linux/net/socket.c
<<
>>
Prefs 
   1/*
   2 * NET          An implementation of the SOCKET network access protocol.
   3 *
   4 * Version:     @(#)socket.c    1.1.93  18/02/95
   5 *
   6 * Authors:     Orest Zborowski, <obz@Kodak.COM>
   7 *              Ross Biro
   8 *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
   9 *
  10 * Fixes:
  11 *              Anonymous       :       NOTSOCK/BADF cleanup. Error fix in
  12 *                                      shutdown()
  13 *              Alan Cox        :       verify_area() fixes
  14 *              Alan Cox        :       Removed DDI
  15 *              Jonathan Kamens :       SOCK_DGRAM reconnect bug
  16 *              Alan Cox        :       Moved a load of checks to the very
  17 *                                      top level.
  18 *              Alan Cox        :       Move address structures to/from user
  19 *                                      mode above the protocol layers.
  20 *              Rob Janssen     :       Allow 0 length sends.
  21 *              Alan Cox        :       Asynchronous I/O support (cribbed from the
  22 *                                      tty drivers).
  23 *              Niibe Yutaka    :       Asynchronous I/O for writes (4.4BSD style)
  24 *              Jeff Uphoff     :       Made max number of sockets command-line
  25 *                                      configurable.
  26 *              Matti Aarnio    :       Made the number of sockets dynamic,
  27 *                                      to be allocated when needed, and mr.
  28 *                                      Uphoff's max is used as max to be
  29 *                                      allowed to allocate.
  30 *              Linus           :       Argh. removed all the socket allocation
  31 *                                      altogether: it's in the inode now.
  32 *              Alan Cox        :       Made sock_alloc()/sock_release() public
  33 *                                      for NetROM and future kernel nfsd type
  34 *                                      stuff.
  35 *              Alan Cox        :       sendmsg/recvmsg basics.
  36 *              Tom Dyas        :       Export net symbols.
  37 *              Marcin Dalecki  :       Fixed problems with CONFIG_NET="n".
  38 *              Alan Cox        :       Added thread locking to sys_* calls
  39 *                                      for sockets. May have errors at the
  40 *                                      moment.
  41 *              Kevin Buhr      :       Fixed the dumb errors in the above.
  42 *              Andi Kleen      :       Some small cleanups, optimizations,
  43 *                                      and fixed a copy_from_user() bug.
  44 *              Tigran Aivazian :       sys_send(args) calls sys_sendto(args, NULL, 0)
  45 *              Tigran Aivazian :       Made listen(2) backlog sanity checks
  46 *                                      protocol-independent
  47 *
  48 *
  49 *              This program is free software; you can redistribute it and/or
  50 *              modify it under the terms of the GNU General Public License
  51 *              as published by the Free Software Foundation; either version
  52 *              2 of the License, or (at your option) any later version.
  53 *
  54 *
  55 *      This module is effectively the top level interface to the BSD socket
  56 *      paradigm.
  57 *
  58 *      Based upon Swansea University Computer Society NET3.039
  59 */
  60
  61#include <linux/mm.h>
  62#include <linux/socket.h>
  63#include <linux/file.h>
  64#include <linux/net.h>
  65#include <linux/interrupt.h>
  66#include <linux/thread_info.h>
  67#include <linux/rcupdate.h>
  68#include <linux/netdevice.h>
  69#include <linux/proc_fs.h>
  70#include <linux/seq_file.h>
  71#include <linux/mutex.h>
  72#include <linux/if_bridge.h>
  73#include <linux/if_frad.h>
  74#include <linux/if_vlan.h>
  75#include <linux/ptp_classify.h>
  76#include <linux/init.h>
  77#include <linux/poll.h>
  78#include <linux/cache.h>
  79#include <linux/module.h>
  80#include <linux/highmem.h>
  81#include <linux/mount.h>
  82#include <linux/security.h>
  83#include <linux/syscalls.h>
  84#include <linux/compat.h>
  85#include <linux/kmod.h>
  86#include <linux/audit.h>
  87#include <linux/wireless.h>
  88#include <linux/nsproxy.h>
  89#include <linux/magic.h>
  90#include <linux/slab.h>
  91#include <linux/xattr.h>
  92#include <linux/nospec.h>
  93
  94#include <linux/uaccess.h>
  95#include <asm/unistd.h>
  96
  97#include <net/compat.h>
  98#include <net/wext.h>
  99#include <net/cls_cgroup.h>
 100
 101#include <net/sock.h>
 102#include <linux/netfilter.h>
 103
 104#include <linux/if_tun.h>
 105#include <linux/ipv6_route.h>
 106#include <linux/route.h>
 107#include <linux/sockios.h>
 108#include <net/busy_poll.h>
 109#include <linux/errqueue.h>
 110
 111#ifdef CONFIG_NET_RX_BUSY_POLL
 112unsigned int sysctl_net_busy_read __read_mostly;
 113unsigned int sysctl_net_busy_poll __read_mostly;
 114#endif
 115
 116static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
 117static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
 118static int sock_mmap(struct file *file, struct vm_area_struct *vma);
 119
 120static int sock_close(struct inode *inode, struct file *file);
 121static __poll_t sock_poll(struct file *file,
 122                              struct poll_table_struct *wait);
 123static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
 124#ifdef CONFIG_COMPAT
 125static long compat_sock_ioctl(struct file *file,
 126                              unsigned int cmd, unsigned long arg);
 127#endif
 128static int sock_fasync(int fd, struct file *filp, int on);
 129static ssize_t sock_sendpage(struct file *file, struct page *page,
 130                             int offset, size_t size, loff_t *ppos, int more);
 131static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
 132                                struct pipe_inode_info *pipe, size_t len,
 133                                unsigned int flags);
 134
 135/*
 136 *      Socket files have a set of 'special' operations as well as the generic file ones. These don't appear
 137 *      in the operation structures but are done directly via the socketcall() multiplexor.
 138 */
 139
 140static const struct file_operations socket_file_ops = {
 141        .owner =        THIS_MODULE,
 142        .llseek =       no_llseek,
 143        .read_iter =    sock_read_iter,
 144        .write_iter =   sock_write_iter,
 145        .poll =         sock_poll,
 146        .unlocked_ioctl = sock_ioctl,
 147#ifdef CONFIG_COMPAT
 148        .compat_ioctl = compat_sock_ioctl,
 149#endif
 150        .mmap =         sock_mmap,
 151        .release =      sock_close,
 152        .fasync =       sock_fasync,
 153        .sendpage =     sock_sendpage,
 154        .splice_write = generic_splice_sendpage,
 155        .splice_read =  sock_splice_read,
 156};
 157
 158/*
 159 *      The protocol list. Each protocol is registered in here.
 160 */
 161
 162static DEFINE_SPINLOCK(net_family_lock);
 163static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
 164
 165/*
 166 * Support routines.
 167 * Move socket addresses back and forth across the kernel/user
 168 * divide and look after the messy bits.
 169 */
 170
 171/**
 172 *      move_addr_to_kernel     -       copy a socket address into kernel space
 173 *      @uaddr: Address in user space
 174 *      @kaddr: Address in kernel space
 175 *      @ulen: Length in user space
 176 *
 177 *      The address is copied into kernel space. If the provided address is
 178 *      too long an error code of -EINVAL is returned. If the copy gives
 179 *      invalid addresses -EFAULT is returned. On a success 0 is returned.
 180 */
 181
 182int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
 183{
 184        if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
 185                return -EINVAL;
 186        if (ulen == 0)
 187                return 0;
 188        if (copy_from_user(kaddr, uaddr, ulen))
 189                return -EFAULT;
 190        return audit_sockaddr(ulen, kaddr);
 191}
 192
 193/**
 194 *      move_addr_to_user       -       copy an address to user space
 195 *      @kaddr: kernel space address
 196 *      @klen: length of address in kernel
 197 *      @uaddr: user space address
 198 *      @ulen: pointer to user length field
 199 *
 200 *      The value pointed to by ulen on entry is the buffer length available.
 201 *      This is overwritten with the buffer space used. -EINVAL is returned
 202 *      if an overlong buffer is specified or a negative buffer size. -EFAULT
 203 *      is returned if either the buffer or the length field are not
 204 *      accessible.
 205 *      After copying the data up to the limit the user specifies, the true
 206 *      length of the data is written over the length limit the user
 207 *      specified. Zero is returned for a success.
 208 */
 209
 210static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
 211                             void __user *uaddr, int __user *ulen)
 212{
 213        int err;
 214        int len;
 215
 216        BUG_ON(klen > sizeof(struct sockaddr_storage));
 217        err = get_user(len, ulen);
 218        if (err)
 219                return err;
 220        if (len > klen)
 221                len = klen;
 222        if (len < 0)
 223                return -EINVAL;
 224        if (len) {
 225                if (audit_sockaddr(klen, kaddr))
 226                        return -ENOMEM;
 227                if (copy_to_user(uaddr, kaddr, len))
 228                        return -EFAULT;
 229        }
 230        /*
 231         *      "fromlen shall refer to the value before truncation.."
 232         *                      1003.1g
 233         */
 234        return __put_user(klen, ulen);
 235}
 236
 237static struct kmem_cache *sock_inode_cachep __ro_after_init;
 238
 239static struct inode *sock_alloc_inode(struct super_block *sb)
 240{
 241        struct socket_alloc *ei;
 242        struct socket_wq *wq;
 243
 244        ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
 245        if (!ei)
 246                return NULL;
 247        wq = kmalloc(sizeof(*wq), GFP_KERNEL);
 248        if (!wq) {
 249                kmem_cache_free(sock_inode_cachep, ei);
 250                return NULL;
 251        }
 252        init_waitqueue_head(&wq->wait);
 253        wq->fasync_list = NULL;
 254        wq->flags = 0;
 255        ei->socket.wq = wq;
 256
 257        ei->socket.state = SS_UNCONNECTED;
 258        ei->socket.flags = 0;
 259        ei->socket.ops = NULL;
 260        ei->socket.sk = NULL;
 261        ei->socket.file = NULL;
 262
 263        return &ei->vfs_inode;
 264}
 265
 266static void sock_destroy_inode(struct inode *inode)
 267{
 268        struct socket_alloc *ei;
 269
 270        ei = container_of(inode, struct socket_alloc, vfs_inode);
 271        kfree_rcu(ei->socket.wq, rcu);
 272        kmem_cache_free(sock_inode_cachep, ei);
 273}
 274
 275static void init_once(void *foo)
 276{
 277        struct socket_alloc *ei = (struct socket_alloc *)foo;
 278
 279        inode_init_once(&ei->vfs_inode);
 280}
 281
 282static void init_inodecache(void)
 283{
 284        sock_inode_cachep = kmem_cache_create("sock_inode_cache",
 285                                              sizeof(struct socket_alloc),
 286                                              0,
 287                                              (SLAB_HWCACHE_ALIGN |
 288                                               SLAB_RECLAIM_ACCOUNT |
 289                                               SLAB_MEM_SPREAD | SLAB_ACCOUNT),
 290                                              init_once);
 291        BUG_ON(sock_inode_cachep == NULL);
 292}
 293
 294static const struct super_operations sockfs_ops = {
 295        .alloc_inode    = sock_alloc_inode,
 296        .destroy_inode  = sock_destroy_inode,
 297        .statfs         = simple_statfs,
 298};
 299
 300/*
 301 * sockfs_dname() is called from d_path().
 302 */
 303static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
 304{
 305        return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
 306                                d_inode(dentry)->i_ino);
 307}
 308
 309static const struct dentry_operations sockfs_dentry_operations = {
 310        .d_dname  = sockfs_dname,
 311};
 312
 313static int sockfs_xattr_get(const struct xattr_handler *handler,
 314                            struct dentry *dentry, struct inode *inode,
 315                            const char *suffix, void *value, size_t size)
 316{
 317        if (value) {
 318                if (dentry->d_name.len + 1 > size)
 319                        return -ERANGE;
 320                memcpy(value, dentry->d_name.name, dentry->d_name.len + 1);
 321        }
 322        return dentry->d_name.len + 1;
 323}
 324
 325#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
 326#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
 327#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
 328
 329static const struct xattr_handler sockfs_xattr_handler = {
 330        .name = XATTR_NAME_SOCKPROTONAME,
 331        .get = sockfs_xattr_get,
 332};
 333
 334static int sockfs_security_xattr_set(const struct xattr_handler *handler,
 335                                     struct dentry *dentry, struct inode *inode,
 336                                     const char *suffix, const void *value,
 337                                     size_t size, int flags)
 338{
 339        /* Handled by LSM. */
 340        return -EAGAIN;
 341}
 342
 343static const struct xattr_handler sockfs_security_xattr_handler = {
 344        .prefix = XATTR_SECURITY_PREFIX,
 345        .set = sockfs_security_xattr_set,
 346};
 347
 348static const struct xattr_handler *sockfs_xattr_handlers[] = {
 349        &sockfs_xattr_handler,
 350        &sockfs_security_xattr_handler,
 351        NULL
 352};
 353
 354static struct dentry *sockfs_mount(struct file_system_type *fs_type,
 355                         int flags, const char *dev_name, void *data)
 356{
 357        return mount_pseudo_xattr(fs_type, "socket:", &sockfs_ops,
 358                                  sockfs_xattr_handlers,
 359                                  &sockfs_dentry_operations, SOCKFS_MAGIC);
 360}
 361
 362static struct vfsmount *sock_mnt __read_mostly;
 363
 364static struct file_system_type sock_fs_type = {
 365        .name =         "sockfs",
 366        .mount =        sockfs_mount,
 367        .kill_sb =      kill_anon_super,
 368};
 369
 370/*
 371 *      Obtains the first available file descriptor and sets it up for use.
 372 *
 373 *      These functions create file structures and maps them to fd space
 374 *      of the current process. On success it returns file descriptor
 375 *      and file struct implicitly stored in sock->file.
 376 *      Note that another thread may close file descriptor before we return
 377 *      from this function. We use the fact that now we do not refer
 378 *      to socket after mapping. If one day we will need it, this
 379 *      function will increment ref. count on file by 1.
 380 *
 381 *      In any case returned fd MAY BE not valid!
 382 *      This race condition is unavoidable
 383 *      with shared fd spaces, we cannot solve it inside kernel,
 384 *      but we take care of internal coherence yet.
 385 */
 386
 387/**
 388 *      sock_alloc_file - Bind a &socket to a &file
 389 *      @sock: socket
 390 *      @flags: file status flags
 391 *      @dname: protocol name
 392 *
 393 *      Returns the &file bound with @sock, implicitly storing it
 394 *      in sock->file. If dname is %NULL, sets to "".
 395 *      On failure the return is a ERR pointer (see linux/err.h).
 396 *      This function uses GFP_KERNEL internally.
 397 */
 398
 399struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
 400{
 401        struct file *file;
 402
 403        if (!dname)
 404                dname = sock->sk ? sock->sk->sk_prot_creator->name : "";
 405
 406        file = alloc_file_pseudo(SOCK_INODE(sock), sock_mnt, dname,
 407                                O_RDWR | (flags & O_NONBLOCK),
 408                                &socket_file_ops);
 409        if (IS_ERR(file)) {
 410                sock_release(sock);
 411                return file;
 412        }
 413
 414        sock->file = file;
 415        file->private_data = sock;
 416        return file;
 417}
 418EXPORT_SYMBOL(sock_alloc_file);
 419
 420static int sock_map_fd(struct socket *sock, int flags)
 421{
 422        struct file *newfile;
 423        int fd = get_unused_fd_flags(flags);
 424        if (unlikely(fd < 0)) {
 425                sock_release(sock);
 426                return fd;
 427        }
 428
 429        newfile = sock_alloc_file(sock, flags, NULL);
 430        if (likely(!IS_ERR(newfile))) {
 431                fd_install(fd, newfile);
 432                return fd;
 433        }
 434
 435        put_unused_fd(fd);
 436        return PTR_ERR(newfile);
 437}
 438
 439/**
 440 *      sock_from_file - Return the &socket bounded to @file.
 441 *      @file: file
 442 *      @err: pointer to an error code return
 443 *
 444 *      On failure returns %NULL and assigns -ENOTSOCK to @err.
 445 */
 446
 447struct socket *sock_from_file(struct file *file, int *err)
 448{
 449        if (file->f_op == &socket_file_ops)
 450                return file->private_data;      /* set in sock_map_fd */
 451
 452        *err = -ENOTSOCK;
 453        return NULL;
 454}
 455EXPORT_SYMBOL(sock_from_file);
 456
 457/**
 458 *      sockfd_lookup - Go from a file number to its socket slot
 459 *      @fd: file handle
 460 *      @err: pointer to an error code return
 461 *
 462 *      The file handle passed in is locked and the socket it is bound
 463 *      to is returned. If an error occurs the err pointer is overwritten
 464 *      with a negative errno code and NULL is returned. The function checks
 465 *      for both invalid handles and passing a handle which is not a socket.
 466 *
 467 *      On a success the socket object pointer is returned.
 468 */
 469
 470struct socket *sockfd_lookup(int fd, int *err)
 471{
 472        struct file *file;
 473        struct socket *sock;
 474
 475        file = fget(fd);
 476        if (!file) {
 477                *err = -EBADF;
 478                return NULL;
 479        }
 480
 481        sock = sock_from_file(file, err);
 482        if (!sock)
 483                fput(file);
 484        return sock;
 485}
 486EXPORT_SYMBOL(sockfd_lookup);
 487
 488static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
 489{
 490        struct fd f = fdget(fd);
 491        struct socket *sock;
 492
 493        *err = -EBADF;
 494        if (f.file) {
 495                sock = sock_from_file(f.file, err);
 496                if (likely(sock)) {
 497                        *fput_needed = f.flags;
 498                        return sock;
 499                }
 500                fdput(f);
 501        }
 502        return NULL;
 503}
 504
 505static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
 506                                size_t size)
 507{
 508        ssize_t len;
 509        ssize_t used = 0;
 510
 511        len = security_inode_listsecurity(d_inode(dentry), buffer, size);
 512        if (len < 0)
 513                return len;
 514        used += len;
 515        if (buffer) {
 516                if (size < used)
 517                        return -ERANGE;
 518                buffer += len;
 519        }
 520
 521        len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
 522        used += len;
 523        if (buffer) {
 524                if (size < used)
 525                        return -ERANGE;
 526                memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
 527                buffer += len;
 528        }
 529
 530        return used;
 531}
 532
 533static int sockfs_setattr(struct dentry *dentry, struct iattr *iattr)
 534{
 535        int err = simple_setattr(dentry, iattr);
 536
 537        if (!err && (iattr->ia_valid & ATTR_UID)) {
 538                struct socket *sock = SOCKET_I(d_inode(dentry));
 539
 540                if (sock->sk)
 541                        sock->sk->sk_uid = iattr->ia_uid;
 542                else
 543                        err = -ENOENT;
 544        }
 545
 546        return err;
 547}
 548
 549static const struct inode_operations sockfs_inode_ops = {
 550        .listxattr = sockfs_listxattr,
 551        .setattr = sockfs_setattr,
 552};
 553
 554/**
 555 *      sock_alloc - allocate a socket
 556 *
 557 *      Allocate a new inode and socket object. The two are bound together
 558 *      and initialised. The socket is then returned. If we are out of inodes
 559 *      NULL is returned. This functions uses GFP_KERNEL internally.
 560 */
 561
 562struct socket *sock_alloc(void)
 563{
 564        struct inode *inode;
 565        struct socket *sock;
 566
 567        inode = new_inode_pseudo(sock_mnt->mnt_sb);
 568        if (!inode)
 569                return NULL;
 570
 571        sock = SOCKET_I(inode);
 572
 573        inode->i_ino = get_next_ino();
 574        inode->i_mode = S_IFSOCK | S_IRWXUGO;
 575        inode->i_uid = current_fsuid();
 576        inode->i_gid = current_fsgid();
 577        inode->i_op = &sockfs_inode_ops;
 578
 579        return sock;
 580}
 581EXPORT_SYMBOL(sock_alloc);
 582
 583/**
 584 *      sock_release - close a socket
 585 *      @sock: socket to close
 586 *
 587 *      The socket is released from the protocol stack if it has a release
 588 *      callback, and the inode is then released if the socket is bound to
 589 *      an inode not a file.
 590 */
 591
 592static void __sock_release(struct socket *sock, struct inode *inode)
 593{
 594        if (sock->ops) {
 595                struct module *owner = sock->ops->owner;
 596
 597                if (inode)
 598                        inode_lock(inode);
 599                sock->ops->release(sock);
 600                sock->sk = NULL;
 601                if (inode)
 602                        inode_unlock(inode);
 603                sock->ops = NULL;
 604                module_put(owner);
 605        }
 606
 607        if (sock->wq->fasync_list)
 608                pr_err("%s: fasync list not empty!\n", __func__);
 609
 610        if (!sock->file) {
 611                iput(SOCK_INODE(sock));
 612                return;
 613        }
 614        sock->file = NULL;
 615}
 616
 617void sock_release(struct socket *sock)
 618{
 619        __sock_release(sock, NULL);
 620}
 621EXPORT_SYMBOL(sock_release);
 622
 623void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags)
 624{
 625        u8 flags = *tx_flags;
 626
 627        if (tsflags & SOF_TIMESTAMPING_TX_HARDWARE)
 628                flags |= SKBTX_HW_TSTAMP;
 629
 630        if (tsflags & SOF_TIMESTAMPING_TX_SOFTWARE)
 631                flags |= SKBTX_SW_TSTAMP;
 632
 633        if (tsflags & SOF_TIMESTAMPING_TX_SCHED)
 634                flags |= SKBTX_SCHED_TSTAMP;
 635
 636        *tx_flags = flags;
 637}
 638EXPORT_SYMBOL(__sock_tx_timestamp);
 639
 640/**
 641 *      sock_sendmsg - send a message through @sock
 642 *      @sock: socket
 643 *      @msg: message to send
 644 *
 645 *      Sends @msg through @sock, passing through LSM.
 646 *      Returns the number of bytes sent, or an error code.
 647 */
 648
 649static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
 650{
 651        int ret = sock->ops->sendmsg(sock, msg, msg_data_left(msg));
 652        BUG_ON(ret == -EIOCBQUEUED);
 653        return ret;
 654}
 655
 656int sock_sendmsg(struct socket *sock, struct msghdr *msg)
 657{
 658        int err = security_socket_sendmsg(sock, msg,
 659                                          msg_data_left(msg));
 660
 661        return err ?: sock_sendmsg_nosec(sock, msg);
 662}
 663EXPORT_SYMBOL(sock_sendmsg);
 664
 665/**
 666 *      kernel_sendmsg - send a message through @sock (kernel-space)
 667 *      @sock: socket
 668 *      @msg: message header
 669 *      @vec: kernel vec
 670 *      @num: vec array length
 671 *      @size: total message data size
 672 *
 673 *      Builds the message data with @vec and sends it through @sock.
 674 *      Returns the number of bytes sent, or an error code.
 675 */
 676
 677int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
 678                   struct kvec *vec, size_t num, size_t size)
 679{
 680        iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
 681        return sock_sendmsg(sock, msg);
 682}
 683EXPORT_SYMBOL(kernel_sendmsg);
 684
 685/**
 686 *      kernel_sendmsg_locked - send a message through @sock (kernel-space)
 687 *      @sk: sock
 688 *      @msg: message header
 689 *      @vec: output s/g array
 690 *      @num: output s/g array length
 691 *      @size: total message data size
 692 *
 693 *      Builds the message data with @vec and sends it through @sock.
 694 *      Returns the number of bytes sent, or an error code.
 695 *      Caller must hold @sk.
 696 */
 697
 698int kernel_sendmsg_locked(struct sock *sk, struct msghdr *msg,
 699                          struct kvec *vec, size_t num, size_t size)
 700{
 701        struct socket *sock = sk->sk_socket;
 702
 703        if (!sock->ops->sendmsg_locked)
 704                return sock_no_sendmsg_locked(sk, msg, size);
 705
 706        iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
 707
 708        return sock->ops->sendmsg_locked(sk, msg, msg_data_left(msg));
 709}
 710EXPORT_SYMBOL(kernel_sendmsg_locked);
 711
 712static bool skb_is_err_queue(const struct sk_buff *skb)
 713{
 714        /* pkt_type of skbs enqueued on the error queue are set to
 715         * PACKET_OUTGOING in skb_set_err_queue(). This is only safe to do
 716         * in recvmsg, since skbs received on a local socket will never
 717         * have a pkt_type of PACKET_OUTGOING.
 718         */
 719        return skb->pkt_type == PACKET_OUTGOING;
 720}
 721
 722/* On transmit, software and hardware timestamps are returned independently.
 723 * As the two skb clones share the hardware timestamp, which may be updated
 724 * before the software timestamp is received, a hardware TX timestamp may be
 725 * returned only if there is no software TX timestamp. Ignore false software
 726 * timestamps, which may be made in the __sock_recv_timestamp() call when the
 727 * option SO_TIMESTAMP_OLD(NS) is enabled on the socket, even when the skb has a
 728 * hardware timestamp.
 729 */
 730static bool skb_is_swtx_tstamp(const struct sk_buff *skb, int false_tstamp)
 731{
 732        return skb->tstamp && !false_tstamp && skb_is_err_queue(skb);
 733}
 734
 735static void put_ts_pktinfo(struct msghdr *msg, struct sk_buff *skb)
 736{
 737        struct scm_ts_pktinfo ts_pktinfo;
 738        struct net_device *orig_dev;
 739
 740        if (!skb_mac_header_was_set(skb))
 741                return;
 742
 743        memset(&ts_pktinfo, 0, sizeof(ts_pktinfo));
 744
 745        rcu_read_lock();
 746        orig_dev = dev_get_by_napi_id(skb_napi_id(skb));
 747        if (orig_dev)
 748                ts_pktinfo.if_index = orig_dev->ifindex;
 749        rcu_read_unlock();
 750
 751        ts_pktinfo.pkt_length = skb->len - skb_mac_offset(skb);
 752        put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_PKTINFO,
 753                 sizeof(ts_pktinfo), &ts_pktinfo);
 754}
 755
 756/*
 757 * called from sock_recv_timestamp() if sock_flag(sk, SOCK_RCVTSTAMP)
 758 */
 759void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
 760        struct sk_buff *skb)
 761{
 762        int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
 763        int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
 764        struct scm_timestamping_internal tss;
 765
 766        int empty = 1, false_tstamp = 0;
 767        struct skb_shared_hwtstamps *shhwtstamps =
 768                skb_hwtstamps(skb);
 769
 770        /* Race occurred between timestamp enabling and packet
 771           receiving.  Fill in the current time for now. */
 772        if (need_software_tstamp && skb->tstamp == 0) {
 773                __net_timestamp(skb);
 774                false_tstamp = 1;
 775        }
 776
 777        if (need_software_tstamp) {
 778                if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
 779                        if (new_tstamp) {
 780                                struct __kernel_sock_timeval tv;
 781
 782                                skb_get_new_timestamp(skb, &tv);
 783                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_NEW,
 784                                         sizeof(tv), &tv);
 785                        } else {
 786                                struct __kernel_old_timeval tv;
 787
 788                                skb_get_timestamp(skb, &tv);
 789                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_OLD,
 790                                         sizeof(tv), &tv);
 791                        }
 792                } else {
 793                        if (new_tstamp) {
 794                                struct __kernel_timespec ts;
 795
 796                                skb_get_new_timestampns(skb, &ts);
 797                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_NEW,
 798                                         sizeof(ts), &ts);
 799                        } else {
 800                                struct timespec ts;
 801
 802                                skb_get_timestampns(skb, &ts);
 803                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
 804                                         sizeof(ts), &ts);
 805                        }
 806                }
 807        }
 808
 809        memset(&tss, 0, sizeof(tss));
 810        if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) &&
 811            ktime_to_timespec64_cond(skb->tstamp, tss.ts + 0))
 812                empty = 0;
 813        if (shhwtstamps &&
 814            (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
 815            !skb_is_swtx_tstamp(skb, false_tstamp) &&
 816            ktime_to_timespec64_cond(shhwtstamps->hwtstamp, tss.ts + 2)) {
 817                empty = 0;
 818                if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_PKTINFO) &&
 819                    !skb_is_err_queue(skb))
 820                        put_ts_pktinfo(msg, skb);
 821        }
 822        if (!empty) {
 823                if (sock_flag(sk, SOCK_TSTAMP_NEW))
 824                        put_cmsg_scm_timestamping64(msg, &tss);
 825                else
 826                        put_cmsg_scm_timestamping(msg, &tss);
 827
 828                if (skb_is_err_queue(skb) && skb->len &&
 829                    SKB_EXT_ERR(skb)->opt_stats)
 830                        put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS,
 831                                 skb->len, skb->data);
 832        }
 833}
 834EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
 835
 836void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
 837        struct sk_buff *skb)
 838{
 839        int ack;
 840
 841        if (!sock_flag(sk, SOCK_WIFI_STATUS))
 842                return;
 843        if (!skb->wifi_acked_valid)
 844                return;
 845
 846        ack = skb->wifi_acked;
 847
 848        put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
 849}
 850EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
 851
 852static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
 853                                   struct sk_buff *skb)
 854{
 855        if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
 856                put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
 857                        sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
 858}
 859
 860void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
 861        struct sk_buff *skb)
 862{
 863        sock_recv_timestamp(msg, sk, skb);
 864        sock_recv_drops(msg, sk, skb);
 865}
 866EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
 867
 868/**
 869 *      sock_recvmsg - receive a message from @sock
 870 *      @sock: socket
 871 *      @msg: message to receive
 872 *      @flags: message flags
 873 *
 874 *      Receives @msg from @sock, passing through LSM. Returns the total number
 875 *      of bytes received, or an error.
 876 */
 877
 878static inline int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
 879                                     int flags)
 880{
 881        return sock->ops->recvmsg(sock, msg, msg_data_left(msg), flags);
 882}
 883
 884int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags)
 885{
 886        int err = security_socket_recvmsg(sock, msg, msg_data_left(msg), flags);
 887
 888        return err ?: sock_recvmsg_nosec(sock, msg, flags);
 889}
 890EXPORT_SYMBOL(sock_recvmsg);
 891
 892/**
 893 *      kernel_recvmsg - Receive a message from a socket (kernel space)
 894 *      @sock: The socket to receive the message from
 895 *      @msg: Received message
 896 *      @vec: Input s/g array for message data
 897 *      @num: Size of input s/g array
 898 *      @size: Number of bytes to read
 899 *      @flags: Message flags (MSG_DONTWAIT, etc...)
 900 *
 901 *      On return the msg structure contains the scatter/gather array passed in the
 902 *      vec argument. The array is modified so that it consists of the unfilled
 903 *      portion of the original array.
 904 *
 905 *      The returned value is the total number of bytes received, or an error.
 906 */
 907
 908int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
 909                   struct kvec *vec, size_t num, size_t size, int flags)
 910{
 911        mm_segment_t oldfs = get_fs();
 912        int result;
 913
 914        iov_iter_kvec(&msg->msg_iter, READ, vec, num, size);
 915        set_fs(KERNEL_DS);
 916        result = sock_recvmsg(sock, msg, flags);
 917        set_fs(oldfs);
 918        return result;
 919}
 920EXPORT_SYMBOL(kernel_recvmsg);
 921
 922static ssize_t sock_sendpage(struct file *file, struct page *page,
 923                             int offset, size_t size, loff_t *ppos, int more)
 924{
 925        struct socket *sock;
 926        int flags;
 927
 928        sock = file->private_data;
 929
 930        flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
 931        /* more is a combination of MSG_MORE and MSG_SENDPAGE_NOTLAST */
 932        flags |= more;
 933
 934        return kernel_sendpage(sock, page, offset, size, flags);
 935}
 936
 937static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
 938                                struct pipe_inode_info *pipe, size_t len,
 939                                unsigned int flags)
 940{
 941        struct socket *sock = file->private_data;
 942
 943        if (unlikely(!sock->ops->splice_read))
 944                return generic_file_splice_read(file, ppos, pipe, len, flags);
 945
 946        return sock->ops->splice_read(sock, ppos, pipe, len, flags);
 947}
 948
 949static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
 950{
 951        struct file *file = iocb->ki_filp;
 952        struct socket *sock = file->private_data;
 953        struct msghdr msg = {.msg_iter = *to,
 954                             .msg_iocb = iocb};
 955        ssize_t res;
 956
 957        if (file->f_flags & O_NONBLOCK)
 958                msg.msg_flags = MSG_DONTWAIT;
 959
 960        if (iocb->ki_pos != 0)
 961                return -ESPIPE;
 962
 963        if (!iov_iter_count(to))        /* Match SYS5 behaviour */
 964                return 0;
 965
 966        res = sock_recvmsg(sock, &msg, msg.msg_flags);
 967        *to = msg.msg_iter;
 968        return res;
 969}
 970
 971static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
 972{
 973        struct file *file = iocb->ki_filp;
 974        struct socket *sock = file->private_data;
 975        struct msghdr msg = {.msg_iter = *from,
 976                             .msg_iocb = iocb};
 977        ssize_t res;
 978
 979        if (iocb->ki_pos != 0)
 980                return -ESPIPE;
 981
 982        if (file->f_flags & O_NONBLOCK)
 983                msg.msg_flags = MSG_DONTWAIT;
 984
 985        if (sock->type == SOCK_SEQPACKET)
 986                msg.msg_flags |= MSG_EOR;
 987
 988        res = sock_sendmsg(sock, &msg);
 989        *from = msg.msg_iter;
 990        return res;
 991}
 992
 993/*
 994 * Atomic setting of ioctl hooks to avoid race
 995 * with module unload.
 996 */
 997
 998static DEFINE_MUTEX(br_ioctl_mutex);
 999static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
1000

1001void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
1002{
1003        mutex_lock(&br_ioctl_mutex);
1004        br_ioctl_hook = hook;
1005        mutex_unlock(&br_ioctl_mutex);
1006}
1007EXPORT_SYMBOL(brioctl_set);
1008
1009static DEFINE_MUTEX(vlan_ioctl_mutex);
1010static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
1011
1012void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
1013{
1014        mutex_lock(&vlan_ioctl_mutex);
1015        vlan_ioctl_hook = hook;
1016        mutex_unlock(&vlan_ioctl_mutex);
1017}
1018EXPORT_SYMBOL(vlan_ioctl_set);
1019
1020static DEFINE_MUTEX(dlci_ioctl_mutex);
1021static int (*dlci_ioctl_hook) (unsigned int, void __user *);
1022
1023void dlci_ioctl_set(int (*hook) (unsigned int, void __user *))
1024{
1025        mutex_lock(&dlci_ioctl_mutex);
1026        dlci_ioctl_hook = hook;
1027        mutex_unlock(&dlci_ioctl_mutex);
1028}
1029EXPORT_SYMBOL(dlci_ioctl_set);
1030
1031static long sock_do_ioctl(struct net *net, struct socket *sock,
1032                          unsigned int cmd, unsigned long arg)
1033{
1034        int err;
1035        void __user *argp = (void __user *)arg;
1036
1037        err = sock->ops->ioctl(sock, cmd, arg);
1038
1039        /*
1040         * If this ioctl is unknown try to hand it down
1041         * to the NIC driver.
1042         */
1043        if (err != -ENOIOCTLCMD)
1044                return err;
1045
1046        if (cmd == SIOCGIFCONF) {
1047                struct ifconf ifc;
1048                if (copy_from_user(&ifc, argp, sizeof(struct ifconf)))
1049                        return -EFAULT;
1050                rtnl_lock();
1051                err = dev_ifconf(net, &ifc, sizeof(struct ifreq));
1052                rtnl_unlock();
1053                if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf)))
1054                        err = -EFAULT;
1055        } else {
1056                struct ifreq ifr;
1057                bool need_copyout;
1058                if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1059                        return -EFAULT;
1060                err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1061                if (!err && need_copyout)
1062                        if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1063                                return -EFAULT;
1064        }
1065        return err;
1066}
1067
1068/*
1069 *      With an ioctl, arg may well be a user mode pointer, but we don't know
1070 *      what to do with it - that's up to the protocol still.
1071 */
1072
1073/**
1074 *      get_net_ns - increment the refcount of the network namespace
1075 *      @ns: common namespace (net)
1076 *
1077 *      Returns the net's common namespace.
1078 */
1079
1080struct ns_common *get_net_ns(struct ns_common *ns)
1081{
1082        return &get_net(container_of(ns, struct net, ns))->ns;
1083}
1084EXPORT_SYMBOL_GPL(get_net_ns);
1085
1086static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1087{
1088        struct socket *sock;
1089        struct sock *sk;
1090        void __user *argp = (void __user *)arg;
1091        int pid, err;
1092        struct net *net;
1093
1094        sock = file->private_data;
1095        sk = sock->sk;
1096        net = sock_net(sk);
1097        if (unlikely(cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))) {
1098                struct ifreq ifr;
1099                bool need_copyout;
1100                if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1101                        return -EFAULT;
1102                err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1103                if (!err && need_copyout)
1104                        if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1105                                return -EFAULT;
1106        } else
1107#ifdef CONFIG_WEXT_CORE
1108        if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1109                err = wext_handle_ioctl(net, cmd, argp);
1110        } else
1111#endif
1112                switch (cmd) {
1113                case FIOSETOWN:
1114                case SIOCSPGRP:
1115                        err = -EFAULT;
1116                        if (get_user(pid, (int __user *)argp))
1117                                break;
1118                        err = f_setown(sock->file, pid, 1);
1119                        break;
1120                case FIOGETOWN:
1121                case SIOCGPGRP:
1122                        err = put_user(f_getown(sock->file),
1123                                       (int __user *)argp);
1124                        break;
1125                case SIOCGIFBR:
1126                case SIOCSIFBR:
1127                case SIOCBRADDBR:
1128                case SIOCBRDELBR:
1129                        err = -ENOPKG;
1130                        if (!br_ioctl_hook)
1131                                request_module("bridge");
1132
1133                        mutex_lock(&br_ioctl_mutex);
1134                        if (br_ioctl_hook)
1135                                err = br_ioctl_hook(net, cmd, argp);
1136                        mutex_unlock(&br_ioctl_mutex);
1137                        break;
1138                case SIOCGIFVLAN:
1139                case SIOCSIFVLAN:
1140                        err = -ENOPKG;
1141                        if (!vlan_ioctl_hook)
1142                                request_module("8021q");
1143
1144                        mutex_lock(&vlan_ioctl_mutex);
1145                        if (vlan_ioctl_hook)
1146                                err = vlan_ioctl_hook(net, argp);
1147                        mutex_unlock(&vlan_ioctl_mutex);
1148                        break;
1149                case SIOCADDDLCI:
1150                case SIOCDELDLCI:
1151                        err = -ENOPKG;
1152                        if (!dlci_ioctl_hook)
1153                                request_module("dlci");
1154
1155                        mutex_lock(&dlci_ioctl_mutex);
1156                        if (dlci_ioctl_hook)
1157                                err = dlci_ioctl_hook(cmd, argp);
1158                        mutex_unlock(&dlci_ioctl_mutex);
1159                        break;
1160                case SIOCGSKNS:
1161                        err = -EPERM;
1162                        if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1163                                break;
1164
1165                        err = open_related_ns(&net->ns, get_net_ns);
1166                        break;
1167                default:
1168                        err = sock_do_ioctl(net, sock, cmd, arg);
1169                        break;
1170                }
1171        return err;
1172}
1173
1174/**
1175 *      sock_create_lite - creates a socket
1176 *      @family: protocol family (AF_INET, ...)
1177 *      @type: communication type (SOCK_STREAM, ...)
1178 *      @protocol: protocol (0, ...)
1179 *      @res: new socket
1180 *
1181 *      Creates a new socket and assigns it to @res, passing through LSM.
1182 *      The new socket initialization is not complete, see kernel_accept().
1183 *      Returns 0 or an error. On failure @res is set to %NULL.
1184 *      This function internally uses GFP_KERNEL.
1185 */
1186
1187int sock_create_lite(int family, int type, int protocol, struct socket **res)
1188{
1189        int err;
1190        struct socket *sock = NULL;
1191
1192        err = security_socket_create(family, type, protocol, 1);
1193        if (err)
1194                goto out;
1195
1196        sock = sock_alloc();
1197        if (!sock) {
1198                err = -ENOMEM;
1199                goto out;
1200        }
1201
1202        sock->type = type;
1203        err = security_socket_post_create(sock, family, type, protocol, 1);
1204        if (err)
1205                goto out_release;
1206
1207out:
1208        *res = sock;
1209        return err;
1210out_release:
1211        sock_release(sock);
1212        sock = NULL;
1213        goto out;
1214}
1215EXPORT_SYMBOL(sock_create_lite);
1216
1217/* No kernel lock held - perfect */
1218static __poll_t sock_poll(struct file *file, poll_table *wait)
1219{
1220        struct socket *sock = file->private_data;
1221        __poll_t events = poll_requested_events(wait), flag = 0;
1222
1223        if (!sock->ops->poll)
1224                return 0;
1225
1226        if (sk_can_busy_loop(sock->sk)) {
1227                /* poll once if requested by the syscall */
1228                if (events & POLL_BUSY_LOOP)
1229                        sk_busy_loop(sock->sk, 1);
1230
1231                /* if this socket can poll_ll, tell the system call */
1232                flag = POLL_BUSY_LOOP;
1233        }
1234
1235        return sock->ops->poll(file, sock, wait) | flag;
1236}
1237
1238static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1239{
1240        struct socket *sock = file->private_data;
1241
1242        return sock->ops->mmap(file, sock, vma);
1243}
1244
1245static int sock_close(struct inode *inode, struct file *filp)
1246{
1247        __sock_release(SOCKET_I(inode), inode);
1248        return 0;
1249}
1250
1251/*
1252 *      Update the socket async list
1253 *
1254 *      Fasync_list locking strategy.
1255 *
1256 *      1. fasync_list is modified only under process context socket lock
1257 *         i.e. under semaphore.
1258 *      2. fasync_list is used under read_lock(&sk->sk_callback_lock)
1259 *         or under socket lock
1260 */
1261
1262static int sock_fasync(int fd, struct file *filp, int on)
1263{
1264        struct socket *sock = filp->private_data;
1265        struct sock *sk = sock->sk;
1266        struct socket_wq *wq;
1267
1268        if (sk == NULL)
1269                return -EINVAL;
1270
1271        lock_sock(sk);
1272        wq = sock->wq;
1273        fasync_helper(fd, filp, on, &wq->fasync_list);
1274
1275        if (!wq->fasync_list)
1276                sock_reset_flag(sk, SOCK_FASYNC);
1277        else
1278                sock_set_flag(sk, SOCK_FASYNC);
1279
1280        release_sock(sk);
1281        return 0;
1282}
1283
1284/* This function may be called only under rcu_lock */
1285
1286int sock_wake_async(struct socket_wq *wq, int how, int band)
1287{
1288        if (!wq || !wq->fasync_list)
1289                return -1;
1290
1291        switch (how) {
1292        case SOCK_WAKE_WAITD:
1293                if (test_bit(SOCKWQ_ASYNC_WAITDATA, &wq->flags))
1294                        break;
1295                goto call_kill;
1296        case SOCK_WAKE_SPACE:
1297                if (!test_and_clear_bit(SOCKWQ_ASYNC_NOSPACE, &wq->flags))
1298                        break;
1299                /* fall through */
1300        case SOCK_WAKE_IO:
1301call_kill:
1302                kill_fasync(&wq->fasync_list, SIGIO, band);
1303                break;
1304        case SOCK_WAKE_URG:
1305                kill_fasync(&wq->fasync_list, SIGURG, band);
1306        }
1307
1308        return 0;
1309}
1310EXPORT_SYMBOL(sock_wake_async);
1311
1312/**
1313 *      __sock_create - creates a socket
1314 *      @net: net namespace
1315 *      @family: protocol family (AF_INET, ...)
1316 *      @type: communication type (SOCK_STREAM, ...)
1317 *      @protocol: protocol (0, ...)
1318 *      @res: new socket
1319 *      @kern: boolean for kernel space sockets
1320 *
1321 *      Creates a new socket and assigns it to @res, passing through LSM.
1322 *      Returns 0 or an error. On failure @res is set to %NULL. @kern must
1323 *      be set to true if the socket resides in kernel space.
1324 *      This function internally uses GFP_KERNEL.
1325 */
1326
1327int __sock_create(struct net *net, int family, int type, int protocol,
1328                         struct socket **res, int kern)
1329{
1330        int err;
1331        struct socket *sock;
1332        const struct net_proto_family *pf;
1333
1334        /*
1335         *      Check protocol is in range
1336         */
1337        if (family < 0 || family >= NPROTO)
1338                return -EAFNOSUPPORT;
1339        if (type < 0 || type >= SOCK_MAX)
1340                return -EINVAL;
1341
1342        /* Compatibility.
1343
1344           This uglymoron is moved from INET layer to here to avoid
1345           deadlock in module load.
1346         */
1347        if (family == PF_INET && type == SOCK_PACKET) {
1348                pr_info_once("%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1349                             current->comm);
1350                family = PF_PACKET;
1351        }
1352
1353        err = security_socket_create(family, type, protocol, kern);
1354        if (err)
1355                return err;
1356
1357        /*
1358         *      Allocate the socket and allow the family to set things up. if
1359         *      the protocol is 0, the family is instructed to select an appropriate
1360         *      default.
1361         */
1362        sock = sock_alloc();
1363        if (!sock) {
1364                net_warn_ratelimited("socket: no more sockets\n");
1365                return -ENFILE; /* Not exactly a match, but its the
1366                                   closest posix thing */
1367        }
1368
1369        sock->type = type;
1370
1371#ifdef CONFIG_MODULES
1372        /* Attempt to load a protocol module if the find failed.
1373         *
1374         * 12/09/1996 Marcin: But! this makes REALLY only sense, if the user
1375         * requested real, full-featured networking support upon configuration.
1376         * Otherwise module support will break!
1377         */
1378        if (rcu_access_pointer(net_families[family]) == NULL)
1379                request_module("net-pf-%d", family);
1380#endif
1381
1382        rcu_read_lock();
1383        pf = rcu_dereference(net_families[family]);
1384        err = -EAFNOSUPPORT;
1385        if (!pf)
1386                goto out_release;
1387
1388        /*
1389         * We will call the ->create function, that possibly is in a loadable
1390         * module, so we have to bump that loadable module refcnt first.
1391         */
1392        if (!try_module_get(pf->owner))
1393                goto out_release;
1394
1395        /* Now protected by module ref count */
1396        rcu_read_unlock();
1397
1398        err = pf->create(net, sock, protocol, kern);
1399        if (err < 0)
1400                goto out_module_put;
1401
1402        /*
1403         * Now to bump the refcnt of the [loadable] module that owns this
1404         * socket at sock_release time we decrement its refcnt.
1405         */
1406        if (!try_module_get(sock->ops->owner))
1407                goto out_module_busy;
1408
1409        /*
1410         * Now that we're done with the ->create function, the [loadable]
1411         * module can have its refcnt decremented
1412         */
1413        module_put(pf->owner);
1414        err = security_socket_post_create(sock, family, type, protocol, kern);
1415        if (err)
1416                goto out_sock_release;
1417        *res = sock;
1418
1419        return 0;
1420
1421out_module_busy:
1422        err = -EAFNOSUPPORT;
1423out_module_put:
1424        sock->ops = NULL;
1425        module_put(pf->owner);
1426out_sock_release:
1427        sock_release(sock);
1428        return err;
1429
1430out_release:
1431        rcu_read_unlock();
1432        goto out_sock_release;
1433}
1434EXPORT_SYMBOL(__sock_create);
1435
1436/**
1437 *      sock_create - creates a socket
1438 *      @family: protocol family (AF_INET, ...)
1439 *      @type: communication type (SOCK_STREAM, ...)
1440 *      @protocol: protocol (0, ...)
1441 *      @res: new socket
1442 *
1443 *      A wrapper around __sock_create().
1444 *      Returns 0 or an error. This function internally uses GFP_KERNEL.
1445 */
1446
1447int sock_create(int family, int type, int protocol, struct socket **res)
1448{
1449        return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1450}
1451EXPORT_SYMBOL(sock_create);
1452
1453/**
1454 *      sock_create_kern - creates a socket (kernel space)
1455 *      @net: net namespace
1456 *      @family: protocol family (AF_INET, ...)
1457 *      @type: communication type (SOCK_STREAM, ...)
1458 *      @protocol: protocol (0, ...)
1459 *      @res: new socket
1460 *
1461 *      A wrapper around __sock_create().
1462 *      Returns 0 or an error. This function internally uses GFP_KERNEL.
1463 */
1464
1465int sock_create_kern(struct net *net, int family, int type, int protocol, struct socket **res)
1466{
1467        return __sock_create(net, family, type, protocol, res, 1);
1468}
1469EXPORT_SYMBOL(sock_create_kern);
1470
1471int __sys_socket(int family, int type, int protocol)
1472{
1473        int retval;
1474        struct socket *sock;
1475        int flags;
1476
1477        /* Check the SOCK_* constants for consistency.  */
1478        BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1479        BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1480        BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1481        BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1482
1483        flags = type & ~SOCK_TYPE_MASK;
1484        if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1485                return -EINVAL;
1486        type &= SOCK_TYPE_MASK;
1487
1488        if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1489                flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1490
1491        retval = sock_create(family, type, protocol, &sock);
1492        if (retval < 0)
1493                return retval;
1494
1495        return sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1496}
1497
1498SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1499{
1500        return __sys_socket(family, type, protocol);
1501}
1502
1503/*
1504 *      Create a pair of connected sockets.
1505 */
1506
1507int __sys_socketpair(int family, int type, int protocol, int __user *usockvec)
1508{
1509        struct socket *sock1, *sock2;
1510        int fd1, fd2, err;
1511        struct file *newfile1, *newfile2;
1512        int flags;
1513
1514        flags = type & ~SOCK_TYPE_MASK;
1515        if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1516                return -EINVAL;
1517        type &= SOCK_TYPE_MASK;
1518
1519        if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1520                flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1521
1522        /*
1523         * reserve descriptors and make sure we won't fail
1524         * to return them to userland.
1525         */
1526        fd1 = get_unused_fd_flags(flags);
1527        if (unlikely(fd1 < 0))
1528                return fd1;
1529
1530        fd2 = get_unused_fd_flags(flags);
1531        if (unlikely(fd2 < 0)) {
1532                put_unused_fd(fd1);
1533                return fd2;
1534        }
1535
1536        err = put_user(fd1, &usockvec[0]);
1537        if (err)
1538                goto out;
1539
1540        err = put_user(fd2, &usockvec[1]);
1541        if (err)
1542                goto out;
1543
1544        /*
1545         * Obtain the first socket and check if the underlying protocol
1546         * supports the socketpair call.
1547         */
1548
1549        err = sock_create(family, type, protocol, &sock1);
1550        if (unlikely(err < 0))
1551                goto out;
1552
1553        err = sock_create(family, type, protocol, &sock2);
1554        if (unlikely(err < 0)) {
1555                sock_release(sock1);
1556                goto out;
1557        }
1558
1559        err = security_socket_socketpair(sock1, sock2);
1560        if (unlikely(err)) {
1561                sock_release(sock2);
1562                sock_release(sock1);
1563                goto out;
1564        }
1565
1566        err = sock1->ops->socketpair(sock1, sock2);
1567        if (unlikely(err < 0)) {
1568                sock_release(sock2);
1569                sock_release(sock1);
1570                goto out;
1571        }
1572
1573        newfile1 = sock_alloc_file(sock1, flags, NULL);
1574        if (IS_ERR(newfile1)) {
1575                err = PTR_ERR(newfile1);
1576                sock_release(sock2);
1577                goto out;
1578        }
1579
1580        newfile2 = sock_alloc_file(sock2, flags, NULL);
1581        if (IS_ERR(newfile2)) {
1582                err = PTR_ERR(newfile2);
1583                fput(newfile1);
1584                goto out;
1585        }
1586
1587        audit_fd_pair(fd1, fd2);
1588
1589        fd_install(fd1, newfile1);
1590        fd_install(fd2, newfile2);
1591        return 0;
1592
1593out:
1594        put_unused_fd(fd2);
1595        put_unused_fd(fd1);
1596        return err;
1597}
1598
1599SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1600                int __user *, usockvec)
1601{
1602        return __sys_socketpair(family, type, protocol, usockvec);
1603}
1604
1605/*
1606 *      Bind a name to a socket. Nothing much to do here since it's
1607 *      the protocol's responsibility to handle the local address.
1608 *
1609 *      We move the socket address to kernel space before we call
1610 *      the protocol layer (having also checked the address is ok).
1611 */
1612
1613int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1614{
1615        struct socket *sock;
1616        struct sockaddr_storage address;
1617        int err, fput_needed;
1618
1619        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1620        if (sock) {
1621                err = move_addr_to_kernel(umyaddr, addrlen, &address);
1622                if (!err) {
1623                        err = security_socket_bind(sock,
1624                                                   (struct sockaddr *)&address,
1625                                                   addrlen);
1626                        if (!err)
1627                                err = sock->ops->bind(sock,
1628                                                      (struct sockaddr *)
1629                                                      &address, addrlen);
1630                }
1631                fput_light(sock->file, fput_needed);
1632        }
1633        return err;
1634}
1635
1636SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1637{
1638        return __sys_bind(fd, umyaddr, addrlen);
1639}
1640
1641/*
1642 *      Perform a listen. Basically, we allow the protocol to do anything
1643 *      necessary for a listen, and if that works, we mark the socket as
1644 *      ready for listening.
1645 */
1646
1647int __sys_listen(int fd, int backlog)
1648{
1649        struct socket *sock;
1650        int err, fput_needed;
1651        int somaxconn;
1652
1653        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1654        if (sock) {
1655                somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1656                if ((unsigned int)backlog > somaxconn)
1657                        backlog = somaxconn;
1658
1659                err = security_socket_listen(sock, backlog);
1660                if (!err)
1661                        err = sock->ops->listen(sock, backlog);
1662
1663                fput_light(sock->file, fput_needed);
1664        }
1665        return err;
1666}
1667
1668SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1669{
1670        return __sys_listen(fd, backlog);
1671}
1672
1673/*
1674 *      For accept, we attempt to create a new socket, set up the link
1675 *      with the client, wake up the client, then return the new
1676 *      connected fd. We collect the address of the connector in kernel
1677 *      space and move it to user at the very end. This is unclean because
1678 *      we open the socket then return an error.
1679 *
1680 *      1003.1g adds the ability to recvmsg() to query connection pending
1681 *      status to recvmsg. We need to add that support in a way thats
1682 *      clean when we restructure accept also.
1683 */
1684
1685int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr,
1686                  int __user *upeer_addrlen, int flags)
1687{
1688        struct socket *sock, *newsock;
1689        struct file *newfile;
1690        int err, len, newfd, fput_needed;
1691        struct sockaddr_storage address;
1692
1693        if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1694                return -EINVAL;
1695
1696        if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1697                flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1698
1699        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1700        if (!sock)
1701                goto out;
1702
1703        err = -ENFILE;
1704        newsock = sock_alloc();
1705        if (!newsock)
1706                goto out_put;
1707
1708        newsock->type = sock->type;
1709        newsock->ops = sock->ops;
1710
1711        /*
1712         * We don't need try_module_get here, as the listening socket (sock)
1713         * has the protocol module (sock->ops->owner) held.
1714         */
1715        __module_get(newsock->ops->owner);
1716
1717        newfd = get_unused_fd_flags(flags);
1718        if (unlikely(newfd < 0)) {
1719                err = newfd;
1720                sock_release(newsock);
1721                goto out_put;
1722        }
1723        newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
1724        if (IS_ERR(newfile)) {
1725                err = PTR_ERR(newfile);
1726                put_unused_fd(newfd);
1727                goto out_put;
1728        }
1729
1730        err = security_socket_accept(sock, newsock);
1731        if (err)
1732                goto out_fd;
1733
1734        err = sock->ops->accept(sock, newsock, sock->file->f_flags, false);
1735        if (err < 0)
1736                goto out_fd;
1737
1738        if (upeer_sockaddr) {
1739                len = newsock->ops->getname(newsock,
1740                                        (struct sockaddr *)&address, 2);
1741                if (len < 0) {
1742                        err = -ECONNABORTED;
1743                        goto out_fd;
1744                }
1745                err = move_addr_to_user(&address,
1746                                        len, upeer_sockaddr, upeer_addrlen);
1747                if (err < 0)
1748                        goto out_fd;
1749        }
1750
1751        /* File flags are not inherited via accept() unlike another OSes. */
1752
1753        fd_install(newfd, newfile);
1754        err = newfd;
1755
1756out_put:
1757        fput_light(sock->file, fput_needed);
1758out:
1759        return err;
1760out_fd:
1761        fput(newfile);
1762        put_unused_fd(newfd);
1763        goto out_put;
1764}
1765
1766SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1767                int __user *, upeer_addrlen, int, flags)
1768{
1769        return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, flags);
1770}
1771
1772SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1773                int __user *, upeer_addrlen)
1774{
1775        return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1776}
1777
1778/*
1779 *      Attempt to connect to a socket with the server address.  The address
1780 *      is in user space so we verify it is OK and move it to kernel space.
1781 *
1782 *      For 1003.1g we need to add clean support for a bind to AF_UNSPEC to
1783 *      break bindings
1784 *
1785 *      NOTE: 1003.1g draft 6.3 is broken with respect to AX.25/NetROM and
1786 *      other SEQPACKET protocols that take time to connect() as it doesn't
1787 *      include the -EINPROGRESS status for such sockets.
1788 */
1789
1790int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
1791{
1792        struct socket *sock;
1793        struct sockaddr_storage address;
1794        int err, fput_needed;
1795
1796        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1797        if (!sock)
1798                goto out;
1799        err = move_addr_to_kernel(uservaddr, addrlen, &address);
1800        if (err < 0)
1801                goto out_put;
1802
1803        err =
1804            security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
1805        if (err)
1806                goto out_put;
1807
1808        err = sock->ops->connect(sock, (struct sockaddr *)&address, addrlen,
1809                                 sock->file->f_flags);
1810out_put:
1811        fput_light(sock->file, fput_needed);
1812out:
1813        return err;
1814}
1815
1816SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1817                int, addrlen)
1818{
1819        return __sys_connect(fd, uservaddr, addrlen);
1820}
1821
1822/*
1823 *      Get the local address ('name') of a socket object. Move the obtained
1824 *      name to user space.
1825 */
1826
1827int __sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1828                      int __user *usockaddr_len)
1829{
1830        struct socket *sock;
1831        struct sockaddr_storage address;
1832        int err, fput_needed;
1833
1834        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1835        if (!sock)
1836                goto out;
1837
1838        err = security_socket_getsockname(sock);
1839        if (err)
1840                goto out_put;
1841
1842        err = sock->ops->getname(sock, (struct sockaddr *)&address, 0);
1843        if (err < 0)
1844                goto out_put;
1845        /* "err" is actually length in this case */
1846        err = move_addr_to_user(&address, err, usockaddr, usockaddr_len);
1847
1848out_put:
1849        fput_light(sock->file, fput_needed);
1850out:
1851        return err;
1852}
1853
1854SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1855                int __user *, usockaddr_len)
1856{
1857        return __sys_getsockname(fd, usockaddr, usockaddr_len);
1858}
1859
1860/*
1861 *      Get the remote address ('name') of a socket object. Move the obtained
1862 *      name to user space.
1863 */
1864
1865int __sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1866                      int __user *usockaddr_len)
1867{
1868        struct socket *sock;
1869        struct sockaddr_storage address;
1870        int err, fput_needed;
1871
1872        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1873        if (sock != NULL) {
1874                err = security_socket_getpeername(sock);
1875                if (err) {
1876                        fput_light(sock->file, fput_needed);
1877                        return err;
1878                }
1879
1880                err = sock->ops->getname(sock, (struct sockaddr *)&address, 1);
1881                if (err >= 0)
1882                        /* "err" is actually length in this case */
1883                        err = move_addr_to_user(&address, err, usockaddr,
1884                                                usockaddr_len);
1885                fput_light(sock->file, fput_needed);
1886        }
1887        return err;
1888}
1889
1890SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1891                int __user *, usockaddr_len)
1892{
1893        return __sys_getpeername(fd, usockaddr, usockaddr_len);
1894}
1895
1896/*
1897 *      Send a datagram to a given address. We move the address into kernel
1898 *      space and check the user space data area is readable before invoking
1899 *      the protocol.
1900 */
1901int __sys_sendto(int fd, void __user *buff, size_t len, unsigned int flags,
1902                 struct sockaddr __user *addr,  int addr_len)
1903{
1904        struct socket *sock;
1905        struct sockaddr_storage address;
1906        int err;
1907        struct msghdr msg;
1908        struct iovec iov;
1909        int fput_needed;
1910
1911        err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
1912        if (unlikely(err))
1913                return err;
1914        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1915        if (!sock)
1916                goto out;
1917
1918        msg.msg_name = NULL;
1919        msg.msg_control = NULL;
1920        msg.msg_controllen = 0;
1921        msg.msg_namelen = 0;
1922        if (addr) {
1923                err = move_addr_to_kernel(addr, addr_len, &address);
1924                if (err < 0)
1925                        goto out_put;
1926                msg.msg_name = (struct sockaddr *)&address;
1927                msg.msg_namelen = addr_len;
1928        }
1929        if (sock->file->f_flags & O_NONBLOCK)
1930                flags |= MSG_DONTWAIT;
1931        msg.msg_flags = flags;
1932        err = sock_sendmsg(sock, &msg);
1933
1934out_put:
1935        fput_light(sock->file, fput_needed);
1936out:
1937        return err;
1938}
1939
1940SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
1941                unsigned int, flags, struct sockaddr __user *, addr,
1942                int, addr_len)
1943{
1944        return __sys_sendto(fd, buff, len, flags, addr, addr_len);
1945}
1946
1947/*
1948 *      Send a datagram down a socket.
1949 */
1950
1951SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
1952                unsigned int, flags)
1953{
1954        return __sys_sendto(fd, buff, len, flags, NULL, 0);
1955}
1956
1957/*
1958 *      Receive a frame from the socket and optionally record the address of the
1959 *      sender. We verify the buffers are writable and if needed move the
1960 *      sender address from kernel to user space.
1961 */
1962int __sys_recvfrom(int fd, void __user *ubuf, size_t size, unsigned int flags,
1963                   struct sockaddr __user *addr, int __user *addr_len)
1964{
1965        struct socket *sock;
1966        struct iovec iov;
1967        struct msghdr msg;
1968        struct sockaddr_storage address;
1969        int err, err2;
1970        int fput_needed;
1971
1972        err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
1973        if (unlikely(err))
1974                return err;
1975        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1976        if (!sock)
1977                goto out;
1978
1979        msg.msg_control = NULL;
1980        msg.msg_controllen = 0;
1981        /* Save some cycles and don't copy the address if not needed */
1982        msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
1983        /* We assume all kernel code knows the size of sockaddr_storage */
1984        msg.msg_namelen = 0;
1985        msg.msg_iocb = NULL;
1986        msg.msg_flags = 0;
1987        if (sock->file->f_flags & O_NONBLOCK)
1988                flags |= MSG_DONTWAIT;
1989        err = sock_recvmsg(sock, &msg, flags);
1990
1991        if (err >= 0 && addr != NULL) {
1992                err2 = move_addr_to_user(&address,
1993                                         msg.msg_namelen, addr, addr_len);
1994                if (err2 < 0)
1995                        err = err2;
1996        }
1997
1998        fput_light(sock->file, fput_needed);
1999out:
2000        return err;

2001}
2002
2003SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
2004                unsigned int, flags, struct sockaddr __user *, addr,
2005                int __user *, addr_len)
2006{
2007        return __sys_recvfrom(fd, ubuf, size, flags, addr, addr_len);
2008}
2009
2010/*
2011 *      Receive a datagram from a socket.
2012 */
2013
2014SYSCALL_DEFINE4(recv, int, fd, void __user *, ubuf, size_t, size,
2015                unsigned int, flags)
2016{
2017        return __sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
2018}
2019
2020/*
2021 *      Set a socket option. Because we don't know the option lengths we have
2022 *      to pass the user mode parameter for the protocols to sort out.
2023 */
2024
2025static int __sys_setsockopt(int fd, int level, int optname,
2026                            char __user *optval, int optlen)
2027{
2028        int err, fput_needed;
2029        struct socket *sock;
2030
2031        if (optlen < 0)
2032                return -EINVAL;
2033
2034        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2035        if (sock != NULL) {
2036                err = security_socket_setsockopt(sock, level, optname);
2037                if (err)
2038                        goto out_put;
2039
2040                if (level == SOL_SOCKET)
2041                        err =
2042                            sock_setsockopt(sock, level, optname, optval,
2043                                            optlen);
2044                else
2045                        err =
2046                            sock->ops->setsockopt(sock, level, optname, optval,
2047                                                  optlen);
2048out_put:
2049                fput_light(sock->file, fput_needed);
2050        }
2051        return err;
2052}
2053
2054SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
2055                char __user *, optval, int, optlen)
2056{
2057        return __sys_setsockopt(fd, level, optname, optval, optlen);
2058}
2059
2060/*
2061 *      Get a socket option. Because we don't know the option lengths we have
2062 *      to pass a user mode parameter for the protocols to sort out.
2063 */
2064
2065static int __sys_getsockopt(int fd, int level, int optname,
2066                            char __user *optval, int __user *optlen)
2067{
2068        int err, fput_needed;
2069        struct socket *sock;
2070
2071        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2072        if (sock != NULL) {
2073                err = security_socket_getsockopt(sock, level, optname);
2074                if (err)
2075                        goto out_put;
2076
2077                if (level == SOL_SOCKET)
2078                        err =
2079                            sock_getsockopt(sock, level, optname, optval,
2080                                            optlen);
2081                else
2082                        err =
2083                            sock->ops->getsockopt(sock, level, optname, optval,
2084                                                  optlen);
2085out_put:
2086                fput_light(sock->file, fput_needed);
2087        }
2088        return err;
2089}
2090
2091SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
2092                char __user *, optval, int __user *, optlen)
2093{
2094        return __sys_getsockopt(fd, level, optname, optval, optlen);
2095}
2096
2097/*
2098 *      Shutdown a socket.
2099 */
2100
2101int __sys_shutdown(int fd, int how)
2102{
2103        int err, fput_needed;
2104        struct socket *sock;
2105
2106        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2107        if (sock != NULL) {
2108                err = security_socket_shutdown(sock, how);
2109                if (!err)
2110                        err = sock->ops->shutdown(sock, how);
2111                fput_light(sock->file, fput_needed);
2112        }
2113        return err;
2114}
2115
2116SYSCALL_DEFINE2(shutdown, int, fd, int, how)
2117{
2118        return __sys_shutdown(fd, how);
2119}
2120
2121/* A couple of helpful macros for getting the address of the 32/64 bit
2122 * fields which are the same type (int / unsigned) on our platforms.
2123 */
2124#define COMPAT_MSG(msg, member) ((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
2125#define COMPAT_NAMELEN(msg)     COMPAT_MSG(msg, msg_namelen)
2126#define COMPAT_FLAGS(msg)       COMPAT_MSG(msg, msg_flags)
2127
2128struct used_address {
2129        struct sockaddr_storage name;
2130        unsigned int name_len;
2131};
2132
2133static int copy_msghdr_from_user(struct msghdr *kmsg,
2134                                 struct user_msghdr __user *umsg,
2135                                 struct sockaddr __user **save_addr,
2136                                 struct iovec **iov)
2137{
2138        struct user_msghdr msg;
2139        ssize_t err;
2140
2141        if (copy_from_user(&msg, umsg, sizeof(*umsg)))
2142                return -EFAULT;
2143
2144        kmsg->msg_control = (void __force *)msg.msg_control;
2145        kmsg->msg_controllen = msg.msg_controllen;
2146        kmsg->msg_flags = msg.msg_flags;
2147
2148        kmsg->msg_namelen = msg.msg_namelen;
2149        if (!msg.msg_name)
2150                kmsg->msg_namelen = 0;
2151
2152        if (kmsg->msg_namelen < 0)
2153                return -EINVAL;
2154
2155        if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
2156                kmsg->msg_namelen = sizeof(struct sockaddr_storage);
2157
2158        if (save_addr)
2159                *save_addr = msg.msg_name;
2160
2161        if (msg.msg_name && kmsg->msg_namelen) {
2162                if (!save_addr) {
2163                        err = move_addr_to_kernel(msg.msg_name,
2164                                                  kmsg->msg_namelen,
2165                                                  kmsg->msg_name);
2166                        if (err < 0)
2167                                return err;
2168                }
2169        } else {
2170                kmsg->msg_name = NULL;
2171                kmsg->msg_namelen = 0;
2172        }
2173
2174        if (msg.msg_iovlen > UIO_MAXIOV)
2175                return -EMSGSIZE;
2176
2177        kmsg->msg_iocb = NULL;
2178
2179        return import_iovec(save_addr ? READ : WRITE,
2180                            msg.msg_iov, msg.msg_iovlen,
2181                            UIO_FASTIOV, iov, &kmsg->msg_iter);
2182}
2183
2184static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
2185                         struct msghdr *msg_sys, unsigned int flags,
2186                         struct used_address *used_address,
2187                         unsigned int allowed_msghdr_flags)
2188{
2189        struct compat_msghdr __user *msg_compat =
2190            (struct compat_msghdr __user *)msg;
2191        struct sockaddr_storage address;
2192        struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2193        unsigned char ctl[sizeof(struct cmsghdr) + 20]
2194                                __aligned(sizeof(__kernel_size_t));
2195        /* 20 is size of ipv6_pktinfo */
2196        unsigned char *ctl_buf = ctl;
2197        int ctl_len;
2198        ssize_t err;
2199
2200        msg_sys->msg_name = &address;
2201
2202        if (MSG_CMSG_COMPAT & flags)
2203                err = get_compat_msghdr(msg_sys, msg_compat, NULL, &iov);
2204        else
2205                err = copy_msghdr_from_user(msg_sys, msg, NULL, &iov);
2206        if (err < 0)
2207                return err;
2208
2209        err = -ENOBUFS;
2210
2211        if (msg_sys->msg_controllen > INT_MAX)
2212                goto out_freeiov;
2213        flags |= (msg_sys->msg_flags & allowed_msghdr_flags);
2214        ctl_len = msg_sys->msg_controllen;
2215        if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
2216                err =
2217                    cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
2218                                                     sizeof(ctl));
2219                if (err)
2220                        goto out_freeiov;
2221                ctl_buf = msg_sys->msg_control;
2222                ctl_len = msg_sys->msg_controllen;
2223        } else if (ctl_len) {
2224                BUILD_BUG_ON(sizeof(struct cmsghdr) !=
2225                             CMSG_ALIGN(sizeof(struct cmsghdr)));
2226                if (ctl_len > sizeof(ctl)) {
2227                        ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
2228                        if (ctl_buf == NULL)
2229                                goto out_freeiov;
2230                }
2231                err = -EFAULT;
2232                /*
2233                 * Careful! Before this, msg_sys->msg_control contains a user pointer.
2234                 * Afterwards, it will be a kernel pointer. Thus the compiler-assisted
2235                 * checking falls down on this.
2236                 */
2237                if (copy_from_user(ctl_buf,
2238                                   (void __user __force *)msg_sys->msg_control,
2239                                   ctl_len))
2240                        goto out_freectl;
2241                msg_sys->msg_control = ctl_buf;
2242        }
2243        msg_sys->msg_flags = flags;
2244
2245        if (sock->file->f_flags & O_NONBLOCK)
2246                msg_sys->msg_flags |= MSG_DONTWAIT;
2247        /*
2248         * If this is sendmmsg() and current destination address is same as
2249         * previously succeeded address, omit asking LSM's decision.
2250         * used_address->name_len is initialized to UINT_MAX so that the first
2251         * destination address never matches.
2252         */
2253        if (used_address && msg_sys->msg_name &&
2254            used_address->name_len == msg_sys->msg_namelen &&
2255            !memcmp(&used_address->name, msg_sys->msg_name,
2256                    used_address->name_len)) {
2257                err = sock_sendmsg_nosec(sock, msg_sys);
2258                goto out_freectl;
2259        }
2260        err = sock_sendmsg(sock, msg_sys);
2261        /*
2262         * If this is sendmmsg() and sending to current destination address was
2263         * successful, remember it.
2264         */
2265        if (used_address && err >= 0) {
2266                used_address->name_len = msg_sys->msg_namelen;
2267                if (msg_sys->msg_name)
2268                        memcpy(&used_address->name, msg_sys->msg_name,
2269                               used_address->name_len);
2270        }
2271
2272out_freectl:
2273        if (ctl_buf != ctl)
2274                sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2275out_freeiov:
2276        kfree(iov);
2277        return err;
2278}
2279
2280/*
2281 *      BSD sendmsg interface
2282 */
2283
2284long __sys_sendmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2285                   bool forbid_cmsg_compat)
2286{
2287        int fput_needed, err;
2288        struct msghdr msg_sys;
2289        struct socket *sock;
2290
2291        if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2292                return -EINVAL;
2293
2294        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2295        if (!sock)
2296                goto out;
2297
2298        err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL, 0);
2299
2300        fput_light(sock->file, fput_needed);
2301out:
2302        return err;
2303}
2304
2305SYSCALL_DEFINE3(sendmsg, int, fd, struct user_msghdr __user *, msg, unsigned int, flags)
2306{
2307        return __sys_sendmsg(fd, msg, flags, true);
2308}
2309
2310/*
2311 *      Linux sendmmsg interface
2312 */
2313
2314int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2315                   unsigned int flags, bool forbid_cmsg_compat)
2316{
2317        int fput_needed, err, datagrams;
2318        struct socket *sock;
2319        struct mmsghdr __user *entry;
2320        struct compat_mmsghdr __user *compat_entry;
2321        struct msghdr msg_sys;
2322        struct used_address used_address;
2323        unsigned int oflags = flags;
2324
2325        if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2326                return -EINVAL;
2327
2328        if (vlen > UIO_MAXIOV)
2329                vlen = UIO_MAXIOV;
2330
2331        datagrams = 0;
2332
2333        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2334        if (!sock)
2335                return err;
2336
2337        used_address.name_len = UINT_MAX;
2338        entry = mmsg;
2339        compat_entry = (struct compat_mmsghdr __user *)mmsg;
2340        err = 0;
2341        flags |= MSG_BATCH;
2342
2343        while (datagrams < vlen) {
2344                if (datagrams == vlen - 1)
2345                        flags = oflags;
2346
2347                if (MSG_CMSG_COMPAT & flags) {
2348                        err = ___sys_sendmsg(sock, (struct user_msghdr __user *)compat_entry,
2349                                             &msg_sys, flags, &used_address, MSG_EOR);
2350                        if (err < 0)
2351                                break;
2352                        err = __put_user(err, &compat_entry->msg_len);
2353                        ++compat_entry;
2354                } else {
2355                        err = ___sys_sendmsg(sock,
2356                                             (struct user_msghdr __user *)entry,
2357                                             &msg_sys, flags, &used_address, MSG_EOR);
2358                        if (err < 0)
2359                                break;
2360                        err = put_user(err, &entry->msg_len);
2361                        ++entry;
2362                }
2363
2364                if (err)
2365                        break;
2366                ++datagrams;
2367                if (msg_data_left(&msg_sys))
2368                        break;
2369                cond_resched();
2370        }
2371
2372        fput_light(sock->file, fput_needed);
2373
2374        /* We only return an error if no datagrams were able to be sent */
2375        if (datagrams != 0)
2376                return datagrams;
2377
2378        return err;
2379}
2380
2381SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2382                unsigned int, vlen, unsigned int, flags)
2383{
2384        return __sys_sendmmsg(fd, mmsg, vlen, flags, true);
2385}
2386
2387static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
2388                         struct msghdr *msg_sys, unsigned int flags, int nosec)
2389{
2390        struct compat_msghdr __user *msg_compat =
2391            (struct compat_msghdr __user *)msg;
2392        struct iovec iovstack[UIO_FASTIOV];
2393        struct iovec *iov = iovstack;
2394        unsigned long cmsg_ptr;
2395        int len;
2396        ssize_t err;
2397
2398        /* kernel mode address */
2399        struct sockaddr_storage addr;
2400
2401        /* user mode address pointers */
2402        struct sockaddr __user *uaddr;
2403        int __user *uaddr_len = COMPAT_NAMELEN(msg);
2404
2405        msg_sys->msg_name = &addr;
2406
2407        if (MSG_CMSG_COMPAT & flags)
2408                err = get_compat_msghdr(msg_sys, msg_compat, &uaddr, &iov);
2409        else
2410                err = copy_msghdr_from_user(msg_sys, msg, &uaddr, &iov);
2411        if (err < 0)
2412                return err;
2413
2414        cmsg_ptr = (unsigned long)msg_sys->msg_control;
2415        msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2416
2417        /* We assume all kernel code knows the size of sockaddr_storage */
2418        msg_sys->msg_namelen = 0;
2419
2420        if (sock->file->f_flags & O_NONBLOCK)
2421                flags |= MSG_DONTWAIT;
2422        err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys, flags);
2423        if (err < 0)
2424                goto out_freeiov;
2425        len = err;
2426
2427        if (uaddr != NULL) {
2428                err = move_addr_to_user(&addr,
2429                                        msg_sys->msg_namelen, uaddr,
2430                                        uaddr_len);
2431                if (err < 0)
2432                        goto out_freeiov;
2433        }
2434        err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
2435                         COMPAT_FLAGS(msg));
2436        if (err)
2437                goto out_freeiov;
2438        if (MSG_CMSG_COMPAT & flags)
2439                err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2440                                 &msg_compat->msg_controllen);
2441        else
2442                err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2443                                 &msg->msg_controllen);
2444        if (err)
2445                goto out_freeiov;
2446        err = len;
2447
2448out_freeiov:
2449        kfree(iov);
2450        return err;
2451}
2452
2453/*
2454 *      BSD recvmsg interface
2455 */
2456
2457long __sys_recvmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2458                   bool forbid_cmsg_compat)
2459{
2460        int fput_needed, err;
2461        struct msghdr msg_sys;
2462        struct socket *sock;
2463
2464        if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2465                return -EINVAL;
2466
2467        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2468        if (!sock)
2469                goto out;
2470
2471        err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2472
2473        fput_light(sock->file, fput_needed);
2474out:
2475        return err;
2476}
2477
2478SYSCALL_DEFINE3(recvmsg, int, fd, struct user_msghdr __user *, msg,
2479                unsigned int, flags)
2480{
2481        return __sys_recvmsg(fd, msg, flags, true);
2482}
2483
2484/*
2485 *     Linux recvmmsg interface
2486 */
2487
2488static int do_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2489                          unsigned int vlen, unsigned int flags,
2490                          struct timespec64 *timeout)
2491{
2492        int fput_needed, err, datagrams;
2493        struct socket *sock;
2494        struct mmsghdr __user *entry;
2495        struct compat_mmsghdr __user *compat_entry;
2496        struct msghdr msg_sys;
2497        struct timespec64 end_time;
2498        struct timespec64 timeout64;
2499
2500        if (timeout &&
2501            poll_select_set_timeout(&end_time, timeout->tv_sec,
2502                                    timeout->tv_nsec))
2503                return -EINVAL;
2504
2505        datagrams = 0;
2506
2507        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2508        if (!sock)
2509                return err;
2510
2511        if (likely(!(flags & MSG_ERRQUEUE))) {
2512                err = sock_error(sock->sk);
2513                if (err) {
2514                        datagrams = err;
2515                        goto out_put;
2516                }
2517        }
2518
2519        entry = mmsg;
2520        compat_entry = (struct compat_mmsghdr __user *)mmsg;
2521
2522        while (datagrams < vlen) {
2523                /*
2524                 * No need to ask LSM for more than the first datagram.
2525                 */
2526                if (MSG_CMSG_COMPAT & flags) {
2527                        err = ___sys_recvmsg(sock, (struct user_msghdr __user *)compat_entry,
2528                                             &msg_sys, flags & ~MSG_WAITFORONE,
2529                                             datagrams);
2530                        if (err < 0)
2531                                break;
2532                        err = __put_user(err, &compat_entry->msg_len);
2533                        ++compat_entry;
2534                } else {
2535                        err = ___sys_recvmsg(sock,
2536                                             (struct user_msghdr __user *)entry,
2537                                             &msg_sys, flags & ~MSG_WAITFORONE,
2538                                             datagrams);
2539                        if (err < 0)
2540                                break;
2541                        err = put_user(err, &entry->msg_len);
2542                        ++entry;
2543                }
2544
2545                if (err)
2546                        break;
2547                ++datagrams;
2548
2549                /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
2550                if (flags & MSG_WAITFORONE)
2551                        flags |= MSG_DONTWAIT;
2552
2553                if (timeout) {
2554                        ktime_get_ts64(&timeout64);
2555                        *timeout = timespec64_sub(end_time, timeout64);
2556                        if (timeout->tv_sec < 0) {
2557                                timeout->tv_sec = timeout->tv_nsec = 0;
2558                                break;
2559                        }
2560
2561                        /* Timeout, return less than vlen datagrams */
2562                        if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2563                                break;
2564                }
2565
2566                /* Out of band data, return right away */
2567                if (msg_sys.msg_flags & MSG_OOB)
2568                        break;
2569                cond_resched();
2570        }
2571
2572        if (err == 0)
2573                goto out_put;
2574
2575        if (datagrams == 0) {
2576                datagrams = err;
2577                goto out_put;
2578        }
2579
2580        /*
2581         * We may return less entries than requested (vlen) if the
2582         * sock is non block and there aren't enough datagrams...
2583         */
2584        if (err != -EAGAIN) {
2585                /*
2586                 * ... or  if recvmsg returns an error after we
2587                 * received some datagrams, where we record the
2588                 * error to return on the next call or if the
2589                 * app asks about it using getsockopt(SO_ERROR).
2590                 */
2591                sock->sk->sk_err = -err;
2592        }
2593out_put:
2594        fput_light(sock->file, fput_needed);
2595
2596        return datagrams;
2597}
2598
2599int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2600                   unsigned int vlen, unsigned int flags,
2601                   struct __kernel_timespec __user *timeout,
2602                   struct old_timespec32 __user *timeout32)
2603{
2604        int datagrams;
2605        struct timespec64 timeout_sys;
2606
2607        if (timeout && get_timespec64(&timeout_sys, timeout))
2608                return -EFAULT;
2609
2610        if (timeout32 && get_old_timespec32(&timeout_sys, timeout32))
2611                return -EFAULT;
2612
2613        if (!timeout && !timeout32)
2614                return do_recvmmsg(fd, mmsg, vlen, flags, NULL);
2615
2616        datagrams = do_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2617
2618        if (datagrams <= 0)
2619                return datagrams;
2620
2621        if (timeout && put_timespec64(&timeout_sys, timeout))
2622                datagrams = -EFAULT;
2623
2624        if (timeout32 && put_old_timespec32(&timeout_sys, timeout32))
2625                datagrams = -EFAULT;
2626
2627        return datagrams;
2628}
2629
2630SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2631                unsigned int, vlen, unsigned int, flags,
2632                struct __kernel_timespec __user *, timeout)
2633{
2634        if (flags & MSG_CMSG_COMPAT)
2635                return -EINVAL;
2636
2637        return __sys_recvmmsg(fd, mmsg, vlen, flags, timeout, NULL);
2638}
2639
2640#ifdef CONFIG_COMPAT_32BIT_TIME
2641SYSCALL_DEFINE5(recvmmsg_time32, int, fd, struct mmsghdr __user *, mmsg,
2642                unsigned int, vlen, unsigned int, flags,
2643                struct old_timespec32 __user *, timeout)
2644{
2645        if (flags & MSG_CMSG_COMPAT)
2646                return -EINVAL;
2647
2648        return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL, timeout);
2649}
2650#endif
2651
2652#ifdef __ARCH_WANT_SYS_SOCKETCALL
2653/* Argument list sizes for sys_socketcall */
2654#define AL(x) ((x) * sizeof(unsigned long))
2655static const unsigned char nargs[21] = {
2656        AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2657        AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2658        AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2659        AL(4), AL(5), AL(4)
2660};
2661
2662#undef AL
2663
2664/*
2665 *      System call vectors.
2666 *
2667 *      Argument checking cleaned up. Saved 20% in size.
2668 *  This function doesn't need to set the kernel lock because
2669 *  it is set by the callees.
2670 */
2671
2672SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2673{
2674        unsigned long a[AUDITSC_ARGS];
2675        unsigned long a0, a1;
2676        int err;
2677        unsigned int len;
2678
2679        if (call < 1 || call > SYS_SENDMMSG)
2680                return -EINVAL;
2681        call = array_index_nospec(call, SYS_SENDMMSG + 1);
2682
2683        len = nargs[call];
2684        if (len > sizeof(a))
2685                return -EINVAL;
2686
2687        /* copy_from_user should be SMP safe. */
2688        if (copy_from_user(a, args, len))
2689                return -EFAULT;
2690
2691        err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2692        if (err)
2693                return err;
2694
2695        a0 = a[0];
2696        a1 = a[1];
2697
2698        switch (call) {
2699        case SYS_SOCKET:
2700                err = __sys_socket(a0, a1, a[2]);
2701                break;
2702        case SYS_BIND:
2703                err = __sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2704                break;
2705        case SYS_CONNECT:
2706                err = __sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2707                break;
2708        case SYS_LISTEN:
2709                err = __sys_listen(a0, a1);
2710                break;
2711        case SYS_ACCEPT:
2712                err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2713                                    (int __user *)a[2], 0);
2714                break;
2715        case SYS_GETSOCKNAME:
2716                err =
2717                    __sys_getsockname(a0, (struct sockaddr __user *)a1,
2718                                      (int __user *)a[2]);
2719                break;
2720        case SYS_GETPEERNAME:
2721                err =
2722                    __sys_getpeername(a0, (struct sockaddr __user *)a1,
2723                                      (int __user *)a[2]);
2724                break;
2725        case SYS_SOCKETPAIR:
2726                err = __sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2727                break;
2728        case SYS_SEND:
2729                err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2730                                   NULL, 0);
2731                break;
2732        case SYS_SENDTO:
2733                err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2734                                   (struct sockaddr __user *)a[4], a[5]);
2735                break;
2736        case SYS_RECV:
2737                err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2738                                     NULL, NULL);
2739                break;
2740        case SYS_RECVFROM:
2741                err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2742                                     (struct sockaddr __user *)a[4],
2743                                     (int __user *)a[5]);
2744                break;
2745        case SYS_SHUTDOWN:
2746                err = __sys_shutdown(a0, a1);
2747                break;
2748        case SYS_SETSOCKOPT:
2749                err = __sys_setsockopt(a0, a1, a[2], (char __user *)a[3],
2750                                       a[4]);
2751                break;
2752        case SYS_GETSOCKOPT:
2753                err =
2754                    __sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2755                                     (int __user *)a[4]);
2756                break;
2757        case SYS_SENDMSG:
2758                err = __sys_sendmsg(a0, (struct user_msghdr __user *)a1,
2759                                    a[2], true);
2760                break;
2761        case SYS_SENDMMSG:
2762                err = __sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2],
2763                                     a[3], true);
2764                break;
2765        case SYS_RECVMSG:
2766                err = __sys_recvmsg(a0, (struct user_msghdr __user *)a1,
2767                                    a[2], true);
2768                break;
2769        case SYS_RECVMMSG:
2770                if (IS_ENABLED(CONFIG_64BIT) || !IS_ENABLED(CONFIG_64BIT_TIME))
2771                        err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2772                                             a[2], a[3],
2773                                             (struct __kernel_timespec __user *)a[4],
2774                                             NULL);
2775                else
2776                        err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2777                                             a[2], a[3], NULL,
2778                                             (struct old_timespec32 __user *)a[4]);
2779                break;
2780        case SYS_ACCEPT4:
2781                err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2782                                    (int __user *)a[2], a[3]);
2783                break;
2784        default:
2785                err = -EINVAL;
2786                break;
2787        }
2788        return err;
2789}
2790
2791#endif                          /* __ARCH_WANT_SYS_SOCKETCALL */
2792
2793/**
2794 *      sock_register - add a socket protocol handler
2795 *      @ops: description of protocol
2796 *
2797 *      This function is called by a protocol handler that wants to
2798 *      advertise its address family, and have it linked into the
2799 *      socket interface. The value ops->family corresponds to the
2800 *      socket system call protocol family.
2801 */
2802int sock_register(const struct net_proto_family *ops)
2803{
2804        int err;
2805
2806        if (ops->family >= NPROTO) {
2807                pr_crit("protocol %d >= NPROTO(%d)\n", ops->family, NPROTO);
2808                return -ENOBUFS;
2809        }
2810
2811        spin_lock(&net_family_lock);
2812        if (rcu_dereference_protected(net_families[ops->family],
2813                                      lockdep_is_held(&net_family_lock)))
2814                err = -EEXIST;
2815        else {
2816                rcu_assign_pointer(net_families[ops->family], ops);
2817                err = 0;
2818        }
2819        spin_unlock(&net_family_lock);
2820
2821        pr_info("NET: Registered protocol family %d\n", ops->family);
2822        return err;
2823}
2824EXPORT_SYMBOL(sock_register);
2825
2826/**
2827 *      sock_unregister - remove a protocol handler
2828 *      @family: protocol family to remove
2829 *
2830 *      This function is called by a protocol handler that wants to
2831 *      remove its address family, and have it unlinked from the
2832 *      new socket creation.
2833 *
2834 *      If protocol handler is a module, then it can use module reference
2835 *      counts to protect against new references. If protocol handler is not
2836 *      a module then it needs to provide its own protection in
2837 *      the ops->create routine.
2838 */
2839void sock_unregister(int family)
2840{
2841        BUG_ON(family < 0 || family >= NPROTO);
2842
2843        spin_lock(&net_family_lock);
2844        RCU_INIT_POINTER(net_families[family], NULL);
2845        spin_unlock(&net_family_lock);
2846
2847        synchronize_rcu();
2848
2849        pr_info("NET: Unregistered protocol family %d\n", family);
2850}
2851EXPORT_SYMBOL(sock_unregister);
2852
2853bool sock_is_registered(int family)
2854{
2855        return family < NPROTO && rcu_access_pointer(net_families[family]);
2856}
2857
2858static int __init sock_init(void)
2859{
2860        int err;
2861        /*
2862         *      Initialize the network sysctl infrastructure.
2863         */
2864        err = net_sysctl_init();
2865        if (err)
2866                goto out;
2867
2868        /*
2869         *      Initialize skbuff SLAB cache
2870         */
2871        skb_init();
2872
2873        /*
2874         *      Initialize the protocols module.
2875         */
2876
2877        init_inodecache();
2878
2879        err = register_filesystem(&sock_fs_type);
2880        if (err)
2881                goto out_fs;
2882        sock_mnt = kern_mount(&sock_fs_type);
2883        if (IS_ERR(sock_mnt)) {
2884                err = PTR_ERR(sock_mnt);
2885                goto out_mount;
2886        }
2887
2888        /* The real protocol initialization is performed in later initcalls.
2889         */
2890
2891#ifdef CONFIG_NETFILTER
2892        err = netfilter_init();
2893        if (err)
2894                goto out;
2895#endif
2896
2897        ptp_classifier_init();
2898
2899out:
2900        return err;
2901
2902out_mount:
2903        unregister_filesystem(&sock_fs_type);
2904out_fs:
2905        goto out;
2906}
2907
2908core_initcall(sock_init);       /* early initcall */
2909
2910#ifdef CONFIG_PROC_FS
2911void socket_seq_show(struct seq_file *seq)
2912{
2913        seq_printf(seq, "sockets: used %d\n",
2914                   sock_inuse_get(seq->private));
2915}
2916#endif                          /* CONFIG_PROC_FS */
2917
2918#ifdef CONFIG_COMPAT
2919static int do_siocgstamp(struct net *net, struct socket *sock,
2920                         unsigned int cmd, void __user *up)
2921{
2922        mm_segment_t old_fs = get_fs();
2923        struct timeval ktv;
2924        int err;
2925
2926        set_fs(KERNEL_DS);
2927        err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv);
2928        set_fs(old_fs);
2929        if (!err)
2930                err = compat_put_timeval(&ktv, up);
2931
2932        return err;
2933}
2934
2935static int do_siocgstampns(struct net *net, struct socket *sock,
2936                           unsigned int cmd, void __user *up)
2937{
2938        mm_segment_t old_fs = get_fs();
2939        struct timespec kts;
2940        int err;
2941
2942        set_fs(KERNEL_DS);
2943        err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts);
2944        set_fs(old_fs);
2945        if (!err)
2946                err = compat_put_timespec(&kts, up);
2947
2948        return err;
2949}
2950
2951static int compat_dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
2952{
2953        struct compat_ifconf ifc32;
2954        struct ifconf ifc;
2955        int err;
2956
2957        if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
2958                return -EFAULT;
2959
2960        ifc.ifc_len = ifc32.ifc_len;
2961        ifc.ifc_req = compat_ptr(ifc32.ifcbuf);
2962
2963        rtnl_lock();
2964        err = dev_ifconf(net, &ifc, sizeof(struct compat_ifreq));
2965        rtnl_unlock();
2966        if (err)
2967                return err;
2968
2969        ifc32.ifc_len = ifc.ifc_len;
2970        if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
2971                return -EFAULT;
2972
2973        return 0;
2974}
2975
2976static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2977{
2978        struct compat_ethtool_rxnfc __user *compat_rxnfc;
2979        bool convert_in = false, convert_out = false;
2980        size_t buf_size = 0;
2981        struct ethtool_rxnfc __user *rxnfc = NULL;
2982        struct ifreq ifr;
2983        u32 rule_cnt = 0, actual_rule_cnt;
2984        u32 ethcmd;
2985        u32 data;
2986        int ret;
2987
2988        if (get_user(data, &ifr32->ifr_ifru.ifru_data))
2989                return -EFAULT;
2990
2991        compat_rxnfc = compat_ptr(data);
2992
2993        if (get_user(ethcmd, &compat_rxnfc->cmd))
2994                return -EFAULT;
2995
2996        /* Most ethtool structures are defined without padding.
2997         * Unfortunately struct ethtool_rxnfc is an exception.
2998         */
2999        switch (ethcmd) {
3000        default:

3001                break;
3002        case ETHTOOL_GRXCLSRLALL:
3003                /* Buffer size is variable */
3004                if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
3005                        return -EFAULT;
3006                if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
3007                        return -ENOMEM;
3008                buf_size += rule_cnt * sizeof(u32);
3009                /* fall through */
3010        case ETHTOOL_GRXRINGS:
3011        case ETHTOOL_GRXCLSRLCNT:
3012        case ETHTOOL_GRXCLSRULE:
3013        case ETHTOOL_SRXCLSRLINS:
3014                convert_out = true;
3015                /* fall through */
3016        case ETHTOOL_SRXCLSRLDEL:
3017                buf_size += sizeof(struct ethtool_rxnfc);
3018                convert_in = true;
3019                rxnfc = compat_alloc_user_space(buf_size);
3020                break;
3021        }
3022
3023        if (copy_from_user(&ifr.ifr_name, &ifr32->ifr_name, IFNAMSIZ))
3024                return -EFAULT;
3025
3026        ifr.ifr_data = convert_in ? rxnfc : (void __user *)compat_rxnfc;
3027
3028        if (convert_in) {
3029                /* We expect there to be holes between fs.m_ext and
3030                 * fs.ring_cookie and at the end of fs, but nowhere else.
3031                 */
3032                BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
3033                             sizeof(compat_rxnfc->fs.m_ext) !=
3034                             offsetof(struct ethtool_rxnfc, fs.m_ext) +
3035                             sizeof(rxnfc->fs.m_ext));
3036                BUILD_BUG_ON(
3037                        offsetof(struct compat_ethtool_rxnfc, fs.location) -
3038                        offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
3039                        offsetof(struct ethtool_rxnfc, fs.location) -
3040                        offsetof(struct ethtool_rxnfc, fs.ring_cookie));
3041
3042                if (copy_in_user(rxnfc, compat_rxnfc,
3043                                 (void __user *)(&rxnfc->fs.m_ext + 1) -
3044                                 (void __user *)rxnfc) ||
3045                    copy_in_user(&rxnfc->fs.ring_cookie,
3046                                 &compat_rxnfc->fs.ring_cookie,
3047                                 (void __user *)(&rxnfc->fs.location + 1) -
3048                                 (void __user *)&rxnfc->fs.ring_cookie))
3049                        return -EFAULT;
3050                if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3051                        if (put_user(rule_cnt, &rxnfc->rule_cnt))
3052                                return -EFAULT;
3053                } else if (copy_in_user(&rxnfc->rule_cnt,
3054                                        &compat_rxnfc->rule_cnt,
3055                                        sizeof(rxnfc->rule_cnt)))
3056                        return -EFAULT;
3057        }
3058
3059        ret = dev_ioctl(net, SIOCETHTOOL, &ifr, NULL);
3060        if (ret)
3061                return ret;
3062
3063        if (convert_out) {
3064                if (copy_in_user(compat_rxnfc, rxnfc,
3065                                 (const void __user *)(&rxnfc->fs.m_ext + 1) -
3066                                 (const void __user *)rxnfc) ||
3067                    copy_in_user(&compat_rxnfc->fs.ring_cookie,
3068                                 &rxnfc->fs.ring_cookie,
3069                                 (const void __user *)(&rxnfc->fs.location + 1) -
3070                                 (const void __user *)&rxnfc->fs.ring_cookie) ||
3071                    copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
3072                                 sizeof(rxnfc->rule_cnt)))
3073                        return -EFAULT;
3074
3075                if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3076                        /* As an optimisation, we only copy the actual
3077                         * number of rules that the underlying
3078                         * function returned.  Since Mallory might
3079                         * change the rule count in user memory, we
3080                         * check that it is less than the rule count
3081                         * originally given (as the user buffer size),
3082                         * which has been range-checked.
3083                         */
3084                        if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
3085                                return -EFAULT;
3086                        if (actual_rule_cnt < rule_cnt)
3087                                rule_cnt = actual_rule_cnt;
3088                        if (copy_in_user(&compat_rxnfc->rule_locs[0],
3089                                         &rxnfc->rule_locs[0],
3090                                         rule_cnt * sizeof(u32)))
3091                                return -EFAULT;
3092                }
3093        }
3094
3095        return 0;
3096}
3097
3098static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
3099{
3100        compat_uptr_t uptr32;
3101        struct ifreq ifr;
3102        void __user *saved;
3103        int err;
3104
3105        if (copy_from_user(&ifr, uifr32, sizeof(struct compat_ifreq)))
3106                return -EFAULT;
3107
3108        if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
3109                return -EFAULT;
3110
3111        saved = ifr.ifr_settings.ifs_ifsu.raw_hdlc;
3112        ifr.ifr_settings.ifs_ifsu.raw_hdlc = compat_ptr(uptr32);
3113
3114        err = dev_ioctl(net, SIOCWANDEV, &ifr, NULL);
3115        if (!err) {
3116                ifr.ifr_settings.ifs_ifsu.raw_hdlc = saved;
3117                if (copy_to_user(uifr32, &ifr, sizeof(struct compat_ifreq)))
3118                        err = -EFAULT;
3119        }
3120        return err;
3121}
3122
3123/* Handle ioctls that use ifreq::ifr_data and just need struct ifreq converted */
3124static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd,
3125                                 struct compat_ifreq __user *u_ifreq32)
3126{
3127        struct ifreq ifreq;
3128        u32 data32;
3129
3130        if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ))
3131                return -EFAULT;
3132        if (get_user(data32, &u_ifreq32->ifr_data))
3133                return -EFAULT;
3134        ifreq.ifr_data = compat_ptr(data32);
3135
3136        return dev_ioctl(net, cmd, &ifreq, NULL);
3137}
3138
3139static int compat_ifreq_ioctl(struct net *net, struct socket *sock,
3140                              unsigned int cmd,
3141                              struct compat_ifreq __user *uifr32)
3142{
3143        struct ifreq __user *uifr;
3144        int err;
3145
3146        /* Handle the fact that while struct ifreq has the same *layout* on
3147         * 32/64 for everything but ifreq::ifru_ifmap and ifreq::ifru_data,
3148         * which are handled elsewhere, it still has different *size* due to
3149         * ifreq::ifru_ifmap (which is 16 bytes on 32 bit, 24 bytes on 64-bit,
3150         * resulting in struct ifreq being 32 and 40 bytes respectively).
3151         * As a result, if the struct happens to be at the end of a page and
3152         * the next page isn't readable/writable, we get a fault. To prevent
3153         * that, copy back and forth to the full size.
3154         */
3155
3156        uifr = compat_alloc_user_space(sizeof(*uifr));
3157        if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
3158                return -EFAULT;
3159
3160        err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
3161
3162        if (!err) {
3163                switch (cmd) {
3164                case SIOCGIFFLAGS:
3165                case SIOCGIFMETRIC:
3166                case SIOCGIFMTU:
3167                case SIOCGIFMEM:
3168                case SIOCGIFHWADDR:
3169                case SIOCGIFINDEX:
3170                case SIOCGIFADDR:
3171                case SIOCGIFBRDADDR:
3172                case SIOCGIFDSTADDR:
3173                case SIOCGIFNETMASK:
3174                case SIOCGIFPFLAGS:
3175                case SIOCGIFTXQLEN:
3176                case SIOCGMIIPHY:
3177                case SIOCGMIIREG:
3178                case SIOCGIFNAME:
3179                        if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
3180                                err = -EFAULT;
3181                        break;
3182                }
3183        }
3184        return err;
3185}
3186
3187static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3188                        struct compat_ifreq __user *uifr32)
3189{
3190        struct ifreq ifr;
3191        struct compat_ifmap __user *uifmap32;
3192        int err;
3193
3194        uifmap32 = &uifr32->ifr_ifru.ifru_map;
3195        err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3196        err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3197        err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3198        err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3199        err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3200        err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3201        err |= get_user(ifr.ifr_map.port, &uifmap32->port);
3202        if (err)
3203                return -EFAULT;
3204
3205        err = dev_ioctl(net, cmd, &ifr, NULL);
3206
3207        if (cmd == SIOCGIFMAP && !err) {
3208                err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3209                err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3210                err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3211                err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3212                err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3213                err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3214                err |= put_user(ifr.ifr_map.port, &uifmap32->port);
3215                if (err)
3216                        err = -EFAULT;
3217        }
3218        return err;
3219}
3220
3221struct rtentry32 {
3222        u32             rt_pad1;
3223        struct sockaddr rt_dst;         /* target address               */
3224        struct sockaddr rt_gateway;     /* gateway addr (RTF_GATEWAY)   */
3225        struct sockaddr rt_genmask;     /* target network mask (IP)     */
3226        unsigned short  rt_flags;
3227        short           rt_pad2;
3228        u32             rt_pad3;
3229        unsigned char   rt_tos;
3230        unsigned char   rt_class;
3231        short           rt_pad4;
3232        short           rt_metric;      /* +1 for binary compatibility! */
3233        /* char * */ u32 rt_dev;        /* forcing the device at add    */
3234        u32             rt_mtu;         /* per route MTU/Window         */
3235        u32             rt_window;      /* Window clamping              */
3236        unsigned short  rt_irtt;        /* Initial RTT                  */
3237};
3238
3239struct in6_rtmsg32 {
3240        struct in6_addr         rtmsg_dst;
3241        struct in6_addr         rtmsg_src;
3242        struct in6_addr         rtmsg_gateway;
3243        u32                     rtmsg_type;
3244        u16                     rtmsg_dst_len;
3245        u16                     rtmsg_src_len;
3246        u32                     rtmsg_metric;
3247        u32                     rtmsg_info;
3248        u32                     rtmsg_flags;
3249        s32                     rtmsg_ifindex;
3250};
3251
3252static int routing_ioctl(struct net *net, struct socket *sock,
3253                         unsigned int cmd, void __user *argp)
3254{
3255        int ret;
3256        void *r = NULL;
3257        struct in6_rtmsg r6;
3258        struct rtentry r4;
3259        char devname[16];
3260        u32 rtdev;
3261        mm_segment_t old_fs = get_fs();
3262
3263        if (sock && sock->sk && sock->sk->sk_family == AF_INET6) { /* ipv6 */
3264                struct in6_rtmsg32 __user *ur6 = argp;
3265                ret = copy_from_user(&r6.rtmsg_dst, &(ur6->rtmsg_dst),
3266                        3 * sizeof(struct in6_addr));
3267                ret |= get_user(r6.rtmsg_type, &(ur6->rtmsg_type));
3268                ret |= get_user(r6.rtmsg_dst_len, &(ur6->rtmsg_dst_len));
3269                ret |= get_user(r6.rtmsg_src_len, &(ur6->rtmsg_src_len));
3270                ret |= get_user(r6.rtmsg_metric, &(ur6->rtmsg_metric));
3271                ret |= get_user(r6.rtmsg_info, &(ur6->rtmsg_info));
3272                ret |= get_user(r6.rtmsg_flags, &(ur6->rtmsg_flags));
3273                ret |= get_user(r6.rtmsg_ifindex, &(ur6->rtmsg_ifindex));
3274
3275                r = (void *) &r6;
3276        } else { /* ipv4 */
3277                struct rtentry32 __user *ur4 = argp;
3278                ret = copy_from_user(&r4.rt_dst, &(ur4->rt_dst),
3279                                        3 * sizeof(struct sockaddr));
3280                ret |= get_user(r4.rt_flags, &(ur4->rt_flags));
3281                ret |= get_user(r4.rt_metric, &(ur4->rt_metric));
3282                ret |= get_user(r4.rt_mtu, &(ur4->rt_mtu));
3283                ret |= get_user(r4.rt_window, &(ur4->rt_window));
3284                ret |= get_user(r4.rt_irtt, &(ur4->rt_irtt));
3285                ret |= get_user(rtdev, &(ur4->rt_dev));
3286                if (rtdev) {
3287                        ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
3288                        r4.rt_dev = (char __user __force *)devname;
3289                        devname[15] = 0;
3290                } else
3291                        r4.rt_dev = NULL;
3292
3293                r = (void *) &r4;
3294        }
3295
3296        if (ret) {
3297                ret = -EFAULT;
3298                goto out;
3299        }
3300
3301        set_fs(KERNEL_DS);
3302        ret = sock_do_ioctl(net, sock, cmd, (unsigned long) r);
3303        set_fs(old_fs);
3304
3305out:
3306        return ret;
3307}
3308
3309/* Since old style bridge ioctl's endup using SIOCDEVPRIVATE
3310 * for some operations; this forces use of the newer bridge-utils that
3311 * use compatible ioctls
3312 */
3313static int old_bridge_ioctl(compat_ulong_t __user *argp)
3314{
3315        compat_ulong_t tmp;
3316
3317        if (get_user(tmp, argp))
3318                return -EFAULT;
3319        if (tmp == BRCTL_GET_VERSION)
3320                return BRCTL_VERSION + 1;
3321        return -EINVAL;
3322}
3323
3324static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3325                         unsigned int cmd, unsigned long arg)
3326{
3327        void __user *argp = compat_ptr(arg);
3328        struct sock *sk = sock->sk;
3329        struct net *net = sock_net(sk);
3330
3331        if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
3332                return compat_ifr_data_ioctl(net, cmd, argp);
3333
3334        switch (cmd) {
3335        case SIOCSIFBR:
3336        case SIOCGIFBR:
3337                return old_bridge_ioctl(argp);
3338        case SIOCGIFCONF:
3339                return compat_dev_ifconf(net, argp);
3340        case SIOCETHTOOL:
3341                return ethtool_ioctl(net, argp);
3342        case SIOCWANDEV:
3343                return compat_siocwandev(net, argp);
3344        case SIOCGIFMAP:
3345        case SIOCSIFMAP:
3346                return compat_sioc_ifmap(net, cmd, argp);
3347        case SIOCADDRT:
3348        case SIOCDELRT:
3349                return routing_ioctl(net, sock, cmd, argp);
3350        case SIOCGSTAMP:
3351                return do_siocgstamp(net, sock, cmd, argp);
3352        case SIOCGSTAMPNS:
3353                return do_siocgstampns(net, sock, cmd, argp);
3354        case SIOCBONDSLAVEINFOQUERY:
3355        case SIOCBONDINFOQUERY:
3356        case SIOCSHWTSTAMP:
3357        case SIOCGHWTSTAMP:
3358                return compat_ifr_data_ioctl(net, cmd, argp);
3359
3360        case FIOSETOWN:
3361        case SIOCSPGRP:
3362        case FIOGETOWN:
3363        case SIOCGPGRP:
3364        case SIOCBRADDBR:
3365        case SIOCBRDELBR:
3366        case SIOCGIFVLAN:
3367        case SIOCSIFVLAN:
3368        case SIOCADDDLCI:
3369        case SIOCDELDLCI:
3370        case SIOCGSKNS:
3371                return sock_ioctl(file, cmd, arg);
3372
3373        case SIOCGIFFLAGS:
3374        case SIOCSIFFLAGS:
3375        case SIOCGIFMETRIC:
3376        case SIOCSIFMETRIC:
3377        case SIOCGIFMTU:
3378        case SIOCSIFMTU:
3379        case SIOCGIFMEM:
3380        case SIOCSIFMEM:
3381        case SIOCGIFHWADDR:
3382        case SIOCSIFHWADDR:
3383        case SIOCADDMULTI:
3384        case SIOCDELMULTI:
3385        case SIOCGIFINDEX:
3386        case SIOCGIFADDR:
3387        case SIOCSIFADDR:
3388        case SIOCSIFHWBROADCAST:
3389        case SIOCDIFADDR:
3390        case SIOCGIFBRDADDR:
3391        case SIOCSIFBRDADDR:
3392        case SIOCGIFDSTADDR:
3393        case SIOCSIFDSTADDR:
3394        case SIOCGIFNETMASK:
3395        case SIOCSIFNETMASK:
3396        case SIOCSIFPFLAGS:
3397        case SIOCGIFPFLAGS:
3398        case SIOCGIFTXQLEN:
3399        case SIOCSIFTXQLEN:
3400        case SIOCBRADDIF:
3401        case SIOCBRDELIF:
3402        case SIOCGIFNAME:
3403        case SIOCSIFNAME:
3404        case SIOCGMIIPHY:
3405        case SIOCGMIIREG:
3406        case SIOCSMIIREG:
3407        case SIOCBONDENSLAVE:
3408        case SIOCBONDRELEASE:
3409        case SIOCBONDSETHWADDR:
3410        case SIOCBONDCHANGEACTIVE:
3411                return compat_ifreq_ioctl(net, sock, cmd, argp);
3412
3413        case SIOCSARP:
3414        case SIOCGARP:
3415        case SIOCDARP:
3416        case SIOCATMARK:
3417                return sock_do_ioctl(net, sock, cmd, arg);
3418        }
3419
3420        return -ENOIOCTLCMD;
3421}
3422
3423static long compat_sock_ioctl(struct file *file, unsigned int cmd,
3424                              unsigned long arg)
3425{
3426        struct socket *sock = file->private_data;
3427        int ret = -ENOIOCTLCMD;
3428        struct sock *sk;
3429        struct net *net;
3430
3431        sk = sock->sk;
3432        net = sock_net(sk);
3433
3434        if (sock->ops->compat_ioctl)
3435                ret = sock->ops->compat_ioctl(sock, cmd, arg);
3436
3437        if (ret == -ENOIOCTLCMD &&
3438            (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3439                ret = compat_wext_handle_ioctl(net, cmd, arg);
3440
3441        if (ret == -ENOIOCTLCMD)
3442                ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3443
3444        return ret;
3445}
3446#endif
3447
3448/**
3449 *      kernel_bind - bind an address to a socket (kernel space)
3450 *      @sock: socket
3451 *      @addr: address
3452 *      @addrlen: length of address
3453 *
3454 *      Returns 0 or an error.
3455 */
3456
3457int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3458{
3459        return sock->ops->bind(sock, addr, addrlen);
3460}
3461EXPORT_SYMBOL(kernel_bind);
3462
3463/**
3464 *      kernel_listen - move socket to listening state (kernel space)
3465 *      @sock: socket
3466 *      @backlog: pending connections queue size
3467 *
3468 *      Returns 0 or an error.
3469 */
3470
3471int kernel_listen(struct socket *sock, int backlog)
3472{
3473        return sock->ops->listen(sock, backlog);
3474}
3475EXPORT_SYMBOL(kernel_listen);
3476
3477/**
3478 *      kernel_accept - accept a connection (kernel space)
3479 *      @sock: listening socket
3480 *      @newsock: new connected socket
3481 *      @flags: flags
3482 *
3483 *      @flags must be SOCK_CLOEXEC, SOCK_NONBLOCK or 0.
3484 *      If it fails, @newsock is guaranteed to be %NULL.
3485 *      Returns 0 or an error.
3486 */
3487
3488int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3489{
3490        struct sock *sk = sock->sk;
3491        int err;
3492
3493        err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3494                               newsock);
3495        if (err < 0)
3496                goto done;
3497
3498        err = sock->ops->accept(sock, *newsock, flags, true);
3499        if (err < 0) {
3500                sock_release(*newsock);
3501                *newsock = NULL;
3502                goto done;
3503        }
3504
3505        (*newsock)->ops = sock->ops;
3506        __module_get((*newsock)->ops->owner);
3507
3508done:
3509        return err;
3510}
3511EXPORT_SYMBOL(kernel_accept);
3512
3513/**
3514 *      kernel_connect - connect a socket (kernel space)
3515 *      @sock: socket
3516 *      @addr: address
3517 *      @addrlen: address length
3518 *      @flags: flags (O_NONBLOCK, ...)
3519 *
3520 *      For datagram sockets, @addr is the addres to which datagrams are sent
3521 *      by default, and the only address from which datagrams are received.
3522 *      For stream sockets, attempts to connect to @addr.
3523 *      Returns 0 or an error code.
3524 */
3525
3526int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
3527                   int flags)
3528{
3529        return sock->ops->connect(sock, addr, addrlen, flags);
3530}
3531EXPORT_SYMBOL(kernel_connect);
3532
3533/**
3534 *      kernel_getsockname - get the address which the socket is bound (kernel space)
3535 *      @sock: socket
3536 *      @addr: address holder
3537 *
3538 *      Fills the @addr pointer with the address which the socket is bound.
3539 *      Returns 0 or an error code.
3540 */
3541
3542int kernel_getsockname(struct socket *sock, struct sockaddr *addr)
3543{
3544        return sock->ops->getname(sock, addr, 0);
3545}
3546EXPORT_SYMBOL(kernel_getsockname);
3547
3548/**
3549 *      kernel_peername - get the address which the socket is connected (kernel space)
3550 *      @sock: socket
3551 *      @addr: address holder
3552 *
3553 *      Fills the @addr pointer with the address which the socket is connected.
3554 *      Returns 0 or an error code.
3555 */
3556
3557int kernel_getpeername(struct socket *sock, struct sockaddr *addr)
3558{
3559        return sock->ops->getname(sock, addr, 1);
3560}
3561EXPORT_SYMBOL(kernel_getpeername);
3562
3563/**
3564 *      kernel_getsockopt - get a socket option (kernel space)
3565 *      @sock: socket
3566 *      @level: API level (SOL_SOCKET, ...)
3567 *      @optname: option tag
3568 *      @optval: option value
3569 *      @optlen: option length
3570 *
3571 *      Assigns the option length to @optlen.
3572 *      Returns 0 or an error.
3573 */
3574
3575int kernel_getsockopt(struct socket *sock, int level, int optname,
3576                        char *optval, int *optlen)
3577{
3578        mm_segment_t oldfs = get_fs();
3579        char __user *uoptval;
3580        int __user *uoptlen;
3581        int err;
3582
3583        uoptval = (char __user __force *) optval;
3584        uoptlen = (int __user __force *) optlen;
3585
3586        set_fs(KERNEL_DS);
3587        if (level == SOL_SOCKET)
3588                err = sock_getsockopt(sock, level, optname, uoptval, uoptlen);
3589        else
3590                err = sock->ops->getsockopt(sock, level, optname, uoptval,
3591                                            uoptlen);
3592        set_fs(oldfs);
3593        return err;
3594}
3595EXPORT_SYMBOL(kernel_getsockopt);
3596
3597/**
3598 *      kernel_setsockopt - set a socket option (kernel space)
3599 *      @sock: socket
3600 *      @level: API level (SOL_SOCKET, ...)
3601 *      @optname: option tag
3602 *      @optval: option value
3603 *      @optlen: option length
3604 *
3605 *      Returns 0 or an error.
3606 */
3607
3608int kernel_setsockopt(struct socket *sock, int level, int optname,
3609                        char *optval, unsigned int optlen)
3610{
3611        mm_segment_t oldfs = get_fs();
3612        char __user *uoptval;
3613        int err;
3614
3615        uoptval = (char __user __force *) optval;
3616
3617        set_fs(KERNEL_DS);
3618        if (level == SOL_SOCKET)
3619                err = sock_setsockopt(sock, level, optname, uoptval, optlen);
3620        else
3621                err = sock->ops->setsockopt(sock, level, optname, uoptval,
3622                                            optlen);
3623        set_fs(oldfs);
3624        return err;
3625}
3626EXPORT_SYMBOL(kernel_setsockopt);
3627
3628/**
3629 *      kernel_sendpage - send a &page through a socket (kernel space)
3630 *      @sock: socket
3631 *      @page: page
3632 *      @offset: page offset
3633 *      @size: total size in bytes
3634 *      @flags: flags (MSG_DONTWAIT, ...)
3635 *
3636 *      Returns the total amount sent in bytes or an error.
3637 */
3638
3639int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3640                    size_t size, int flags)
3641{
3642        if (sock->ops->sendpage)
3643                return sock->ops->sendpage(sock, page, offset, size, flags);
3644
3645        return sock_no_sendpage(sock, page, offset, size, flags);
3646}
3647EXPORT_SYMBOL(kernel_sendpage);
3648
3649/**
3650 *      kernel_sendpage_locked - send a &page through the locked sock (kernel space)
3651 *      @sk: sock
3652 *      @page: page
3653 *      @offset: page offset
3654 *      @size: total size in bytes
3655 *      @flags: flags (MSG_DONTWAIT, ...)
3656 *
3657 *      Returns the total amount sent in bytes or an error.
3658 *      Caller must hold @sk.
3659 */
3660
3661int kernel_sendpage_locked(struct sock *sk, struct page *page, int offset,
3662                           size_t size, int flags)
3663{
3664        struct socket *sock = sk->sk_socket;
3665
3666        if (sock->ops->sendpage_locked)
3667                return sock->ops->sendpage_locked(sk, page, offset, size,
3668                                                  flags);
3669
3670        return sock_no_sendpage_locked(sk, page, offset, size, flags);
3671}
3672EXPORT_SYMBOL(kernel_sendpage_locked);
3673
3674/**
3675 *      kernel_shutdown - shut down part of a full-duplex connection (kernel space)
3676 *      @sock: socket
3677 *      @how: connection part
3678 *
3679 *      Returns 0 or an error.
3680 */
3681
3682int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3683{
3684        return sock->ops->shutdown(sock, how);
3685}
3686EXPORT_SYMBOL(kernel_sock_shutdown);
3687
3688/**
3689 *      kernel_sock_ip_overhead - returns the IP overhead imposed by a socket
3690 *      @sk: socket
3691 *
3692 *      This routine returns the IP overhead imposed by a socket i.e.
3693 *      the length of the underlying IP header, depending on whether
3694 *      this is an IPv4 or IPv6 socket and the length from IP options turned
3695 *      on at the socket. Assumes that the caller has a lock on the socket.
3696 */
3697
3698u32 kernel_sock_ip_overhead(struct sock *sk)
3699{
3700        struct inet_sock *inet;
3701        struct ip_options_rcu *opt;
3702        u32 overhead = 0;
3703#if IS_ENABLED(CONFIG_IPV6)
3704        struct ipv6_pinfo *np;
3705        struct ipv6_txoptions *optv6 = NULL;
3706#endif /* IS_ENABLED(CONFIG_IPV6) */
3707
3708        if (!sk)
3709                return overhead;
3710
3711        switch (sk->sk_family) {
3712        case AF_INET:
3713                inet = inet_sk(sk);
3714                overhead += sizeof(struct iphdr);
3715                opt = rcu_dereference_protected(inet->inet_opt,
3716                                                sock_owned_by_user(sk));
3717                if (opt)
3718                        overhead += opt->opt.optlen;
3719                return overhead;
3720#if IS_ENABLED(CONFIG_IPV6)
3721        case AF_INET6:
3722                np = inet6_sk(sk);
3723                overhead += sizeof(struct ipv6hdr);
3724                if (np)
3725                        optv6 = rcu_dereference_protected(np->opt,
3726                                                          sock_owned_by_user(sk));
3727                if (optv6)
3728                        overhead += (optv6->opt_flen + optv6->opt_nflen);
3729                return overhead;
3730#endif /* IS_ENABLED(CONFIG_IPV6) */
3731        default: /* Returns 0 overhead if the socket is not ipv4 or ipv6 */
3732                return overhead;
3733        }
3734}
3735EXPORT_SYMBOL(kernel_sock_ip_overhead);
3736
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.