1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55#include <linux/mm.h>
56#include <linux/socket.h>
57#include <linux/file.h>
58#include <linux/net.h>
59#include <linux/interrupt.h>
60#include <linux/thread_info.h>
61#include <linux/rcupdate.h>
62#include <linux/netdevice.h>
63#include <linux/proc_fs.h>
64#include <linux/seq_file.h>
65#include <linux/mutex.h>
66#include <linux/if_bridge.h>
67#include <linux/if_frad.h>
68#include <linux/if_vlan.h>
69#include <linux/ptp_classify.h>
70#include <linux/init.h>
71#include <linux/poll.h>
72#include <linux/cache.h>
73#include <linux/module.h>
74#include <linux/highmem.h>
75#include <linux/mount.h>
76#include <linux/pseudo_fs.h>
77#include <linux/security.h>
78#include <linux/syscalls.h>
79#include <linux/compat.h>
80#include <linux/kmod.h>
81#include <linux/audit.h>
82#include <linux/wireless.h>
83#include <linux/nsproxy.h>
84#include <linux/magic.h>
85#include <linux/slab.h>
86#include <linux/xattr.h>
87#include <linux/nospec.h>
88#include <linux/indirect_call_wrapper.h>
89
90#include <linux/uaccess.h>
91#include <asm/unistd.h>
92
93#include <net/compat.h>
94#include <net/wext.h>
95#include <net/cls_cgroup.h>
96
97#include <net/sock.h>
98#include <linux/netfilter.h>
99
100#include <linux/if_tun.h>
101#include <linux/ipv6_route.h>
102#include <linux/route.h>
103#include <linux/termios.h>
104#include <linux/sockios.h>
105#include <net/busy_poll.h>
106#include <linux/errqueue.h>
107
108#ifdef CONFIG_NET_RX_BUSY_POLL
109unsigned int sysctl_net_busy_read __read_mostly;
110unsigned int sysctl_net_busy_poll __read_mostly;
111#endif
112
113static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
114static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
115static int sock_mmap(struct file *file, struct vm_area_struct *vma);
116
117static int sock_close(struct inode *inode, struct file *file);
118static __poll_t sock_poll(struct file *file,
119 struct poll_table_struct *wait);
120static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
121#ifdef CONFIG_COMPAT
122static long compat_sock_ioctl(struct file *file,
123 unsigned int cmd, unsigned long arg);
124#endif
125static int sock_fasync(int fd, struct file *filp, int on);
126static ssize_t sock_sendpage(struct file *file, struct page *page,
127 int offset, size_t size, loff_t *ppos, int more);
128static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
129 struct pipe_inode_info *pipe, size_t len,
130 unsigned int flags);
131
132
133
134
135
136
137static const struct file_operations socket_file_ops = {
138 .owner = THIS_MODULE,
139 .llseek = no_llseek,
140 .read_iter = sock_read_iter,
141 .write_iter = sock_write_iter,
142 .poll = sock_poll,
143 .unlocked_ioctl = sock_ioctl,
144#ifdef CONFIG_COMPAT
145 .compat_ioctl = compat_sock_ioctl,
146#endif
147 .mmap = sock_mmap,
148 .release = sock_close,
149 .fasync = sock_fasync,
150 .sendpage = sock_sendpage,
151 .splice_write = generic_splice_sendpage,
152 .splice_read = sock_splice_read,
153};
154
155
156
157
158
159static DEFINE_SPINLOCK(net_family_lock);
160static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
180{
181 if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
182 return -EINVAL;
183 if (ulen == 0)
184 return 0;
185 if (copy_from_user(kaddr, uaddr, ulen))
186 return -EFAULT;
187 return audit_sockaddr(ulen, kaddr);
188}
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
208 void __user *uaddr, int __user *ulen)
209{
210 int err;
211 int len;
212
213 BUG_ON(klen > sizeof(struct sockaddr_storage));
214 err = get_user(len, ulen);
215 if (err)
216 return err;
217 if (len > klen)
218 len = klen;
219 if (len < 0)
220 return -EINVAL;
221 if (len) {
222 if (audit_sockaddr(klen, kaddr))
223 return -ENOMEM;
224 if (copy_to_user(uaddr, kaddr, len))
225 return -EFAULT;
226 }
227
228
229
230
231 return __put_user(klen, ulen);
232}
233
234static struct kmem_cache *sock_inode_cachep __ro_after_init;
235
236static struct inode *sock_alloc_inode(struct super_block *sb)
237{
238 struct socket_alloc *ei;
239
240 ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
241 if (!ei)
242 return NULL;
243 init_waitqueue_head(&ei->socket.wq.wait);
244 ei->socket.wq.fasync_list = NULL;
245 ei->socket.wq.flags = 0;
246
247 ei->socket.state = SS_UNCONNECTED;
248 ei->socket.flags = 0;
249 ei->socket.ops = NULL;
250 ei->socket.sk = NULL;
251 ei->socket.file = NULL;
252
253 return &ei->vfs_inode;
254}
255
256static void sock_free_inode(struct inode *inode)
257{
258 struct socket_alloc *ei;
259
260 ei = container_of(inode, struct socket_alloc, vfs_inode);
261 kmem_cache_free(sock_inode_cachep, ei);
262}
263
264static void init_once(void *foo)
265{
266 struct socket_alloc *ei = (struct socket_alloc *)foo;
267
268 inode_init_once(&ei->vfs_inode);
269}
270
271static void init_inodecache(void)
272{
273 sock_inode_cachep = kmem_cache_create("sock_inode_cache",
274 sizeof(struct socket_alloc),
275 0,
276 (SLAB_HWCACHE_ALIGN |
277 SLAB_RECLAIM_ACCOUNT |
278 SLAB_MEM_SPREAD | SLAB_ACCOUNT),
279 init_once);
280 BUG_ON(sock_inode_cachep == NULL);
281}
282
283static const struct super_operations sockfs_ops = {
284 .alloc_inode = sock_alloc_inode,
285 .free_inode = sock_free_inode,
286 .statfs = simple_statfs,
287};
288
289
290
291
292static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
293{
294 return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
295 d_inode(dentry)->i_ino);
296}
297
298static const struct dentry_operations sockfs_dentry_operations = {
299 .d_dname = sockfs_dname,
300};
301
302static int sockfs_xattr_get(const struct xattr_handler *handler,
303 struct dentry *dentry, struct inode *inode,
304 const char *suffix, void *value, size_t size)
305{
306 if (value) {
307 if (dentry->d_name.len + 1 > size)
308 return -ERANGE;
309 memcpy(value, dentry->d_name.name, dentry->d_name.len + 1);
310 }
311 return dentry->d_name.len + 1;
312}
313
314#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
315#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
316#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
317
318static const struct xattr_handler sockfs_xattr_handler = {
319 .name = XATTR_NAME_SOCKPROTONAME,
320 .get = sockfs_xattr_get,
321};
322
323static int sockfs_security_xattr_set(const struct xattr_handler *handler,
324 struct dentry *dentry, struct inode *inode,
325 const char *suffix, const void *value,
326 size_t size, int flags)
327{
328
329 return -EAGAIN;
330}
331
332static const struct xattr_handler sockfs_security_xattr_handler = {
333 .prefix = XATTR_SECURITY_PREFIX,
334 .set = sockfs_security_xattr_set,
335};
336
337static const struct xattr_handler *sockfs_xattr_handlers[] = {
338 &sockfs_xattr_handler,
339 &sockfs_security_xattr_handler,
340 NULL
341};
342
343static int sockfs_init_fs_context(struct fs_context *fc)
344{
345 struct pseudo_fs_context *ctx = init_pseudo(fc, SOCKFS_MAGIC);
346 if (!ctx)
347 return -ENOMEM;
348 ctx->ops = &sockfs_ops;
349 ctx->dops = &sockfs_dentry_operations;
350 ctx->xattr = sockfs_xattr_handlers;
351 return 0;
352}
353
354static struct vfsmount *sock_mnt __read_mostly;
355
356static struct file_system_type sock_fs_type = {
357 .name = "sockfs",
358 .init_fs_context = sockfs_init_fs_context,
359 .kill_sb = kill_anon_super,
360};
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
392{
393 struct file *file;
394
395 if (!dname)
396 dname = sock->sk ? sock->sk->sk_prot_creator->name : "";
397
398 file = alloc_file_pseudo(SOCK_INODE(sock), sock_mnt, dname,
399 O_RDWR | (flags & O_NONBLOCK),
400 &socket_file_ops);
401 if (IS_ERR(file)) {
402 sock_release(sock);
403 return file;
404 }
405
406 sock->file = file;
407 file->private_data = sock;
408 stream_open(SOCK_INODE(sock), file);
409 return file;
410}
411EXPORT_SYMBOL(sock_alloc_file);
412
413static int sock_map_fd(struct socket *sock, int flags)
414{
415 struct file *newfile;
416 int fd = get_unused_fd_flags(flags);
417 if (unlikely(fd < 0)) {
418 sock_release(sock);
419 return fd;
420 }
421
422 newfile = sock_alloc_file(sock, flags, NULL);
423 if (!IS_ERR(newfile)) {
424 fd_install(fd, newfile);
425 return fd;
426 }
427
428 put_unused_fd(fd);
429 return PTR_ERR(newfile);
430}
431
432
433
434
435
436
437
438
439
440struct socket *sock_from_file(struct file *file, int *err)
441{
442 if (file->f_op == &socket_file_ops)
443 return file->private_data;
444
445 *err = -ENOTSOCK;
446 return NULL;
447}
448EXPORT_SYMBOL(sock_from_file);
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463struct socket *sockfd_lookup(int fd, int *err)
464{
465 struct file *file;
466 struct socket *sock;
467
468 file = fget(fd);
469 if (!file) {
470 *err = -EBADF;
471 return NULL;
472 }
473
474 sock = sock_from_file(file, err);
475 if (!sock)
476 fput(file);
477 return sock;
478}
479EXPORT_SYMBOL(sockfd_lookup);
480
481static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
482{
483 struct fd f = fdget(fd);
484 struct socket *sock;
485
486 *err = -EBADF;
487 if (f.file) {
488 sock = sock_from_file(f.file, err);
489 if (likely(sock)) {
490 *fput_needed = f.flags;
491 return sock;
492 }
493 fdput(f);
494 }
495 return NULL;
496}
497
498static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
499 size_t size)
500{
501 ssize_t len;
502 ssize_t used = 0;
503
504 len = security_inode_listsecurity(d_inode(dentry), buffer, size);
505 if (len < 0)
506 return len;
507 used += len;
508 if (buffer) {
509 if (size < used)
510 return -ERANGE;
511 buffer += len;
512 }
513
514 len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
515 used += len;
516 if (buffer) {
517 if (size < used)
518 return -ERANGE;
519 memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
520 buffer += len;
521 }
522
523 return used;
524}
525
526static int sockfs_setattr(struct dentry *dentry, struct iattr *iattr)
527{
528 int err = simple_setattr(dentry, iattr);
529
530 if (!err && (iattr->ia_valid & ATTR_UID)) {
531 struct socket *sock = SOCKET_I(d_inode(dentry));
532
533 if (sock->sk)
534 sock->sk->sk_uid = iattr->ia_uid;
535 else
536 err = -ENOENT;
537 }
538
539 return err;
540}
541
542static const struct inode_operations sockfs_inode_ops = {
543 .listxattr = sockfs_listxattr,
544 .setattr = sockfs_setattr,
545};
546
547
548
549
550
551
552
553
554
555struct socket *sock_alloc(void)
556{
557 struct inode *inode;
558 struct socket *sock;
559
560 inode = new_inode_pseudo(sock_mnt->mnt_sb);
561 if (!inode)
562 return NULL;
563
564 sock = SOCKET_I(inode);
565
566 inode->i_ino = get_next_ino();
567 inode->i_mode = S_IFSOCK | S_IRWXUGO;
568 inode->i_uid = current_fsuid();
569 inode->i_gid = current_fsgid();
570 inode->i_op = &sockfs_inode_ops;
571
572 return sock;
573}
574EXPORT_SYMBOL(sock_alloc);
575
576
577
578
579
580
581
582
583
584
585static void __sock_release(struct socket *sock, struct inode *inode)
586{
587 if (sock->ops) {
588 struct module *owner = sock->ops->owner;
589
590 if (inode)
591 inode_lock(inode);
592 sock->ops->release(sock);
593 sock->sk = NULL;
594 if (inode)
595 inode_unlock(inode);
596 sock->ops = NULL;
597 module_put(owner);
598 }
599
600 if (sock->wq.fasync_list)
601 pr_err("%s: fasync list not empty!\n", __func__);
602
603 if (!sock->file) {
604 iput(SOCK_INODE(sock));
605 return;
606 }
607 sock->file = NULL;
608}
609
610void sock_release(struct socket *sock)
611{
612 __sock_release(sock, NULL);
613}
614EXPORT_SYMBOL(sock_release);
615
616void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags)
617{
618 u8 flags = *tx_flags;
619
620 if (tsflags & SOF_TIMESTAMPING_TX_HARDWARE)
621 flags |= SKBTX_HW_TSTAMP;
622
623 if (tsflags & SOF_TIMESTAMPING_TX_SOFTWARE)
624 flags |= SKBTX_SW_TSTAMP;
625
626 if (tsflags & SOF_TIMESTAMPING_TX_SCHED)
627 flags |= SKBTX_SCHED_TSTAMP;
628
629 *tx_flags = flags;
630}
631EXPORT_SYMBOL(__sock_tx_timestamp);
632
633INDIRECT_CALLABLE_DECLARE(int inet_sendmsg(struct socket *, struct msghdr *,
634 size_t));
635INDIRECT_CALLABLE_DECLARE(int inet6_sendmsg(struct socket *, struct msghdr *,
636 size_t));
637static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
638{
639 int ret = INDIRECT_CALL_INET(sock->ops->sendmsg, inet6_sendmsg,
640 inet_sendmsg, sock, msg,
641 msg_data_left(msg));
642 BUG_ON(ret == -EIOCBQUEUED);
643 return ret;
644}
645
646
647
648
649
650
651
652
653
654int sock_sendmsg(struct socket *sock, struct msghdr *msg)
655{
656 int err = security_socket_sendmsg(sock, msg,
657 msg_data_left(msg));
658
659 return err ?: sock_sendmsg_nosec(sock, msg);
660}
661EXPORT_SYMBOL(sock_sendmsg);
662
663
664
665
666
667
668
669
670
671
672
673
674
675int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
676 struct kvec *vec, size_t num, size_t size)
677{
678 iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
679 return sock_sendmsg(sock, msg);
680}
681EXPORT_SYMBOL(kernel_sendmsg);
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696int kernel_sendmsg_locked(struct sock *sk, struct msghdr *msg,
697 struct kvec *vec, size_t num, size_t size)
698{
699 struct socket *sock = sk->sk_socket;
700
701 if (!sock->ops->sendmsg_locked)
702 return sock_no_sendmsg_locked(sk, msg, size);
703
704 iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
705
706 return sock->ops->sendmsg_locked(sk, msg, msg_data_left(msg));
707}
708EXPORT_SYMBOL(kernel_sendmsg_locked);
709
710static bool skb_is_err_queue(const struct sk_buff *skb)
711{
712
713
714
715
716
717 return skb->pkt_type == PACKET_OUTGOING;
718}
719
720
721
722
723
724
725
726
727
728static bool skb_is_swtx_tstamp(const struct sk_buff *skb, int false_tstamp)
729{
730 return skb->tstamp && !false_tstamp && skb_is_err_queue(skb);
731}
732
733static void put_ts_pktinfo(struct msghdr *msg, struct sk_buff *skb)
734{
735 struct scm_ts_pktinfo ts_pktinfo;
736 struct net_device *orig_dev;
737
738 if (!skb_mac_header_was_set(skb))
739 return;
740
741 memset(&ts_pktinfo, 0, sizeof(ts_pktinfo));
742
743 rcu_read_lock();
744 orig_dev = dev_get_by_napi_id(skb_napi_id(skb));
745 if (orig_dev)
746 ts_pktinfo.if_index = orig_dev->ifindex;
747 rcu_read_unlock();
748
749 ts_pktinfo.pkt_length = skb->len - skb_mac_offset(skb);
750 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_PKTINFO,
751 sizeof(ts_pktinfo), &ts_pktinfo);
752}
753
754
755
756
757void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
758 struct sk_buff *skb)
759{
760 int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
761 int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
762 struct scm_timestamping_internal tss;
763
764 int empty = 1, false_tstamp = 0;
765 struct skb_shared_hwtstamps *shhwtstamps =
766 skb_hwtstamps(skb);
767
768
769
770 if (need_software_tstamp && skb->tstamp == 0) {
771 __net_timestamp(skb);
772 false_tstamp = 1;
773 }
774
775 if (need_software_tstamp) {
776 if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
777 if (new_tstamp) {
778 struct __kernel_sock_timeval tv;
779
780 skb_get_new_timestamp(skb, &tv);
781 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_NEW,
782 sizeof(tv), &tv);
783 } else {
784 struct __kernel_old_timeval tv;
785
786 skb_get_timestamp(skb, &tv);
787 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_OLD,
788 sizeof(tv), &tv);
789 }
790 } else {
791 if (new_tstamp) {
792 struct __kernel_timespec ts;
793
794 skb_get_new_timestampns(skb, &ts);
795 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_NEW,
796 sizeof(ts), &ts);
797 } else {
798 struct __kernel_old_timespec ts;
799
800 skb_get_timestampns(skb, &ts);
801 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
802 sizeof(ts), &ts);
803 }
804 }
805 }
806
807 memset(&tss, 0, sizeof(tss));
808 if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) &&
809 ktime_to_timespec64_cond(skb->tstamp, tss.ts + 0))
810 empty = 0;
811 if (shhwtstamps &&
812 (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
813 !skb_is_swtx_tstamp(skb, false_tstamp) &&
814 ktime_to_timespec64_cond(shhwtstamps->hwtstamp, tss.ts + 2)) {
815 empty = 0;
816 if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_PKTINFO) &&
817 !skb_is_err_queue(skb))
818 put_ts_pktinfo(msg, skb);
819 }
820 if (!empty) {
821 if (sock_flag(sk, SOCK_TSTAMP_NEW))
822 put_cmsg_scm_timestamping64(msg, &tss);
823 else
824 put_cmsg_scm_timestamping(msg, &tss);
825
826 if (skb_is_err_queue(skb) && skb->len &&
827 SKB_EXT_ERR(skb)->opt_stats)
828 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS,
829 skb->len, skb->data);
830 }
831}
832EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
833
834void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
835 struct sk_buff *skb)
836{
837 int ack;
838
839 if (!sock_flag(sk, SOCK_WIFI_STATUS))
840 return;
841 if (!skb->wifi_acked_valid)
842 return;
843
844 ack = skb->wifi_acked;
845
846 put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
847}
848EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
849
850static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
851 struct sk_buff *skb)
852{
853 if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
854 put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
855 sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
856}
857
858void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
859 struct sk_buff *skb)
860{
861 sock_recv_timestamp(msg, sk, skb);
862 sock_recv_drops(msg, sk, skb);
863}
864EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
865
866INDIRECT_CALLABLE_DECLARE(int inet_recvmsg(struct socket *, struct msghdr *,
867 size_t, int));
868INDIRECT_CALLABLE_DECLARE(int inet6_recvmsg(struct socket *, struct msghdr *,
869 size_t, int));
870static inline int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
871 int flags)
872{
873 return INDIRECT_CALL_INET(sock->ops->recvmsg, inet6_recvmsg,
874 inet_recvmsg, sock, msg, msg_data_left(msg),
875 flags);
876}
877
878
879
880
881
882
883
884
885
886
887int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags)
888{
889 int err = security_socket_recvmsg(sock, msg, msg_data_left(msg), flags);
890
891 return err ?: sock_recvmsg_nosec(sock, msg, flags);
892}
893EXPORT_SYMBOL(sock_recvmsg);
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
912 struct kvec *vec, size_t num, size_t size, int flags)
913{
914 mm_segment_t oldfs = get_fs();
915 int result;
916
917 iov_iter_kvec(&msg->msg_iter, READ, vec, num, size);
918 set_fs(KERNEL_DS);
919 result = sock_recvmsg(sock, msg, flags);
920 set_fs(oldfs);
921 return result;
922}
923EXPORT_SYMBOL(kernel_recvmsg);
924
925static ssize_t sock_sendpage(struct file *file, struct page *page,
926 int offset, size_t size, loff_t *ppos, int more)
927{
928 struct socket *sock;
929 int flags;
930
931 sock = file->private_data;
932
933 flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
934
935 flags |= more;
936
937 return kernel_sendpage(sock, page, offset, size, flags);
938}
939
940static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
941 struct pipe_inode_info *pipe, size_t len,
942 unsigned int flags)
943{
944 struct socket *sock = file->private_data;
945
946 if (unlikely(!sock->ops->splice_read))
947 return generic_file_splice_read(file, ppos, pipe, len, flags);
948
949 return sock->ops->splice_read(sock, ppos, pipe, len, flags);
950}
951
952static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
953{
954 struct file *file = iocb->ki_filp;
955 struct socket *sock = file->private_data;
956 struct msghdr msg = {.msg_iter = *to,
957 .msg_iocb = iocb};
958 ssize_t res;
959
960 if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
961 msg.msg_flags = MSG_DONTWAIT;
962
963 if (iocb->ki_pos != 0)
964 return -ESPIPE;
965
966 if (!iov_iter_count(to))
967 return 0;
968
969 res = sock_recvmsg(sock, &msg, msg.msg_flags);
970 *to = msg.msg_iter;
971 return res;
972}
973
974static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
975{
976 struct file *file = iocb->ki_filp;
977 struct socket *sock = file->private_data;
978 struct msghdr msg = {.msg_iter = *from,
979 .msg_iocb = iocb};
980 ssize_t res;
981
982 if (iocb->ki_pos != 0)
983 return -ESPIPE;
984
985 if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
986 msg.msg_flags = MSG_DONTWAIT;
987
988 if (sock->type == SOCK_SEQPACKET)
989 msg.msg_flags |= MSG_EOR;
990
991 res = sock_sendmsg(sock, &msg);
992 *from = msg.msg_iter;
993 return res;
994}
995
996
997
998
999
1000
1001static DEFINE_MUTEX(br_ioctl_mutex);
1002static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
1003
1004void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
1005{
1006 mutex_lock(&br_ioctl_mutex);
1007 br_ioctl_hook = hook;
1008 mutex_unlock(&br_ioctl_mutex);
1009}
1010EXPORT_SYMBOL(brioctl_set);
1011
1012static DEFINE_MUTEX(vlan_ioctl_mutex);
1013static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
1014
1015void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
1016{
1017 mutex_lock(&vlan_ioctl_mutex);
1018 vlan_ioctl_hook = hook;
1019 mutex_unlock(&vlan_ioctl_mutex);
1020}
1021EXPORT_SYMBOL(vlan_ioctl_set);
1022
1023static DEFINE_MUTEX(dlci_ioctl_mutex);
1024static int (*dlci_ioctl_hook) (unsigned int, void __user *);
1025
1026void dlci_ioctl_set(int (*hook) (unsigned int, void __user *))
1027{
1028 mutex_lock(&dlci_ioctl_mutex);
1029 dlci_ioctl_hook = hook;
1030 mutex_unlock(&dlci_ioctl_mutex);
1031}
1032EXPORT_SYMBOL(dlci_ioctl_set);
1033
1034static long sock_do_ioctl(struct net *net, struct socket *sock,
1035 unsigned int cmd, unsigned long arg)
1036{
1037 int err;
1038 void __user *argp = (void __user *)arg;
1039
1040 err = sock->ops->ioctl(sock, cmd, arg);
1041
1042
1043
1044
1045
1046 if (err != -ENOIOCTLCMD)
1047 return err;
1048
1049 if (cmd == SIOCGIFCONF) {
1050 struct ifconf ifc;
1051 if (copy_from_user(&ifc, argp, sizeof(struct ifconf)))
1052 return -EFAULT;
1053 rtnl_lock();
1054 err = dev_ifconf(net, &ifc, sizeof(struct ifreq));
1055 rtnl_unlock();
1056 if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf)))
1057 err = -EFAULT;
1058 } else {
1059 struct ifreq ifr;
1060 bool need_copyout;
1061 if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1062 return -EFAULT;
1063 err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1064 if (!err && need_copyout)
1065 if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1066 return -EFAULT;
1067 }
1068 return err;
1069}
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083struct ns_common *get_net_ns(struct ns_common *ns)
1084{
1085 return &get_net(container_of(ns, struct net, ns))->ns;
1086}
1087EXPORT_SYMBOL_GPL(get_net_ns);
1088
1089static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1090{
1091 struct socket *sock;
1092 struct sock *sk;
1093 void __user *argp = (void __user *)arg;
1094 int pid, err;
1095 struct net *net;
1096
1097 sock = file->private_data;
1098 sk = sock->sk;
1099 net = sock_net(sk);
1100 if (unlikely(cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))) {
1101 struct ifreq ifr;
1102 bool need_copyout;
1103 if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1104 return -EFAULT;
1105 err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1106 if (!err && need_copyout)
1107 if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1108 return -EFAULT;
1109 } else
1110#ifdef CONFIG_WEXT_CORE
1111 if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1112 err = wext_handle_ioctl(net, cmd, argp);
1113 } else
1114#endif
1115 switch (cmd) {
1116 case FIOSETOWN:
1117 case SIOCSPGRP:
1118 err = -EFAULT;
1119 if (get_user(pid, (int __user *)argp))
1120 break;
1121 err = f_setown(sock->file, pid, 1);
1122 break;
1123 case FIOGETOWN:
1124 case SIOCGPGRP:
1125 err = put_user(f_getown(sock->file),
1126 (int __user *)argp);
1127 break;
1128 case SIOCGIFBR:
1129 case SIOCSIFBR:
1130 case SIOCBRADDBR:
1131 case SIOCBRDELBR:
1132 err = -ENOPKG;
1133 if (!br_ioctl_hook)
1134 request_module("bridge");
1135
1136 mutex_lock(&br_ioctl_mutex);
1137 if (br_ioctl_hook)
1138 err = br_ioctl_hook(net, cmd, argp);
1139 mutex_unlock(&br_ioctl_mutex);
1140 break;
1141 case SIOCGIFVLAN:
1142 case SIOCSIFVLAN:
1143 err = -ENOPKG;
1144 if (!vlan_ioctl_hook)
1145 request_module("8021q");
1146
1147 mutex_lock(&vlan_ioctl_mutex);
1148 if (vlan_ioctl_hook)
1149 err = vlan_ioctl_hook(net, argp);
1150 mutex_unlock(&vlan_ioctl_mutex);
1151 break;
1152 case SIOCADDDLCI:
1153 case SIOCDELDLCI:
1154 err = -ENOPKG;
1155 if (!dlci_ioctl_hook)
1156 request_module("dlci");
1157
1158 mutex_lock(&dlci_ioctl_mutex);
1159 if (dlci_ioctl_hook)
1160 err = dlci_ioctl_hook(cmd, argp);
1161 mutex_unlock(&dlci_ioctl_mutex);
1162 break;
1163 case SIOCGSKNS:
1164 err = -EPERM;
1165 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1166 break;
1167
1168 err = open_related_ns(&net->ns, get_net_ns);
1169 break;
1170 case SIOCGSTAMP_OLD:
1171 case SIOCGSTAMPNS_OLD:
1172 if (!sock->ops->gettstamp) {
1173 err = -ENOIOCTLCMD;
1174 break;
1175 }
1176 err = sock->ops->gettstamp(sock, argp,
1177 cmd == SIOCGSTAMP_OLD,
1178 !IS_ENABLED(CONFIG_64BIT));
1179 break;
1180 case SIOCGSTAMP_NEW:
1181 case SIOCGSTAMPNS_NEW:
1182 if (!sock->ops->gettstamp) {
1183 err = -ENOIOCTLCMD;
1184 break;
1185 }
1186 err = sock->ops->gettstamp(sock, argp,
1187 cmd == SIOCGSTAMP_NEW,
1188 false);
1189 break;
1190 default:
1191 err = sock_do_ioctl(net, sock, cmd, arg);
1192 break;
1193 }
1194 return err;
1195}
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210int sock_create_lite(int family, int type, int protocol, struct socket **res)
1211{
1212 int err;
1213 struct socket *sock = NULL;
1214
1215 err = security_socket_create(family, type, protocol, 1);
1216 if (err)
1217 goto out;
1218
1219 sock = sock_alloc();
1220 if (!sock) {
1221 err = -ENOMEM;
1222 goto out;
1223 }
1224
1225 sock->type = type;
1226 err = security_socket_post_create(sock, family, type, protocol, 1);
1227 if (err)
1228 goto out_release;
1229
1230out:
1231 *res = sock;
1232 return err;
1233out_release:
1234 sock_release(sock);
1235 sock = NULL;
1236 goto out;
1237}
1238EXPORT_SYMBOL(sock_create_lite);
1239
1240
1241static __poll_t sock_poll(struct file *file, poll_table *wait)
1242{
1243 struct socket *sock = file->private_data;
1244 __poll_t events = poll_requested_events(wait), flag = 0;
1245
1246 if (!sock->ops->poll)
1247 return 0;
1248
1249 if (sk_can_busy_loop(sock->sk)) {
1250
1251 if (events & POLL_BUSY_LOOP)
1252 sk_busy_loop(sock->sk, 1);
1253
1254
1255 flag = POLL_BUSY_LOOP;
1256 }
1257
1258 return sock->ops->poll(file, sock, wait) | flag;
1259}
1260
1261static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1262{
1263 struct socket *sock = file->private_data;
1264
1265 return sock->ops->mmap(file, sock, vma);
1266}
1267
1268static int sock_close(struct inode *inode, struct file *filp)
1269{
1270 __sock_release(SOCKET_I(inode), inode);
1271 return 0;
1272}
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285static int sock_fasync(int fd, struct file *filp, int on)
1286{
1287 struct socket *sock = filp->private_data;
1288 struct sock *sk = sock->sk;
1289 struct socket_wq *wq = &sock->wq;
1290
1291 if (sk == NULL)
1292 return -EINVAL;
1293
1294 lock_sock(sk);
1295 fasync_helper(fd, filp, on, &wq->fasync_list);
1296
1297 if (!wq->fasync_list)
1298 sock_reset_flag(sk, SOCK_FASYNC);
1299 else
1300 sock_set_flag(sk, SOCK_FASYNC);
1301
1302 release_sock(sk);
1303 return 0;
1304}
1305
1306
1307
1308int sock_wake_async(struct socket_wq *wq, int how, int band)
1309{
1310 if (!wq || !wq->fasync_list)
1311 return -1;
1312
1313 switch (how) {
1314 case SOCK_WAKE_WAITD:
1315 if (test_bit(SOCKWQ_ASYNC_WAITDATA, &wq->flags))
1316 break;
1317 goto call_kill;
1318 case SOCK_WAKE_SPACE:
1319 if (!test_and_clear_bit(SOCKWQ_ASYNC_NOSPACE, &wq->flags))
1320 break;
1321
1322 case SOCK_WAKE_IO:
1323call_kill:
1324 kill_fasync(&wq->fasync_list, SIGIO, band);
1325 break;
1326 case SOCK_WAKE_URG:
1327 kill_fasync(&wq->fasync_list, SIGURG, band);
1328 }
1329
1330 return 0;
1331}
1332EXPORT_SYMBOL(sock_wake_async);
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349int __sock_create(struct net *net, int family, int type, int protocol,
1350 struct socket **res, int kern)
1351{
1352 int err;
1353 struct socket *sock;
1354 const struct net_proto_family *pf;
1355
1356
1357
1358
1359 if (family < 0 || family >= NPROTO)
1360 return -EAFNOSUPPORT;
1361 if (type < 0 || type >= SOCK_MAX)
1362 return -EINVAL;
1363
1364
1365
1366
1367
1368
1369 if (family == PF_INET && type == SOCK_PACKET) {
1370 pr_info_once("%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1371 current->comm);
1372 family = PF_PACKET;
1373 }
1374
1375 err = security_socket_create(family, type, protocol, kern);
1376 if (err)
1377 return err;
1378
1379
1380
1381
1382
1383
1384 sock = sock_alloc();
1385 if (!sock) {
1386 net_warn_ratelimited("socket: no more sockets\n");
1387 return -ENFILE;
1388
1389 }
1390
1391 sock->type = type;
1392
1393#ifdef CONFIG_MODULES
1394
1395
1396
1397
1398
1399
1400 if (rcu_access_pointer(net_families[family]) == NULL)
1401 request_module("net-pf-%d", family);
1402#endif
1403
1404 rcu_read_lock();
1405 pf = rcu_dereference(net_families[family]);
1406 err = -EAFNOSUPPORT;
1407 if (!pf)
1408 goto out_release;
1409
1410
1411
1412
1413
1414 if (!try_module_get(pf->owner))
1415 goto out_release;
1416
1417
1418 rcu_read_unlock();
1419
1420 err = pf->create(net, sock, protocol, kern);
1421 if (err < 0)
1422 goto out_module_put;
1423
1424
1425
1426
1427
1428 if (!try_module_get(sock->ops->owner))
1429 goto out_module_busy;
1430
1431
1432
1433
1434
1435 module_put(pf->owner);
1436 err = security_socket_post_create(sock, family, type, protocol, kern);
1437 if (err)
1438 goto out_sock_release;
1439 *res = sock;
1440
1441 return 0;
1442
1443out_module_busy:
1444 err = -EAFNOSUPPORT;
1445out_module_put:
1446 sock->ops = NULL;
1447 module_put(pf->owner);
1448out_sock_release:
1449 sock_release(sock);
1450 return err;
1451
1452out_release:
1453 rcu_read_unlock();
1454 goto out_sock_release;
1455}
1456EXPORT_SYMBOL(__sock_create);
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469int sock_create(int family, int type, int protocol, struct socket **res)
1470{
1471 return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1472}
1473EXPORT_SYMBOL(sock_create);
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487int sock_create_kern(struct net *net, int family, int type, int protocol, struct socket **res)
1488{
1489 return __sock_create(net, family, type, protocol, res, 1);
1490}
1491EXPORT_SYMBOL(sock_create_kern);
1492
1493int __sys_socket(int family, int type, int protocol)
1494{
1495 int retval;
1496 struct socket *sock;
1497 int flags;
1498
1499
1500 BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1501 BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1502 BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1503 BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1504
1505 flags = type & ~SOCK_TYPE_MASK;
1506 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1507 return -EINVAL;
1508 type &= SOCK_TYPE_MASK;
1509
1510 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1511 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1512
1513 retval = sock_create(family, type, protocol, &sock);
1514 if (retval < 0)
1515 return retval;
1516
1517 return sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1518}
1519
1520SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1521{
1522 return __sys_socket(family, type, protocol);
1523}
1524
1525
1526
1527
1528
1529int __sys_socketpair(int family, int type, int protocol, int __user *usockvec)
1530{
1531 struct socket *sock1, *sock2;
1532 int fd1, fd2, err;
1533 struct file *newfile1, *newfile2;
1534 int flags;
1535
1536 flags = type & ~SOCK_TYPE_MASK;
1537 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1538 return -EINVAL;
1539 type &= SOCK_TYPE_MASK;
1540
1541 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1542 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1543
1544
1545
1546
1547
1548 fd1 = get_unused_fd_flags(flags);
1549 if (unlikely(fd1 < 0))
1550 return fd1;
1551
1552 fd2 = get_unused_fd_flags(flags);
1553 if (unlikely(fd2 < 0)) {
1554 put_unused_fd(fd1);
1555 return fd2;
1556 }
1557
1558 err = put_user(fd1, &usockvec[0]);
1559 if (err)
1560 goto out;
1561
1562 err = put_user(fd2, &usockvec[1]);
1563 if (err)
1564 goto out;
1565
1566
1567
1568
1569
1570
1571 err = sock_create(family, type, protocol, &sock1);
1572 if (unlikely(err < 0))
1573 goto out;
1574
1575 err = sock_create(family, type, protocol, &sock2);
1576 if (unlikely(err < 0)) {
1577 sock_release(sock1);
1578 goto out;
1579 }
1580
1581 err = security_socket_socketpair(sock1, sock2);
1582 if (unlikely(err)) {
1583 sock_release(sock2);
1584 sock_release(sock1);
1585 goto out;
1586 }
1587
1588 err = sock1->ops->socketpair(sock1, sock2);
1589 if (unlikely(err < 0)) {
1590 sock_release(sock2);
1591 sock_release(sock1);
1592 goto out;
1593 }
1594
1595 newfile1 = sock_alloc_file(sock1, flags, NULL);
1596 if (IS_ERR(newfile1)) {
1597 err = PTR_ERR(newfile1);
1598 sock_release(sock2);
1599 goto out;
1600 }
1601
1602 newfile2 = sock_alloc_file(sock2, flags, NULL);
1603 if (IS_ERR(newfile2)) {
1604 err = PTR_ERR(newfile2);
1605 fput(newfile1);
1606 goto out;
1607 }
1608
1609 audit_fd_pair(fd1, fd2);
1610
1611 fd_install(fd1, newfile1);
1612 fd_install(fd2, newfile2);
1613 return 0;
1614
1615out:
1616 put_unused_fd(fd2);
1617 put_unused_fd(fd1);
1618 return err;
1619}
1620
1621SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1622 int __user *, usockvec)
1623{
1624 return __sys_socketpair(family, type, protocol, usockvec);
1625}
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1636{
1637 struct socket *sock;
1638 struct sockaddr_storage address;
1639 int err, fput_needed;
1640
1641 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1642 if (sock) {
1643 err = move_addr_to_kernel(umyaddr, addrlen, &address);
1644 if (!err) {
1645 err = security_socket_bind(sock,
1646 (struct sockaddr *)&address,
1647 addrlen);
1648 if (!err)
1649 err = sock->ops->bind(sock,
1650 (struct sockaddr *)
1651 &address, addrlen);
1652 }
1653 fput_light(sock->file, fput_needed);
1654 }
1655 return err;
1656}
1657
1658SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1659{
1660 return __sys_bind(fd, umyaddr, addrlen);
1661}
1662
1663
1664
1665
1666
1667
1668
1669int __sys_listen(int fd, int backlog)
1670{
1671 struct socket *sock;
1672 int err, fput_needed;
1673 int somaxconn;
1674
1675 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1676 if (sock) {
1677 somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1678 if ((unsigned int)backlog > somaxconn)
1679 backlog = somaxconn;
1680
1681 err = security_socket_listen(sock, backlog);
1682 if (!err)
1683 err = sock->ops->listen(sock, backlog);
1684
1685 fput_light(sock->file, fput_needed);
1686 }
1687 return err;
1688}
1689
1690SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1691{
1692 return __sys_listen(fd, backlog);
1693}
1694
1695int __sys_accept4_file(struct file *file, unsigned file_flags,
1696 struct sockaddr __user *upeer_sockaddr,
1697 int __user *upeer_addrlen, int flags)
1698{
1699 struct socket *sock, *newsock;
1700 struct file *newfile;
1701 int err, len, newfd;
1702 struct sockaddr_storage address;
1703
1704 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1705 return -EINVAL;
1706
1707 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1708 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1709
1710 sock = sock_from_file(file, &err);
1711 if (!sock)
1712 goto out;
1713
1714 err = -ENFILE;
1715 newsock = sock_alloc();
1716 if (!newsock)
1717 goto out;
1718
1719 newsock->type = sock->type;
1720 newsock->ops = sock->ops;
1721
1722
1723
1724
1725
1726 __module_get(newsock->ops->owner);
1727
1728 newfd = get_unused_fd_flags(flags);
1729 if (unlikely(newfd < 0)) {
1730 err = newfd;
1731 sock_release(newsock);
1732 goto out;
1733 }
1734 newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
1735 if (IS_ERR(newfile)) {
1736 err = PTR_ERR(newfile);
1737 put_unused_fd(newfd);
1738 goto out;
1739 }
1740
1741 err = security_socket_accept(sock, newsock);
1742 if (err)
1743 goto out_fd;
1744
1745 err = sock->ops->accept(sock, newsock, sock->file->f_flags | file_flags,
1746 false);
1747 if (err < 0)
1748 goto out_fd;
1749
1750 if (upeer_sockaddr) {
1751 len = newsock->ops->getname(newsock,
1752 (struct sockaddr *)&address, 2);
1753 if (len < 0) {
1754 err = -ECONNABORTED;
1755 goto out_fd;
1756 }
1757 err = move_addr_to_user(&address,
1758 len, upeer_sockaddr, upeer_addrlen);
1759 if (err < 0)
1760 goto out_fd;
1761 }
1762
1763
1764
1765 fd_install(newfd, newfile);
1766 err = newfd;
1767out:
1768 return err;
1769out_fd:
1770 fput(newfile);
1771 put_unused_fd(newfd);
1772 goto out;
1773
1774}
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr,
1789 int __user *upeer_addrlen, int flags)
1790{
1791 int ret = -EBADF;
1792 struct fd f;
1793
1794 f = fdget(fd);
1795 if (f.file) {
1796 ret = __sys_accept4_file(f.file, 0, upeer_sockaddr,
1797 upeer_addrlen, flags);
1798 if (f.flags)
1799 fput(f.file);
1800 }
1801
1802 return ret;
1803}
1804
1805SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1806 int __user *, upeer_addrlen, int, flags)
1807{
1808 return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, flags);
1809}
1810
1811SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1812 int __user *, upeer_addrlen)
1813{
1814 return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1815}
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829int __sys_connect_file(struct file *file, struct sockaddr_storage *address,
1830 int addrlen, int file_flags)
1831{
1832 struct socket *sock;
1833 int err;
1834
1835 sock = sock_from_file(file, &err);
1836 if (!sock)
1837 goto out;
1838
1839 err =
1840 security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1841 if (err)
1842 goto out;
1843
1844 err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1845 sock->file->f_flags | file_flags);
1846out:
1847 return err;
1848}
1849
1850int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
1851{
1852 int ret = -EBADF;
1853 struct fd f;
1854
1855 f = fdget(fd);
1856 if (f.file) {
1857 struct sockaddr_storage address;
1858
1859 ret = move_addr_to_kernel(uservaddr, addrlen, &address);
1860 if (!ret)
1861 ret = __sys_connect_file(f.file, &address, addrlen, 0);
1862 if (f.flags)
1863 fput(f.file);
1864 }
1865
1866 return ret;
1867}
1868
1869SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1870 int, addrlen)
1871{
1872 return __sys_connect(fd, uservaddr, addrlen);
1873}
1874
1875
1876
1877
1878
1879
1880int __sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1881 int __user *usockaddr_len)
1882{
1883 struct socket *sock;
1884 struct sockaddr_storage address;
1885 int err, fput_needed;
1886
1887 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1888 if (!sock)
1889 goto out;
1890
1891 err = security_socket_getsockname(sock);
1892 if (err)
1893 goto out_put;
1894
1895 err = sock->ops->getname(sock, (struct sockaddr *)&address, 0);
1896 if (err < 0)
1897 goto out_put;
1898
1899 err = move_addr_to_user(&address, err, usockaddr, usockaddr_len);
1900
1901out_put:
1902 fput_light(sock->file, fput_needed);
1903out:
1904 return err;
1905}
1906
1907SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1908 int __user *, usockaddr_len)
1909{
1910 return __sys_getsockname(fd, usockaddr, usockaddr_len);
1911}
1912
1913
1914
1915
1916
1917
1918int __sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1919 int __user *usockaddr_len)
1920{
1921 struct socket *sock;
1922 struct sockaddr_storage address;
1923 int err, fput_needed;
1924
1925 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1926 if (sock != NULL) {
1927 err = security_socket_getpeername(sock);
1928 if (err) {
1929 fput_light(sock->file, fput_needed);
1930 return err;
1931 }
1932
1933 err = sock->ops->getname(sock, (struct sockaddr *)&address, 1);
1934 if (err >= 0)
1935
1936 err = move_addr_to_user(&address, err, usockaddr,
1937 usockaddr_len);
1938 fput_light(sock->file, fput_needed);
1939 }
1940 return err;
1941}
1942
1943SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1944 int __user *, usockaddr_len)
1945{
1946 return __sys_getpeername(fd, usockaddr, usockaddr_len);
1947}
1948
1949
1950
1951
1952
1953
1954int __sys_sendto(int fd, void __user *buff, size_t len, unsigned int flags,
1955 struct sockaddr __user *addr, int addr_len)
1956{
1957 struct socket *sock;
1958 struct sockaddr_storage address;
1959 int err;
1960 struct msghdr msg;
1961 struct iovec iov;
1962 int fput_needed;
1963
1964 err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
1965 if (unlikely(err))
1966 return err;
1967 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1968 if (!sock)
1969 goto out;
1970
1971 msg.msg_name = NULL;
1972 msg.msg_control = NULL;
1973 msg.msg_controllen = 0;
1974 msg.msg_namelen = 0;
1975 if (addr) {
1976 err = move_addr_to_kernel(addr, addr_len, &address);
1977 if (err < 0)
1978 goto out_put;
1979 msg.msg_name = (struct sockaddr *)&address;
1980 msg.msg_namelen = addr_len;
1981 }
1982 if (sock->file->f_flags & O_NONBLOCK)
1983 flags |= MSG_DONTWAIT;
1984 msg.msg_flags = flags;
1985 err = sock_sendmsg(sock, &msg);
1986
1987out_put:
1988 fput_light(sock->file, fput_needed);
1989out:
1990 return err;
1991}
1992
1993SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
1994 unsigned int, flags, struct sockaddr __user *, addr,
1995 int, addr_len)
1996{
1997 return __sys_sendto(fd, buff, len, flags, addr, addr_len);
1998}
1999
2000
2001
2002
2003
2004SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
2005 unsigned int, flags)
2006{
2007 return __sys_sendto(fd, buff, len, flags, NULL, 0);
2008}
2009
2010
2011
2012
2013
2014
2015int __sys_recvfrom(int fd, void __user *ubuf, size_t size, unsigned int flags,
2016 struct sockaddr __user *addr, int __user *addr_len)
2017{
2018 struct socket *sock;
2019 struct iovec iov;
2020 struct msghdr msg;
2021 struct sockaddr_storage address;
2022 int err, err2;
2023 int fput_needed;
2024
2025 err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
2026 if (unlikely(err))
2027 return err;
2028 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2029 if (!sock)
2030 goto out;
2031
2032 msg.msg_control = NULL;
2033 msg.msg_controllen = 0;
2034
2035 msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
2036
2037 msg.msg_namelen = 0;
2038 msg.msg_iocb = NULL;
2039 msg.msg_flags = 0;
2040 if (sock->file->f_flags & O_NONBLOCK)
2041 flags |= MSG_DONTWAIT;
2042 err = sock_recvmsg(sock, &msg, flags);
2043
2044 if (err >= 0 && addr != NULL) {
2045 err2 = move_addr_to_user(&address,
2046 msg.msg_namelen, addr, addr_len);
2047 if (err2 < 0)
2048 err = err2;
2049 }
2050
2051 fput_light(sock->file, fput_needed);
2052out:
2053 return err;
2054}
2055
2056SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
2057 unsigned int, flags, struct sockaddr __user *, addr,
2058 int __user *, addr_len)
2059{
2060 return __sys_recvfrom(fd, ubuf, size, flags, addr, addr_len);
2061}
2062
2063
2064
2065
2066
2067SYSCALL_DEFINE4(recv, int, fd, void __user *, ubuf, size_t, size,
2068 unsigned int, flags)
2069{
2070 return __sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
2071}
2072
2073
2074
2075
2076
2077
2078static int __sys_setsockopt(int fd, int level, int optname,
2079 char __user *optval, int optlen)
2080{
2081 mm_segment_t oldfs = get_fs();
2082 char *kernel_optval = NULL;
2083 int err, fput_needed;
2084 struct socket *sock;
2085
2086 if (optlen < 0)
2087 return -EINVAL;
2088
2089 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2090 if (sock != NULL) {
2091 err = security_socket_setsockopt(sock, level, optname);
2092 if (err)
2093 goto out_put;
2094
2095 err = BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock->sk, &level,
2096 &optname, optval, &optlen,
2097 &kernel_optval);
2098
2099 if (err < 0) {
2100 goto out_put;
2101 } else if (err > 0) {
2102 err = 0;
2103 goto out_put;
2104 }
2105
2106 if (kernel_optval) {
2107 set_fs(KERNEL_DS);
2108 optval = (char __user __force *)kernel_optval;
2109 }
2110
2111 if (level == SOL_SOCKET)
2112 err =
2113 sock_setsockopt(sock, level, optname, optval,
2114 optlen);
2115 else
2116 err =
2117 sock->ops->setsockopt(sock, level, optname, optval,
2118 optlen);
2119
2120 if (kernel_optval) {
2121 set_fs(oldfs);
2122 kfree(kernel_optval);
2123 }
2124out_put:
2125 fput_light(sock->file, fput_needed);
2126 }
2127 return err;
2128}
2129
2130SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
2131 char __user *, optval, int, optlen)
2132{
2133 return __sys_setsockopt(fd, level, optname, optval, optlen);
2134}
2135
2136
2137
2138
2139
2140
2141static int __sys_getsockopt(int fd, int level, int optname,
2142 char __user *optval, int __user *optlen)
2143{
2144 int err, fput_needed;
2145 struct socket *sock;
2146 int max_optlen;
2147
2148 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2149 if (sock != NULL) {
2150 err = security_socket_getsockopt(sock, level, optname);
2151 if (err)
2152 goto out_put;
2153
2154 max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);
2155
2156 if (level == SOL_SOCKET)
2157 err =
2158 sock_getsockopt(sock, level, optname, optval,
2159 optlen);
2160 else
2161 err =
2162 sock->ops->getsockopt(sock, level, optname, optval,
2163 optlen);
2164
2165 err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
2166 optval, optlen,
2167 max_optlen, err);
2168out_put:
2169 fput_light(sock->file, fput_needed);
2170 }
2171 return err;
2172}
2173
2174SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
2175 char __user *, optval, int __user *, optlen)
2176{
2177 return __sys_getsockopt(fd, level, optname, optval, optlen);
2178}
2179
2180
2181
2182
2183
2184int __sys_shutdown(int fd, int how)
2185{
2186 int err, fput_needed;
2187 struct socket *sock;
2188
2189 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2190 if (sock != NULL) {
2191 err = security_socket_shutdown(sock, how);
2192 if (!err)
2193 err = sock->ops->shutdown(sock, how);
2194 fput_light(sock->file, fput_needed);
2195 }
2196 return err;
2197}
2198
2199SYSCALL_DEFINE2(shutdown, int, fd, int, how)
2200{
2201 return __sys_shutdown(fd, how);
2202}
2203
2204
2205
2206
2207#define COMPAT_MSG(msg, member) ((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
2208#define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen)
2209#define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags)
2210
2211struct used_address {
2212 struct sockaddr_storage name;
2213 unsigned int name_len;
2214};
2215
2216static int copy_msghdr_from_user(struct msghdr *kmsg,
2217 struct user_msghdr __user *umsg,
2218 struct sockaddr __user **save_addr,
2219 struct iovec **iov)
2220{
2221 struct user_msghdr msg;
2222 ssize_t err;
2223
2224 if (copy_from_user(&msg, umsg, sizeof(*umsg)))
2225 return -EFAULT;
2226
2227 kmsg->msg_control = (void __force *)msg.msg_control;
2228 kmsg->msg_controllen = msg.msg_controllen;
2229 kmsg->msg_flags = msg.msg_flags;
2230
2231 kmsg->msg_namelen = msg.msg_namelen;
2232 if (!msg.msg_name)
2233 kmsg->msg_namelen = 0;
2234
2235 if (kmsg->msg_namelen < 0)
2236 return -EINVAL;
2237
2238 if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
2239 kmsg->msg_namelen = sizeof(struct sockaddr_storage);
2240
2241 if (save_addr)
2242 *save_addr = msg.msg_name;
2243
2244 if (msg.msg_name && kmsg->msg_namelen) {
2245 if (!save_addr) {
2246 err = move_addr_to_kernel(msg.msg_name,
2247 kmsg->msg_namelen,
2248 kmsg->msg_name);
2249 if (err < 0)
2250 return err;
2251 }
2252 } else {
2253 kmsg->msg_name = NULL;
2254 kmsg->msg_namelen = 0;
2255 }
2256
2257 if (msg.msg_iovlen > UIO_MAXIOV)
2258 return -EMSGSIZE;
2259
2260 kmsg->msg_iocb = NULL;
2261
2262 err = import_iovec(save_addr ? READ : WRITE,
2263 msg.msg_iov, msg.msg_iovlen,
2264 UIO_FASTIOV, iov, &kmsg->msg_iter);
2265 return err < 0 ? err : 0;
2266}
2267
2268static int ____sys_sendmsg(struct socket *sock, struct msghdr *msg_sys,
2269 unsigned int flags, struct used_address *used_address,
2270 unsigned int allowed_msghdr_flags)
2271{
2272 unsigned char ctl[sizeof(struct cmsghdr) + 20]
2273 __aligned(sizeof(__kernel_size_t));
2274
2275 unsigned char *ctl_buf = ctl;
2276 int ctl_len;
2277 ssize_t err;
2278
2279 err = -ENOBUFS;
2280
2281 if (msg_sys->msg_controllen > INT_MAX)
2282 goto out;
2283 flags |= (msg_sys->msg_flags & allowed_msghdr_flags);
2284 ctl_len = msg_sys->msg_controllen;
2285 if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
2286 err =
2287 cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
2288 sizeof(ctl));
2289 if (err)
2290 goto out;
2291 ctl_buf = msg_sys->msg_control;
2292 ctl_len = msg_sys->msg_controllen;
2293 } else if (ctl_len) {
2294 BUILD_BUG_ON(sizeof(struct cmsghdr) !=
2295 CMSG_ALIGN(sizeof(struct cmsghdr)));
2296 if (ctl_len > sizeof(ctl)) {
2297 ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
2298 if (ctl_buf == NULL)
2299 goto out;
2300 }
2301 err = -EFAULT;
2302
2303
2304
2305
2306
2307 if (copy_from_user(ctl_buf,
2308 (void __user __force *)msg_sys->msg_control,
2309 ctl_len))
2310 goto out_freectl;
2311 msg_sys->msg_control = ctl_buf;
2312 }
2313 msg_sys->msg_flags = flags;
2314
2315 if (sock->file->f_flags & O_NONBLOCK)
2316 msg_sys->msg_flags |= MSG_DONTWAIT;
2317
2318
2319
2320
2321
2322
2323 if (used_address && msg_sys->msg_name &&
2324 used_address->name_len == msg_sys->msg_namelen &&
2325 !memcmp(&used_address->name, msg_sys->msg_name,
2326 used_address->name_len)) {
2327 err = sock_sendmsg_nosec(sock, msg_sys);
2328 goto out_freectl;
2329 }
2330 err = sock_sendmsg(sock, msg_sys);
2331
2332
2333
2334
2335 if (used_address && err >= 0) {
2336 used_address->name_len = msg_sys->msg_namelen;
2337 if (msg_sys->msg_name)
2338 memcpy(&used_address->name, msg_sys->msg_name,
2339 used_address->name_len);
2340 }
2341
2342out_freectl:
2343 if (ctl_buf != ctl)
2344 sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2345out:
2346 return err;
2347}
2348
2349int sendmsg_copy_msghdr(struct msghdr *msg,
2350 struct user_msghdr __user *umsg, unsigned flags,
2351 struct iovec **iov)
2352{
2353 int err;
2354
2355 if (flags & MSG_CMSG_COMPAT) {
2356 struct compat_msghdr __user *msg_compat;
2357
2358 msg_compat = (struct compat_msghdr __user *) umsg;
2359 err = get_compat_msghdr(msg, msg_compat, NULL, iov);
2360 } else {
2361 err = copy_msghdr_from_user(msg, umsg, NULL, iov);
2362 }
2363 if (err < 0)
2364 return err;
2365
2366 return 0;
2367}
2368
2369static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
2370 struct msghdr *msg_sys, unsigned int flags,
2371 struct used_address *used_address,
2372 unsigned int allowed_msghdr_flags)
2373{
2374 struct sockaddr_storage address;
2375 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2376 ssize_t err;
2377
2378 msg_sys->msg_name = &address;
2379
2380 err = sendmsg_copy_msghdr(msg_sys, msg, flags, &iov);
2381 if (err < 0)
2382 return err;
2383
2384 err = ____sys_sendmsg(sock, msg_sys, flags, used_address,
2385 allowed_msghdr_flags);
2386 kfree(iov);
2387 return err;
2388}
2389
2390
2391
2392
2393long __sys_sendmsg_sock(struct socket *sock, struct msghdr *msg,
2394 unsigned int flags)
2395{
2396
2397 if (msg->msg_control || msg->msg_controllen)
2398 return -EINVAL;
2399
2400 return ____sys_sendmsg(sock, msg, flags, NULL, 0);
2401}
2402
2403long __sys_sendmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2404 bool forbid_cmsg_compat)
2405{
2406 int fput_needed, err;
2407 struct msghdr msg_sys;
2408 struct socket *sock;
2409
2410 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2411 return -EINVAL;
2412
2413 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2414 if (!sock)
2415 goto out;
2416
2417 err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL, 0);
2418
2419 fput_light(sock->file, fput_needed);
2420out:
2421 return err;
2422}
2423
2424SYSCALL_DEFINE3(sendmsg, int, fd, struct user_msghdr __user *, msg, unsigned int, flags)
2425{
2426 return __sys_sendmsg(fd, msg, flags, true);
2427}
2428
2429
2430
2431
2432
2433int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2434 unsigned int flags, bool forbid_cmsg_compat)
2435{
2436 int fput_needed, err, datagrams;
2437 struct socket *sock;
2438 struct mmsghdr __user *entry;
2439 struct compat_mmsghdr __user *compat_entry;
2440 struct msghdr msg_sys;
2441 struct used_address used_address;
2442 unsigned int oflags = flags;
2443
2444 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2445 return -EINVAL;
2446
2447 if (vlen > UIO_MAXIOV)
2448 vlen = UIO_MAXIOV;
2449
2450 datagrams = 0;
2451
2452 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2453 if (!sock)
2454 return err;
2455
2456 used_address.name_len = UINT_MAX;
2457 entry = mmsg;
2458 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2459 err = 0;
2460 flags |= MSG_BATCH;
2461
2462 while (datagrams < vlen) {
2463 if (datagrams == vlen - 1)
2464 flags = oflags;
2465
2466 if (MSG_CMSG_COMPAT & flags) {
2467 err = ___sys_sendmsg(sock, (struct user_msghdr __user *)compat_entry,
2468 &msg_sys, flags, &used_address, MSG_EOR);
2469 if (err < 0)
2470 break;
2471 err = __put_user(err, &compat_entry->msg_len);
2472 ++compat_entry;
2473 } else {
2474 err = ___sys_sendmsg(sock,
2475 (struct user_msghdr __user *)entry,
2476 &msg_sys, flags, &used_address, MSG_EOR);
2477 if (err < 0)
2478 break;
2479 err = put_user(err, &entry->msg_len);
2480 ++entry;
2481 }
2482
2483 if (err)
2484 break;
2485 ++datagrams;
2486 if (msg_data_left(&msg_sys))
2487 break;
2488 cond_resched();
2489 }
2490
2491 fput_light(sock->file, fput_needed);
2492
2493
2494 if (datagrams != 0)
2495 return datagrams;
2496
2497 return err;
2498}
2499
2500SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2501 unsigned int, vlen, unsigned int, flags)
2502{
2503 return __sys_sendmmsg(fd, mmsg, vlen, flags, true);
2504}
2505
2506int recvmsg_copy_msghdr(struct msghdr *msg,
2507 struct user_msghdr __user *umsg, unsigned flags,
2508 struct sockaddr __user **uaddr,
2509 struct iovec **iov)
2510{
2511 ssize_t err;
2512
2513 if (MSG_CMSG_COMPAT & flags) {
2514 struct compat_msghdr __user *msg_compat;
2515
2516 msg_compat = (struct compat_msghdr __user *) umsg;
2517 err = get_compat_msghdr(msg, msg_compat, uaddr, iov);
2518 } else {
2519 err = copy_msghdr_from_user(msg, umsg, uaddr, iov);
2520 }
2521 if (err < 0)
2522 return err;
2523
2524 return 0;
2525}
2526
2527static int ____sys_recvmsg(struct socket *sock, struct msghdr *msg_sys,
2528 struct user_msghdr __user *msg,
2529 struct sockaddr __user *uaddr,
2530 unsigned int flags, int nosec)
2531{
2532 struct compat_msghdr __user *msg_compat =
2533 (struct compat_msghdr __user *) msg;
2534 int __user *uaddr_len = COMPAT_NAMELEN(msg);
2535 struct sockaddr_storage addr;
2536 unsigned long cmsg_ptr;
2537 int len;
2538 ssize_t err;
2539
2540 msg_sys->msg_name = &addr;
2541 cmsg_ptr = (unsigned long)msg_sys->msg_control;
2542 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2543
2544
2545 msg_sys->msg_namelen = 0;
2546
2547 if (sock->file->f_flags & O_NONBLOCK)
2548 flags |= MSG_DONTWAIT;
2549
2550 if (unlikely(nosec))
2551 err = sock_recvmsg_nosec(sock, msg_sys, flags);
2552 else
2553 err = sock_recvmsg(sock, msg_sys, flags);
2554
2555 if (err < 0)
2556 goto out;
2557 len = err;
2558
2559 if (uaddr != NULL) {
2560 err = move_addr_to_user(&addr,
2561 msg_sys->msg_namelen, uaddr,
2562 uaddr_len);
2563 if (err < 0)
2564 goto out;
2565 }
2566 err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
2567 COMPAT_FLAGS(msg));
2568 if (err)
2569 goto out;
2570 if (MSG_CMSG_COMPAT & flags)
2571 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2572 &msg_compat->msg_controllen);
2573 else
2574 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2575 &msg->msg_controllen);
2576 if (err)
2577 goto out;
2578 err = len;
2579out:
2580 return err;
2581}
2582
2583static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
2584 struct msghdr *msg_sys, unsigned int flags, int nosec)
2585{
2586 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2587
2588 struct sockaddr __user *uaddr;
2589 ssize_t err;
2590
2591 err = recvmsg_copy_msghdr(msg_sys, msg, flags, &uaddr, &iov);
2592 if (err < 0)
2593 return err;
2594
2595 err = ____sys_recvmsg(sock, msg_sys, msg, uaddr, flags, nosec);
2596 kfree(iov);
2597 return err;
2598}
2599
2600
2601
2602
2603
2604long __sys_recvmsg_sock(struct socket *sock, struct msghdr *msg,
2605 struct user_msghdr __user *umsg,
2606 struct sockaddr __user *uaddr, unsigned int flags)
2607{
2608
2609 if (msg->msg_control || msg->msg_controllen)
2610 return -EINVAL;
2611
2612 return ____sys_recvmsg(sock, msg, umsg, uaddr, flags, 0);
2613}
2614
2615long __sys_recvmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2616 bool forbid_cmsg_compat)
2617{
2618 int fput_needed, err;
2619 struct msghdr msg_sys;
2620 struct socket *sock;
2621
2622 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2623 return -EINVAL;
2624
2625 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2626 if (!sock)
2627 goto out;
2628
2629 err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2630
2631 fput_light(sock->file, fput_needed);
2632out:
2633 return err;
2634}
2635
2636SYSCALL_DEFINE3(recvmsg, int, fd, struct user_msghdr __user *, msg,
2637 unsigned int, flags)
2638{
2639 return __sys_recvmsg(fd, msg, flags, true);
2640}
2641
2642
2643
2644
2645
2646static int do_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2647 unsigned int vlen, unsigned int flags,
2648 struct timespec64 *timeout)
2649{
2650 int fput_needed, err, datagrams;
2651 struct socket *sock;
2652 struct mmsghdr __user *entry;
2653 struct compat_mmsghdr __user *compat_entry;
2654 struct msghdr msg_sys;
2655 struct timespec64 end_time;
2656 struct timespec64 timeout64;
2657
2658 if (timeout &&
2659 poll_select_set_timeout(&end_time, timeout->tv_sec,
2660 timeout->tv_nsec))
2661 return -EINVAL;
2662
2663 datagrams = 0;
2664
2665 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2666 if (!sock)
2667 return err;
2668
2669 if (likely(!(flags & MSG_ERRQUEUE))) {
2670 err = sock_error(sock->sk);
2671 if (err) {
2672 datagrams = err;
2673 goto out_put;
2674 }
2675 }
2676
2677 entry = mmsg;
2678 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2679
2680 while (datagrams < vlen) {
2681
2682
2683
2684 if (MSG_CMSG_COMPAT & flags) {
2685 err = ___sys_recvmsg(sock, (struct user_msghdr __user *)compat_entry,
2686 &msg_sys, flags & ~MSG_WAITFORONE,
2687 datagrams);
2688 if (err < 0)
2689 break;
2690 err = __put_user(err, &compat_entry->msg_len);
2691 ++compat_entry;
2692 } else {
2693 err = ___sys_recvmsg(sock,
2694 (struct user_msghdr __user *)entry,
2695 &msg_sys, flags & ~MSG_WAITFORONE,
2696 datagrams);
2697 if (err < 0)
2698 break;
2699 err = put_user(err, &entry->msg_len);
2700 ++entry;
2701 }
2702
2703 if (err)
2704 break;
2705 ++datagrams;
2706
2707
2708 if (flags & MSG_WAITFORONE)
2709 flags |= MSG_DONTWAIT;
2710
2711 if (timeout) {
2712 ktime_get_ts64(&timeout64);
2713 *timeout = timespec64_sub(end_time, timeout64);
2714 if (timeout->tv_sec < 0) {
2715 timeout->tv_sec = timeout->tv_nsec = 0;
2716 break;
2717 }
2718
2719
2720 if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2721 break;
2722 }
2723
2724
2725 if (msg_sys.msg_flags & MSG_OOB)
2726 break;
2727 cond_resched();
2728 }
2729
2730 if (err == 0)
2731 goto out_put;
2732
2733 if (datagrams == 0) {
2734 datagrams = err;
2735 goto out_put;
2736 }
2737
2738
2739
2740
2741
2742 if (err != -EAGAIN) {
2743
2744
2745
2746
2747
2748
2749 sock->sk->sk_err = -err;
2750 }
2751out_put:
2752 fput_light(sock->file, fput_needed);
2753
2754 return datagrams;
2755}
2756
2757int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2758 unsigned int vlen, unsigned int flags,
2759 struct __kernel_timespec __user *timeout,
2760 struct old_timespec32 __user *timeout32)
2761{
2762 int datagrams;
2763 struct timespec64 timeout_sys;
2764
2765 if (timeout && get_timespec64(&timeout_sys, timeout))
2766 return -EFAULT;
2767
2768 if (timeout32 && get_old_timespec32(&timeout_sys, timeout32))
2769 return -EFAULT;
2770
2771 if (!timeout && !timeout32)
2772 return do_recvmmsg(fd, mmsg, vlen, flags, NULL);
2773
2774 datagrams = do_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2775
2776 if (datagrams <= 0)
2777 return datagrams;
2778
2779 if (timeout && put_timespec64(&timeout_sys, timeout))
2780 datagrams = -EFAULT;
2781
2782 if (timeout32 && put_old_timespec32(&timeout_sys, timeout32))
2783 datagrams = -EFAULT;
2784
2785 return datagrams;
2786}
2787
2788SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2789 unsigned int, vlen, unsigned int, flags,
2790 struct __kernel_timespec __user *, timeout)
2791{
2792 if (flags & MSG_CMSG_COMPAT)
2793 return -EINVAL;
2794
2795 return __sys_recvmmsg(fd, mmsg, vlen, flags, timeout, NULL);
2796}
2797
2798#ifdef CONFIG_COMPAT_32BIT_TIME
2799SYSCALL_DEFINE5(recvmmsg_time32, int, fd, struct mmsghdr __user *, mmsg,
2800 unsigned int, vlen, unsigned int, flags,
2801 struct old_timespec32 __user *, timeout)
2802{
2803 if (flags & MSG_CMSG_COMPAT)
2804 return -EINVAL;
2805
2806 return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL, timeout);
2807}
2808#endif
2809
2810#ifdef __ARCH_WANT_SYS_SOCKETCALL
2811
2812#define AL(x) ((x) * sizeof(unsigned long))
2813static const unsigned char nargs[21] = {
2814 AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2815 AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2816 AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2817 AL(4), AL(5), AL(4)
2818};
2819
2820#undef AL
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2831{
2832 unsigned long a[AUDITSC_ARGS];
2833 unsigned long a0, a1;
2834 int err;
2835 unsigned int len;
2836
2837 if (call < 1 || call > SYS_SENDMMSG)
2838 return -EINVAL;
2839 call = array_index_nospec(call, SYS_SENDMMSG + 1);
2840
2841 len = nargs[call];
2842 if (len > sizeof(a))
2843 return -EINVAL;
2844
2845
2846 if (copy_from_user(a, args, len))
2847 return -EFAULT;
2848
2849 err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2850 if (err)
2851 return err;
2852
2853 a0 = a[0];
2854 a1 = a[1];
2855
2856 switch (call) {
2857 case SYS_SOCKET:
2858 err = __sys_socket(a0, a1, a[2]);
2859 break;
2860 case SYS_BIND:
2861 err = __sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2862 break;
2863 case SYS_CONNECT:
2864 err = __sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2865 break;
2866 case SYS_LISTEN:
2867 err = __sys_listen(a0, a1);
2868 break;
2869 case SYS_ACCEPT:
2870 err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2871 (int __user *)a[2], 0);
2872 break;
2873 case SYS_GETSOCKNAME:
2874 err =
2875 __sys_getsockname(a0, (struct sockaddr __user *)a1,
2876 (int __user *)a[2]);
2877 break;
2878 case SYS_GETPEERNAME:
2879 err =
2880 __sys_getpeername(a0, (struct sockaddr __user *)a1,
2881 (int __user *)a[2]);
2882 break;
2883 case SYS_SOCKETPAIR:
2884 err = __sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2885 break;
2886 case SYS_SEND:
2887 err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2888 NULL, 0);
2889 break;
2890 case SYS_SENDTO:
2891 err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2892 (struct sockaddr __user *)a[4], a[5]);
2893 break;
2894 case SYS_RECV:
2895 err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2896 NULL, NULL);
2897 break;
2898 case SYS_RECVFROM:
2899 err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2900 (struct sockaddr __user *)a[4],
2901 (int __user *)a[5]);
2902 break;
2903 case SYS_SHUTDOWN:
2904 err = __sys_shutdown(a0, a1);
2905 break;
2906 case SYS_SETSOCKOPT:
2907 err = __sys_setsockopt(a0, a1, a[2], (char __user *)a[3],
2908 a[4]);
2909 break;
2910 case SYS_GETSOCKOPT:
2911 err =
2912 __sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2913 (int __user *)a[4]);
2914 break;
2915 case SYS_SENDMSG:
2916 err = __sys_sendmsg(a0, (struct user_msghdr __user *)a1,
2917 a[2], true);
2918 break;
2919 case SYS_SENDMMSG:
2920 err = __sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2],
2921 a[3], true);
2922 break;
2923 case SYS_RECVMSG:
2924 err = __sys_recvmsg(a0, (struct user_msghdr __user *)a1,
2925 a[2], true);
2926 break;
2927 case SYS_RECVMMSG:
2928 if (IS_ENABLED(CONFIG_64BIT))
2929 err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2930 a[2], a[3],
2931 (struct __kernel_timespec __user *)a[4],
2932 NULL);
2933 else
2934 err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2935 a[2], a[3], NULL,
2936 (struct old_timespec32 __user *)a[4]);
2937 break;
2938 case SYS_ACCEPT4:
2939 err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2940 (int __user *)a[2], a[3]);
2941 break;
2942 default:
2943 err = -EINVAL;
2944 break;
2945 }
2946 return err;
2947}
2948
2949#endif
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960int sock_register(const struct net_proto_family *ops)
2961{
2962 int err;
2963
2964 if (ops->family >= NPROTO) {
2965 pr_crit("protocol %d >= NPROTO(%d)\n", ops->family, NPROTO);
2966 return -ENOBUFS;
2967 }
2968
2969 spin_lock(&net_family_lock);
2970 if (rcu_dereference_protected(net_families[ops->family],
2971 lockdep_is_held(&net_family_lock)))
2972 err = -EEXIST;
2973 else {
2974 rcu_assign_pointer(net_families[ops->family], ops);
2975 err = 0;
2976 }
2977 spin_unlock(&net_family_lock);
2978
2979 pr_info("NET: Registered protocol family %d\n", ops->family);
2980 return err;
2981}
2982EXPORT_SYMBOL(sock_register);
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997void sock_unregister(int family)
2998{
2999 BUG_ON(family < 0 || family >= NPROTO);
3000
3001 spin_lock(&net_family_lock);
3002 RCU_INIT_POINTER(net_families[family], NULL);
3003 spin_unlock(&net_family_lock);
3004
3005 synchronize_rcu();
3006
3007 pr_info("NET: Unregistered protocol family %d\n", family);
3008}
3009EXPORT_SYMBOL(sock_unregister);
3010
3011bool sock_is_registered(int family)
3012{
3013 return family < NPROTO && rcu_access_pointer(net_families[family]);
3014}
3015
3016static int __init sock_init(void)
3017{
3018 int err;
3019
3020
3021
3022 err = net_sysctl_init();
3023 if (err)
3024 goto out;
3025
3026
3027
3028
3029 skb_init();
3030
3031
3032
3033
3034
3035 init_inodecache();
3036
3037 err = register_filesystem(&sock_fs_type);
3038 if (err)
3039 goto out_fs;
3040 sock_mnt = kern_mount(&sock_fs_type);
3041 if (IS_ERR(sock_mnt)) {
3042 err = PTR_ERR(sock_mnt);
3043 goto out_mount;
3044 }
3045
3046
3047
3048
3049#ifdef CONFIG_NETFILTER
3050 err = netfilter_init();
3051 if (err)
3052 goto out;
3053#endif
3054
3055 ptp_classifier_init();
3056
3057out:
3058 return err;
3059
3060out_mount:
3061 unregister_filesystem(&sock_fs_type);
3062out_fs:
3063 goto out;
3064}
3065
3066core_initcall(sock_init);
3067
3068#ifdef CONFIG_PROC_FS
3069void socket_seq_show(struct seq_file *seq)
3070{
3071 seq_printf(seq, "sockets: used %d\n",
3072 sock_inuse_get(seq->private));
3073}
3074#endif
3075
3076#ifdef CONFIG_COMPAT
3077static int compat_dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
3078{
3079 struct compat_ifconf ifc32;
3080 struct ifconf ifc;
3081 int err;
3082
3083 if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
3084 return -EFAULT;
3085
3086 ifc.ifc_len = ifc32.ifc_len;
3087 ifc.ifc_req = compat_ptr(ifc32.ifcbuf);
3088
3089 rtnl_lock();
3090 err = dev_ifconf(net, &ifc, sizeof(struct compat_ifreq));
3091 rtnl_unlock();
3092 if (err)
3093 return err;
3094
3095 ifc32.ifc_len = ifc.ifc_len;
3096 if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
3097 return -EFAULT;
3098
3099 return 0;
3100}
3101
3102static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
3103{
3104 struct compat_ethtool_rxnfc __user *compat_rxnfc;
3105 bool convert_in = false, convert_out = false;
3106 size_t buf_size = 0;
3107 struct ethtool_rxnfc __user *rxnfc = NULL;
3108 struct ifreq ifr;
3109 u32 rule_cnt = 0, actual_rule_cnt;
3110 u32 ethcmd;
3111 u32 data;
3112 int ret;
3113
3114 if (get_user(data, &ifr32->ifr_ifru.ifru_data))
3115 return -EFAULT;
3116
3117 compat_rxnfc = compat_ptr(data);
3118
3119 if (get_user(ethcmd, &compat_rxnfc->cmd))
3120 return -EFAULT;
3121
3122
3123
3124
3125 switch (ethcmd) {
3126 default:
3127 break;
3128 case ETHTOOL_GRXCLSRLALL:
3129
3130 if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
3131 return -EFAULT;
3132 if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
3133 return -ENOMEM;
3134 buf_size += rule_cnt * sizeof(u32);
3135
3136 case ETHTOOL_GRXRINGS:
3137 case ETHTOOL_GRXCLSRLCNT:
3138 case ETHTOOL_GRXCLSRULE:
3139 case ETHTOOL_SRXCLSRLINS:
3140 convert_out = true;
3141
3142 case ETHTOOL_SRXCLSRLDEL:
3143 buf_size += sizeof(struct ethtool_rxnfc);
3144 convert_in = true;
3145 rxnfc = compat_alloc_user_space(buf_size);
3146 break;
3147 }
3148
3149 if (copy_from_user(&ifr.ifr_name, &ifr32->ifr_name, IFNAMSIZ))
3150 return -EFAULT;
3151
3152 ifr.ifr_data = convert_in ? rxnfc : (void __user *)compat_rxnfc;
3153
3154 if (convert_in) {
3155
3156
3157
3158 BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
3159 sizeof(compat_rxnfc->fs.m_ext) !=
3160 offsetof(struct ethtool_rxnfc, fs.m_ext) +
3161 sizeof(rxnfc->fs.m_ext));
3162 BUILD_BUG_ON(
3163 offsetof(struct compat_ethtool_rxnfc, fs.location) -
3164 offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
3165 offsetof(struct ethtool_rxnfc, fs.location) -
3166 offsetof(struct ethtool_rxnfc, fs.ring_cookie));
3167
3168 if (copy_in_user(rxnfc, compat_rxnfc,
3169 (void __user *)(&rxnfc->fs.m_ext + 1) -
3170 (void __user *)rxnfc) ||
3171 copy_in_user(&rxnfc->fs.ring_cookie,
3172 &compat_rxnfc->fs.ring_cookie,
3173 (void __user *)(&rxnfc->fs.location + 1) -
3174 (void __user *)&rxnfc->fs.ring_cookie))
3175 return -EFAULT;
3176 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3177 if (put_user(rule_cnt, &rxnfc->rule_cnt))
3178 return -EFAULT;
3179 } else if (copy_in_user(&rxnfc->rule_cnt,
3180 &compat_rxnfc->rule_cnt,
3181 sizeof(rxnfc->rule_cnt)))
3182 return -EFAULT;
3183 }
3184
3185 ret = dev_ioctl(net, SIOCETHTOOL, &ifr, NULL);
3186 if (ret)
3187 return ret;
3188
3189 if (convert_out) {
3190 if (copy_in_user(compat_rxnfc, rxnfc,
3191 (const void __user *)(&rxnfc->fs.m_ext + 1) -
3192 (const void __user *)rxnfc) ||
3193 copy_in_user(&compat_rxnfc->fs.ring_cookie,
3194 &rxnfc->fs.ring_cookie,
3195 (const void __user *)(&rxnfc->fs.location + 1) -
3196 (const void __user *)&rxnfc->fs.ring_cookie) ||
3197 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
3198 sizeof(rxnfc->rule_cnt)))
3199 return -EFAULT;
3200
3201 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3202
3203
3204
3205
3206
3207
3208
3209
3210 if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
3211 return -EFAULT;
3212 if (actual_rule_cnt < rule_cnt)
3213 rule_cnt = actual_rule_cnt;
3214 if (copy_in_user(&compat_rxnfc->rule_locs[0],
3215 &rxnfc->rule_locs[0],
3216 rule_cnt * sizeof(u32)))
3217 return -EFAULT;
3218 }
3219 }
3220
3221 return 0;
3222}
3223
3224static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
3225{
3226 compat_uptr_t uptr32;
3227 struct ifreq ifr;
3228 void __user *saved;
3229 int err;
3230
3231 if (copy_from_user(&ifr, uifr32, sizeof(struct compat_ifreq)))
3232 return -EFAULT;
3233
3234 if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
3235 return -EFAULT;
3236
3237 saved = ifr.ifr_settings.ifs_ifsu.raw_hdlc;
3238 ifr.ifr_settings.ifs_ifsu.raw_hdlc = compat_ptr(uptr32);
3239
3240 err = dev_ioctl(net, SIOCWANDEV, &ifr, NULL);
3241 if (!err) {
3242 ifr.ifr_settings.ifs_ifsu.raw_hdlc = saved;
3243 if (copy_to_user(uifr32, &ifr, sizeof(struct compat_ifreq)))
3244 err = -EFAULT;
3245 }
3246 return err;
3247}
3248
3249
3250static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd,
3251 struct compat_ifreq __user *u_ifreq32)
3252{
3253 struct ifreq ifreq;
3254 u32 data32;
3255
3256 if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ))
3257 return -EFAULT;
3258 if (get_user(data32, &u_ifreq32->ifr_data))
3259 return -EFAULT;
3260 ifreq.ifr_data = compat_ptr(data32);
3261
3262 return dev_ioctl(net, cmd, &ifreq, NULL);
3263}
3264
3265static int compat_ifreq_ioctl(struct net *net, struct socket *sock,
3266 unsigned int cmd,
3267 struct compat_ifreq __user *uifr32)
3268{
3269 struct ifreq __user *uifr;
3270 int err;
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282 uifr = compat_alloc_user_space(sizeof(*uifr));
3283 if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
3284 return -EFAULT;
3285
3286 err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
3287
3288 if (!err) {
3289 switch (cmd) {
3290 case SIOCGIFFLAGS:
3291 case SIOCGIFMETRIC:
3292 case SIOCGIFMTU:
3293 case SIOCGIFMEM:
3294 case SIOCGIFHWADDR:
3295 case SIOCGIFINDEX:
3296 case SIOCGIFADDR:
3297 case SIOCGIFBRDADDR:
3298 case SIOCGIFDSTADDR:
3299 case SIOCGIFNETMASK:
3300 case SIOCGIFPFLAGS:
3301 case SIOCGIFTXQLEN:
3302 case SIOCGMIIPHY:
3303 case SIOCGMIIREG:
3304 case SIOCGIFNAME:
3305 if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
3306 err = -EFAULT;
3307 break;
3308 }
3309 }
3310 return err;
3311}
3312
3313static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3314 struct compat_ifreq __user *uifr32)
3315{
3316 struct ifreq ifr;
3317 struct compat_ifmap __user *uifmap32;
3318 int err;
3319
3320 uifmap32 = &uifr32->ifr_ifru.ifru_map;
3321 err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3322 err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3323 err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3324 err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3325 err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3326 err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3327 err |= get_user(ifr.ifr_map.port, &uifmap32->port);
3328 if (err)
3329 return -EFAULT;
3330
3331 err = dev_ioctl(net, cmd, &ifr, NULL);
3332
3333 if (cmd == SIOCGIFMAP && !err) {
3334 err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3335 err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3336 err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3337 err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3338 err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3339 err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3340 err |= put_user(ifr.ifr_map.port, &uifmap32->port);
3341 if (err)
3342 err = -EFAULT;
3343 }
3344 return err;
3345}
3346
3347struct rtentry32 {
3348 u32 rt_pad1;
3349 struct sockaddr rt_dst;
3350 struct sockaddr rt_gateway;
3351 struct sockaddr rt_genmask;
3352 unsigned short rt_flags;
3353 short rt_pad2;
3354 u32 rt_pad3;
3355 unsigned char rt_tos;
3356 unsigned char rt_class;
3357 short rt_pad4;
3358 short rt_metric;
3359 u32 rt_dev;
3360 u32 rt_mtu;
3361 u32 rt_window;
3362 unsigned short rt_irtt;
3363};
3364
3365struct in6_rtmsg32 {
3366 struct in6_addr rtmsg_dst;
3367 struct in6_addr rtmsg_src;
3368 struct in6_addr rtmsg_gateway;
3369 u32 rtmsg_type;
3370 u16 rtmsg_dst_len;
3371 u16 rtmsg_src_len;
3372 u32 rtmsg_metric;
3373 u32 rtmsg_info;
3374 u32 rtmsg_flags;
3375 s32 rtmsg_ifindex;
3376};
3377
3378static int routing_ioctl(struct net *net, struct socket *sock,
3379 unsigned int cmd, void __user *argp)
3380{
3381 int ret;
3382 void *r = NULL;
3383 struct in6_rtmsg r6;
3384 struct rtentry r4;
3385 char devname[16];
3386 u32 rtdev;
3387 mm_segment_t old_fs = get_fs();
3388
3389 if (sock && sock->sk && sock->sk->sk_family == AF_INET6) {
3390 struct in6_rtmsg32 __user *ur6 = argp;
3391 ret = copy_from_user(&r6.rtmsg_dst, &(ur6->rtmsg_dst),
3392 3 * sizeof(struct in6_addr));
3393 ret |= get_user(r6.rtmsg_type, &(ur6->rtmsg_type));
3394 ret |= get_user(r6.rtmsg_dst_len, &(ur6->rtmsg_dst_len));
3395 ret |= get_user(r6.rtmsg_src_len, &(ur6->rtmsg_src_len));
3396 ret |= get_user(r6.rtmsg_metric, &(ur6->rtmsg_metric));
3397 ret |= get_user(r6.rtmsg_info, &(ur6->rtmsg_info));
3398 ret |= get_user(r6.rtmsg_flags, &(ur6->rtmsg_flags));
3399 ret |= get_user(r6.rtmsg_ifindex, &(ur6->rtmsg_ifindex));
3400
3401 r = (void *) &r6;
3402 } else {
3403 struct rtentry32 __user *ur4 = argp;
3404 ret = copy_from_user(&r4.rt_dst, &(ur4->rt_dst),
3405 3 * sizeof(struct sockaddr));
3406 ret |= get_user(r4.rt_flags, &(ur4->rt_flags));
3407 ret |= get_user(r4.rt_metric, &(ur4->rt_metric));
3408 ret |= get_user(r4.rt_mtu, &(ur4->rt_mtu));
3409 ret |= get_user(r4.rt_window, &(ur4->rt_window));
3410 ret |= get_user(r4.rt_irtt, &(ur4->rt_irtt));
3411 ret |= get_user(rtdev, &(ur4->rt_dev));
3412 if (rtdev) {
3413 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
3414 r4.rt_dev = (char __user __force *)devname;
3415 devname[15] = 0;
3416 } else
3417 r4.rt_dev = NULL;
3418
3419 r = (void *) &r4;
3420 }
3421
3422 if (ret) {
3423 ret = -EFAULT;
3424 goto out;
3425 }
3426
3427 set_fs(KERNEL_DS);
3428 ret = sock_do_ioctl(net, sock, cmd, (unsigned long) r);
3429 set_fs(old_fs);
3430
3431out:
3432 return ret;
3433}
3434
3435
3436
3437
3438
3439static int old_bridge_ioctl(compat_ulong_t __user *argp)
3440{
3441 compat_ulong_t tmp;
3442
3443 if (get_user(tmp, argp))
3444 return -EFAULT;
3445 if (tmp == BRCTL_GET_VERSION)
3446 return BRCTL_VERSION + 1;
3447 return -EINVAL;
3448}
3449
3450static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3451 unsigned int cmd, unsigned long arg)
3452{
3453 void __user *argp = compat_ptr(arg);
3454 struct sock *sk = sock->sk;
3455 struct net *net = sock_net(sk);
3456
3457 if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
3458 return compat_ifr_data_ioctl(net, cmd, argp);
3459
3460 switch (cmd) {
3461 case SIOCSIFBR:
3462 case SIOCGIFBR:
3463 return old_bridge_ioctl(argp);
3464 case SIOCGIFCONF:
3465 return compat_dev_ifconf(net, argp);
3466 case SIOCETHTOOL:
3467 return ethtool_ioctl(net, argp);
3468 case SIOCWANDEV:
3469 return compat_siocwandev(net, argp);
3470 case SIOCGIFMAP:
3471 case SIOCSIFMAP:
3472 return compat_sioc_ifmap(net, cmd, argp);
3473 case SIOCADDRT:
3474 case SIOCDELRT:
3475 return routing_ioctl(net, sock, cmd, argp);
3476 case SIOCGSTAMP_OLD:
3477 case SIOCGSTAMPNS_OLD:
3478 if (!sock->ops->gettstamp)
3479 return -ENOIOCTLCMD;
3480 return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP_OLD,
3481 !COMPAT_USE_64BIT_TIME);
3482
3483 case SIOCBONDSLAVEINFOQUERY:
3484 case SIOCBONDINFOQUERY:
3485 case SIOCSHWTSTAMP:
3486 case SIOCGHWTSTAMP:
3487 return compat_ifr_data_ioctl(net, cmd, argp);
3488
3489 case FIOSETOWN:
3490 case SIOCSPGRP:
3491 case FIOGETOWN:
3492 case SIOCGPGRP:
3493 case SIOCBRADDBR:
3494 case SIOCBRDELBR:
3495 case SIOCGIFVLAN:
3496 case SIOCSIFVLAN:
3497 case SIOCADDDLCI:
3498 case SIOCDELDLCI:
3499 case SIOCGSKNS:
3500 case SIOCGSTAMP_NEW:
3501 case SIOCGSTAMPNS_NEW:
3502 return sock_ioctl(file, cmd, arg);
3503
3504 case SIOCGIFFLAGS:
3505 case SIOCSIFFLAGS:
3506 case SIOCGIFMETRIC:
3507 case SIOCSIFMETRIC:
3508 case SIOCGIFMTU:
3509 case SIOCSIFMTU:
3510 case SIOCGIFMEM:
3511 case SIOCSIFMEM:
3512 case SIOCGIFHWADDR:
3513 case SIOCSIFHWADDR:
3514 case SIOCADDMULTI:
3515 case SIOCDELMULTI:
3516 case SIOCGIFINDEX:
3517 case SIOCGIFADDR:
3518 case SIOCSIFADDR:
3519 case SIOCSIFHWBROADCAST:
3520 case SIOCDIFADDR:
3521 case SIOCGIFBRDADDR:
3522 case SIOCSIFBRDADDR:
3523 case SIOCGIFDSTADDR:
3524 case SIOCSIFDSTADDR:
3525 case SIOCGIFNETMASK:
3526 case SIOCSIFNETMASK:
3527 case SIOCSIFPFLAGS:
3528 case SIOCGIFPFLAGS:
3529 case SIOCGIFTXQLEN:
3530 case SIOCSIFTXQLEN:
3531 case SIOCBRADDIF:
3532 case SIOCBRDELIF:
3533 case SIOCGIFNAME:
3534 case SIOCSIFNAME:
3535 case SIOCGMIIPHY:
3536 case SIOCGMIIREG:
3537 case SIOCSMIIREG:
3538 case SIOCBONDENSLAVE:
3539 case SIOCBONDRELEASE:
3540 case SIOCBONDSETHWADDR:
3541 case SIOCBONDCHANGEACTIVE:
3542 return compat_ifreq_ioctl(net, sock, cmd, argp);
3543
3544 case SIOCSARP:
3545 case SIOCGARP:
3546 case SIOCDARP:
3547 case SIOCOUTQ:
3548 case SIOCOUTQNSD:
3549 case SIOCATMARK:
3550 return sock_do_ioctl(net, sock, cmd, arg);
3551 }
3552
3553 return -ENOIOCTLCMD;
3554}
3555
3556static long compat_sock_ioctl(struct file *file, unsigned int cmd,
3557 unsigned long arg)
3558{
3559 struct socket *sock = file->private_data;
3560 int ret = -ENOIOCTLCMD;
3561 struct sock *sk;
3562 struct net *net;
3563
3564 sk = sock->sk;
3565 net = sock_net(sk);
3566
3567 if (sock->ops->compat_ioctl)
3568 ret = sock->ops->compat_ioctl(sock, cmd, arg);
3569
3570 if (ret == -ENOIOCTLCMD &&
3571 (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3572 ret = compat_wext_handle_ioctl(net, cmd, arg);
3573
3574 if (ret == -ENOIOCTLCMD)
3575 ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3576
3577 return ret;
3578}
3579#endif
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3591{
3592 return sock->ops->bind(sock, addr, addrlen);
3593}
3594EXPORT_SYMBOL(kernel_bind);
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604int kernel_listen(struct socket *sock, int backlog)
3605{
3606 return sock->ops->listen(sock, backlog);
3607}
3608EXPORT_SYMBOL(kernel_listen);
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3622{
3623 struct sock *sk = sock->sk;
3624 int err;
3625
3626 err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3627 newsock);
3628 if (err < 0)
3629 goto done;
3630
3631 err = sock->ops->accept(sock, *newsock, flags, true);
3632 if (err < 0) {
3633 sock_release(*newsock);
3634 *newsock = NULL;
3635 goto done;
3636 }
3637
3638 (*newsock)->ops = sock->ops;
3639 __module_get((*newsock)->ops->owner);
3640
3641done:
3642 return err;
3643}
3644EXPORT_SYMBOL(kernel_accept);
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
3660 int flags)
3661{
3662 return sock->ops->connect(sock, addr, addrlen, flags);
3663}
3664EXPORT_SYMBOL(kernel_connect);
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675int kernel_getsockname(struct socket *sock, struct sockaddr *addr)
3676{
3677 return sock->ops->getname(sock, addr, 0);
3678}
3679EXPORT_SYMBOL(kernel_getsockname);
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690int kernel_getpeername(struct socket *sock, struct sockaddr *addr)
3691{
3692 return sock->ops->getname(sock, addr, 1);
3693}
3694EXPORT_SYMBOL(kernel_getpeername);
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708int kernel_getsockopt(struct socket *sock, int level, int optname,
3709 char *optval, int *optlen)
3710{
3711 mm_segment_t oldfs = get_fs();
3712 char __user *uoptval;
3713 int __user *uoptlen;
3714 int err;
3715
3716 uoptval = (char __user __force *) optval;
3717 uoptlen = (int __user __force *) optlen;
3718
3719 set_fs(KERNEL_DS);
3720 if (level == SOL_SOCKET)
3721 err = sock_getsockopt(sock, level, optname, uoptval, uoptlen);
3722 else
3723 err = sock->ops->getsockopt(sock, level, optname, uoptval,
3724 uoptlen);
3725 set_fs(oldfs);
3726 return err;
3727}
3728EXPORT_SYMBOL(kernel_getsockopt);
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741int kernel_setsockopt(struct socket *sock, int level, int optname,
3742 char *optval, unsigned int optlen)
3743{
3744 mm_segment_t oldfs = get_fs();
3745 char __user *uoptval;
3746 int err;
3747
3748 uoptval = (char __user __force *) optval;
3749
3750 set_fs(KERNEL_DS);
3751 if (level == SOL_SOCKET)
3752 err = sock_setsockopt(sock, level, optname, uoptval, optlen);
3753 else
3754 err = sock->ops->setsockopt(sock, level, optname, uoptval,
3755 optlen);
3756 set_fs(oldfs);
3757 return err;
3758}
3759EXPORT_SYMBOL(kernel_setsockopt);
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3773 size_t size, int flags)
3774{
3775 if (sock->ops->sendpage)
3776 return sock->ops->sendpage(sock, page, offset, size, flags);
3777
3778 return sock_no_sendpage(sock, page, offset, size, flags);
3779}
3780EXPORT_SYMBOL(kernel_sendpage);
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794int kernel_sendpage_locked(struct sock *sk, struct page *page, int offset,
3795 size_t size, int flags)
3796{
3797 struct socket *sock = sk->sk_socket;
3798
3799 if (sock->ops->sendpage_locked)
3800 return sock->ops->sendpage_locked(sk, page, offset, size,
3801 flags);
3802
3803 return sock_no_sendpage_locked(sk, page, offset, size, flags);
3804}
3805EXPORT_SYMBOL(kernel_sendpage_locked);
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3816{
3817 return sock->ops->shutdown(sock, how);
3818}
3819EXPORT_SYMBOL(kernel_sock_shutdown);
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831u32 kernel_sock_ip_overhead(struct sock *sk)
3832{
3833 struct inet_sock *inet;
3834 struct ip_options_rcu *opt;
3835 u32 overhead = 0;
3836#if IS_ENABLED(CONFIG_IPV6)
3837 struct ipv6_pinfo *np;
3838 struct ipv6_txoptions *optv6 = NULL;
3839#endif
3840
3841 if (!sk)
3842 return overhead;
3843
3844 switch (sk->sk_family) {
3845 case AF_INET:
3846 inet = inet_sk(sk);
3847 overhead += sizeof(struct iphdr);
3848 opt = rcu_dereference_protected(inet->inet_opt,
3849 sock_owned_by_user(sk));
3850 if (opt)
3851 overhead += opt->opt.optlen;
3852 return overhead;
3853#if IS_ENABLED(CONFIG_IPV6)
3854 case AF_INET6:
3855 np = inet6_sk(sk);
3856 overhead += sizeof(struct ipv6hdr);
3857 if (np)
3858 optv6 = rcu_dereference_protected(np->opt,
3859 sock_owned_by_user(sk));
3860 if (optv6)
3861 overhead += (optv6->opt_flen + optv6->opt_nflen);
3862 return overhead;
3863#endif
3864 default:
3865 return overhead;
3866 }
3867}
3868EXPORT_SYMBOL(kernel_sock_ip_overhead);
3869
