsigned int optlen)
{
        int val;

        if (optlen != sizeof(int))
                return -EINVAL;
        if (get_user(val, (int __user *)optval))
                return -EFAULT;

        sctp_sk(sk)->frag_interleave = !!val;

        if (!sctp_sk(sk)->frag_interleave)
                sctp_sk(sk)->strm_interleave = 0;

        return 0;
}

/*
 * 8.1.21.  Set or Get the SCTP Partial Delivery Point
 *       (SCTP_PARTIAL_DELIVERY_POINT)
 *
 * This option will set or get the SCTP partial delivery point.  This
 * point is the size of a message where the partial delivery API will be
 * invoked to help free up rwnd space for the peer.  Setting this to a
 * lower value will cause partial deliveries to happen more often.  The
 * calls argument is an integer that sets or gets the partial delivery
 * point.  Note also that the call will fail if the user attempts to set
 * this value larger than the socket receive buffer size.
 *
 * Note that any single message having a length smaller than or equal to
 * the SCTP partial delivery point will be delivered in one single read
 * call as long as the user provided buffer is large enough to hold the
 * message.
 */
static int sctp_setsockopt_partial_delivery_point(struct sock *sk,
                                                  char __user *optval,
                                                  unsigned int optlen)
{
        u32 val;

        if (optlen != sizeof(u32))
                return -EINVAL;
        if (get_user(val, (int __user *)optval))
                return -EFAULT;

        /* Note: We double the receive buffer from what the user sets
         * it to be, also initial rwnd is based on rcvbuf/2.
         */
        if (val > (sk->sk_rcvbuf >> 1))
                return -EINVAL;

        sctp_sk(sk)->pd_point = val;

        return 0; /* is this the right error code? */
}

/*
 * 7.1.28.  Set or Get the maximum burst (SCTP_MAX_BURST)
 *
 * This option will allow a user to change the maximum burst of packets
 * that can be emitted by this association.  Note that the default value
 * is 4, and some implementations may restrict this setting so that it
 * can only be lowered.
 *
 * NOTE: This text doesn't seem right.  Do this on a socket basis with
 * future associations inheriting the socket value.
 */
static int sctp_setsockopt_maxburst(struct sock *sk,
                                    char __user *optval,
                                    unsigned int optlen)
{
        struct sctp_assoc_value params;
        struct sctp_sock *sp;
        struct sctp_association *asoc;
        int val;
        int assoc_id = 0;

        if (optlen == sizeof(int)) {
                pr_warn_ratelimited(DEPRECATED
                                    "%s (pid %d) "
                                    "Use of int in max_burst socket option deprecated.\n"
                                    "Use struct sctp_assoc_value instead\n",
                                    current->comm, task_pid_nr(current));
                if (copy_from_user(&val, optval, optlen))
                        return -EFAULT;
        } else if (optlen == sizeof(struct sctp_assoc_value)) {
                if (copy_from_user(&params, optval, optlen))
                        return -EFAULT;
                val = params.assoc_value;
                assoc_id = params.assoc_id;
        } else
                return -EINVAL;

        sp = sctp_sk(sk);

        if (assoc_id != 0) {
                asoc = sctp_id2assoc(sk, assoc_id);
                if (!asoc)
                        return -EINVAL;
                asoc->max_burst = val;
        } else
                sp->max_burst = val;

        return 0;
}

/*
 * 7.1.18.  Add a chunk that must be authenticated (SCTP_AUTH_CHUNK)
 *
 * This set option adds a chunk type that the user is requesting to be
 * received only in an authenticated way.  Changes to the list of chunks
 * will only effect future associations on the socket.
 */
static int sctp_setsockopt_auth_chunk(struct sock *sk,
                                      char __user *optval,
                                      unsigned int optlen)
{
        struct sctp_endpoint *ep = sctp_sk(sk)->ep;
        struct sctp_authchunk val;

        if (!ep->auth_enable)
                return -EACCES;

        if (optlen != sizeof(struct sctp_authchunk))
                return -EINVAL;
        if (copy_from_user(&val, optval, optlen))
                return -EFAULT;

        switch (val.sauth_chunk) {
        case SCTP_CID_INIT:
        case SCTP_CID_INIT_ACK:
        case SCTP_CID_SHUTDOWN_COMPLETE:
        case SCTP_CID_AUTH:
                return -EINVAL;
        }

        /* add this chunk id to the endpoint */
        return sctp_auth_ep_add_chunkid(ep, val.sauth_chunk);
}

/*
 * 7.1.19.  Get or set the list of supported HMAC Identifiers (SCTP_HMAC_IDENT)
 *
 * This option gets or sets the list of HMAC algorithms that the local
 * endpoint requires the peer to use.
 */
static int sctp_setsockopt_hmac_ident(struct sock *sk,
                                      char __user *optval,
                                      unsigned int optlen)
{
        struct sctp_endpoint *ep = sctp_sk(sk)->ep;
        struct sctp_hmacalgo *hmacs;
        u32 idents;
        int err;

        if (!ep->auth_enable)
                return -EACCES;

        if (optlen < sizeof(struct sctp_hmacalgo))
                return -EINVAL;
        optlen = min_t(unsigned int, optlen, sizeof(struct sctp_hmacalgo) +
                                             SCTP_AUTH_NUM_HMACS * sizeof(u16));

        hmacs = memdup_user(optval, optlen);
        if (IS_ERR(hmacs))
                return PTR_ERR(hmacs);

        idents = hmacs->shmac_num_idents;
        if (idents == 0 || idents > SCTP_AUTH_NUM_HMACS ||
            (idents * sizeof(u16)) > (optlen - sizeof(struct sctp_hmacalgo))) {
                err = -EINVAL;
                goto out;
        }

        err = sctp_auth_ep_set_hmacs(ep, hmacs);
out:
        kfree(hmacs);
        return err;
}

/*
 * 7.1.20.  Set a shared key (SCTP_AUTH_KEY)
 *
 * This option will set a shared secret key which is used to build an
 * association shared key.
 */
static int sctp_setsockopt_auth_key(struct sock *sk,
                                    char __user *optval,
                                    unsigned int optlen)
{
        struct sctp_endpoint *ep = sctp_sk(sk)->ep;
        struct sctp_authkey *authkey;
        struct sctp_association *asoc;
        int ret;

        if (!ep->auth_enable)
                return -EACCES;

        if (optlen <= sizeof(struct sctp_authkey))
                return -EINVAL;
        /* authkey->sca_keylength is u16, so optlen can't be bigger than
         * this.
         */
        optlen = min_t(unsigned int, optlen, USHRT_MAX +
                                             sizeof(struct sctp_authkey));

        authkey = memdup_user(optval, optlen);
        if (IS_ERR(authkey))
                return PTR_ERR(authkey);

        if (authkey->sca_keylength > optlen - sizeof(struct sctp_authkey)) {
                ret = -EINVAL;
                goto out;
        }

        asoc = sctp_id2assoc(sk, authkey->sca_assoc_id);
        if (!asoc && authkey->sca_assoc_id && sctp_style(sk, UDP)) {
                ret = -EINVAL;
                goto out;
        }

        ret = sctp_auth_set_key(ep, asoc, authkey);
out:
        kzfree(authkey);
        return ret;
}

/*
 * 7.1.21.  Get or set the active shared key (SCTP_AUTH_ACTIVE_KEY)
 *
 * This option will get or set the active shared key to be used to build
 * the association shared key.
 */
static int sctp_setsockopt_active_key(struct sock *sk,
                                      char __user *optval,
                                      unsigned int optlen)
{
        struct sctp_endpoint *ep = sctp_sk(sk)->ep;
        struct sctp_authkeyid val;
        struct sctp_association *asoc;

        if (!ep->auth_enable)
                return -EACCES;

        if (optlen != sizeof(struct sctp_authkeyid))
                return -EINVAL;
        if (copy_from_user(&val, optval, optlen))
                return -EFAULT;

        asoc = sctp_id2assoc(sk, val.scact_assoc_id);
        if (!asoc && val.scact_assoc_id && sctp_style(sk, UDP))
                return -EINVAL;

        return sctp_auth_set_active_key(ep, asoc, val.scact_keynumber);
}

/*
 * 7.1.22.  Delete a shared key (SCTP_AUTH_DELETE_KEY)
 *
 * This set option will delete a shared secret key from use.
 */
static int sctp_setsockopt_del_key(struct sock *sk,
                                   char __user *optval,
                                   unsigned int optlen)
{
        struct sctp_endpoint *ep = sctp_sk(sk)->ep;
        struct sctp_authkeyid val;
        struct sctp_association *asoc;

        if (!ep->auth_enable)
                return -EACCES;

        if (optlen != sizeof(struct sctp_authkeyid))
                return -EINVAL;
        if (copy_from_user(&val, optval, optlen))
                return -EFAULT;

        asoc = sctp_id2assoc(sk, val.scact_assoc_id);
        if (!asoc && val.scact_assoc_id && sctp_style(sk, UDP))
                return -EINVAL;

        return sctp_auth_del_key_id(ep, asoc, val.scact_keynumber);

}

/*
 * 8.3.4  Deactivate a Shared Key (SCTP_AUTH_DEACTIVATE_KEY)
 *
 * This set option will deactivate a shared secret key.
 */
static int sctp_setsockopt_deactivate_key(struct sock *sk, char __user *optval,
                                          unsigned int optlen)
{
        struct sctp_endpoint *ep = sctp_sk(sk)->ep;
        struct sctp_authkeyid val;
        struct sctp_association *asoc;

        if (!ep->auth_enable)
                return -EACCES;

        if (optlen != sizeof(struct sctp_authkeyid))
                return -EINVAL;
        if (copy_from_user(&val, optval, optlen))
                return -EFAULT;

        asoc = sctp_id2assoc(sk, val.scact_assoc_id);
        if (!asoc && val.scact_assoc_id && sctp_style(sk, UDP))
                return -EINVAL;

        return sctp_auth_deact_key_id(ep, asoc, val.scact_keynumber);
}

/*
 * 8.1.23 SCTP_AUTO_ASCONF
 *
 * This option will enable or disable the use of the automatic generation of
 * ASCONF chunks to add and delete addresses to an existing association.  Note
 * that this option has two caveats namely: a) it only affects sockets that
 * are bound to all addresses available to the SCTP stack, and b) the system
 * administrator may have an overriding control that turns the ASCONF feature
 * off no matter what setting the socket option may have.
 * This option expects an integer boolean flag, where a non-zero value turns on
 * the option, and a zero value turns off the option.
 * Note. In this implementation, socket operation overrides default parameter
 * being set by sysctl as well as FreeBSD implementation
 */
static int sctp_setsockopt_auto_asconf(struct sock *sk, char __user *optval,
                                        unsigned int optlen)
{
        int val;
        struct sctp_sock *sp = sctp_sk(sk);

        if (optlen < sizeof(int))
                return -EINVAL;
        if (get_user(val, (int __user *)optval))
                return -EFAULT;
        if (!sctp_is_ep_boundall(sk) && val)
                return -EINVAL;
        if ((val && sp->do_auto_asconf) || (!val && !sp->do_auto_asconf))
                return 0;

        spin_lock_bh(&sock_net(sk)->sctp.addr_wq_lock);
        if (val == 0 && sp->do_auto_asconf) {
                list_del(&sp->auto_asconf_list);
                sp->do_auto_asconf = 0;
        } else if (val && !sp->do_auto_asconf) {
                list_add_tail(&sp->auto_asconf_list,
                    &sock_net(sk)->sctp.auto_asconf_splist);
                sp->do_auto_asconf = 1;
        }
        spin_unlock_bh(&sock_net(sk)->sctp.addr_wq_lock);
        return 0;
}

/*
 * SCTP_PEER_ADDR_THLDS
 *
 * This option allows us to alter the partially failed threshold for one or all
 * transports in an association.  See Section 6.1 of:
 * http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
 */
static int sctp_setsockopt_paddr_thresholds(struct sock *sk,
                                            char __user *optval,
                                            unsigned int optlen)
{
        struct sctp_paddrthlds val;
        struct sctp_transport *trans;
        struct sctp_association *asoc;

        if (optlen < sizeof(struct sctp_paddrthlds))
                return -EINVAL;
        if (copy_from_user(&val, (struct sctp_paddrthlds __user *)optval,
                           sizeof(struct sctp_paddrthlds)))
                return -EFAULT;


        if (sctp_is_any(sk, (const union sctp_addr *)&val.spt_address)) {
                asoc = sctp_id2assoc(sk, val.spt_assoc_id);
                if (!asoc)
                        return -ENOENT;
                list_for_each_entry(trans, &asoc->peer.transport_addr_list,
                                    transports) {
                        if (val.spt_pathmaxrxt)
                                trans->pathmaxrxt = val.spt_pathmaxrxt;
                        trans->pf_retrans = val.spt_pathpfthld;
                }

                if (val.spt_pathmaxrxt)
                        asoc->pathmaxrxt = val.spt_pathmaxrxt;
                asoc->pf_retrans = val.spt_pathpfthld;
        } else {
                trans = sctp_addr_id2transport(sk, &val.spt_address,
                                               val.spt_assoc_id);
                if (!trans)
                        return -ENOENT;

                if (val.spt_pathmaxrxt)
                        trans->pathmaxrxt = val.spt_pathmaxrxt;
                trans->pf_retrans = val.spt_pathpfthld;
        }

        return 0;
}

static int sctp_setsockopt_recvrcvinfo(struct sock *sk,
                                       char __user *optval,
                                       unsigned int optlen)
{
        int val;

        if (optlen < sizeof(int))
                return -EINVAL;
        if (get_user(val, (int __user *) optval))
                return -EFAULT;

        sctp_sk(sk)->recvrcvinfo = (val == 0) ? 0 : 1;

        return 0;
}

static int sctp_setsockopt_recvnxtinfo(struct sock *sk,
                                       char __user *optval,
                                       unsigned int optlen)
{
        int val;

        if (optlen < sizeof(int))
                return -EINVAL;
        if (get_user(val, (int __user *) optval))
                return -EFAULT;

        sctp_sk(sk)->recvnxtinfo = (val == 0) ? 0 : 1;

        return 0;
}

static int sctp_setsockopt_pr_supported(struct sock *sk,
                                        char __user *optval,
                                        unsigned int optlen)
{
        struct sctp_assoc_value params;
        struct sctp_association *asoc;
        int retval = -EINVAL;

        if (optlen != sizeof(params))
                goto out;

        if (copy_from_user(&params, optval, optlen)) {
                retval = -EFAULT;
                goto out;
        }

        asoc = sctp_id2assoc(sk, params.assoc_id);
        if (asoc) {
                asoc->prsctp_enable = !!params.assoc_value;
        } else if (!params.assoc_id) {
                struct sctp_sock *sp = sctp_sk(sk);

                sp->ep->prsctp_enable = !!params.assoc_value;
        } else {
                goto out;
        }

        retval = 0;

out:
        return retval;
}

static int sctp_setsockopt_default_prinfo(struct sock *sk,
                                          char __user *optval,
                                          unsigned int optlen)
{
        struct sctp_default_prinfo info;
        struct sctp_association *asoc;
        int retval = -EINVAL;

        if (optlen != sizeof(info))
                goto out;

        if (copy_from_user(&info, optval, sizeof(info))) {