1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55#include <linux/ethtool.h>
56#include <linux/mm.h>
57#include <linux/socket.h>
58#include <linux/file.h>
59#include <linux/net.h>
60#include <linux/interrupt.h>
61#include <linux/thread_info.h>
62#include <linux/rcupdate.h>
63#include <linux/netdevice.h>
64#include <linux/proc_fs.h>
65#include <linux/seq_file.h>
66#include <linux/mutex.h>
67#include <linux/if_bridge.h>
68#include <linux/if_vlan.h>
69#include <linux/ptp_classify.h>
70#include <linux/init.h>
71#include <linux/poll.h>
72#include <linux/cache.h>
73#include <linux/module.h>
74#include <linux/highmem.h>
75#include <linux/mount.h>
76#include <linux/pseudo_fs.h>
77#include <linux/security.h>
78#include <linux/syscalls.h>
79#include <linux/compat.h>
80#include <linux/kmod.h>
81#include <linux/audit.h>
82#include <linux/wireless.h>
83#include <linux/nsproxy.h>
84#include <linux/magic.h>
85#include <linux/slab.h>
86#include <linux/xattr.h>
87#include <linux/nospec.h>
88#include <linux/indirect_call_wrapper.h>
89
90#include <linux/uaccess.h>
91#include <asm/unistd.h>
92
93#include <net/compat.h>
94#include <net/wext.h>
95#include <net/cls_cgroup.h>
96
97#include <net/sock.h>
98#include <linux/netfilter.h>
99
100#include <linux/if_tun.h>
101#include <linux/ipv6_route.h>
102#include <linux/route.h>
103#include <linux/termios.h>
104#include <linux/sockios.h>
105#include <net/busy_poll.h>
106#include <linux/errqueue.h>
107
108#ifdef CONFIG_NET_RX_BUSY_POLL
109unsigned int sysctl_net_busy_read __read_mostly;
110unsigned int sysctl_net_busy_poll __read_mostly;
111#endif
112
113static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
114static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
115static int sock_mmap(struct file *file, struct vm_area_struct *vma);
116
117static int sock_close(struct inode *inode, struct file *file);
118static __poll_t sock_poll(struct file *file,
119 struct poll_table_struct *wait);
120static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
121#ifdef CONFIG_COMPAT
122static long compat_sock_ioctl(struct file *file,
123 unsigned int cmd, unsigned long arg);
124#endif
125static int sock_fasync(int fd, struct file *filp, int on);
126static ssize_t sock_sendpage(struct file *file, struct page *page,
127 int offset, size_t size, loff_t *ppos, int more);
128static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
129 struct pipe_inode_info *pipe, size_t len,
130 unsigned int flags);
131
132#ifdef CONFIG_PROC_FS
133static void sock_show_fdinfo(struct seq_file *m, struct file *f)
134{
135 struct socket *sock = f->private_data;
136
137 if (sock->ops->show_fdinfo)
138 sock->ops->show_fdinfo(m, sock);
139}
140#else
141#define sock_show_fdinfo NULL
142#endif
143
144
145
146
147
148
149static const struct file_operations socket_file_ops = {
150 .owner = THIS_MODULE,
151 .llseek = no_llseek,
152 .read_iter = sock_read_iter,
153 .write_iter = sock_write_iter,
154 .poll = sock_poll,
155 .unlocked_ioctl = sock_ioctl,
156#ifdef CONFIG_COMPAT
157 .compat_ioctl = compat_sock_ioctl,
158#endif
159 .mmap = sock_mmap,
160 .release = sock_close,
161 .fasync = sock_fasync,
162 .sendpage = sock_sendpage,
163 .splice_write = generic_splice_sendpage,
164 .splice_read = sock_splice_read,
165 .show_fdinfo = sock_show_fdinfo,
166};
167
168
169
170
171
172static DEFINE_SPINLOCK(net_family_lock);
173static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
193{
194 if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
195 return -EINVAL;
196 if (ulen == 0)
197 return 0;
198 if (copy_from_user(kaddr, uaddr, ulen))
199 return -EFAULT;
200 return audit_sockaddr(ulen, kaddr);
201}
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
221 void __user *uaddr, int __user *ulen)
222{
223 int err;
224 int len;
225
226 BUG_ON(klen > sizeof(struct sockaddr_storage));
227 err = get_user(len, ulen);
228 if (err)
229 return err;
230 if (len > klen)
231 len = klen;
232 if (len < 0)
233 return -EINVAL;
234 if (len) {
235 if (audit_sockaddr(klen, kaddr))
236 return -ENOMEM;
237 if (copy_to_user(uaddr, kaddr, len))
238 return -EFAULT;
239 }
240
241
242
243
244 return __put_user(klen, ulen);
245}
246
247static struct kmem_cache *sock_inode_cachep __ro_after_init;
248
249static struct inode *sock_alloc_inode(struct super_block *sb)
250{
251 struct socket_alloc *ei;
252
253 ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
254 if (!ei)
255 return NULL;
256 init_waitqueue_head(&ei->socket.wq.wait);
257 ei->socket.wq.fasync_list = NULL;
258 ei->socket.wq.flags = 0;
259
260 ei->socket.state = SS_UNCONNECTED;
261 ei->socket.flags = 0;
262 ei->socket.ops = NULL;
263 ei->socket.sk = NULL;
264 ei->socket.file = NULL;
265
266 return &ei->vfs_inode;
267}
268
269static void sock_free_inode(struct inode *inode)
270{
271 struct socket_alloc *ei;
272
273 ei = container_of(inode, struct socket_alloc, vfs_inode);
274 kmem_cache_free(sock_inode_cachep, ei);
275}
276
277static void init_once(void *foo)
278{
279 struct socket_alloc *ei = (struct socket_alloc *)foo;
280
281 inode_init_once(&ei->vfs_inode);
282}
283
284static void init_inodecache(void)
285{
286 sock_inode_cachep = kmem_cache_create("sock_inode_cache",
287 sizeof(struct socket_alloc),
288 0,
289 (SLAB_HWCACHE_ALIGN |
290 SLAB_RECLAIM_ACCOUNT |
291 SLAB_MEM_SPREAD | SLAB_ACCOUNT),
292 init_once);
293 BUG_ON(sock_inode_cachep == NULL);
294}
295
296static const struct super_operations sockfs_ops = {
297 .alloc_inode = sock_alloc_inode,
298 .free_inode = sock_free_inode,
299 .statfs = simple_statfs,
300};
301
302
303
304
305static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
306{
307 return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
308 d_inode(dentry)->i_ino);
309}
310
311static const struct dentry_operations sockfs_dentry_operations = {
312 .d_dname = sockfs_dname,
313};
314
315static int sockfs_xattr_get(const struct xattr_handler *handler,
316 struct dentry *dentry, struct inode *inode,
317 const char *suffix, void *value, size_t size)
318{
319 if (value) {
320 if (dentry->d_name.len + 1 > size)
321 return -ERANGE;
322 memcpy(value, dentry->d_name.name, dentry->d_name.len + 1);
323 }
324 return dentry->d_name.len + 1;
325}
326
327#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
328#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
329#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
330
331static const struct xattr_handler sockfs_xattr_handler = {
332 .name = XATTR_NAME_SOCKPROTONAME,
333 .get = sockfs_xattr_get,
334};
335
336static int sockfs_security_xattr_set(const struct xattr_handler *handler,
337 struct dentry *dentry, struct inode *inode,
338 const char *suffix, const void *value,
339 size_t size, int flags)
340{
341
342 return -EAGAIN;
343}
344
345static const struct xattr_handler sockfs_security_xattr_handler = {
346 .prefix = XATTR_SECURITY_PREFIX,
347 .set = sockfs_security_xattr_set,
348};
349
350static const struct xattr_handler *sockfs_xattr_handlers[] = {
351 &sockfs_xattr_handler,
352 &sockfs_security_xattr_handler,
353 NULL
354};
355
356static int sockfs_init_fs_context(struct fs_context *fc)
357{
358 struct pseudo_fs_context *ctx = init_pseudo(fc, SOCKFS_MAGIC);
359 if (!ctx)
360 return -ENOMEM;
361 ctx->ops = &sockfs_ops;
362 ctx->dops = &sockfs_dentry_operations;
363 ctx->xattr = sockfs_xattr_handlers;
364 return 0;
365}
366
367static struct vfsmount *sock_mnt __read_mostly;
368
369static struct file_system_type sock_fs_type = {
370 .name = "sockfs",
371 .init_fs_context = sockfs_init_fs_context,
372 .kill_sb = kill_anon_super,
373};
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
405{
406 struct file *file;
407
408 if (!dname)
409 dname = sock->sk ? sock->sk->sk_prot_creator->name : "";
410
411 file = alloc_file_pseudo(SOCK_INODE(sock), sock_mnt, dname,
412 O_RDWR | (flags & O_NONBLOCK),
413 &socket_file_ops);
414 if (IS_ERR(file)) {
415 sock_release(sock);
416 return file;
417 }
418
419 sock->file = file;
420 file->private_data = sock;
421 stream_open(SOCK_INODE(sock), file);
422 return file;
423}
424EXPORT_SYMBOL(sock_alloc_file);
425
426static int sock_map_fd(struct socket *sock, int flags)
427{
428 struct file *newfile;
429 int fd = get_unused_fd_flags(flags);
430 if (unlikely(fd < 0)) {
431 sock_release(sock);
432 return fd;
433 }
434
435 newfile = sock_alloc_file(sock, flags, NULL);
436 if (!IS_ERR(newfile)) {
437 fd_install(fd, newfile);
438 return fd;
439 }
440
441 put_unused_fd(fd);
442 return PTR_ERR(newfile);
443}
444
445
446
447
448
449
450
451
452struct socket *sock_from_file(struct file *file)
453{
454 if (file->f_op == &socket_file_ops)
455 return file->private_data;
456
457 return NULL;
458}
459EXPORT_SYMBOL(sock_from_file);
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474struct socket *sockfd_lookup(int fd, int *err)
475{
476 struct file *file;
477 struct socket *sock;
478
479 file = fget(fd);
480 if (!file) {
481 *err = -EBADF;
482 return NULL;
483 }
484
485 sock = sock_from_file(file);
486 if (!sock) {
487 *err = -ENOTSOCK;
488 fput(file);
489 }
490 return sock;
491}
492EXPORT_SYMBOL(sockfd_lookup);
493
494static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
495{
496 struct fd f = fdget(fd);
497 struct socket *sock;
498
499 *err = -EBADF;
500 if (f.file) {
501 sock = sock_from_file(f.file);
502 if (likely(sock)) {
503 *fput_needed = f.flags & FDPUT_FPUT;
504 return sock;
505 }
506 *err = -ENOTSOCK;
507 fdput(f);
508 }
509 return NULL;
510}
511
512static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
513 size_t size)
514{
515 ssize_t len;
516 ssize_t used = 0;
517
518 len = security_inode_listsecurity(d_inode(dentry), buffer, size);
519 if (len < 0)
520 return len;
521 used += len;
522 if (buffer) {
523 if (size < used)
524 return -ERANGE;
525 buffer += len;
526 }
527
528 len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
529 used += len;
530 if (buffer) {
531 if (size < used)
532 return -ERANGE;
533 memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
534 buffer += len;
535 }
536
537 return used;
538}
539
540static int sockfs_setattr(struct dentry *dentry, struct iattr *iattr)
541{
542 int err = simple_setattr(dentry, iattr);
543
544 if (!err && (iattr->ia_valid & ATTR_UID)) {
545 struct socket *sock = SOCKET_I(d_inode(dentry));
546
547 if (sock->sk)
548 sock->sk->sk_uid = iattr->ia_uid;
549 else
550 err = -ENOENT;
551 }
552
553 return err;
554}
555
556static const struct inode_operations sockfs_inode_ops = {
557 .listxattr = sockfs_listxattr,
558 .setattr = sockfs_setattr,
559};
560
561
562
563
564
565
566
567
568
569struct socket *sock_alloc(void)
570{
571 struct inode *inode;
572 struct socket *sock;
573
574 inode = new_inode_pseudo(sock_mnt->mnt_sb);
575 if (!inode)
576 return NULL;
577
578 sock = SOCKET_I(inode);
579
580 inode->i_ino = get_next_ino();
581 inode->i_mode = S_IFSOCK | S_IRWXUGO;
582 inode->i_uid = current_fsuid();
583 inode->i_gid = current_fsgid();
584 inode->i_op = &sockfs_inode_ops;
585
586 return sock;
587}
588EXPORT_SYMBOL(sock_alloc);
589
590static void __sock_release(struct socket *sock, struct inode *inode)
591{
592 if (sock->ops) {
593 struct module *owner = sock->ops->owner;
594
595 if (inode)
596 inode_lock(inode);
597 sock->ops->release(sock);
598 sock->sk = NULL;
599 if (inode)
600 inode_unlock(inode);
601 sock->ops = NULL;
602 module_put(owner);
603 }
604
605 if (sock->wq.fasync_list)
606 pr_err("%s: fasync list not empty!\n", __func__);
607
608 if (!sock->file) {
609 iput(SOCK_INODE(sock));
610 return;
611 }
612 sock->file = NULL;
613}
614
615
616
617
618
619
620
621
622
623void sock_release(struct socket *sock)
624{
625 __sock_release(sock, NULL);
626}
627EXPORT_SYMBOL(sock_release);
628
629void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags)
630{
631 u8 flags = *tx_flags;
632
633 if (tsflags & SOF_TIMESTAMPING_TX_HARDWARE)
634 flags |= SKBTX_HW_TSTAMP;
635
636 if (tsflags & SOF_TIMESTAMPING_TX_SOFTWARE)
637 flags |= SKBTX_SW_TSTAMP;
638
639 if (tsflags & SOF_TIMESTAMPING_TX_SCHED)
640 flags |= SKBTX_SCHED_TSTAMP;
641
642 *tx_flags = flags;
643}
644EXPORT_SYMBOL(__sock_tx_timestamp);
645
646INDIRECT_CALLABLE_DECLARE(int inet_sendmsg(struct socket *, struct msghdr *,
647 size_t));
648INDIRECT_CALLABLE_DECLARE(int inet6_sendmsg(struct socket *, struct msghdr *,
649 size_t));
650static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
651{
652 int ret = INDIRECT_CALL_INET(sock->ops->sendmsg, inet6_sendmsg,
653 inet_sendmsg, sock, msg,
654 msg_data_left(msg));
655 BUG_ON(ret == -EIOCBQUEUED);
656 return ret;
657}
658
659
660
661
662
663
664
665
666
667int sock_sendmsg(struct socket *sock, struct msghdr *msg)
668{
669 int err = security_socket_sendmsg(sock, msg,
670 msg_data_left(msg));
671
672 return err ?: sock_sendmsg_nosec(sock, msg);
673}
674EXPORT_SYMBOL(sock_sendmsg);
675
676
677
678
679
680
681
682
683
684
685
686
687
688int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
689 struct kvec *vec, size_t num, size_t size)
690{
691 iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
692 return sock_sendmsg(sock, msg);
693}
694EXPORT_SYMBOL(kernel_sendmsg);
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709int kernel_sendmsg_locked(struct sock *sk, struct msghdr *msg,
710 struct kvec *vec, size_t num, size_t size)
711{
712 struct socket *sock = sk->sk_socket;
713
714 if (!sock->ops->sendmsg_locked)
715 return sock_no_sendmsg_locked(sk, msg, size);
716
717 iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
718
719 return sock->ops->sendmsg_locked(sk, msg, msg_data_left(msg));
720}
721EXPORT_SYMBOL(kernel_sendmsg_locked);
722
723static bool skb_is_err_queue(const struct sk_buff *skb)
724{
725
726
727
728
729
730 return skb->pkt_type == PACKET_OUTGOING;
731}
732
733
734
735
736
737
738
739
740
741static bool skb_is_swtx_tstamp(const struct sk_buff *skb, int false_tstamp)
742{
743 return skb->tstamp && !false_tstamp && skb_is_err_queue(skb);
744}
745
746static void put_ts_pktinfo(struct msghdr *msg, struct sk_buff *skb)
747{
748 struct scm_ts_pktinfo ts_pktinfo;
749 struct net_device *orig_dev;
750
751 if (!skb_mac_header_was_set(skb))
752 return;
753
754 memset(&ts_pktinfo, 0, sizeof(ts_pktinfo));
755
756 rcu_read_lock();
757 orig_dev = dev_get_by_napi_id(skb_napi_id(skb));
758 if (orig_dev)
759 ts_pktinfo.if_index = orig_dev->ifindex;
760 rcu_read_unlock();
761
762 ts_pktinfo.pkt_length = skb->len - skb_mac_offset(skb);
763 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_PKTINFO,
764 sizeof(ts_pktinfo), &ts_pktinfo);
765}
766
767
768
769
770void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
771 struct sk_buff *skb)
772{
773 int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
774 int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
775 struct scm_timestamping_internal tss;
776
777 int empty = 1, false_tstamp = 0;
778 struct skb_shared_hwtstamps *shhwtstamps =
779 skb_hwtstamps(skb);
780
781
782
783 if (need_software_tstamp && skb->tstamp == 0) {
784 __net_timestamp(skb);
785 false_tstamp = 1;
786 }
787
788 if (need_software_tstamp) {
789 if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
790 if (new_tstamp) {
791 struct __kernel_sock_timeval tv;
792
793 skb_get_new_timestamp(skb, &tv);
794 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_NEW,
795 sizeof(tv), &tv);
796 } else {
797 struct __kernel_old_timeval tv;
798
799 skb_get_timestamp(skb, &tv);
800 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_OLD,
801 sizeof(tv), &tv);
802 }
803 } else {
804 if (new_tstamp) {
805 struct __kernel_timespec ts;
806
807 skb_get_new_timestampns(skb, &ts);
808 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_NEW,
809 sizeof(ts), &ts);
810 } else {
811 struct __kernel_old_timespec ts;
812
813 skb_get_timestampns(skb, &ts);
814 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
815 sizeof(ts), &ts);
816 }
817 }
818 }
819
820 memset(&tss, 0, sizeof(tss));
821 if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) &&
822 ktime_to_timespec64_cond(skb->tstamp, tss.ts + 0))
823 empty = 0;
824 if (shhwtstamps &&
825 (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
826 !skb_is_swtx_tstamp(skb, false_tstamp) &&
827 ktime_to_timespec64_cond(shhwtstamps->hwtstamp, tss.ts + 2)) {
828 empty = 0;
829 if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_PKTINFO) &&
830 !skb_is_err_queue(skb))
831 put_ts_pktinfo(msg, skb);
832 }
833 if (!empty) {
834 if (sock_flag(sk, SOCK_TSTAMP_NEW))
835 put_cmsg_scm_timestamping64(msg, &tss);
836 else
837 put_cmsg_scm_timestamping(msg, &tss);
838
839 if (skb_is_err_queue(skb) && skb->len &&
840 SKB_EXT_ERR(skb)->opt_stats)
841 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS,
842 skb->len, skb->data);
843 }
844}
845EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
846
847void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
848 struct sk_buff *skb)
849{
850 int ack;
851
852 if (!sock_flag(sk, SOCK_WIFI_STATUS))
853 return;
854 if (!skb->wifi_acked_valid)
855 return;
856
857 ack = skb->wifi_acked;
858
859 put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
860}
861EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
862
863static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
864 struct sk_buff *skb)
865{
866 if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
867 put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
868 sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
869}
870
871void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
872 struct sk_buff *skb)
873{
874 sock_recv_timestamp(msg, sk, skb);
875 sock_recv_drops(msg, sk, skb);
876}
877EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
878
879INDIRECT_CALLABLE_DECLARE(int inet_recvmsg(struct socket *, struct msghdr *,
880 size_t, int));
881INDIRECT_CALLABLE_DECLARE(int inet6_recvmsg(struct socket *, struct msghdr *,
882 size_t, int));
883static inline int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
884 int flags)
885{
886 return INDIRECT_CALL_INET(sock->ops->recvmsg, inet6_recvmsg,
887 inet_recvmsg, sock, msg, msg_data_left(msg),
888 flags);
889}
890
891
892
893
894
895
896
897
898
899
900int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags)
901{
902 int err = security_socket_recvmsg(sock, msg, msg_data_left(msg), flags);
903
904 return err ?: sock_recvmsg_nosec(sock, msg, flags);
905}
906EXPORT_SYMBOL(sock_recvmsg);
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
925 struct kvec *vec, size_t num, size_t size, int flags)
926{
927 msg->msg_control_is_user = false;
928 iov_iter_kvec(&msg->msg_iter, READ, vec, num, size);
929 return sock_recvmsg(sock, msg, flags);
930}
931EXPORT_SYMBOL(kernel_recvmsg);
932
933static ssize_t sock_sendpage(struct file *file, struct page *page,
934 int offset, size_t size, loff_t *ppos, int more)
935{
936 struct socket *sock;
937 int flags;
938
939 sock = file->private_data;
940
941 flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
942
943 flags |= more;
944
945 return kernel_sendpage(sock, page, offset, size, flags);
946}
947
948static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
949 struct pipe_inode_info *pipe, size_t len,
950 unsigned int flags)
951{
952 struct socket *sock = file->private_data;
953
954 if (unlikely(!sock->ops->splice_read))
955 return generic_file_splice_read(file, ppos, pipe, len, flags);
956
957 return sock->ops->splice_read(sock, ppos, pipe, len, flags);
958}
959
960static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
961{
962 struct file *file = iocb->ki_filp;
963 struct socket *sock = file->private_data;
964 struct msghdr msg = {.msg_iter = *to,
965 .msg_iocb = iocb};
966 ssize_t res;
967
968 if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
969 msg.msg_flags = MSG_DONTWAIT;
970
971 if (iocb->ki_pos != 0)
972 return -ESPIPE;
973
974 if (!iov_iter_count(to))
975 return 0;
976
977 res = sock_recvmsg(sock, &msg, msg.msg_flags);
978 *to = msg.msg_iter;
979 return res;
980}
981
982static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
983{
984 struct file *file = iocb->ki_filp;
985 struct socket *sock = file->private_data;
986 struct msghdr msg = {.msg_iter = *from,
987 .msg_iocb = iocb};
988 ssize_t res;
989
990 if (iocb->ki_pos != 0)
991 return -ESPIPE;
992
993 if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
994 msg.msg_flags = MSG_DONTWAIT;
995
996 if (sock->type == SOCK_SEQPACKET)
997 msg.msg_flags |= MSG_EOR;
998
999 res = sock_sendmsg(sock, &msg);
1000 *from = msg.msg_iter;
1001 return res;
1002}
1003
1004
1005
1006
1007
1008
1009static DEFINE_MUTEX(br_ioctl_mutex);
1010static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
1011
1012void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
1013{
1014 mutex_lock(&br_ioctl_mutex);
1015 br_ioctl_hook = hook;
1016 mutex_unlock(&br_ioctl_mutex);
1017}
1018EXPORT_SYMBOL(brioctl_set);
1019
1020static DEFINE_MUTEX(vlan_ioctl_mutex);
1021static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
1022
1023void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
1024{
1025 mutex_lock(&vlan_ioctl_mutex);
1026 vlan_ioctl_hook = hook;
1027 mutex_unlock(&vlan_ioctl_mutex);
1028}
1029EXPORT_SYMBOL(vlan_ioctl_set);
1030
1031static long sock_do_ioctl(struct net *net, struct socket *sock,
1032 unsigned int cmd, unsigned long arg)
1033{
1034 int err;
1035 void __user *argp = (void __user *)arg;
1036
1037 err = sock->ops->ioctl(sock, cmd, arg);
1038
1039
1040
1041
1042
1043 if (err != -ENOIOCTLCMD)
1044 return err;
1045
1046 if (cmd == SIOCGIFCONF) {
1047 struct ifconf ifc;
1048 if (copy_from_user(&ifc, argp, sizeof(struct ifconf)))
1049 return -EFAULT;
1050 rtnl_lock();
1051 err = dev_ifconf(net, &ifc, sizeof(struct ifreq));
1052 rtnl_unlock();
1053 if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf)))
1054 err = -EFAULT;
1055 } else {
1056 struct ifreq ifr;
1057 bool need_copyout;
1058 if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1059 return -EFAULT;
1060 err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1061 if (!err && need_copyout)
1062 if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1063 return -EFAULT;
1064 }
1065 return err;
1066}
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080struct ns_common *get_net_ns(struct ns_common *ns)
1081{
1082 return &get_net(container_of(ns, struct net, ns))->ns;
1083}
1084EXPORT_SYMBOL_GPL(get_net_ns);
1085
1086static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1087{
1088 struct socket *sock;
1089 struct sock *sk;
1090 void __user *argp = (void __user *)arg;
1091 int pid, err;
1092 struct net *net;
1093
1094 sock = file->private_data;
1095 sk = sock->sk;
1096 net = sock_net(sk);
1097 if (unlikely(cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))) {
1098 struct ifreq ifr;
1099 bool need_copyout;
1100 if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1101 return -EFAULT;
1102 err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1103 if (!err && need_copyout)
1104 if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1105 return -EFAULT;
1106 } else
1107#ifdef CONFIG_WEXT_CORE
1108 if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1109 err = wext_handle_ioctl(net, cmd, argp);
1110 } else
1111#endif
1112 switch (cmd) {
1113 case FIOSETOWN:
1114 case SIOCSPGRP:
1115 err = -EFAULT;
1116 if (get_user(pid, (int __user *)argp))
1117 break;
1118 err = f_setown(sock->file, pid, 1);
1119 break;
1120 case FIOGETOWN:
1121 case SIOCGPGRP:
1122 err = put_user(f_getown(sock->file),
1123 (int __user *)argp);
1124 break;
1125 case SIOCGIFBR:
1126 case SIOCSIFBR:
1127 case SIOCBRADDBR:
1128 case SIOCBRDELBR:
1129 err = -ENOPKG;
1130 if (!br_ioctl_hook)
1131 request_module("bridge");
1132
1133 mutex_lock(&br_ioctl_mutex);
1134 if (br_ioctl_hook)
1135 err = br_ioctl_hook(net, cmd, argp);
1136 mutex_unlock(&br_ioctl_mutex);
1137 break;
1138 case SIOCGIFVLAN:
1139 case SIOCSIFVLAN:
1140 err = -ENOPKG;
1141 if (!vlan_ioctl_hook)
1142 request_module("8021q");
1143
1144 mutex_lock(&vlan_ioctl_mutex);
1145 if (vlan_ioctl_hook)
1146 err = vlan_ioctl_hook(net, argp);
1147 mutex_unlock(&vlan_ioctl_mutex);
1148 break;
1149 case SIOCGSKNS:
1150 err = -EPERM;
1151 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1152 break;
1153
1154 err = open_related_ns(&net->ns, get_net_ns);
1155 break;
1156 case SIOCGSTAMP_OLD:
1157 case SIOCGSTAMPNS_OLD:
1158 if (!sock->ops->gettstamp) {
1159 err = -ENOIOCTLCMD;
1160 break;
1161 }
1162 err = sock->ops->gettstamp(sock, argp,
1163 cmd == SIOCGSTAMP_OLD,
1164 !IS_ENABLED(CONFIG_64BIT));
1165 break;
1166 case SIOCGSTAMP_NEW:
1167 case SIOCGSTAMPNS_NEW:
1168 if (!sock->ops->gettstamp) {
1169 err = -ENOIOCTLCMD;
1170 break;
1171 }
1172 err = sock->ops->gettstamp(sock, argp,
1173 cmd == SIOCGSTAMP_NEW,
1174 false);
1175 break;
1176 default:
1177 err = sock_do_ioctl(net, sock, cmd, arg);
1178 break;
1179 }
1180 return err;
1181}
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196int sock_create_lite(int family, int type, int protocol, struct socket **res)
1197{
1198 int err;
1199 struct socket *sock = NULL;
1200
1201 err = security_socket_create(family, type, protocol, 1);
1202 if (err)
1203 goto out;
1204
1205 sock = sock_alloc();
1206 if (!sock) {
1207 err = -ENOMEM;
1208 goto out;
1209 }
1210
1211 sock->type = type;
1212 err = security_socket_post_create(sock, family, type, protocol, 1);
1213 if (err)
1214 goto out_release;
1215
1216out:
1217 *res = sock;
1218 return err;
1219out_release:
1220 sock_release(sock);
1221 sock = NULL;
1222 goto out;
1223}
1224EXPORT_SYMBOL(sock_create_lite);
1225
1226
1227static __poll_t sock_poll(struct file *file, poll_table *wait)
1228{
1229 struct socket *sock = file->private_data;
1230 __poll_t events = poll_requested_events(wait), flag = 0;
1231
1232 if (!sock->ops->poll)
1233 return 0;
1234
1235 if (sk_can_busy_loop(sock->sk)) {
1236
1237 if (events & POLL_BUSY_LOOP)
1238 sk_busy_loop(sock->sk, 1);
1239
1240
1241 flag = POLL_BUSY_LOOP;
1242 }
1243
1244 return sock->ops->poll(file, sock, wait) | flag;
1245}
1246
1247static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1248{
1249 struct socket *sock = file->private_data;
1250
1251 return sock->ops->mmap(file, sock, vma);
1252}
1253
1254static int sock_close(struct inode *inode, struct file *filp)
1255{
1256 __sock_release(SOCKET_I(inode), inode);
1257 return 0;
1258}
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271static int sock_fasync(int fd, struct file *filp, int on)
1272{
1273 struct socket *sock = filp->private_data;
1274 struct sock *sk = sock->sk;
1275 struct socket_wq *wq = &sock->wq;
1276
1277 if (sk == NULL)
1278 return -EINVAL;
1279
1280 lock_sock(sk);
1281 fasync_helper(fd, filp, on, &wq->fasync_list);
1282
1283 if (!wq->fasync_list)
1284 sock_reset_flag(sk, SOCK_FASYNC);
1285 else
1286 sock_set_flag(sk, SOCK_FASYNC);
1287
1288 release_sock(sk);
1289 return 0;
1290}
1291
1292
1293
1294int sock_wake_async(struct socket_wq *wq, int how, int band)
1295{
1296 if (!wq || !wq->fasync_list)
1297 return -1;
1298
1299 switch (how) {
1300 case SOCK_WAKE_WAITD:
1301 if (test_bit(SOCKWQ_ASYNC_WAITDATA, &wq->flags))
1302 break;
1303 goto call_kill;
1304 case SOCK_WAKE_SPACE:
1305 if (!test_and_clear_bit(SOCKWQ_ASYNC_NOSPACE, &wq->flags))
1306 break;
1307 fallthrough;
1308 case SOCK_WAKE_IO:
1309call_kill:
1310 kill_fasync(&wq->fasync_list, SIGIO, band);
1311 break;
1312 case SOCK_WAKE_URG:
1313 kill_fasync(&wq->fasync_list, SIGURG, band);
1314 }
1315
1316 return 0;
1317}
1318EXPORT_SYMBOL(sock_wake_async);
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335int __sock_create(struct net *net, int family, int type, int protocol,
1336 struct socket **res, int kern)
1337{
1338 int err;
1339 struct socket *sock;
1340 const struct net_proto_family *pf;
1341
1342
1343
1344
1345 if (family < 0 || family >= NPROTO)
1346 return -EAFNOSUPPORT;
1347 if (type < 0 || type >= SOCK_MAX)
1348 return -EINVAL;
1349
1350
1351
1352
1353
1354
1355 if (family == PF_INET && type == SOCK_PACKET) {
1356 pr_info_once("%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1357 current->comm);
1358 family = PF_PACKET;
1359 }
1360
1361 err = security_socket_create(family, type, protocol, kern);
1362 if (err)
1363 return err;
1364
1365
1366
1367
1368
1369
1370 sock = sock_alloc();
1371 if (!sock) {
1372 net_warn_ratelimited("socket: no more sockets\n");
1373 return -ENFILE;
1374
1375 }
1376
1377 sock->type = type;
1378
1379#ifdef CONFIG_MODULES
1380
1381
1382
1383
1384
1385
1386 if (rcu_access_pointer(net_families[family]) == NULL)
1387 request_module("net-pf-%d", family);
1388#endif
1389
1390 rcu_read_lock();
1391 pf = rcu_dereference(net_families[family]);
1392 err = -EAFNOSUPPORT;
1393 if (!pf)
1394 goto out_release;
1395
1396
1397
1398
1399
1400 if (!try_module_get(pf->owner))
1401 goto out_release;
1402
1403
1404 rcu_read_unlock();
1405
1406 err = pf->create(net, sock, protocol, kern);
1407 if (err < 0)
1408 goto out_module_put;
1409
1410
1411
1412
1413
1414 if (!try_module_get(sock->ops->owner))
1415 goto out_module_busy;
1416
1417
1418
1419
1420
1421 module_put(pf->owner);
1422 err = security_socket_post_create(sock, family, type, protocol, kern);
1423 if (err)
1424 goto out_sock_release;
1425 *res = sock;
1426
1427 return 0;
1428
1429out_module_busy:
1430 err = -EAFNOSUPPORT;
1431out_module_put:
1432 sock->ops = NULL;
1433 module_put(pf->owner);
1434out_sock_release:
1435 sock_release(sock);
1436 return err;
1437
1438out_release:
1439 rcu_read_unlock();
1440 goto out_sock_release;
1441}
1442EXPORT_SYMBOL(__sock_create);
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455int sock_create(int family, int type, int protocol, struct socket **res)
1456{
1457 return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1458}
1459EXPORT_SYMBOL(sock_create);
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473int sock_create_kern(struct net *net, int family, int type, int protocol, struct socket **res)
1474{
1475 return __sock_create(net, family, type, protocol, res, 1);
1476}
1477EXPORT_SYMBOL(sock_create_kern);
1478
1479int __sys_socket(int family, int type, int protocol)
1480{
1481 int retval;
1482 struct socket *sock;
1483 int flags;
1484
1485
1486 BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1487 BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1488 BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1489 BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1490
1491 flags = type & ~SOCK_TYPE_MASK;
1492 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1493 return -EINVAL;
1494 type &= SOCK_TYPE_MASK;
1495
1496 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1497 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1498
1499 retval = sock_create(family, type, protocol, &sock);
1500 if (retval < 0)
1501 return retval;
1502
1503 return sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1504}
1505
1506SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1507{
1508 return __sys_socket(family, type, protocol);
1509}
1510
1511
1512
1513
1514
1515int __sys_socketpair(int family, int type, int protocol, int __user *usockvec)
1516{
1517 struct socket *sock1, *sock2;
1518 int fd1, fd2, err;
1519 struct file *newfile1, *newfile2;
1520 int flags;
1521
1522 flags = type & ~SOCK_TYPE_MASK;
1523 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1524 return -EINVAL;
1525 type &= SOCK_TYPE_MASK;
1526
1527 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1528 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1529
1530
1531
1532
1533
1534 fd1 = get_unused_fd_flags(flags);
1535 if (unlikely(fd1 < 0))
1536 return fd1;
1537
1538 fd2 = get_unused_fd_flags(flags);
1539 if (unlikely(fd2 < 0)) {
1540 put_unused_fd(fd1);
1541 return fd2;
1542 }
1543
1544 err = put_user(fd1, &usockvec[0]);
1545 if (err)
1546 goto out;
1547
1548 err = put_user(fd2, &usockvec[1]);
1549 if (err)
1550 goto out;
1551
1552
1553
1554
1555
1556
1557 err = sock_create(family, type, protocol, &sock1);
1558 if (unlikely(err < 0))
1559 goto out;
1560
1561 err = sock_create(family, type, protocol, &sock2);
1562 if (unlikely(err < 0)) {
1563 sock_release(sock1);
1564 goto out;
1565 }
1566
1567 err = security_socket_socketpair(sock1, sock2);
1568 if (unlikely(err)) {
1569 sock_release(sock2);
1570 sock_release(sock1);
1571 goto out;
1572 }
1573
1574 err = sock1->ops->socketpair(sock1, sock2);
1575 if (unlikely(err < 0)) {
1576 sock_release(sock2);
1577 sock_release(sock1);
1578 goto out;
1579 }
1580
1581 newfile1 = sock_alloc_file(sock1, flags, NULL);
1582 if (IS_ERR(newfile1)) {
1583 err = PTR_ERR(newfile1);
1584 sock_release(sock2);
1585 goto out;
1586 }
1587
1588 newfile2 = sock_alloc_file(sock2, flags, NULL);
1589 if (IS_ERR(newfile2)) {
1590 err = PTR_ERR(newfile2);
1591 fput(newfile1);
1592 goto out;
1593 }
1594
1595 audit_fd_pair(fd1, fd2);
1596
1597 fd_install(fd1, newfile1);
1598 fd_install(fd2, newfile2);
1599 return 0;
1600
1601out:
1602 put_unused_fd(fd2);
1603 put_unused_fd(fd1);
1604 return err;
1605}
1606
1607SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1608 int __user *, usockvec)
1609{
1610 return __sys_socketpair(family, type, protocol, usockvec);
1611}
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1622{
1623 struct socket *sock;
1624 struct sockaddr_storage address;
1625 int err, fput_needed;
1626
1627 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1628 if (sock) {
1629 err = move_addr_to_kernel(umyaddr, addrlen, &address);
1630 if (!err) {
1631 err = security_socket_bind(sock,
1632 (struct sockaddr *)&address,
1633 addrlen);
1634 if (!err)
1635 err = sock->ops->bind(sock,
1636 (struct sockaddr *)
1637 &address, addrlen);
1638 }
1639 fput_light(sock->file, fput_needed);
1640 }
1641 return err;
1642}
1643
1644SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1645{
1646 return __sys_bind(fd, umyaddr, addrlen);
1647}
1648
1649
1650
1651
1652
1653
1654
1655int __sys_listen(int fd, int backlog)
1656{
1657 struct socket *sock;
1658 int err, fput_needed;
1659 int somaxconn;
1660
1661 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1662 if (sock) {
1663 somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1664 if ((unsigned int)backlog > somaxconn)
1665 backlog = somaxconn;
1666
1667 err = security_socket_listen(sock, backlog);
1668 if (!err)
1669 err = sock->ops->listen(sock, backlog);
1670
1671 fput_light(sock->file, fput_needed);
1672 }
1673 return err;
1674}
1675
1676SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1677{
1678 return __sys_listen(fd, backlog);
1679}
1680
1681int __sys_accept4_file(struct file *file, unsigned file_flags,
1682 struct sockaddr __user *upeer_sockaddr,
1683 int __user *upeer_addrlen, int flags,
1684 unsigned long nofile)
1685{
1686 struct socket *sock, *newsock;
1687 struct file *newfile;
1688 int err, len, newfd;
1689 struct sockaddr_storage address;
1690
1691 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1692 return -EINVAL;
1693
1694 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1695 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1696
1697 sock = sock_from_file(file);
1698 if (!sock) {
1699 err = -ENOTSOCK;
1700 goto out;
1701 }
1702
1703 err = -ENFILE;
1704 newsock = sock_alloc();
1705 if (!newsock)
1706 goto out;
1707
1708 newsock->type = sock->type;
1709 newsock->ops = sock->ops;
1710
1711
1712
1713
1714
1715 __module_get(newsock->ops->owner);
1716
1717 newfd = __get_unused_fd_flags(flags, nofile);
1718 if (unlikely(newfd < 0)) {
1719 err = newfd;
1720 sock_release(newsock);
1721 goto out;
1722 }
1723 newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
1724 if (IS_ERR(newfile)) {
1725 err = PTR_ERR(newfile);
1726 put_unused_fd(newfd);
1727 goto out;
1728 }
1729
1730 err = security_socket_accept(sock, newsock);
1731 if (err)
1732 goto out_fd;
1733
1734 err = sock->ops->accept(sock, newsock, sock->file->f_flags | file_flags,
1735 false);
1736 if (err < 0)
1737 goto out_fd;
1738
1739 if (upeer_sockaddr) {
1740 len = newsock->ops->getname(newsock,
1741 (struct sockaddr *)&address, 2);
1742 if (len < 0) {
1743 err = -ECONNABORTED;
1744 goto out_fd;
1745 }
1746 err = move_addr_to_user(&address,
1747 len, upeer_sockaddr, upeer_addrlen);
1748 if (err < 0)
1749 goto out_fd;
1750 }
1751
1752
1753
1754 fd_install(newfd, newfile);
1755 err = newfd;
1756out:
1757 return err;
1758out_fd:
1759 fput(newfile);
1760 put_unused_fd(newfd);
1761 goto out;
1762
1763}
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr,
1778 int __user *upeer_addrlen, int flags)
1779{
1780 int ret = -EBADF;
1781 struct fd f;
1782
1783 f = fdget(fd);
1784 if (f.file) {
1785 ret = __sys_accept4_file(f.file, 0, upeer_sockaddr,
1786 upeer_addrlen, flags,
1787 rlimit(RLIMIT_NOFILE));
1788 fdput(f);
1789 }
1790
1791 return ret;
1792}
1793
1794SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1795 int __user *, upeer_addrlen, int, flags)
1796{
1797 return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, flags);
1798}
1799
1800SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1801 int __user *, upeer_addrlen)
1802{
1803 return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1804}
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818int __sys_connect_file(struct file *file, struct sockaddr_storage *address,
1819 int addrlen, int file_flags)
1820{
1821 struct socket *sock;
1822 int err;
1823
1824 sock = sock_from_file(file);
1825 if (!sock) {
1826 err = -ENOTSOCK;
1827 goto out;
1828 }
1829
1830 err =
1831 security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1832 if (err)
1833 goto out;
1834
1835 err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1836 sock->file->f_flags | file_flags);
1837out:
1838 return err;
1839}
1840
1841int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
1842{
1843 int ret = -EBADF;
1844 struct fd f;
1845
1846 f = fdget(fd);
1847 if (f.file) {
1848 struct sockaddr_storage address;
1849
1850 ret = move_addr_to_kernel(uservaddr, addrlen, &address);
1851 if (!ret)
1852 ret = __sys_connect_file(f.file, &address, addrlen, 0);
1853 fdput(f);
1854 }
1855
1856 return ret;
1857}
1858
1859SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1860 int, addrlen)
1861{
1862 return __sys_connect(fd, uservaddr, addrlen);
1863}
1864
1865
1866
1867
1868
1869
1870int __sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1871 int __user *usockaddr_len)
1872{
1873 struct socket *sock;
1874 struct sockaddr_storage address;
1875 int err, fput_needed;
1876
1877 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1878 if (!sock)
1879 goto out;
1880
1881 err = security_socket_getsockname(sock);
1882 if (err)
1883 goto out_put;
1884
1885 err = sock->ops->getname(sock, (struct sockaddr *)&address, 0);
1886 if (err < 0)
1887 goto out_put;
1888
1889 err = move_addr_to_user(&address, err, usockaddr, usockaddr_len);
1890
1891out_put:
1892 fput_light(sock->file, fput_needed);
1893out:
1894 return err;
1895}
1896
1897SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1898 int __user *, usockaddr_len)
1899{
1900 return __sys_getsockname(fd, usockaddr, usockaddr_len);
1901}
1902
1903
1904
1905
1906
1907
1908int __sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1909 int __user *usockaddr_len)
1910{
1911 struct socket *sock;
1912 struct sockaddr_storage address;
1913 int err, fput_needed;
1914
1915 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1916 if (sock != NULL) {
1917 err = security_socket_getpeername(sock);
1918 if (err) {
1919 fput_light(sock->file, fput_needed);
1920 return err;
1921 }
1922
1923 err = sock->ops->getname(sock, (struct sockaddr *)&address, 1);
1924 if (err >= 0)
1925
1926 err = move_addr_to_user(&address, err, usockaddr,
1927 usockaddr_len);
1928 fput_light(sock->file, fput_needed);
1929 }
1930 return err;
1931}
1932
1933SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1934 int __user *, usockaddr_len)
1935{
1936 return __sys_getpeername(fd, usockaddr, usockaddr_len);
1937}
1938
1939
1940
1941
1942
1943
1944int __sys_sendto(int fd, void __user *buff, size_t len, unsigned int flags,
1945 struct sockaddr __user *addr, int addr_len)
1946{
1947 struct socket *sock;
1948 struct sockaddr_storage address;
1949 int err;
1950 struct msghdr msg;
1951 struct iovec iov;
1952 int fput_needed;
1953
1954 err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
1955 if (unlikely(err))
1956 return err;
1957 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1958 if (!sock)
1959 goto out;
1960
1961 msg.msg_name = NULL;
1962 msg.msg_control = NULL;
1963 msg.msg_controllen = 0;
1964 msg.msg_namelen = 0;
1965 if (addr) {
1966 err = move_addr_to_kernel(addr, addr_len, &address);
1967 if (err < 0)
1968 goto out_put;
1969 msg.msg_name = (struct sockaddr *)&address;
1970 msg.msg_namelen = addr_len;
1971 }
1972 if (sock->file->f_flags & O_NONBLOCK)
1973 flags |= MSG_DONTWAIT;
1974 msg.msg_flags = flags;
1975 err = sock_sendmsg(sock, &msg);
1976
1977out_put:
1978 fput_light(sock->file, fput_needed);
1979out:
1980 return err;
1981}
1982
1983SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
1984 unsigned int, flags, struct sockaddr __user *, addr,
1985 int, addr_len)
1986{
1987 return __sys_sendto(fd, buff, len, flags, addr, addr_len);
1988}
1989
1990
1991
1992
1993
1994SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
1995 unsigned int, flags)
1996{
1997 return __sys_sendto(fd, buff, len, flags, NULL, 0);
1998}
1999
2000
2001
2002
2003
2004
2005int __sys_recvfrom(int fd, void __user *ubuf, size_t size, unsigned int flags,
2006 struct sockaddr __user *addr, int __user *addr_len)
2007{
2008 struct socket *sock;
2009 struct iovec iov;
2010 struct msghdr msg;
2011 struct sockaddr_storage address;
2012 int err, err2;
2013 int fput_needed;
2014
2015 err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
2016 if (unlikely(err))
2017 return err;
2018 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2019 if (!sock)
2020 goto out;
2021
2022 msg.msg_control = NULL;
2023 msg.msg_controllen = 0;
2024
2025 msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
2026
2027 msg.msg_namelen = 0;
2028 msg.msg_iocb = NULL;
2029 msg.msg_flags = 0;
2030 if (sock->file->f_flags & O_NONBLOCK)
2031 flags |= MSG_DONTWAIT;
2032 err = sock_recvmsg(sock, &msg, flags);
2033
2034 if (err >= 0 && addr != NULL) {
2035 err2 = move_addr_to_user(&address,
2036 msg.msg_namelen, addr, addr_len);
2037 if (err2 < 0)
2038 err = err2;
2039 }
2040
2041 fput_light(sock->file, fput_needed);
2042out:
2043 return err;
2044}
2045
2046SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
2047 unsigned int, flags, struct sockaddr __user *, addr,
2048 int __user *, addr_len)
2049{
2050 return __sys_recvfrom(fd, ubuf, size, flags, addr, addr_len);
2051}
2052
2053
2054
2055
2056
2057SYSCALL_DEFINE4(recv, int, fd, void __user *, ubuf, size_t, size,
2058 unsigned int, flags)
2059{
2060 return __sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
2061}
2062
2063static bool sock_use_custom_sol_socket(const struct socket *sock)
2064{
2065 const struct sock *sk = sock->sk;
2066
2067
2068 return IS_ENABLED(CONFIG_MPTCP) &&
2069 sk->sk_protocol == IPPROTO_MPTCP &&
2070 sk->sk_type == SOCK_STREAM &&
2071 (sk->sk_family == AF_INET || sk->sk_family == AF_INET6);
2072}
2073
2074
2075
2076
2077
2078int __sys_setsockopt(int fd, int level, int optname, char __user *user_optval,
2079 int optlen)
2080{
2081 sockptr_t optval = USER_SOCKPTR(user_optval);
2082 char *kernel_optval = NULL;
2083 int err, fput_needed;
2084 struct socket *sock;
2085
2086 if (optlen < 0)
2087 return -EINVAL;
2088
2089 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2090 if (!sock)
2091 return err;
2092
2093 err = security_socket_setsockopt(sock, level, optname);
2094 if (err)
2095 goto out_put;
2096
2097 if (!in_compat_syscall())
2098 err = BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock->sk, &level, &optname,
2099 user_optval, &optlen,
2100 &kernel_optval);
2101 if (err < 0)
2102 goto out_put;
2103 if (err > 0) {
2104 err = 0;
2105 goto out_put;
2106 }
2107
2108 if (kernel_optval)
2109 optval = KERNEL_SOCKPTR(kernel_optval);
2110 if (level == SOL_SOCKET && !sock_use_custom_sol_socket(sock))
2111 err = sock_setsockopt(sock, level, optname, optval, optlen);
2112 else if (unlikely(!sock->ops->setsockopt))
2113 err = -EOPNOTSUPP;
2114 else
2115 err = sock->ops->setsockopt(sock, level, optname, optval,
2116 optlen);
2117 kfree(kernel_optval);
2118out_put:
2119 fput_light(sock->file, fput_needed);
2120 return err;
2121}
2122
2123SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
2124 char __user *, optval, int, optlen)
2125{
2126 return __sys_setsockopt(fd, level, optname, optval, optlen);
2127}
2128
2129
2130
2131
2132
2133int __sys_getsockopt(int fd, int level, int optname, char __user *optval,
2134 int __user *optlen)
2135{
2136 int err, fput_needed;
2137 struct socket *sock;
2138 int max_optlen;
2139
2140 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2141 if (!sock)
2142 return err;
2143
2144 err = security_socket_getsockopt(sock, level, optname);
2145 if (err)
2146 goto out_put;
2147
2148 if (!in_compat_syscall())
2149 max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);
2150
2151 if (level == SOL_SOCKET)
2152 err = sock_getsockopt(sock, level, optname, optval, optlen);
2153 else if (unlikely(!sock->ops->getsockopt))
2154 err = -EOPNOTSUPP;
2155 else
2156 err = sock->ops->getsockopt(sock, level, optname, optval,
2157 optlen);
2158
2159 if (!in_compat_syscall())
2160 err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
2161 optval, optlen, max_optlen,
2162 err);
2163out_put:
2164 fput_light(sock->file, fput_needed);
2165 return err;
2166}
2167
2168SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
2169 char __user *, optval, int __user *, optlen)
2170{
2171 return __sys_getsockopt(fd, level, optname, optval, optlen);
2172}
2173
2174
2175
2176
2177
2178int __sys_shutdown_sock(struct socket *sock, int how)
2179{
2180 int err;
2181
2182 err = security_socket_shutdown(sock, how);
2183 if (!err)
2184 err = sock->ops->shutdown(sock, how);
2185
2186 return err;
2187}
2188
2189int __sys_shutdown(int fd, int how)
2190{
2191 int err, fput_needed;
2192 struct socket *sock;
2193
2194 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2195 if (sock != NULL) {
2196 err = __sys_shutdown_sock(sock, how);
2197 fput_light(sock->file, fput_needed);
2198 }
2199 return err;
2200}
2201
2202SYSCALL_DEFINE2(shutdown, int, fd, int, how)
2203{
2204 return __sys_shutdown(fd, how);
2205}
2206
2207
2208
2209
2210#define COMPAT_MSG(msg, member) ((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
2211#define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen)
2212#define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags)
2213
2214struct used_address {
2215 struct sockaddr_storage name;
2216 unsigned int name_len;
2217};
2218
2219int __copy_msghdr_from_user(struct msghdr *kmsg,
2220 struct user_msghdr __user *umsg,
2221 struct sockaddr __user **save_addr,
2222 struct iovec __user **uiov, size_t *nsegs)
2223{
2224 struct user_msghdr msg;
2225 ssize_t err;
2226
2227 if (copy_from_user(&msg, umsg, sizeof(*umsg)))
2228 return -EFAULT;
2229
2230 kmsg->msg_control_is_user = true;
2231 kmsg->msg_control_user = msg.msg_control;
2232 kmsg->msg_controllen = msg.msg_controllen;
2233 kmsg->msg_flags = msg.msg_flags;
2234
2235 kmsg->msg_namelen = msg.msg_namelen;
2236 if (!msg.msg_name)
2237 kmsg->msg_namelen = 0;
2238
2239 if (kmsg->msg_namelen < 0)
2240 return -EINVAL;
2241
2242 if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
2243 kmsg->msg_namelen = sizeof(struct sockaddr_storage);
2244
2245 if (save_addr)
2246 *save_addr = msg.msg_name;
2247
2248 if (msg.msg_name && kmsg->msg_namelen) {
2249 if (!save_addr) {
2250 err = move_addr_to_kernel(msg.msg_name,
2251 kmsg->msg_namelen,
2252 kmsg->msg_name);
2253 if (err < 0)
2254 return err;
2255 }
2256 } else {
2257 kmsg->msg_name = NULL;
2258 kmsg->msg_namelen = 0;
2259 }
2260
2261 if (msg.msg_iovlen > UIO_MAXIOV)
2262 return -EMSGSIZE;
2263
2264 kmsg->msg_iocb = NULL;
2265 *uiov = msg.msg_iov;
2266 *nsegs = msg.msg_iovlen;
2267 return 0;
2268}
2269
2270static int copy_msghdr_from_user(struct msghdr *kmsg,
2271 struct user_msghdr __user *umsg,
2272 struct sockaddr __user **save_addr,
2273 struct iovec **iov)
2274{
2275 struct user_msghdr msg;
2276 ssize_t err;
2277
2278 err = __copy_msghdr_from_user(kmsg, umsg, save_addr, &msg.msg_iov,
2279 &msg.msg_iovlen);
2280 if (err)
2281 return err;
2282
2283 err = import_iovec(save_addr ? READ : WRITE,
2284 msg.msg_iov, msg.msg_iovlen,
2285 UIO_FASTIOV, iov, &kmsg->msg_iter);
2286 return err < 0 ? err : 0;
2287}
2288
2289static int ____sys_sendmsg(struct socket *sock, struct msghdr *msg_sys,
2290 unsigned int flags, struct used_address *used_address,
2291 unsigned int allowed_msghdr_flags)
2292{
2293 unsigned char ctl[sizeof(struct cmsghdr) + 20]
2294 __aligned(sizeof(__kernel_size_t));
2295
2296 unsigned char *ctl_buf = ctl;
2297 int ctl_len;
2298 ssize_t err;
2299
2300 err = -ENOBUFS;
2301
2302 if (msg_sys->msg_controllen > INT_MAX)
2303 goto out;
2304 flags |= (msg_sys->msg_flags & allowed_msghdr_flags);
2305 ctl_len = msg_sys->msg_controllen;
2306 if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
2307 err =
2308 cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
2309 sizeof(ctl));
2310 if (err)
2311 goto out;
2312 ctl_buf = msg_sys->msg_control;
2313 ctl_len = msg_sys->msg_controllen;
2314 } else if (ctl_len) {
2315 BUILD_BUG_ON(sizeof(struct cmsghdr) !=
2316 CMSG_ALIGN(sizeof(struct cmsghdr)));
2317 if (ctl_len > sizeof(ctl)) {
2318 ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
2319 if (ctl_buf == NULL)
2320 goto out;
2321 }
2322 err = -EFAULT;
2323 if (copy_from_user(ctl_buf, msg_sys->msg_control_user, ctl_len))
2324 goto out_freectl;
2325 msg_sys->msg_control = ctl_buf;
2326 msg_sys->msg_control_is_user = false;
2327 }
2328 msg_sys->msg_flags = flags;
2329
2330 if (sock->file->f_flags & O_NONBLOCK)
2331 msg_sys->msg_flags |= MSG_DONTWAIT;
2332
2333
2334
2335
2336
2337
2338 if (used_address && msg_sys->msg_name &&
2339 used_address->name_len == msg_sys->msg_namelen &&
2340 !memcmp(&used_address->name, msg_sys->msg_name,
2341 used_address->name_len)) {
2342 err = sock_sendmsg_nosec(sock, msg_sys);
2343 goto out_freectl;
2344 }
2345 err = sock_sendmsg(sock, msg_sys);
2346
2347
2348
2349
2350 if (used_address && err >= 0) {
2351 used_address->name_len = msg_sys->msg_namelen;
2352 if (msg_sys->msg_name)
2353 memcpy(&used_address->name, msg_sys->msg_name,
2354 used_address->name_len);
2355 }
2356
2357out_freectl:
2358 if (ctl_buf != ctl)
2359 sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2360out:
2361 return err;
2362}
2363
2364int sendmsg_copy_msghdr(struct msghdr *msg,
2365 struct user_msghdr __user *umsg, unsigned flags,
2366 struct iovec **iov)
2367{
2368 int err;
2369
2370 if (flags & MSG_CMSG_COMPAT) {
2371 struct compat_msghdr __user *msg_compat;
2372
2373 msg_compat = (struct compat_msghdr __user *) umsg;
2374 err = get_compat_msghdr(msg, msg_compat, NULL, iov);
2375 } else {
2376 err = copy_msghdr_from_user(msg, umsg, NULL, iov);
2377 }
2378 if (err < 0)
2379 return err;
2380
2381 return 0;
2382}
2383
2384static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
2385 struct msghdr *msg_sys, unsigned int flags,
2386 struct used_address *used_address,
2387 unsigned int allowed_msghdr_flags)
2388{
2389 struct sockaddr_storage address;
2390 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2391 ssize_t err;
2392
2393 msg_sys->msg_name = &address;
2394
2395 err = sendmsg_copy_msghdr(msg_sys, msg, flags, &iov);
2396 if (err < 0)
2397 return err;
2398
2399 err = ____sys_sendmsg(sock, msg_sys, flags, used_address,
2400 allowed_msghdr_flags);
2401 kfree(iov);
2402 return err;
2403}
2404
2405
2406
2407
2408long __sys_sendmsg_sock(struct socket *sock, struct msghdr *msg,
2409 unsigned int flags)
2410{
2411
2412 if (msg->msg_control || msg->msg_controllen)
2413 return -EINVAL;
2414
2415 return ____sys_sendmsg(sock, msg, flags, NULL, 0);
2416}
2417
2418long __sys_sendmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2419 bool forbid_cmsg_compat)
2420{
2421 int fput_needed, err;
2422 struct msghdr msg_sys;
2423 struct socket *sock;
2424
2425 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2426 return -EINVAL;
2427
2428 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2429 if (!sock)
2430 goto out;
2431
2432 err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL, 0);
2433
2434 fput_light(sock->file, fput_needed);
2435out:
2436 return err;
2437}
2438
2439SYSCALL_DEFINE3(sendmsg, int, fd, struct user_msghdr __user *, msg, unsigned int, flags)
2440{
2441 return __sys_sendmsg(fd, msg, flags, true);
2442}
2443
2444
2445
2446
2447
2448int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2449 unsigned int flags, bool forbid_cmsg_compat)
2450{
2451 int fput_needed, err, datagrams;
2452 struct socket *sock;
2453 struct mmsghdr __user *entry;
2454 struct compat_mmsghdr __user *compat_entry;
2455 struct msghdr msg_sys;
2456 struct used_address used_address;
2457 unsigned int oflags = flags;
2458
2459 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2460 return -EINVAL;
2461
2462 if (vlen > UIO_MAXIOV)
2463 vlen = UIO_MAXIOV;
2464
2465 datagrams = 0;
2466
2467 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2468 if (!sock)
2469 return err;
2470
2471 used_address.name_len = UINT_MAX;
2472 entry = mmsg;
2473 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2474 err = 0;
2475 flags |= MSG_BATCH;
2476
2477 while (datagrams < vlen) {
2478 if (datagrams == vlen - 1)
2479 flags = oflags;
2480
2481 if (MSG_CMSG_COMPAT & flags) {
2482 err = ___sys_sendmsg(sock, (struct user_msghdr __user *)compat_entry,
2483 &msg_sys, flags, &used_address, MSG_EOR);
2484 if (err < 0)
2485 break;
2486 err = __put_user(err, &compat_entry->msg_len);
2487 ++compat_entry;
2488 } else {
2489 err = ___sys_sendmsg(sock,
2490 (struct user_msghdr __user *)entry,
2491 &msg_sys, flags, &used_address, MSG_EOR);
2492 if (err < 0)
2493 break;
2494 err = put_user(err, &entry->msg_len);
2495 ++entry;
2496 }
2497
2498 if (err)
2499 break;
2500 ++datagrams;
2501 if (msg_data_left(&msg_sys))
2502 break;
2503 cond_resched();
2504 }
2505
2506 fput_light(sock->file, fput_needed);
2507
2508
2509 if (datagrams != 0)
2510 return datagrams;
2511
2512 return err;
2513}
2514
2515SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2516 unsigned int, vlen, unsigned int, flags)
2517{
2518 return __sys_sendmmsg(fd, mmsg, vlen, flags, true);
2519}
2520
2521int recvmsg_copy_msghdr(struct msghdr *msg,
2522 struct user_msghdr __user *umsg, unsigned flags,
2523 struct sockaddr __user **uaddr,
2524 struct iovec **iov)
2525{
2526 ssize_t err;
2527
2528 if (MSG_CMSG_COMPAT & flags) {
2529 struct compat_msghdr __user *msg_compat;
2530
2531 msg_compat = (struct compat_msghdr __user *) umsg;
2532 err = get_compat_msghdr(msg, msg_compat, uaddr, iov);
2533 } else {
2534 err = copy_msghdr_from_user(msg, umsg, uaddr, iov);
2535 }
2536 if (err < 0)
2537 return err;
2538
2539 return 0;
2540}
2541
2542static int ____sys_recvmsg(struct socket *sock, struct msghdr *msg_sys,
2543 struct user_msghdr __user *msg,
2544 struct sockaddr __user *uaddr,
2545 unsigned int flags, int nosec)
2546{
2547 struct compat_msghdr __user *msg_compat =
2548 (struct compat_msghdr __user *) msg;
2549 int __user *uaddr_len = COMPAT_NAMELEN(msg);
2550 struct sockaddr_storage addr;
2551 unsigned long cmsg_ptr;
2552 int len;
2553 ssize_t err;
2554
2555 msg_sys->msg_name = &addr;
2556 cmsg_ptr = (unsigned long)msg_sys->msg_control;
2557 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2558
2559
2560 msg_sys->msg_namelen = 0;
2561
2562 if (sock->file->f_flags & O_NONBLOCK)
2563 flags |= MSG_DONTWAIT;
2564
2565 if (unlikely(nosec))
2566 err = sock_recvmsg_nosec(sock, msg_sys, flags);
2567 else
2568 err = sock_recvmsg(sock, msg_sys, flags);
2569
2570 if (err < 0)
2571 goto out;
2572 len = err;
2573
2574 if (uaddr != NULL) {
2575 err = move_addr_to_user(&addr,
2576 msg_sys->msg_namelen, uaddr,
2577 uaddr_len);
2578 if (err < 0)
2579 goto out;
2580 }
2581 err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
2582 COMPAT_FLAGS(msg));
2583 if (err)
2584 goto out;
2585 if (MSG_CMSG_COMPAT & flags)
2586 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2587 &msg_compat->msg_controllen);
2588 else
2589 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2590 &msg->msg_controllen);
2591 if (err)
2592 goto out;
2593 err = len;
2594out:
2595 return err;
2596}
2597
2598static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
2599 struct msghdr *msg_sys, unsigned int flags, int nosec)
2600{
2601 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2602
2603 struct sockaddr __user *uaddr;
2604 ssize_t err;
2605
2606 err = recvmsg_copy_msghdr(msg_sys, msg, flags, &uaddr, &iov);
2607 if (err < 0)
2608 return err;
2609
2610 err = ____sys_recvmsg(sock, msg_sys, msg, uaddr, flags, nosec);
2611 kfree(iov);
2612 return err;
2613}
2614
2615
2616
2617
2618
2619long __sys_recvmsg_sock(struct socket *sock, struct msghdr *msg,
2620 struct user_msghdr __user *umsg,
2621 struct sockaddr __user *uaddr, unsigned int flags)
2622{
2623 if (msg->msg_control || msg->msg_controllen) {
2624
2625 if (!(sock->ops->flags & PROTO_CMSG_DATA_ONLY))
2626 return -EINVAL;
2627 }
2628
2629 return ____sys_recvmsg(sock, msg, umsg, uaddr, flags, 0);
2630}
2631
2632long __sys_recvmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2633 bool forbid_cmsg_compat)
2634{
2635 int fput_needed, err;
2636 struct msghdr msg_sys;
2637 struct socket *sock;
2638
2639 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2640 return -EINVAL;
2641
2642 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2643 if (!sock)
2644 goto out;
2645
2646 err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2647
2648 fput_light(sock->file, fput_needed);
2649out:
2650 return err;
2651}
2652
2653SYSCALL_DEFINE3(recvmsg, int, fd, struct user_msghdr __user *, msg,
2654 unsigned int, flags)
2655{
2656 return __sys_recvmsg(fd, msg, flags, true);
2657}
2658
2659
2660
2661
2662
2663static int do_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2664 unsigned int vlen, unsigned int flags,
2665 struct timespec64 *timeout)
2666{
2667 int fput_needed, err, datagrams;
2668 struct socket *sock;
2669 struct mmsghdr __user *entry;
2670 struct compat_mmsghdr __user *compat_entry;
2671 struct msghdr msg_sys;
2672 struct timespec64 end_time;
2673 struct timespec64 timeout64;
2674
2675 if (timeout &&
2676 poll_select_set_timeout(&end_time, timeout->tv_sec,
2677 timeout->tv_nsec))
2678 return -EINVAL;
2679
2680 datagrams = 0;
2681
2682 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2683 if (!sock)
2684 return err;
2685
2686 if (likely(!(flags & MSG_ERRQUEUE))) {
2687 err = sock_error(sock->sk);
2688 if (err) {
2689 datagrams = err;
2690 goto out_put;
2691 }
2692 }
2693
2694 entry = mmsg;
2695 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2696
2697 while (datagrams < vlen) {
2698
2699
2700
2701 if (MSG_CMSG_COMPAT & flags) {
2702 err = ___sys_recvmsg(sock, (struct user_msghdr __user *)compat_entry,
2703 &msg_sys, flags & ~MSG_WAITFORONE,
2704 datagrams);
2705 if (err < 0)
2706 break;
2707 err = __put_user(err, &compat_entry->msg_len);
2708 ++compat_entry;
2709 } else {
2710 err = ___sys_recvmsg(sock,
2711 (struct user_msghdr __user *)entry,
2712 &msg_sys, flags & ~MSG_WAITFORONE,
2713 datagrams);
2714 if (err < 0)
2715 break;
2716 err = put_user(err, &entry->msg_len);
2717 ++entry;
2718 }
2719
2720 if (err)
2721 break;
2722 ++datagrams;
2723
2724
2725 if (flags & MSG_WAITFORONE)
2726 flags |= MSG_DONTWAIT;
2727
2728 if (timeout) {
2729 ktime_get_ts64(&timeout64);
2730 *timeout = timespec64_sub(end_time, timeout64);
2731 if (timeout->tv_sec < 0) {
2732 timeout->tv_sec = timeout->tv_nsec = 0;
2733 break;
2734 }
2735
2736
2737 if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2738 break;
2739 }
2740
2741
2742 if (msg_sys.msg_flags & MSG_OOB)
2743 break;
2744 cond_resched();
2745 }
2746
2747 if (err == 0)
2748 goto out_put;
2749
2750 if (datagrams == 0) {
2751 datagrams = err;
2752 goto out_put;
2753 }
2754
2755
2756
2757
2758
2759 if (err != -EAGAIN) {
2760
2761
2762
2763
2764
2765
2766 sock->sk->sk_err = -err;
2767 }
2768out_put:
2769 fput_light(sock->file, fput_needed);
2770
2771 return datagrams;
2772}
2773
2774int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2775 unsigned int vlen, unsigned int flags,
2776 struct __kernel_timespec __user *timeout,
2777 struct old_timespec32 __user *timeout32)
2778{
2779 int datagrams;
2780 struct timespec64 timeout_sys;
2781
2782 if (timeout && get_timespec64(&timeout_sys, timeout))
2783 return -EFAULT;
2784
2785 if (timeout32 && get_old_timespec32(&timeout_sys, timeout32))
2786 return -EFAULT;
2787
2788 if (!timeout && !timeout32)
2789 return do_recvmmsg(fd, mmsg, vlen, flags, NULL);
2790
2791 datagrams = do_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2792
2793 if (datagrams <= 0)
2794 return datagrams;
2795
2796 if (timeout && put_timespec64(&timeout_sys, timeout))
2797 datagrams = -EFAULT;
2798
2799 if (timeout32 && put_old_timespec32(&timeout_sys, timeout32))
2800 datagrams = -EFAULT;
2801
2802 return datagrams;
2803}
2804
2805SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2806 unsigned int, vlen, unsigned int, flags,
2807 struct __kernel_timespec __user *, timeout)
2808{
2809 if (flags & MSG_CMSG_COMPAT)
2810 return -EINVAL;
2811
2812 return __sys_recvmmsg(fd, mmsg, vlen, flags, timeout, NULL);
2813}
2814
2815#ifdef CONFIG_COMPAT_32BIT_TIME
2816SYSCALL_DEFINE5(recvmmsg_time32, int, fd, struct mmsghdr __user *, mmsg,
2817 unsigned int, vlen, unsigned int, flags,
2818 struct old_timespec32 __user *, timeout)
2819{
2820 if (flags & MSG_CMSG_COMPAT)
2821 return -EINVAL;
2822
2823 return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL, timeout);
2824}
2825#endif
2826
2827#ifdef __ARCH_WANT_SYS_SOCKETCALL
2828
2829#define AL(x) ((x) * sizeof(unsigned long))
2830static const unsigned char nargs[21] = {
2831 AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2832 AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2833 AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2834 AL(4), AL(5), AL(4)
2835};
2836
2837#undef AL
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2848{
2849 unsigned long a[AUDITSC_ARGS];
2850 unsigned long a0, a1;
2851 int err;
2852 unsigned int len;
2853
2854 if (call < 1 || call > SYS_SENDMMSG)
2855 return -EINVAL;
2856 call = array_index_nospec(call, SYS_SENDMMSG + 1);
2857
2858 len = nargs[call];
2859 if (len > sizeof(a))
2860 return -EINVAL;
2861
2862
2863 if (copy_from_user(a, args, len))
2864 return -EFAULT;
2865
2866 err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2867 if (err)
2868 return err;
2869
2870 a0 = a[0];
2871 a1 = a[1];
2872
2873 switch (call) {
2874 case SYS_SOCKET:
2875 err = __sys_socket(a0, a1, a[2]);
2876 break;
2877 case SYS_BIND:
2878 err = __sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2879 break;
2880 case SYS_CONNECT:
2881 err = __sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2882 break;
2883 case SYS_LISTEN:
2884 err = __sys_listen(a0, a1);
2885 break;
2886 case SYS_ACCEPT:
2887 err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2888 (int __user *)a[2], 0);
2889 break;
2890 case SYS_GETSOCKNAME:
2891 err =
2892 __sys_getsockname(a0, (struct sockaddr __user *)a1,
2893 (int __user *)a[2]);
2894 break;
2895 case SYS_GETPEERNAME:
2896 err =
2897 __sys_getpeername(a0, (struct sockaddr __user *)a1,
2898 (int __user *)a[2]);
2899 break;
2900 case SYS_SOCKETPAIR:
2901 err = __sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2902 break;
2903 case SYS_SEND:
2904 err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2905 NULL, 0);
2906 break;
2907 case SYS_SENDTO:
2908 err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2909 (struct sockaddr __user *)a[4], a[5]);
2910 break;
2911 case SYS_RECV:
2912 err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2913 NULL, NULL);
2914 break;
2915 case SYS_RECVFROM:
2916 err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2917 (struct sockaddr __user *)a[4],
2918 (int __user *)a[5]);
2919 break;
2920 case SYS_SHUTDOWN:
2921 err = __sys_shutdown(a0, a1);
2922 break;
2923 case SYS_SETSOCKOPT:
2924 err = __sys_setsockopt(a0, a1, a[2], (char __user *)a[3],
2925 a[4]);
2926 break;
2927 case SYS_GETSOCKOPT:
2928 err =
2929 __sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2930 (int __user *)a[4]);
2931 break;
2932 case SYS_SENDMSG:
2933 err = __sys_sendmsg(a0, (struct user_msghdr __user *)a1,
2934 a[2], true);
2935 break;
2936 case SYS_SENDMMSG:
2937 err = __sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2],
2938 a[3], true);
2939 break;
2940 case SYS_RECVMSG:
2941 err = __sys_recvmsg(a0, (struct user_msghdr __user *)a1,
2942 a[2], true);
2943 break;
2944 case SYS_RECVMMSG:
2945 if (IS_ENABLED(CONFIG_64BIT))
2946 err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2947 a[2], a[3],
2948 (struct __kernel_timespec __user *)a[4],
2949 NULL);
2950 else
2951 err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2952 a[2], a[3], NULL,
2953 (struct old_timespec32 __user *)a[4]);
2954 break;
2955 case SYS_ACCEPT4:
2956 err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2957 (int __user *)a[2], a[3]);
2958 break;
2959 default:
2960 err = -EINVAL;
2961 break;
2962 }
2963 return err;
2964}
2965
2966#endif
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977int sock_register(const struct net_proto_family *ops)
2978{
2979 int err;
2980
2981 if (ops->family >= NPROTO) {
2982 pr_crit("protocol %d >= NPROTO(%d)\n", ops->family, NPROTO);
2983 return -ENOBUFS;
2984 }
2985
2986 spin_lock(&net_family_lock);
2987 if (rcu_dereference_protected(net_families[ops->family],
2988 lockdep_is_held(&net_family_lock)))
2989 err = -EEXIST;
2990 else {
2991 rcu_assign_pointer(net_families[ops->family], ops);
2992 err = 0;
2993 }
2994 spin_unlock(&net_family_lock);
2995
2996 pr_info("NET: Registered protocol family %d\n", ops->family);
2997 return err;
2998}
2999EXPORT_SYMBOL(sock_register);
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014void sock_unregister(int family)
3015{
3016 BUG_ON(family < 0 || family >= NPROTO);
3017
3018 spin_lock(&net_family_lock);
3019 RCU_INIT_POINTER(net_families[family], NULL);
3020 spin_unlock(&net_family_lock);
3021
3022 synchronize_rcu();
3023
3024 pr_info("NET: Unregistered protocol family %d\n", family);
3025}
3026EXPORT_SYMBOL(sock_unregister);
3027
3028bool sock_is_registered(int family)
3029{
3030 return family < NPROTO && rcu_access_pointer(net_families[family]);
3031}
3032
3033static int __init sock_init(void)
3034{
3035 int err;
3036
3037
3038
3039 err = net_sysctl_init();
3040 if (err)
3041 goto out;
3042
3043
3044
3045
3046 skb_init();
3047
3048
3049
3050
3051
3052 init_inodecache();
3053
3054 err = register_filesystem(&sock_fs_type);
3055 if (err)
3056 goto out;
3057 sock_mnt = kern_mount(&sock_fs_type);
3058 if (IS_ERR(sock_mnt)) {
3059 err = PTR_ERR(sock_mnt);
3060 goto out_mount;
3061 }
3062
3063
3064
3065
3066#ifdef CONFIG_NETFILTER
3067 err = netfilter_init();
3068 if (err)
3069 goto out;
3070#endif
3071
3072 ptp_classifier_init();
3073
3074out:
3075 return err;
3076
3077out_mount:
3078 unregister_filesystem(&sock_fs_type);
3079 goto out;
3080}
3081
3082core_initcall(sock_init);
3083
3084#ifdef CONFIG_PROC_FS
3085void socket_seq_show(struct seq_file *seq)
3086{
3087 seq_printf(seq, "sockets: used %d\n",
3088 sock_inuse_get(seq->private));
3089}
3090#endif
3091
3092#ifdef CONFIG_COMPAT
3093static int compat_dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
3094{
3095 struct compat_ifconf ifc32;
3096 struct ifconf ifc;
3097 int err;
3098
3099 if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
3100 return -EFAULT;
3101
3102 ifc.ifc_len = ifc32.ifc_len;
3103 ifc.ifc_req = compat_ptr(ifc32.ifcbuf);
3104
3105 rtnl_lock();
3106 err = dev_ifconf(net, &ifc, sizeof(struct compat_ifreq));
3107 rtnl_unlock();
3108 if (err)
3109 return err;
3110
3111 ifc32.ifc_len = ifc.ifc_len;
3112 if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
3113 return -EFAULT;
3114
3115 return 0;
3116}
3117
3118static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
3119{
3120 struct compat_ethtool_rxnfc __user *compat_rxnfc;
3121 bool convert_in = false, convert_out = false;
3122 size_t buf_size = 0;
3123 struct ethtool_rxnfc __user *rxnfc = NULL;
3124 struct ifreq ifr;
3125 u32 rule_cnt = 0, actual_rule_cnt;
3126 u32 ethcmd;
3127 u32 data;
3128 int ret;
3129
3130 if (get_user(data, &ifr32->ifr_ifru.ifru_data))
3131 return -EFAULT;
3132
3133 compat_rxnfc = compat_ptr(data);
3134
3135 if (get_user(ethcmd, &compat_rxnfc->cmd))
3136 return -EFAULT;
3137
3138
3139
3140
3141 switch (ethcmd) {
3142 default:
3143 break;
3144 case ETHTOOL_GRXCLSRLALL:
3145
3146 if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
3147 return -EFAULT;
3148 if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
3149 return -ENOMEM;
3150 buf_size += rule_cnt * sizeof(u32);
3151 fallthrough;
3152 case ETHTOOL_GRXRINGS:
3153 case ETHTOOL_GRXCLSRLCNT:
3154 case ETHTOOL_GRXCLSRULE:
3155 case ETHTOOL_SRXCLSRLINS:
3156 convert_out = true;
3157 fallthrough;
3158 case ETHTOOL_SRXCLSRLDEL:
3159 buf_size += sizeof(struct ethtool_rxnfc);
3160 convert_in = true;
3161 rxnfc = compat_alloc_user_space(buf_size);
3162 break;
3163 }
3164
3165 if (copy_from_user(&ifr.ifr_name, &ifr32->ifr_name, IFNAMSIZ))
3166 return -EFAULT;
3167
3168 ifr.ifr_data = convert_in ? rxnfc : (void __user *)compat_rxnfc;
3169
3170 if (convert_in) {
3171
3172
3173
3174 BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
3175 sizeof(compat_rxnfc->fs.m_ext) !=
3176 offsetof(struct ethtool_rxnfc, fs.m_ext) +
3177 sizeof(rxnfc->fs.m_ext));
3178 BUILD_BUG_ON(
3179 offsetof(struct compat_ethtool_rxnfc, fs.location) -
3180 offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
3181 offsetof(struct ethtool_rxnfc, fs.location) -
3182 offsetof(struct ethtool_rxnfc, fs.ring_cookie));
3183
3184 if (copy_in_user(rxnfc, compat_rxnfc,
3185 (void __user *)(&rxnfc->fs.m_ext + 1) -
3186 (void __user *)rxnfc) ||
3187 copy_in_user(&rxnfc->fs.ring_cookie,
3188 &compat_rxnfc->fs.ring_cookie,
3189 (void __user *)(&rxnfc->fs.location + 1) -
3190 (void __user *)&rxnfc->fs.ring_cookie))
3191 return -EFAULT;
3192 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3193 if (put_user(rule_cnt, &rxnfc->rule_cnt))
3194 return -EFAULT;
3195 } else if (copy_in_user(&rxnfc->rule_cnt,
3196 &compat_rxnfc->rule_cnt,
3197 sizeof(rxnfc->rule_cnt)))
3198 return -EFAULT;
3199 }
3200
3201 ret = dev_ioctl(net, SIOCETHTOOL, &ifr, NULL);
3202 if (ret)
3203 return ret;
3204
3205 if (convert_out) {
3206 if (copy_in_user(compat_rxnfc, rxnfc,
3207 (const void __user *)(&rxnfc->fs.m_ext + 1) -
3208 (const void __user *)rxnfc) ||
3209 copy_in_user(&compat_rxnfc->fs.ring_cookie,
3210 &rxnfc->fs.ring_cookie,
3211 (const void __user *)(&rxnfc->fs.location + 1) -
3212 (const void __user *)&rxnfc->fs.ring_cookie) ||
3213 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
3214 sizeof(rxnfc->rule_cnt)))
3215 return -EFAULT;
3216
3217 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3218
3219
3220
3221
3222
3223
3224
3225
3226 if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
3227 return -EFAULT;
3228 if (actual_rule_cnt < rule_cnt)
3229 rule_cnt = actual_rule_cnt;
3230 if (copy_in_user(&compat_rxnfc->rule_locs[0],
3231 &rxnfc->rule_locs[0],
3232 rule_cnt * sizeof(u32)))
3233 return -EFAULT;
3234 }
3235 }
3236
3237 return 0;
3238}
3239
3240static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
3241{
3242 compat_uptr_t uptr32;
3243 struct ifreq ifr;
3244 void __user *saved;
3245 int err;
3246
3247 if (copy_from_user(&ifr, uifr32, sizeof(struct compat_ifreq)))
3248 return -EFAULT;
3249
3250 if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
3251 return -EFAULT;
3252
3253 saved = ifr.ifr_settings.ifs_ifsu.raw_hdlc;
3254 ifr.ifr_settings.ifs_ifsu.raw_hdlc = compat_ptr(uptr32);
3255
3256 err = dev_ioctl(net, SIOCWANDEV, &ifr, NULL);
3257 if (!err) {
3258 ifr.ifr_settings.ifs_ifsu.raw_hdlc = saved;
3259 if (copy_to_user(uifr32, &ifr, sizeof(struct compat_ifreq)))
3260 err = -EFAULT;
3261 }
3262 return err;
3263}
3264
3265
3266static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd,
3267 struct compat_ifreq __user *u_ifreq32)
3268{
3269 struct ifreq ifreq;
3270 u32 data32;
3271
3272 if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ))
3273 return -EFAULT;
3274 if (get_user(data32, &u_ifreq32->ifr_data))
3275 return -EFAULT;
3276 ifreq.ifr_data = compat_ptr(data32);
3277
3278 return dev_ioctl(net, cmd, &ifreq, NULL);
3279}
3280
3281static int compat_ifreq_ioctl(struct net *net, struct socket *sock,
3282 unsigned int cmd,
3283 struct compat_ifreq __user *uifr32)
3284{
3285 struct ifreq __user *uifr;
3286 int err;
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298 uifr = compat_alloc_user_space(sizeof(*uifr));
3299 if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
3300 return -EFAULT;
3301
3302 err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
3303
3304 if (!err) {
3305 switch (cmd) {
3306 case SIOCGIFFLAGS:
3307 case SIOCGIFMETRIC:
3308 case SIOCGIFMTU:
3309 case SIOCGIFMEM:
3310 case SIOCGIFHWADDR:
3311 case SIOCGIFINDEX:
3312 case SIOCGIFADDR:
3313 case SIOCGIFBRDADDR:
3314 case SIOCGIFDSTADDR:
3315 case SIOCGIFNETMASK:
3316 case SIOCGIFPFLAGS:
3317 case SIOCGIFTXQLEN:
3318 case SIOCGMIIPHY:
3319 case SIOCGMIIREG:
3320 case SIOCGIFNAME:
3321 if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
3322 err = -EFAULT;
3323 break;
3324 }
3325 }
3326 return err;
3327}
3328
3329static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3330 struct compat_ifreq __user *uifr32)
3331{
3332 struct ifreq ifr;
3333 struct compat_ifmap __user *uifmap32;
3334 int err;
3335
3336 uifmap32 = &uifr32->ifr_ifru.ifru_map;
3337 err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3338 err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3339 err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3340 err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3341 err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3342 err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3343 err |= get_user(ifr.ifr_map.port, &uifmap32->port);
3344 if (err)
3345 return -EFAULT;
3346
3347 err = dev_ioctl(net, cmd, &ifr, NULL);
3348
3349 if (cmd == SIOCGIFMAP && !err) {
3350 err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3351 err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3352 err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3353 err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3354 err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3355 err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3356 err |= put_user(ifr.ifr_map.port, &uifmap32->port);
3357 if (err)
3358 err = -EFAULT;
3359 }
3360 return err;
3361}
3362
3363
3364
3365
3366
3367static int old_bridge_ioctl(compat_ulong_t __user *argp)
3368{
3369 compat_ulong_t tmp;
3370
3371 if (get_user(tmp, argp))
3372 return -EFAULT;
3373 if (tmp == BRCTL_GET_VERSION)
3374 return BRCTL_VERSION + 1;
3375 return -EINVAL;
3376}
3377
3378static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3379 unsigned int cmd, unsigned long arg)
3380{
3381 void __user *argp = compat_ptr(arg);
3382 struct sock *sk = sock->sk;
3383 struct net *net = sock_net(sk);
3384
3385 if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
3386 return compat_ifr_data_ioctl(net, cmd, argp);
3387
3388 switch (cmd) {
3389 case SIOCSIFBR:
3390 case SIOCGIFBR:
3391 return old_bridge_ioctl(argp);
3392 case SIOCGIFCONF:
3393 return compat_dev_ifconf(net, argp);
3394 case SIOCETHTOOL:
3395 return ethtool_ioctl(net, argp);
3396 case SIOCWANDEV:
3397 return compat_siocwandev(net, argp);
3398 case SIOCGIFMAP:
3399 case SIOCSIFMAP:
3400 return compat_sioc_ifmap(net, cmd, argp);
3401 case SIOCGSTAMP_OLD:
3402 case SIOCGSTAMPNS_OLD:
3403 if (!sock->ops->gettstamp)
3404 return -ENOIOCTLCMD;
3405 return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP_OLD,
3406 !COMPAT_USE_64BIT_TIME);
3407
3408 case SIOCBONDSLAVEINFOQUERY:
3409 case SIOCBONDINFOQUERY:
3410 case SIOCSHWTSTAMP:
3411 case SIOCGHWTSTAMP:
3412 return compat_ifr_data_ioctl(net, cmd, argp);
3413
3414 case FIOSETOWN:
3415 case SIOCSPGRP:
3416 case FIOGETOWN:
3417 case SIOCGPGRP:
3418 case SIOCBRADDBR:
3419 case SIOCBRDELBR:
3420 case SIOCGIFVLAN:
3421 case SIOCSIFVLAN:
3422 case SIOCGSKNS:
3423 case SIOCGSTAMP_NEW:
3424 case SIOCGSTAMPNS_NEW:
3425 return sock_ioctl(file, cmd, arg);
3426
3427 case SIOCGIFFLAGS:
3428 case SIOCSIFFLAGS:
3429 case SIOCGIFMETRIC:
3430 case SIOCSIFMETRIC:
3431 case SIOCGIFMTU:
3432 case SIOCSIFMTU:
3433 case SIOCGIFMEM:
3434 case SIOCSIFMEM:
3435 case SIOCGIFHWADDR:
3436 case SIOCSIFHWADDR:
3437 case SIOCADDMULTI:
3438 case SIOCDELMULTI:
3439 case SIOCGIFINDEX:
3440 case SIOCGIFADDR:
3441 case SIOCSIFADDR:
3442 case SIOCSIFHWBROADCAST:
3443 case SIOCDIFADDR:
3444 case SIOCGIFBRDADDR:
3445 case SIOCSIFBRDADDR:
3446 case SIOCGIFDSTADDR:
3447 case SIOCSIFDSTADDR:
3448 case SIOCGIFNETMASK:
3449 case SIOCSIFNETMASK:
3450 case SIOCSIFPFLAGS:
3451 case SIOCGIFPFLAGS:
3452 case SIOCGIFTXQLEN:
3453 case SIOCSIFTXQLEN:
3454 case SIOCBRADDIF:
3455 case SIOCBRDELIF:
3456 case SIOCGIFNAME:
3457 case SIOCSIFNAME:
3458 case SIOCGMIIPHY:
3459 case SIOCGMIIREG:
3460 case SIOCSMIIREG:
3461 case SIOCBONDENSLAVE:
3462 case SIOCBONDRELEASE:
3463 case SIOCBONDSETHWADDR:
3464 case SIOCBONDCHANGEACTIVE:
3465 return compat_ifreq_ioctl(net, sock, cmd, argp);
3466
3467 case SIOCSARP:
3468 case SIOCGARP:
3469 case SIOCDARP:
3470 case SIOCOUTQ:
3471 case SIOCOUTQNSD:
3472 case SIOCATMARK:
3473 return sock_do_ioctl(net, sock, cmd, arg);
3474 }
3475
3476 return -ENOIOCTLCMD;
3477}
3478
3479static long compat_sock_ioctl(struct file *file, unsigned int cmd,
3480 unsigned long arg)
3481{
3482 struct socket *sock = file->private_data;
3483 int ret = -ENOIOCTLCMD;
3484 struct sock *sk;
3485 struct net *net;
3486
3487 sk = sock->sk;
3488 net = sock_net(sk);
3489
3490 if (sock->ops->compat_ioctl)
3491 ret = sock->ops->compat_ioctl(sock, cmd, arg);
3492
3493 if (ret == -ENOIOCTLCMD &&
3494 (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3495 ret = compat_wext_handle_ioctl(net, cmd, arg);
3496
3497 if (ret == -ENOIOCTLCMD)
3498 ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3499
3500 return ret;
3501}
3502#endif
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3514{
3515 return sock->ops->bind(sock, addr, addrlen);
3516}
3517EXPORT_SYMBOL(kernel_bind);
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527int kernel_listen(struct socket *sock, int backlog)
3528{
3529 return sock->ops->listen(sock, backlog);
3530}
3531EXPORT_SYMBOL(kernel_listen);
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3545{
3546 struct sock *sk = sock->sk;
3547 int err;
3548
3549 err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3550 newsock);
3551 if (err < 0)
3552 goto done;
3553
3554 err = sock->ops->accept(sock, *newsock, flags, true);
3555 if (err < 0) {
3556 sock_release(*newsock);
3557 *newsock = NULL;
3558 goto done;
3559 }
3560
3561 (*newsock)->ops = sock->ops;
3562 __module_get((*newsock)->ops->owner);
3563
3564done:
3565 return err;
3566}
3567EXPORT_SYMBOL(kernel_accept);
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
3583 int flags)
3584{
3585 return sock->ops->connect(sock, addr, addrlen, flags);
3586}
3587EXPORT_SYMBOL(kernel_connect);
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598int kernel_getsockname(struct socket *sock, struct sockaddr *addr)
3599{
3600 return sock->ops->getname(sock, addr, 0);
3601}
3602EXPORT_SYMBOL(kernel_getsockname);
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613int kernel_getpeername(struct socket *sock, struct sockaddr *addr)
3614{
3615 return sock->ops->getname(sock, addr, 1);
3616}
3617EXPORT_SYMBOL(kernel_getpeername);
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3631 size_t size, int flags)
3632{
3633 if (sock->ops->sendpage) {
3634
3635 WARN_ONCE(!sendpage_ok(page), "improper page for zero-copy send");
3636 return sock->ops->sendpage(sock, page, offset, size, flags);
3637 }
3638 return sock_no_sendpage(sock, page, offset, size, flags);
3639}
3640EXPORT_SYMBOL(kernel_sendpage);
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654int kernel_sendpage_locked(struct sock *sk, struct page *page, int offset,
3655 size_t size, int flags)
3656{
3657 struct socket *sock = sk->sk_socket;
3658
3659 if (sock->ops->sendpage_locked)
3660 return sock->ops->sendpage_locked(sk, page, offset, size,
3661 flags);
3662
3663 return sock_no_sendpage_locked(sk, page, offset, size, flags);
3664}
3665EXPORT_SYMBOL(kernel_sendpage_locked);
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3676{
3677 return sock->ops->shutdown(sock, how);
3678}
3679EXPORT_SYMBOL(kernel_sock_shutdown);
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691u32 kernel_sock_ip_overhead(struct sock *sk)
3692{
3693 struct inet_sock *inet;
3694 struct ip_options_rcu *opt;
3695 u32 overhead = 0;
3696#if IS_ENABLED(CONFIG_IPV6)
3697 struct ipv6_pinfo *np;
3698 struct ipv6_txoptions *optv6 = NULL;
3699#endif
3700
3701 if (!sk)
3702 return overhead;
3703
3704 switch (sk->sk_family) {
3705 case AF_INET:
3706 inet = inet_sk(sk);
3707 overhead += sizeof(struct iphdr);
3708 opt = rcu_dereference_protected(inet->inet_opt,
3709 sock_owned_by_user(sk));
3710 if (opt)
3711 overhead += opt->opt.optlen;
3712 return overhead;
3713#if IS_ENABLED(CONFIG_IPV6)
3714 case AF_INET6:
3715 np = inet6_sk(sk);
3716 overhead += sizeof(struct ipv6hdr);
3717 if (np)
3718 optv6 = rcu_dereference_protected(np->opt,
3719 sock_owned_by_user(sk));
3720 if (optv6)
3721 overhead += (optv6->opt_flen + optv6->opt_nflen);
3722 return overhead;
3723#endif
3724 default:
3725 return overhead;
3726 }
3727}
3728EXPORT_SYMBOL(kernel_sock_ip_overhead);
3729
