1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55#include <linux/mm.h>
56#include <linux/socket.h>
57#include <linux/file.h>
58#include <linux/net.h>
59#include <linux/interrupt.h>
60#include <linux/thread_info.h>
61#include <linux/rcupdate.h>
62#include <linux/netdevice.h>
63#include <linux/proc_fs.h>
64#include <linux/seq_file.h>
65#include <linux/mutex.h>
66#include <linux/if_bridge.h>
67#include <linux/if_frad.h>
68#include <linux/if_vlan.h>
69#include <linux/ptp_classify.h>
70#include <linux/init.h>
71#include <linux/poll.h>
72#include <linux/cache.h>
73#include <linux/module.h>
74#include <linux/highmem.h>
75#include <linux/mount.h>
76#include <linux/pseudo_fs.h>
77#include <linux/security.h>
78#include <linux/syscalls.h>
79#include <linux/compat.h>
80#include <linux/kmod.h>
81#include <linux/audit.h>
82#include <linux/wireless.h>
83#include <linux/nsproxy.h>
84#include <linux/magic.h>
85#include <linux/slab.h>
86#include <linux/xattr.h>
87#include <linux/nospec.h>
88#include <linux/indirect_call_wrapper.h>
89
90#include <linux/uaccess.h>
91#include <asm/unistd.h>
92
93#include <net/compat.h>
94#include <net/wext.h>
95#include <net/cls_cgroup.h>
96
97#include <net/sock.h>
98#include <linux/netfilter.h>
99
100#include <linux/if_tun.h>
101#include <linux/ipv6_route.h>
102#include <linux/route.h>
103#include <linux/termios.h>
104#include <linux/sockios.h>
105#include <net/busy_poll.h>
106#include <linux/errqueue.h>
107
108#ifdef CONFIG_NET_RX_BUSY_POLL
109unsigned int sysctl_net_busy_read __read_mostly;
110unsigned int sysctl_net_busy_poll __read_mostly;
111#endif
112
113static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
114static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
115static int sock_mmap(struct file *file, struct vm_area_struct *vma);
116
117static int sock_close(struct inode *inode, struct file *file);
118static __poll_t sock_poll(struct file *file,
119 struct poll_table_struct *wait);
120static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
121#ifdef CONFIG_COMPAT
122static long compat_sock_ioctl(struct file *file,
123 unsigned int cmd, unsigned long arg);
124#endif
125static int sock_fasync(int fd, struct file *filp, int on);
126static ssize_t sock_sendpage(struct file *file, struct page *page,
127 int offset, size_t size, loff_t *ppos, int more);
128static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
129 struct pipe_inode_info *pipe, size_t len,
130 unsigned int flags);
131
132#ifdef CONFIG_PROC_FS
133static void sock_show_fdinfo(struct seq_file *m, struct file *f)
134{
135 struct socket *sock = f->private_data;
136
137 if (sock->ops->show_fdinfo)
138 sock->ops->show_fdinfo(m, sock);
139}
140#else
141#define sock_show_fdinfo NULL
142#endif
143
144
145
146
147
148
149static const struct file_operations socket_file_ops = {
150 .owner = THIS_MODULE,
151 .llseek = no_llseek,
152 .read_iter = sock_read_iter,
153 .write_iter = sock_write_iter,
154 .poll = sock_poll,
155 .unlocked_ioctl = sock_ioctl,
156#ifdef CONFIG_COMPAT
157 .compat_ioctl = compat_sock_ioctl,
158#endif
159 .mmap = sock_mmap,
160 .release = sock_close,
161 .fasync = sock_fasync,
162 .sendpage = sock_sendpage,
163 .splice_write = generic_splice_sendpage,
164 .splice_read = sock_splice_read,
165 .show_fdinfo = sock_show_fdinfo,
166};
167
168
169
170
171
172static DEFINE_SPINLOCK(net_family_lock);
173static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
193{
194 if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
195 return -EINVAL;
196 if (ulen == 0)
197 return 0;
198 if (copy_from_user(kaddr, uaddr, ulen))
199 return -EFAULT;
200 return audit_sockaddr(ulen, kaddr);
201}
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
221 void __user *uaddr, int __user *ulen)
222{
223 int err;
224 int len;
225
226 BUG_ON(klen > sizeof(struct sockaddr_storage));
227 err = get_user(len, ulen);
228 if (err)
229 return err;
230 if (len > klen)
231 len = klen;
232 if (len < 0)
233 return -EINVAL;
234 if (len) {
235 if (audit_sockaddr(klen, kaddr))
236 return -ENOMEM;
237 if (copy_to_user(uaddr, kaddr, len))
238 return -EFAULT;
239 }
240
241
242
243
244 return __put_user(klen, ulen);
245}
246
247static struct kmem_cache *sock_inode_cachep __ro_after_init;
248
249static struct inode *sock_alloc_inode(struct super_block *sb)
250{
251 struct socket_alloc *ei;
252
253 ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
254 if (!ei)
255 return NULL;
256 init_waitqueue_head(&ei->socket.wq.wait);
257 ei->socket.wq.fasync_list = NULL;
258 ei->socket.wq.flags = 0;
259
260 ei->socket.state = SS_UNCONNECTED;
261 ei->socket.flags = 0;
262 ei->socket.ops = NULL;
263 ei->socket.sk = NULL;
264 ei->socket.file = NULL;
265
266 return &ei->vfs_inode;
267}
268
269static void sock_free_inode(struct inode *inode)
270{
271 struct socket_alloc *ei;
272
273 ei = container_of(inode, struct socket_alloc, vfs_inode);
274 kmem_cache_free(sock_inode_cachep, ei);
275}
276
277static void init_once(void *foo)
278{
279 struct socket_alloc *ei = (struct socket_alloc *)foo;
280
281 inode_init_once(&ei->vfs_inode);
282}
283
284static void init_inodecache(void)
285{
286 sock_inode_cachep = kmem_cache_create("sock_inode_cache",
287 sizeof(struct socket_alloc),
288 0,
289 (SLAB_HWCACHE_ALIGN |
290 SLAB_RECLAIM_ACCOUNT |
291 SLAB_MEM_SPREAD | SLAB_ACCOUNT),
292 init_once);
293 BUG_ON(sock_inode_cachep == NULL);
294}
295
296static const struct super_operations sockfs_ops = {
297 .alloc_inode = sock_alloc_inode,
298 .free_inode = sock_free_inode,
299 .statfs = simple_statfs,
300};
301
302
303
304
305static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
306{
307 return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
308 d_inode(dentry)->i_ino);
309}
310
311static const struct dentry_operations sockfs_dentry_operations = {
312 .d_dname = sockfs_dname,
313};
314
315static int sockfs_xattr_get(const struct xattr_handler *handler,
316 struct dentry *dentry, struct inode *inode,
317 const char *suffix, void *value, size_t size)
318{
319 if (value) {
320 if (dentry->d_name.len + 1 > size)
321 return -ERANGE;
322 memcpy(value, dentry->d_name.name, dentry->d_name.len + 1);
323 }
324 return dentry->d_name.len + 1;
325}
326
327#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
328#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
329#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
330
331static const struct xattr_handler sockfs_xattr_handler = {
332 .name = XATTR_NAME_SOCKPROTONAME,
333 .get = sockfs_xattr_get,
334};
335
336static int sockfs_security_xattr_set(const struct xattr_handler *handler,
337 struct dentry *dentry, struct inode *inode,
338 const char *suffix, const void *value,
339 size_t size, int flags)
340{
341
342 return -EAGAIN;
343}
344
345static const struct xattr_handler sockfs_security_xattr_handler = {
346 .prefix = XATTR_SECURITY_PREFIX,
347 .set = sockfs_security_xattr_set,
348};
349
350static const struct xattr_handler *sockfs_xattr_handlers[] = {
351 &sockfs_xattr_handler,
352 &sockfs_security_xattr_handler,
353 NULL
354};
355
356static int sockfs_init_fs_context(struct fs_context *fc)
357{
358 struct pseudo_fs_context *ctx = init_pseudo(fc, SOCKFS_MAGIC);
359 if (!ctx)
360 return -ENOMEM;
361 ctx->ops = &sockfs_ops;
362 ctx->dops = &sockfs_dentry_operations;
363 ctx->xattr = sockfs_xattr_handlers;
364 return 0;
365}
366
367static struct vfsmount *sock_mnt __read_mostly;
368
369static struct file_system_type sock_fs_type = {
370 .name = "sockfs",
371 .init_fs_context = sockfs_init_fs_context,
372 .kill_sb = kill_anon_super,
373};
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
405{
406 struct file *file;
407
408 if (!dname)
409 dname = sock->sk ? sock->sk->sk_prot_creator->name : "";
410
411 file = alloc_file_pseudo(SOCK_INODE(sock), sock_mnt, dname,
412 O_RDWR | (flags & O_NONBLOCK),
413 &socket_file_ops);
414 if (IS_ERR(file)) {
415 sock_release(sock);
416 return file;
417 }
418
419 sock->file = file;
420 file->private_data = sock;
421 stream_open(SOCK_INODE(sock), file);
422 return file;
423}
424EXPORT_SYMBOL(sock_alloc_file);
425
426static int sock_map_fd(struct socket *sock, int flags)
427{
428 struct file *newfile;
429 int fd = get_unused_fd_flags(flags);
430 if (unlikely(fd < 0)) {
431 sock_release(sock);
432 return fd;
433 }
434
435 newfile = sock_alloc_file(sock, flags, NULL);
436 if (!IS_ERR(newfile)) {
437 fd_install(fd, newfile);
438 return fd;
439 }
440
441 put_unused_fd(fd);
442 return PTR_ERR(newfile);
443}
444
445
446
447
448
449
450
451
452
453struct socket *sock_from_file(struct file *file, int *err)
454{
455 if (file->f_op == &socket_file_ops)
456 return file->private_data;
457
458 *err = -ENOTSOCK;
459 return NULL;
460}
461EXPORT_SYMBOL(sock_from_file);
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476struct socket *sockfd_lookup(int fd, int *err)
477{
478 struct file *file;
479 struct socket *sock;
480
481 file = fget(fd);
482 if (!file) {
483 *err = -EBADF;
484 return NULL;
485 }
486
487 sock = sock_from_file(file, err);
488 if (!sock)
489 fput(file);
490 return sock;
491}
492EXPORT_SYMBOL(sockfd_lookup);
493
494static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
495{
496 struct fd f = fdget(fd);
497 struct socket *sock;
498
499 *err = -EBADF;
500 if (f.file) {
501 sock = sock_from_file(f.file, err);
502 if (likely(sock)) {
503 *fput_needed = f.flags & FDPUT_FPUT;
504 return sock;
505 }
506 fdput(f);
507 }
508 return NULL;
509}
510
511static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
512 size_t size)
513{
514 ssize_t len;
515 ssize_t used = 0;
516
517 len = security_inode_listsecurity(d_inode(dentry), buffer, size);
518 if (len < 0)
519 return len;
520 used += len;
521 if (buffer) {
522 if (size < used)
523 return -ERANGE;
524 buffer += len;
525 }
526
527 len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
528 used += len;
529 if (buffer) {
530 if (size < used)
531 return -ERANGE;
532 memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
533 buffer += len;
534 }
535
536 return used;
537}
538
539static int sockfs_setattr(struct dentry *dentry, struct iattr *iattr)
540{
541 int err = simple_setattr(dentry, iattr);
542
543 if (!err && (iattr->ia_valid & ATTR_UID)) {
544 struct socket *sock = SOCKET_I(d_inode(dentry));
545
546 if (sock->sk)
547 sock->sk->sk_uid = iattr->ia_uid;
548 else
549 err = -ENOENT;
550 }
551
552 return err;
553}
554
555static const struct inode_operations sockfs_inode_ops = {
556 .listxattr = sockfs_listxattr,
557 .setattr = sockfs_setattr,
558};
559
560
561
562
563
564
565
566
567
568struct socket *sock_alloc(void)
569{
570 struct inode *inode;
571 struct socket *sock;
572
573 inode = new_inode_pseudo(sock_mnt->mnt_sb);
574 if (!inode)
575 return NULL;
576
577 sock = SOCKET_I(inode);
578
579 inode->i_ino = get_next_ino();
580 inode->i_mode = S_IFSOCK | S_IRWXUGO;
581 inode->i_uid = current_fsuid();
582 inode->i_gid = current_fsgid();
583 inode->i_op = &sockfs_inode_ops;
584
585 return sock;
586}
587EXPORT_SYMBOL(sock_alloc);
588
589static void __sock_release(struct socket *sock, struct inode *inode)
590{
591 if (sock->ops) {
592 struct module *owner = sock->ops->owner;
593
594 if (inode)
595 inode_lock(inode);
596 sock->ops->release(sock);
597 sock->sk = NULL;
598 if (inode)
599 inode_unlock(inode);
600 sock->ops = NULL;
601 module_put(owner);
602 }
603
604 if (sock->wq.fasync_list)
605 pr_err("%s: fasync list not empty!\n", __func__);
606
607 if (!sock->file) {
608 iput(SOCK_INODE(sock));
609 return;
610 }
611 sock->file = NULL;
612}
613
614
615
616
617
618
619
620
621
622void sock_release(struct socket *sock)
623{
624 __sock_release(sock, NULL);
625}
626EXPORT_SYMBOL(sock_release);
627
628void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags)
629{
630 u8 flags = *tx_flags;
631
632 if (tsflags & SOF_TIMESTAMPING_TX_HARDWARE)
633 flags |= SKBTX_HW_TSTAMP;
634
635 if (tsflags & SOF_TIMESTAMPING_TX_SOFTWARE)
636 flags |= SKBTX_SW_TSTAMP;
637
638 if (tsflags & SOF_TIMESTAMPING_TX_SCHED)
639 flags |= SKBTX_SCHED_TSTAMP;
640
641 *tx_flags = flags;
642}
643EXPORT_SYMBOL(__sock_tx_timestamp);
644
645INDIRECT_CALLABLE_DECLARE(int inet_sendmsg(struct socket *, struct msghdr *,
646 size_t));
647INDIRECT_CALLABLE_DECLARE(int inet6_sendmsg(struct socket *, struct msghdr *,
648 size_t));
649static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
650{
651 int ret = INDIRECT_CALL_INET(sock->ops->sendmsg, inet6_sendmsg,
652 inet_sendmsg, sock, msg,
653 msg_data_left(msg));
654 BUG_ON(ret == -EIOCBQUEUED);
655 return ret;
656}
657
658
659
660
661
662
663
664
665
666int sock_sendmsg(struct socket *sock, struct msghdr *msg)
667{
668 int err = security_socket_sendmsg(sock, msg,
669 msg_data_left(msg));
670
671 return err ?: sock_sendmsg_nosec(sock, msg);
672}
673EXPORT_SYMBOL(sock_sendmsg);
674
675
676
677
678
679
680
681
682
683
684
685
686
687int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
688 struct kvec *vec, size_t num, size_t size)
689{
690 iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
691 return sock_sendmsg(sock, msg);
692}
693EXPORT_SYMBOL(kernel_sendmsg);
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708int kernel_sendmsg_locked(struct sock *sk, struct msghdr *msg,
709 struct kvec *vec, size_t num, size_t size)
710{
711 struct socket *sock = sk->sk_socket;
712
713 if (!sock->ops->sendmsg_locked)
714 return sock_no_sendmsg_locked(sk, msg, size);
715
716 iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
717
718 return sock->ops->sendmsg_locked(sk, msg, msg_data_left(msg));
719}
720EXPORT_SYMBOL(kernel_sendmsg_locked);
721
722static bool skb_is_err_queue(const struct sk_buff *skb)
723{
724
725
726
727
728
729 return skb->pkt_type == PACKET_OUTGOING;
730}
731
732
733
734
735
736
737
738
739
740static bool skb_is_swtx_tstamp(const struct sk_buff *skb, int false_tstamp)
741{
742 return skb->tstamp && !false_tstamp && skb_is_err_queue(skb);
743}
744
745static void put_ts_pktinfo(struct msghdr *msg, struct sk_buff *skb)
746{
747 struct scm_ts_pktinfo ts_pktinfo;
748 struct net_device *orig_dev;
749
750 if (!skb_mac_header_was_set(skb))
751 return;
752
753 memset(&ts_pktinfo, 0, sizeof(ts_pktinfo));
754
755 rcu_read_lock();
756 orig_dev = dev_get_by_napi_id(skb_napi_id(skb));
757 if (orig_dev)
758 ts_pktinfo.if_index = orig_dev->ifindex;
759 rcu_read_unlock();
760
761 ts_pktinfo.pkt_length = skb->len - skb_mac_offset(skb);
762 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_PKTINFO,
763 sizeof(ts_pktinfo), &ts_pktinfo);
764}
765
766
767
768
769void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
770 struct sk_buff *skb)
771{
772 int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
773 int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
774 struct scm_timestamping_internal tss;
775
776 int empty = 1, false_tstamp = 0;
777 struct skb_shared_hwtstamps *shhwtstamps =
778 skb_hwtstamps(skb);
779
780
781
782 if (need_software_tstamp && skb->tstamp == 0) {
783 __net_timestamp(skb);
784 false_tstamp = 1;
785 }
786
787 if (need_software_tstamp) {
788 if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
789 if (new_tstamp) {
790 struct __kernel_sock_timeval tv;
791
792 skb_get_new_timestamp(skb, &tv);
793 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_NEW,
794 sizeof(tv), &tv);
795 } else {
796 struct __kernel_old_timeval tv;
797
798 skb_get_timestamp(skb, &tv);
799 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_OLD,
800 sizeof(tv), &tv);
801 }
802 } else {
803 if (new_tstamp) {
804 struct __kernel_timespec ts;
805
806 skb_get_new_timestampns(skb, &ts);
807 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_NEW,
808 sizeof(ts), &ts);
809 } else {
810 struct __kernel_old_timespec ts;
811
812 skb_get_timestampns(skb, &ts);
813 put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
814 sizeof(ts), &ts);
815 }
816 }
817 }
818
819 memset(&tss, 0, sizeof(tss));
820 if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) &&
821 ktime_to_timespec64_cond(skb->tstamp, tss.ts + 0))
822 empty = 0;
823 if (shhwtstamps &&
824 (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
825 !skb_is_swtx_tstamp(skb, false_tstamp) &&
826 ktime_to_timespec64_cond(shhwtstamps->hwtstamp, tss.ts + 2)) {
827 empty = 0;
828 if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_PKTINFO) &&
829 !skb_is_err_queue(skb))
830 put_ts_pktinfo(msg, skb);
831 }
832 if (!empty) {
833 if (sock_flag(sk, SOCK_TSTAMP_NEW))
834 put_cmsg_scm_timestamping64(msg, &tss);
835 else
836 put_cmsg_scm_timestamping(msg, &tss);
837
838 if (skb_is_err_queue(skb) && skb->len &&
839 SKB_EXT_ERR(skb)->opt_stats)
840 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS,
841 skb->len, skb->data);
842 }
843}
844EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
845
846void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
847 struct sk_buff *skb)
848{
849 int ack;
850
851 if (!sock_flag(sk, SOCK_WIFI_STATUS))
852 return;
853 if (!skb->wifi_acked_valid)
854 return;
855
856 ack = skb->wifi_acked;
857
858 put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
859}
860EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
861
862static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
863 struct sk_buff *skb)
864{
865 if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
866 put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
867 sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
868}
869
870void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
871 struct sk_buff *skb)
872{
873 sock_recv_timestamp(msg, sk, skb);
874 sock_recv_drops(msg, sk, skb);
875}
876EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
877
878INDIRECT_CALLABLE_DECLARE(int inet_recvmsg(struct socket *, struct msghdr *,
879 size_t, int));
880INDIRECT_CALLABLE_DECLARE(int inet6_recvmsg(struct socket *, struct msghdr *,
881 size_t, int));
882static inline int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
883 int flags)
884{
885 return INDIRECT_CALL_INET(sock->ops->recvmsg, inet6_recvmsg,
886 inet_recvmsg, sock, msg, msg_data_left(msg),
887 flags);
888}
889
890
891
892
893
894
895
896
897
898
899int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags)
900{
901 int err = security_socket_recvmsg(sock, msg, msg_data_left(msg), flags);
902
903 return err ?: sock_recvmsg_nosec(sock, msg, flags);
904}
905EXPORT_SYMBOL(sock_recvmsg);
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
924 struct kvec *vec, size_t num, size_t size, int flags)
925{
926 msg->msg_control_is_user = false;
927 iov_iter_kvec(&msg->msg_iter, READ, vec, num, size);
928 return sock_recvmsg(sock, msg, flags);
929}
930EXPORT_SYMBOL(kernel_recvmsg);
931
932static ssize_t sock_sendpage(struct file *file, struct page *page,
933 int offset, size_t size, loff_t *ppos, int more)
934{
935 struct socket *sock;
936 int flags;
937
938 sock = file->private_data;
939
940 flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
941
942 flags |= more;
943
944 return kernel_sendpage(sock, page, offset, size, flags);
945}
946
947static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
948 struct pipe_inode_info *pipe, size_t len,
949 unsigned int flags)
950{
951 struct socket *sock = file->private_data;
952
953 if (unlikely(!sock->ops->splice_read))
954 return generic_file_splice_read(file, ppos, pipe, len, flags);
955
956 return sock->ops->splice_read(sock, ppos, pipe, len, flags);
957}
958
959static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
960{
961 struct file *file = iocb->ki_filp;
962 struct socket *sock = file->private_data;
963 struct msghdr msg = {.msg_iter = *to,
964 .msg_iocb = iocb};
965 ssize_t res;
966
967 if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
968 msg.msg_flags = MSG_DONTWAIT;
969
970 if (iocb->ki_pos != 0)
971 return -ESPIPE;
972
973 if (!iov_iter_count(to))
974 return 0;
975
976 res = sock_recvmsg(sock, &msg, msg.msg_flags);
977 *to = msg.msg_iter;
978 return res;
979}
980
981static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
982{
983 struct file *file = iocb->ki_filp;
984 struct socket *sock = file->private_data;
985 struct msghdr msg = {.msg_iter = *from,
986 .msg_iocb = iocb};
987 ssize_t res;
988
989 if (iocb->ki_pos != 0)
990 return -ESPIPE;
991
992 if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
993 msg.msg_flags = MSG_DONTWAIT;
994
995 if (sock->type == SOCK_SEQPACKET)
996 msg.msg_flags |= MSG_EOR;
997
998 res = sock_sendmsg(sock, &msg);
999 *from = msg.msg_iter;
1000 return res;
1001}
1002
1003
1004
1005
1006
1007
1008static DEFINE_MUTEX(br_ioctl_mutex);
1009static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
1010
1011void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
1012{
1013 mutex_lock(&br_ioctl_mutex);
1014 br_ioctl_hook = hook;
1015 mutex_unlock(&br_ioctl_mutex);
1016}
1017EXPORT_SYMBOL(brioctl_set);
1018
1019static DEFINE_MUTEX(vlan_ioctl_mutex);
1020static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
1021
1022void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
1023{
1024 mutex_lock(&vlan_ioctl_mutex);
1025 vlan_ioctl_hook = hook;
1026 mutex_unlock(&vlan_ioctl_mutex);
1027}
1028EXPORT_SYMBOL(vlan_ioctl_set);
1029
1030static DEFINE_MUTEX(dlci_ioctl_mutex);
1031static int (*dlci_ioctl_hook) (unsigned int, void __user *);
1032
1033void dlci_ioctl_set(int (*hook) (unsigned int, void __user *))
1034{
1035 mutex_lock(&dlci_ioctl_mutex);
1036 dlci_ioctl_hook = hook;
1037 mutex_unlock(&dlci_ioctl_mutex);
1038}
1039EXPORT_SYMBOL(dlci_ioctl_set);
1040
1041static long sock_do_ioctl(struct net *net, struct socket *sock,
1042 unsigned int cmd, unsigned long arg)
1043{
1044 int err;
1045 void __user *argp = (void __user *)arg;
1046
1047 err = sock->ops->ioctl(sock, cmd, arg);
1048
1049
1050
1051
1052
1053 if (err != -ENOIOCTLCMD)
1054 return err;
1055
1056 if (cmd == SIOCGIFCONF) {
1057 struct ifconf ifc;
1058 if (copy_from_user(&ifc, argp, sizeof(struct ifconf)))
1059 return -EFAULT;
1060 rtnl_lock();
1061 err = dev_ifconf(net, &ifc, sizeof(struct ifreq));
1062 rtnl_unlock();
1063 if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf)))
1064 err = -EFAULT;
1065 } else {
1066 struct ifreq ifr;
1067 bool need_copyout;
1068 if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1069 return -EFAULT;
1070 err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1071 if (!err && need_copyout)
1072 if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1073 return -EFAULT;
1074 }
1075 return err;
1076}
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090struct ns_common *get_net_ns(struct ns_common *ns)
1091{
1092 return &get_net(container_of(ns, struct net, ns))->ns;
1093}
1094EXPORT_SYMBOL_GPL(get_net_ns);
1095
1096static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1097{
1098 struct socket *sock;
1099 struct sock *sk;
1100 void __user *argp = (void __user *)arg;
1101 int pid, err;
1102 struct net *net;
1103
1104 sock = file->private_data;
1105 sk = sock->sk;
1106 net = sock_net(sk);
1107 if (unlikely(cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))) {
1108 struct ifreq ifr;
1109 bool need_copyout;
1110 if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1111 return -EFAULT;
1112 err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1113 if (!err && need_copyout)
1114 if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1115 return -EFAULT;
1116 } else
1117#ifdef CONFIG_WEXT_CORE
1118 if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1119 err = wext_handle_ioctl(net, cmd, argp);
1120 } else
1121#endif
1122 switch (cmd) {
1123 case FIOSETOWN:
1124 case SIOCSPGRP:
1125 err = -EFAULT;
1126 if (get_user(pid, (int __user *)argp))
1127 break;
1128 err = f_setown(sock->file, pid, 1);
1129 break;
1130 case FIOGETOWN:
1131 case SIOCGPGRP:
1132 err = put_user(f_getown(sock->file),
1133 (int __user *)argp);
1134 break;
1135 case SIOCGIFBR:
1136 case SIOCSIFBR:
1137 case SIOCBRADDBR:
1138 case SIOCBRDELBR:
1139 err = -ENOPKG;
1140 if (!br_ioctl_hook)
1141 request_module("bridge");
1142
1143 mutex_lock(&br_ioctl_mutex);
1144 if (br_ioctl_hook)
1145 err = br_ioctl_hook(net, cmd, argp);
1146 mutex_unlock(&br_ioctl_mutex);
1147 break;
1148 case SIOCGIFVLAN:
1149 case SIOCSIFVLAN:
1150 err = -ENOPKG;
1151 if (!vlan_ioctl_hook)
1152 request_module("8021q");
1153
1154 mutex_lock(&vlan_ioctl_mutex);
1155 if (vlan_ioctl_hook)
1156 err = vlan_ioctl_hook(net, argp);
1157 mutex_unlock(&vlan_ioctl_mutex);
1158 break;
1159 case SIOCADDDLCI:
1160 case SIOCDELDLCI:
1161 err = -ENOPKG;
1162 if (!dlci_ioctl_hook)
1163 request_module("dlci");
1164
1165 mutex_lock(&dlci_ioctl_mutex);
1166 if (dlci_ioctl_hook)
1167 err = dlci_ioctl_hook(cmd, argp);
1168 mutex_unlock(&dlci_ioctl_mutex);
1169 break;
1170 case SIOCGSKNS:
1171 err = -EPERM;
1172 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1173 break;
1174
1175 err = open_related_ns(&net->ns, get_net_ns);
1176 break;
1177 case SIOCGSTAMP_OLD:
1178 case SIOCGSTAMPNS_OLD:
1179 if (!sock->ops->gettstamp) {
1180 err = -ENOIOCTLCMD;
1181 break;
1182 }
1183 err = sock->ops->gettstamp(sock, argp,
1184 cmd == SIOCGSTAMP_OLD,
1185 !IS_ENABLED(CONFIG_64BIT));
1186 break;
1187 case SIOCGSTAMP_NEW:
1188 case SIOCGSTAMPNS_NEW:
1189 if (!sock->ops->gettstamp) {
1190 err = -ENOIOCTLCMD;
1191 break;
1192 }
1193 err = sock->ops->gettstamp(sock, argp,
1194 cmd == SIOCGSTAMP_NEW,
1195 false);
1196 break;
1197 default:
1198 err = sock_do_ioctl(net, sock, cmd, arg);
1199 break;
1200 }
1201 return err;
1202}
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217int sock_create_lite(int family, int type, int protocol, struct socket **res)
1218{
1219 int err;
1220 struct socket *sock = NULL;
1221
1222 err = security_socket_create(family, type, protocol, 1);
1223 if (err)
1224 goto out;
1225
1226 sock = sock_alloc();
1227 if (!sock) {
1228 err = -ENOMEM;
1229 goto out;
1230 }
1231
1232 sock->type = type;
1233 err = security_socket_post_create(sock, family, type, protocol, 1);
1234 if (err)
1235 goto out_release;
1236
1237out:
1238 *res = sock;
1239 return err;
1240out_release:
1241 sock_release(sock);
1242 sock = NULL;
1243 goto out;
1244}
1245EXPORT_SYMBOL(sock_create_lite);
1246
1247
1248static __poll_t sock_poll(struct file *file, poll_table *wait)
1249{
1250 struct socket *sock = file->private_data;
1251 __poll_t events = poll_requested_events(wait), flag = 0;
1252
1253 if (!sock->ops->poll)
1254 return 0;
1255
1256 if (sk_can_busy_loop(sock->sk)) {
1257
1258 if (events & POLL_BUSY_LOOP)
1259 sk_busy_loop(sock->sk, 1);
1260
1261
1262 flag = POLL_BUSY_LOOP;
1263 }
1264
1265 return sock->ops->poll(file, sock, wait) | flag;
1266}
1267
1268static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1269{
1270 struct socket *sock = file->private_data;
1271
1272 return sock->ops->mmap(file, sock, vma);
1273}
1274
1275static int sock_close(struct inode *inode, struct file *filp)
1276{
1277 __sock_release(SOCKET_I(inode), inode);
1278 return 0;
1279}
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292static int sock_fasync(int fd, struct file *filp, int on)
1293{
1294 struct socket *sock = filp->private_data;
1295 struct sock *sk = sock->sk;
1296 struct socket_wq *wq = &sock->wq;
1297
1298 if (sk == NULL)
1299 return -EINVAL;
1300
1301 lock_sock(sk);
1302 fasync_helper(fd, filp, on, &wq->fasync_list);
1303
1304 if (!wq->fasync_list)
1305 sock_reset_flag(sk, SOCK_FASYNC);
1306 else
1307 sock_set_flag(sk, SOCK_FASYNC);
1308
1309 release_sock(sk);
1310 return 0;
1311}
1312
1313
1314
1315int sock_wake_async(struct socket_wq *wq, int how, int band)
1316{
1317 if (!wq || !wq->fasync_list)
1318 return -1;
1319
1320 switch (how) {
1321 case SOCK_WAKE_WAITD:
1322 if (test_bit(SOCKWQ_ASYNC_WAITDATA, &wq->flags))
1323 break;
1324 goto call_kill;
1325 case SOCK_WAKE_SPACE:
1326 if (!test_and_clear_bit(SOCKWQ_ASYNC_NOSPACE, &wq->flags))
1327 break;
1328 fallthrough;
1329 case SOCK_WAKE_IO:
1330call_kill:
1331 kill_fasync(&wq->fasync_list, SIGIO, band);
1332 break;
1333 case SOCK_WAKE_URG:
1334 kill_fasync(&wq->fasync_list, SIGURG, band);
1335 }
1336
1337 return 0;
1338}
1339EXPORT_SYMBOL(sock_wake_async);
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356int __sock_create(struct net *net, int family, int type, int protocol,
1357 struct socket **res, int kern)
1358{
1359 int err;
1360 struct socket *sock;
1361 const struct net_proto_family *pf;
1362
1363
1364
1365
1366 if (family < 0 || family >= NPROTO)
1367 return -EAFNOSUPPORT;
1368 if (type < 0 || type >= SOCK_MAX)
1369 return -EINVAL;
1370
1371
1372
1373
1374
1375
1376 if (family == PF_INET && type == SOCK_PACKET) {
1377 pr_info_once("%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1378 current->comm);
1379 family = PF_PACKET;
1380 }
1381
1382 err = security_socket_create(family, type, protocol, kern);
1383 if (err)
1384 return err;
1385
1386
1387
1388
1389
1390
1391 sock = sock_alloc();
1392 if (!sock) {
1393 net_warn_ratelimited("socket: no more sockets\n");
1394 return -ENFILE;
1395
1396 }
1397
1398 sock->type = type;
1399
1400#ifdef CONFIG_MODULES
1401
1402
1403
1404
1405
1406
1407 if (rcu_access_pointer(net_families[family]) == NULL)
1408 request_module("net-pf-%d", family);
1409#endif
1410
1411 rcu_read_lock();
1412 pf = rcu_dereference(net_families[family]);
1413 err = -EAFNOSUPPORT;
1414 if (!pf)
1415 goto out_release;
1416
1417
1418
1419
1420
1421 if (!try_module_get(pf->owner))
1422 goto out_release;
1423
1424
1425 rcu_read_unlock();
1426
1427 err = pf->create(net, sock, protocol, kern);
1428 if (err < 0)
1429 goto out_module_put;
1430
1431
1432
1433
1434
1435 if (!try_module_get(sock->ops->owner))
1436 goto out_module_busy;
1437
1438
1439
1440
1441
1442 module_put(pf->owner);
1443 err = security_socket_post_create(sock, family, type, protocol, kern);
1444 if (err)
1445 goto out_sock_release;
1446 *res = sock;
1447
1448 return 0;
1449
1450out_module_busy:
1451 err = -EAFNOSUPPORT;
1452out_module_put:
1453 sock->ops = NULL;
1454 module_put(pf->owner);
1455out_sock_release:
1456 sock_release(sock);
1457 return err;
1458
1459out_release:
1460 rcu_read_unlock();
1461 goto out_sock_release;
1462}
1463EXPORT_SYMBOL(__sock_create);
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476int sock_create(int family, int type, int protocol, struct socket **res)
1477{
1478 return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1479}
1480EXPORT_SYMBOL(sock_create);
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494int sock_create_kern(struct net *net, int family, int type, int protocol, struct socket **res)
1495{
1496 return __sock_create(net, family, type, protocol, res, 1);
1497}
1498EXPORT_SYMBOL(sock_create_kern);
1499
1500int __sys_socket(int family, int type, int protocol)
1501{
1502 int retval;
1503 struct socket *sock;
1504 int flags;
1505
1506
1507 BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1508 BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1509 BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1510 BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1511
1512 flags = type & ~SOCK_TYPE_MASK;
1513 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1514 return -EINVAL;
1515 type &= SOCK_TYPE_MASK;
1516
1517 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1518 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1519
1520 retval = sock_create(family, type, protocol, &sock);
1521 if (retval < 0)
1522 return retval;
1523
1524 return sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1525}
1526
1527SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1528{
1529 return __sys_socket(family, type, protocol);
1530}
1531
1532
1533
1534
1535
1536int __sys_socketpair(int family, int type, int protocol, int __user *usockvec)
1537{
1538 struct socket *sock1, *sock2;
1539 int fd1, fd2, err;
1540 struct file *newfile1, *newfile2;
1541 int flags;
1542
1543 flags = type & ~SOCK_TYPE_MASK;
1544 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1545 return -EINVAL;
1546 type &= SOCK_TYPE_MASK;
1547
1548 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1549 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1550
1551
1552
1553
1554
1555 fd1 = get_unused_fd_flags(flags);
1556 if (unlikely(fd1 < 0))
1557 return fd1;
1558
1559 fd2 = get_unused_fd_flags(flags);
1560 if (unlikely(fd2 < 0)) {
1561 put_unused_fd(fd1);
1562 return fd2;
1563 }
1564
1565 err = put_user(fd1, &usockvec[0]);
1566 if (err)
1567 goto out;
1568
1569 err = put_user(fd2, &usockvec[1]);
1570 if (err)
1571 goto out;
1572
1573
1574
1575
1576
1577
1578 err = sock_create(family, type, protocol, &sock1);
1579 if (unlikely(err < 0))
1580 goto out;
1581
1582 err = sock_create(family, type, protocol, &sock2);
1583 if (unlikely(err < 0)) {
1584 sock_release(sock1);
1585 goto out;
1586 }
1587
1588 err = security_socket_socketpair(sock1, sock2);
1589 if (unlikely(err)) {
1590 sock_release(sock2);
1591 sock_release(sock1);
1592 goto out;
1593 }
1594
1595 err = sock1->ops->socketpair(sock1, sock2);
1596 if (unlikely(err < 0)) {
1597 sock_release(sock2);
1598 sock_release(sock1);
1599 goto out;
1600 }
1601
1602 newfile1 = sock_alloc_file(sock1, flags, NULL);
1603 if (IS_ERR(newfile1)) {
1604 err = PTR_ERR(newfile1);
1605 sock_release(sock2);
1606 goto out;
1607 }
1608
1609 newfile2 = sock_alloc_file(sock2, flags, NULL);
1610 if (IS_ERR(newfile2)) {
1611 err = PTR_ERR(newfile2);
1612 fput(newfile1);
1613 goto out;
1614 }
1615
1616 audit_fd_pair(fd1, fd2);
1617
1618 fd_install(fd1, newfile1);
1619 fd_install(fd2, newfile2);
1620 return 0;
1621
1622out:
1623 put_unused_fd(fd2);
1624 put_unused_fd(fd1);
1625 return err;
1626}
1627
1628SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1629 int __user *, usockvec)
1630{
1631 return __sys_socketpair(family, type, protocol, usockvec);
1632}
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1643{
1644 struct socket *sock;
1645 struct sockaddr_storage address;
1646 int err, fput_needed;
1647
1648 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1649 if (sock) {
1650 err = move_addr_to_kernel(umyaddr, addrlen, &address);
1651 if (!err) {
1652 err = security_socket_bind(sock,
1653 (struct sockaddr *)&address,
1654 addrlen);
1655 if (!err)
1656 err = sock->ops->bind(sock,
1657 (struct sockaddr *)
1658 &address, addrlen);
1659 }
1660 fput_light(sock->file, fput_needed);
1661 }
1662 return err;
1663}
1664
1665SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1666{
1667 return __sys_bind(fd, umyaddr, addrlen);
1668}
1669
1670
1671
1672
1673
1674
1675
1676int __sys_listen(int fd, int backlog)
1677{
1678 struct socket *sock;
1679 int err, fput_needed;
1680 int somaxconn;
1681
1682 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1683 if (sock) {
1684 somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1685 if ((unsigned int)backlog > somaxconn)
1686 backlog = somaxconn;
1687
1688 err = security_socket_listen(sock, backlog);
1689 if (!err)
1690 err = sock->ops->listen(sock, backlog);
1691
1692 fput_light(sock->file, fput_needed);
1693 }
1694 return err;
1695}
1696
1697SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1698{
1699 return __sys_listen(fd, backlog);
1700}
1701
1702int __sys_accept4_file(struct file *file, unsigned file_flags,
1703 struct sockaddr __user *upeer_sockaddr,
1704 int __user *upeer_addrlen, int flags,
1705 unsigned long nofile)
1706{
1707 struct socket *sock, *newsock;
1708 struct file *newfile;
1709 int err, len, newfd;
1710 struct sockaddr_storage address;
1711
1712 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1713 return -EINVAL;
1714
1715 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1716 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1717
1718 sock = sock_from_file(file, &err);
1719 if (!sock)
1720 goto out;
1721
1722 err = -ENFILE;
1723 newsock = sock_alloc();
1724 if (!newsock)
1725 goto out;
1726
1727 newsock->type = sock->type;
1728 newsock->ops = sock->ops;
1729
1730
1731
1732
1733
1734 __module_get(newsock->ops->owner);
1735
1736 newfd = __get_unused_fd_flags(flags, nofile);
1737 if (unlikely(newfd < 0)) {
1738 err = newfd;
1739 sock_release(newsock);
1740 goto out;
1741 }
1742 newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
1743 if (IS_ERR(newfile)) {
1744 err = PTR_ERR(newfile);
1745 put_unused_fd(newfd);
1746 goto out;
1747 }
1748
1749 err = security_socket_accept(sock, newsock);
1750 if (err)
1751 goto out_fd;
1752
1753 err = sock->ops->accept(sock, newsock, sock->file->f_flags | file_flags,
1754 false);
1755 if (err < 0)
1756 goto out_fd;
1757
1758 if (upeer_sockaddr) {
1759 len = newsock->ops->getname(newsock,
1760 (struct sockaddr *)&address, 2);
1761 if (len < 0) {
1762 err = -ECONNABORTED;
1763 goto out_fd;
1764 }
1765 err = move_addr_to_user(&address,
1766 len, upeer_sockaddr, upeer_addrlen);
1767 if (err < 0)
1768 goto out_fd;
1769 }
1770
1771
1772
1773 fd_install(newfd, newfile);
1774 err = newfd;
1775out:
1776 return err;
1777out_fd:
1778 fput(newfile);
1779 put_unused_fd(newfd);
1780 goto out;
1781
1782}
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr,
1797 int __user *upeer_addrlen, int flags)
1798{
1799 int ret = -EBADF;
1800 struct fd f;
1801
1802 f = fdget(fd);
1803 if (f.file) {
1804 ret = __sys_accept4_file(f.file, 0, upeer_sockaddr,
1805 upeer_addrlen, flags,
1806 rlimit(RLIMIT_NOFILE));
1807 fdput(f);
1808 }
1809
1810 return ret;
1811}
1812
1813SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1814 int __user *, upeer_addrlen, int, flags)
1815{
1816 return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, flags);
1817}
1818
1819SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1820 int __user *, upeer_addrlen)
1821{
1822 return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1823}
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837int __sys_connect_file(struct file *file, struct sockaddr_storage *address,
1838 int addrlen, int file_flags)
1839{
1840 struct socket *sock;
1841 int err;
1842
1843 sock = sock_from_file(file, &err);
1844 if (!sock)
1845 goto out;
1846
1847 err =
1848 security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1849 if (err)
1850 goto out;
1851
1852 err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1853 sock->file->f_flags | file_flags);
1854out:
1855 return err;
1856}
1857
1858int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
1859{
1860 int ret = -EBADF;
1861 struct fd f;
1862
1863 f = fdget(fd);
1864 if (f.file) {
1865 struct sockaddr_storage address;
1866
1867 ret = move_addr_to_kernel(uservaddr, addrlen, &address);
1868 if (!ret)
1869 ret = __sys_connect_file(f.file, &address, addrlen, 0);
1870 fdput(f);
1871 }
1872
1873 return ret;
1874}
1875
1876SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1877 int, addrlen)
1878{
1879 return __sys_connect(fd, uservaddr, addrlen);
1880}
1881
1882
1883
1884
1885
1886
1887int __sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1888 int __user *usockaddr_len)
1889{
1890 struct socket *sock;
1891 struct sockaddr_storage address;
1892 int err, fput_needed;
1893
1894 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1895 if (!sock)
1896 goto out;
1897
1898 err = security_socket_getsockname(sock);
1899 if (err)
1900 goto out_put;
1901
1902 err = sock->ops->getname(sock, (struct sockaddr *)&address, 0);
1903 if (err < 0)
1904 goto out_put;
1905
1906 err = move_addr_to_user(&address, err, usockaddr, usockaddr_len);
1907
1908out_put:
1909 fput_light(sock->file, fput_needed);
1910out:
1911 return err;
1912}
1913
1914SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1915 int __user *, usockaddr_len)
1916{
1917 return __sys_getsockname(fd, usockaddr, usockaddr_len);
1918}
1919
1920
1921
1922
1923
1924
1925int __sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1926 int __user *usockaddr_len)
1927{
1928 struct socket *sock;
1929 struct sockaddr_storage address;
1930 int err, fput_needed;
1931
1932 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1933 if (sock != NULL) {
1934 err = security_socket_getpeername(sock);
1935 if (err) {
1936 fput_light(sock->file, fput_needed);
1937 return err;
1938 }
1939
1940 err = sock->ops->getname(sock, (struct sockaddr *)&address, 1);
1941 if (err >= 0)
1942
1943 err = move_addr_to_user(&address, err, usockaddr,
1944 usockaddr_len);
1945 fput_light(sock->file, fput_needed);
1946 }
1947 return err;
1948}
1949
1950SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1951 int __user *, usockaddr_len)
1952{
1953 return __sys_getpeername(fd, usockaddr, usockaddr_len);
1954}
1955
1956
1957
1958
1959
1960
1961int __sys_sendto(int fd, void __user *buff, size_t len, unsigned int flags,
1962 struct sockaddr __user *addr, int addr_len)
1963{
1964 struct socket *sock;
1965 struct sockaddr_storage address;
1966 int err;
1967 struct msghdr msg;
1968 struct iovec iov;
1969 int fput_needed;
1970
1971 err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
1972 if (unlikely(err))
1973 return err;
1974 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1975 if (!sock)
1976 goto out;
1977
1978 msg.msg_name = NULL;
1979 msg.msg_control = NULL;
1980 msg.msg_controllen = 0;
1981 msg.msg_namelen = 0;
1982 if (addr) {
1983 err = move_addr_to_kernel(addr, addr_len, &address);
1984 if (err < 0)
1985 goto out_put;
1986 msg.msg_name = (struct sockaddr *)&address;
1987 msg.msg_namelen = addr_len;
1988 }
1989 if (sock->file->f_flags & O_NONBLOCK)
1990 flags |= MSG_DONTWAIT;
1991 msg.msg_flags = flags;
1992 err = sock_sendmsg(sock, &msg);
1993
1994out_put:
1995 fput_light(sock->file, fput_needed);
1996out:
1997 return err;
1998}
1999
2000SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
2001 unsigned int, flags, struct sockaddr __user *, addr,
2002 int, addr_len)
2003{
2004 return __sys_sendto(fd, buff, len, flags, addr, addr_len);
2005}
2006
2007
2008
2009
2010
2011SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
2012 unsigned int, flags)
2013{
2014 return __sys_sendto(fd, buff, len, flags, NULL, 0);
2015}
2016
2017
2018
2019
2020
2021
2022int __sys_recvfrom(int fd, void __user *ubuf, size_t size, unsigned int flags,
2023 struct sockaddr __user *addr, int __user *addr_len)
2024{
2025 struct socket *sock;
2026 struct iovec iov;
2027 struct msghdr msg;
2028 struct sockaddr_storage address;
2029 int err, err2;
2030 int fput_needed;
2031
2032 err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
2033 if (unlikely(err))
2034 return err;
2035 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2036 if (!sock)
2037 goto out;
2038
2039 msg.msg_control = NULL;
2040 msg.msg_controllen = 0;
2041
2042 msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
2043
2044 msg.msg_namelen = 0;
2045 msg.msg_iocb = NULL;
2046 msg.msg_flags = 0;
2047 if (sock->file->f_flags & O_NONBLOCK)
2048 flags |= MSG_DONTWAIT;
2049 err = sock_recvmsg(sock, &msg, flags);
2050
2051 if (err >= 0 && addr != NULL) {
2052 err2 = move_addr_to_user(&address,
2053 msg.msg_namelen, addr, addr_len);
2054 if (err2 < 0)
2055 err = err2;
2056 }
2057
2058 fput_light(sock->file, fput_needed);
2059out:
2060 return err;
2061}
2062
2063SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
2064 unsigned int, flags, struct sockaddr __user *, addr,
2065 int __user *, addr_len)
2066{
2067 return __sys_recvfrom(fd, ubuf, size, flags, addr, addr_len);
2068}
2069
2070
2071
2072
2073
2074SYSCALL_DEFINE4(recv, int, fd, void __user *, ubuf, size_t, size,
2075 unsigned int, flags)
2076{
2077 return __sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
2078}
2079
2080static bool sock_use_custom_sol_socket(const struct socket *sock)
2081{
2082 const struct sock *sk = sock->sk;
2083
2084
2085 return IS_ENABLED(CONFIG_MPTCP) &&
2086 sk->sk_protocol == IPPROTO_MPTCP &&
2087 sk->sk_type == SOCK_STREAM &&
2088 (sk->sk_family == AF_INET || sk->sk_family == AF_INET6);
2089}
2090
2091
2092
2093
2094
2095int __sys_setsockopt(int fd, int level, int optname, char __user *user_optval,
2096 int optlen)
2097{
2098 sockptr_t optval = USER_SOCKPTR(user_optval);
2099 char *kernel_optval = NULL;
2100 int err, fput_needed;
2101 struct socket *sock;
2102
2103 if (optlen < 0)
2104 return -EINVAL;
2105
2106 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2107 if (!sock)
2108 return err;
2109
2110 err = security_socket_setsockopt(sock, level, optname);
2111 if (err)
2112 goto out_put;
2113
2114 if (!in_compat_syscall())
2115 err = BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock->sk, &level, &optname,
2116 user_optval, &optlen,
2117 &kernel_optval);
2118 if (err < 0)
2119 goto out_put;
2120 if (err > 0) {
2121 err = 0;
2122 goto out_put;
2123 }
2124
2125 if (kernel_optval)
2126 optval = KERNEL_SOCKPTR(kernel_optval);
2127 if (level == SOL_SOCKET && !sock_use_custom_sol_socket(sock))
2128 err = sock_setsockopt(sock, level, optname, optval, optlen);
2129 else if (unlikely(!sock->ops->setsockopt))
2130 err = -EOPNOTSUPP;
2131 else
2132 err = sock->ops->setsockopt(sock, level, optname, optval,
2133 optlen);
2134 kfree(kernel_optval);
2135out_put:
2136 fput_light(sock->file, fput_needed);
2137 return err;
2138}
2139
2140SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
2141 char __user *, optval, int, optlen)
2142{
2143 return __sys_setsockopt(fd, level, optname, optval, optlen);
2144}
2145
2146
2147
2148
2149
2150int __sys_getsockopt(int fd, int level, int optname, char __user *optval,
2151 int __user *optlen)
2152{
2153 int err, fput_needed;
2154 struct socket *sock;
2155 int max_optlen;
2156
2157 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2158 if (!sock)
2159 return err;
2160
2161 err = security_socket_getsockopt(sock, level, optname);
2162 if (err)
2163 goto out_put;
2164
2165 if (!in_compat_syscall())
2166 max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);
2167
2168 if (level == SOL_SOCKET)
2169 err = sock_getsockopt(sock, level, optname, optval, optlen);
2170 else if (unlikely(!sock->ops->getsockopt))
2171 err = -EOPNOTSUPP;
2172 else
2173 err = sock->ops->getsockopt(sock, level, optname, optval,
2174 optlen);
2175
2176 if (!in_compat_syscall())
2177 err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
2178 optval, optlen, max_optlen,
2179 err);
2180out_put:
2181 fput_light(sock->file, fput_needed);
2182 return err;
2183}
2184
2185SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
2186 char __user *, optval, int __user *, optlen)
2187{
2188 return __sys_getsockopt(fd, level, optname, optval, optlen);
2189}
2190
2191
2192
2193
2194
2195int __sys_shutdown(int fd, int how)
2196{
2197 int err, fput_needed;
2198 struct socket *sock;
2199
2200 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2201 if (sock != NULL) {
2202 err = security_socket_shutdown(sock, how);
2203 if (!err)
2204 err = sock->ops->shutdown(sock, how);
2205 fput_light(sock->file, fput_needed);
2206 }
2207 return err;
2208}
2209
2210SYSCALL_DEFINE2(shutdown, int, fd, int, how)
2211{
2212 return __sys_shutdown(fd, how);
2213}
2214
2215
2216
2217
2218#define COMPAT_MSG(msg, member) ((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
2219#define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen)
2220#define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags)
2221
2222struct used_address {
2223 struct sockaddr_storage name;
2224 unsigned int name_len;
2225};
2226
2227int __copy_msghdr_from_user(struct msghdr *kmsg,
2228 struct user_msghdr __user *umsg,
2229 struct sockaddr __user **save_addr,
2230 struct iovec __user **uiov, size_t *nsegs)
2231{
2232 struct user_msghdr msg;
2233 ssize_t err;
2234
2235 if (copy_from_user(&msg, umsg, sizeof(*umsg)))
2236 return -EFAULT;
2237
2238 kmsg->msg_control_is_user = true;
2239 kmsg->msg_control_user = msg.msg_control;
2240 kmsg->msg_controllen = msg.msg_controllen;
2241 kmsg->msg_flags = msg.msg_flags;
2242
2243 kmsg->msg_namelen = msg.msg_namelen;
2244 if (!msg.msg_name)
2245 kmsg->msg_namelen = 0;
2246
2247 if (kmsg->msg_namelen < 0)
2248 return -EINVAL;
2249
2250 if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
2251 kmsg->msg_namelen = sizeof(struct sockaddr_storage);
2252
2253 if (save_addr)
2254 *save_addr = msg.msg_name;
2255
2256 if (msg.msg_name && kmsg->msg_namelen) {
2257 if (!save_addr) {
2258 err = move_addr_to_kernel(msg.msg_name,
2259 kmsg->msg_namelen,
2260 kmsg->msg_name);
2261 if (err < 0)
2262 return err;
2263 }
2264 } else {
2265 kmsg->msg_name = NULL;
2266 kmsg->msg_namelen = 0;
2267 }
2268
2269 if (msg.msg_iovlen > UIO_MAXIOV)
2270 return -EMSGSIZE;
2271
2272 kmsg->msg_iocb = NULL;
2273 *uiov = msg.msg_iov;
2274 *nsegs = msg.msg_iovlen;
2275 return 0;
2276}
2277
2278static int copy_msghdr_from_user(struct msghdr *kmsg,
2279 struct user_msghdr __user *umsg,
2280 struct sockaddr __user **save_addr,
2281 struct iovec **iov)
2282{
2283 struct user_msghdr msg;
2284 ssize_t err;
2285
2286 err = __copy_msghdr_from_user(kmsg, umsg, save_addr, &msg.msg_iov,
2287 &msg.msg_iovlen);
2288 if (err)
2289 return err;
2290
2291 err = import_iovec(save_addr ? READ : WRITE,
2292 msg.msg_iov, msg.msg_iovlen,
2293 UIO_FASTIOV, iov, &kmsg->msg_iter);
2294 return err < 0 ? err : 0;
2295}
2296
2297static int ____sys_sendmsg(struct socket *sock, struct msghdr *msg_sys,
2298 unsigned int flags, struct used_address *used_address,
2299 unsigned int allowed_msghdr_flags)
2300{
2301 unsigned char ctl[sizeof(struct cmsghdr) + 20]
2302 __aligned(sizeof(__kernel_size_t));
2303
2304 unsigned char *ctl_buf = ctl;
2305 int ctl_len;
2306 ssize_t err;
2307
2308 err = -ENOBUFS;
2309
2310 if (msg_sys->msg_controllen > INT_MAX)
2311 goto out;
2312 flags |= (msg_sys->msg_flags & allowed_msghdr_flags);
2313 ctl_len = msg_sys->msg_controllen;
2314 if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
2315 err =
2316 cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
2317 sizeof(ctl));
2318 if (err)
2319 goto out;
2320 ctl_buf = msg_sys->msg_control;
2321 ctl_len = msg_sys->msg_controllen;
2322 } else if (ctl_len) {
2323 BUILD_BUG_ON(sizeof(struct cmsghdr) !=
2324 CMSG_ALIGN(sizeof(struct cmsghdr)));
2325 if (ctl_len > sizeof(ctl)) {
2326 ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
2327 if (ctl_buf == NULL)
2328 goto out;
2329 }
2330 err = -EFAULT;
2331 if (copy_from_user(ctl_buf, msg_sys->msg_control_user, ctl_len))
2332 goto out_freectl;
2333 msg_sys->msg_control = ctl_buf;
2334 msg_sys->msg_control_is_user = false;
2335 }
2336 msg_sys->msg_flags = flags;
2337
2338 if (sock->file->f_flags & O_NONBLOCK)
2339 msg_sys->msg_flags |= MSG_DONTWAIT;
2340
2341
2342
2343
2344
2345
2346 if (used_address && msg_sys->msg_name &&
2347 used_address->name_len == msg_sys->msg_namelen &&
2348 !memcmp(&used_address->name, msg_sys->msg_name,
2349 used_address->name_len)) {
2350 err = sock_sendmsg_nosec(sock, msg_sys);
2351 goto out_freectl;
2352 }
2353 err = sock_sendmsg(sock, msg_sys);
2354
2355
2356
2357
2358 if (used_address && err >= 0) {
2359 used_address->name_len = msg_sys->msg_namelen;
2360 if (msg_sys->msg_name)
2361 memcpy(&used_address->name, msg_sys->msg_name,
2362 used_address->name_len);
2363 }
2364
2365out_freectl:
2366 if (ctl_buf != ctl)
2367 sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2368out:
2369 return err;
2370}
2371
2372int sendmsg_copy_msghdr(struct msghdr *msg,
2373 struct user_msghdr __user *umsg, unsigned flags,
2374 struct iovec **iov)
2375{
2376 int err;
2377
2378 if (flags & MSG_CMSG_COMPAT) {
2379 struct compat_msghdr __user *msg_compat;
2380
2381 msg_compat = (struct compat_msghdr __user *) umsg;
2382 err = get_compat_msghdr(msg, msg_compat, NULL, iov);
2383 } else {
2384 err = copy_msghdr_from_user(msg, umsg, NULL, iov);
2385 }
2386 if (err < 0)
2387 return err;
2388
2389 return 0;
2390}
2391
2392static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
2393 struct msghdr *msg_sys, unsigned int flags,
2394 struct used_address *used_address,
2395 unsigned int allowed_msghdr_flags)
2396{
2397 struct sockaddr_storage address;
2398 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2399 ssize_t err;
2400
2401 msg_sys->msg_name = &address;
2402
2403 err = sendmsg_copy_msghdr(msg_sys, msg, flags, &iov);
2404 if (err < 0)
2405 return err;
2406
2407 err = ____sys_sendmsg(sock, msg_sys, flags, used_address,
2408 allowed_msghdr_flags);
2409 kfree(iov);
2410 return err;
2411}
2412
2413
2414
2415
2416long __sys_sendmsg_sock(struct socket *sock, struct msghdr *msg,
2417 unsigned int flags)
2418{
2419
2420 if (msg->msg_control || msg->msg_controllen)
2421 return -EINVAL;
2422
2423 return ____sys_sendmsg(sock, msg, flags, NULL, 0);
2424}
2425
2426long __sys_sendmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2427 bool forbid_cmsg_compat)
2428{
2429 int fput_needed, err;
2430 struct msghdr msg_sys;
2431 struct socket *sock;
2432
2433 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2434 return -EINVAL;
2435
2436 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2437 if (!sock)
2438 goto out;
2439
2440 err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL, 0);
2441
2442 fput_light(sock->file, fput_needed);
2443out:
2444 return err;
2445}
2446
2447SYSCALL_DEFINE3(sendmsg, int, fd, struct user_msghdr __user *, msg, unsigned int, flags)
2448{
2449 return __sys_sendmsg(fd, msg, flags, true);
2450}
2451
2452
2453
2454
2455
2456int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2457 unsigned int flags, bool forbid_cmsg_compat)
2458{
2459 int fput_needed, err, datagrams;
2460 struct socket *sock;
2461 struct mmsghdr __user *entry;
2462 struct compat_mmsghdr __user *compat_entry;
2463 struct msghdr msg_sys;
2464 struct used_address used_address;
2465 unsigned int oflags = flags;
2466
2467 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2468 return -EINVAL;
2469
2470 if (vlen > UIO_MAXIOV)
2471 vlen = UIO_MAXIOV;
2472
2473 datagrams = 0;
2474
2475 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2476 if (!sock)
2477 return err;
2478
2479 used_address.name_len = UINT_MAX;
2480 entry = mmsg;
2481 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2482 err = 0;
2483 flags |= MSG_BATCH;
2484
2485 while (datagrams < vlen) {
2486 if (datagrams == vlen - 1)
2487 flags = oflags;
2488
2489 if (MSG_CMSG_COMPAT & flags) {
2490 err = ___sys_sendmsg(sock, (struct user_msghdr __user *)compat_entry,
2491 &msg_sys, flags, &used_address, MSG_EOR);
2492 if (err < 0)
2493 break;
2494 err = __put_user(err, &compat_entry->msg_len);
2495 ++compat_entry;
2496 } else {
2497 err = ___sys_sendmsg(sock,
2498 (struct user_msghdr __user *)entry,
2499 &msg_sys, flags, &used_address, MSG_EOR);
2500 if (err < 0)
2501 break;
2502 err = put_user(err, &entry->msg_len);
2503 ++entry;
2504 }
2505
2506 if (err)
2507 break;
2508 ++datagrams;
2509 if (msg_data_left(&msg_sys))
2510 break;
2511 cond_resched();
2512 }
2513
2514 fput_light(sock->file, fput_needed);
2515
2516
2517 if (datagrams != 0)
2518 return datagrams;
2519
2520 return err;
2521}
2522
2523SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2524 unsigned int, vlen, unsigned int, flags)
2525{
2526 return __sys_sendmmsg(fd, mmsg, vlen, flags, true);
2527}
2528
2529int recvmsg_copy_msghdr(struct msghdr *msg,
2530 struct user_msghdr __user *umsg, unsigned flags,
2531 struct sockaddr __user **uaddr,
2532 struct iovec **iov)
2533{
2534 ssize_t err;
2535
2536 if (MSG_CMSG_COMPAT & flags) {
2537 struct compat_msghdr __user *msg_compat;
2538
2539 msg_compat = (struct compat_msghdr __user *) umsg;
2540 err = get_compat_msghdr(msg, msg_compat, uaddr, iov);
2541 } else {
2542 err = copy_msghdr_from_user(msg, umsg, uaddr, iov);
2543 }
2544 if (err < 0)
2545 return err;
2546
2547 return 0;
2548}
2549
2550static int ____sys_recvmsg(struct socket *sock, struct msghdr *msg_sys,
2551 struct user_msghdr __user *msg,
2552 struct sockaddr __user *uaddr,
2553 unsigned int flags, int nosec)
2554{
2555 struct compat_msghdr __user *msg_compat =
2556 (struct compat_msghdr __user *) msg;
2557 int __user *uaddr_len = COMPAT_NAMELEN(msg);
2558 struct sockaddr_storage addr;
2559 unsigned long cmsg_ptr;
2560 int len;
2561 ssize_t err;
2562
2563 msg_sys->msg_name = &addr;
2564 cmsg_ptr = (unsigned long)msg_sys->msg_control;
2565 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2566
2567
2568 msg_sys->msg_namelen = 0;
2569
2570 if (sock->file->f_flags & O_NONBLOCK)
2571 flags |= MSG_DONTWAIT;
2572
2573 if (unlikely(nosec))
2574 err = sock_recvmsg_nosec(sock, msg_sys, flags);
2575 else
2576 err = sock_recvmsg(sock, msg_sys, flags);
2577
2578 if (err < 0)
2579 goto out;
2580 len = err;
2581
2582 if (uaddr != NULL) {
2583 err = move_addr_to_user(&addr,
2584 msg_sys->msg_namelen, uaddr,
2585 uaddr_len);
2586 if (err < 0)
2587 goto out;
2588 }
2589 err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
2590 COMPAT_FLAGS(msg));
2591 if (err)
2592 goto out;
2593 if (MSG_CMSG_COMPAT & flags)
2594 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2595 &msg_compat->msg_controllen);
2596 else
2597 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2598 &msg->msg_controllen);
2599 if (err)
2600 goto out;
2601 err = len;
2602out:
2603 return err;
2604}
2605
2606static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
2607 struct msghdr *msg_sys, unsigned int flags, int nosec)
2608{
2609 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2610
2611 struct sockaddr __user *uaddr;
2612 ssize_t err;
2613
2614 err = recvmsg_copy_msghdr(msg_sys, msg, flags, &uaddr, &iov);
2615 if (err < 0)
2616 return err;
2617
2618 err = ____sys_recvmsg(sock, msg_sys, msg, uaddr, flags, nosec);
2619 kfree(iov);
2620 return err;
2621}
2622
2623
2624
2625
2626
2627long __sys_recvmsg_sock(struct socket *sock, struct msghdr *msg,
2628 struct user_msghdr __user *umsg,
2629 struct sockaddr __user *uaddr, unsigned int flags)
2630{
2631
2632 if (msg->msg_control || msg->msg_controllen)
2633 return -EINVAL;
2634
2635 return ____sys_recvmsg(sock, msg, umsg, uaddr, flags, 0);
2636}
2637
2638long __sys_recvmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2639 bool forbid_cmsg_compat)
2640{
2641 int fput_needed, err;
2642 struct msghdr msg_sys;
2643 struct socket *sock;
2644
2645 if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2646 return -EINVAL;
2647
2648 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2649 if (!sock)
2650 goto out;
2651
2652 err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2653
2654 fput_light(sock->file, fput_needed);
2655out:
2656 return err;
2657}
2658
2659SYSCALL_DEFINE3(recvmsg, int, fd, struct user_msghdr __user *, msg,
2660 unsigned int, flags)
2661{
2662 return __sys_recvmsg(fd, msg, flags, true);
2663}
2664
2665
2666
2667
2668
2669static int do_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2670 unsigned int vlen, unsigned int flags,
2671 struct timespec64 *timeout)
2672{
2673 int fput_needed, err, datagrams;
2674 struct socket *sock;
2675 struct mmsghdr __user *entry;
2676 struct compat_mmsghdr __user *compat_entry;
2677 struct msghdr msg_sys;
2678 struct timespec64 end_time;
2679 struct timespec64 timeout64;
2680
2681 if (timeout &&
2682 poll_select_set_timeout(&end_time, timeout->tv_sec,
2683 timeout->tv_nsec))
2684 return -EINVAL;
2685
2686 datagrams = 0;
2687
2688 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2689 if (!sock)
2690 return err;
2691
2692 if (likely(!(flags & MSG_ERRQUEUE))) {
2693 err = sock_error(sock->sk);
2694 if (err) {
2695 datagrams = err;
2696 goto out_put;
2697 }
2698 }
2699
2700 entry = mmsg;
2701 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2702
2703 while (datagrams < vlen) {
2704
2705
2706
2707 if (MSG_CMSG_COMPAT & flags) {
2708 err = ___sys_recvmsg(sock, (struct user_msghdr __user *)compat_entry,
2709 &msg_sys, flags & ~MSG_WAITFORONE,
2710 datagrams);
2711 if (err < 0)
2712 break;
2713 err = __put_user(err, &compat_entry->msg_len);
2714 ++compat_entry;
2715 } else {
2716 err = ___sys_recvmsg(sock,
2717 (struct user_msghdr __user *)entry,
2718 &msg_sys, flags & ~MSG_WAITFORONE,
2719 datagrams);
2720 if (err < 0)
2721 break;
2722 err = put_user(err, &entry->msg_len);
2723 ++entry;
2724 }
2725
2726 if (err)
2727 break;
2728 ++datagrams;
2729
2730
2731 if (flags & MSG_WAITFORONE)
2732 flags |= MSG_DONTWAIT;
2733
2734 if (timeout) {
2735 ktime_get_ts64(&timeout64);
2736 *timeout = timespec64_sub(end_time, timeout64);
2737 if (timeout->tv_sec < 0) {
2738 timeout->tv_sec = timeout->tv_nsec = 0;
2739 break;
2740 }
2741
2742
2743 if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2744 break;
2745 }
2746
2747
2748 if (msg_sys.msg_flags & MSG_OOB)
2749 break;
2750 cond_resched();
2751 }
2752
2753 if (err == 0)
2754 goto out_put;
2755
2756 if (datagrams == 0) {
2757 datagrams = err;
2758 goto out_put;
2759 }
2760
2761
2762
2763
2764
2765 if (err != -EAGAIN) {
2766
2767
2768
2769
2770
2771
2772 sock->sk->sk_err = -err;
2773 }
2774out_put:
2775 fput_light(sock->file, fput_needed);
2776
2777 return datagrams;
2778}
2779
2780int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2781 unsigned int vlen, unsigned int flags,
2782 struct __kernel_timespec __user *timeout,
2783 struct old_timespec32 __user *timeout32)
2784{
2785 int datagrams;
2786 struct timespec64 timeout_sys;
2787
2788 if (timeout && get_timespec64(&timeout_sys, timeout))
2789 return -EFAULT;
2790
2791 if (timeout32 && get_old_timespec32(&timeout_sys, timeout32))
2792 return -EFAULT;
2793
2794 if (!timeout && !timeout32)
2795 return do_recvmmsg(fd, mmsg, vlen, flags, NULL);
2796
2797 datagrams = do_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2798
2799 if (datagrams <= 0)
2800 return datagrams;
2801
2802 if (timeout && put_timespec64(&timeout_sys, timeout))
2803 datagrams = -EFAULT;
2804
2805 if (timeout32 && put_old_timespec32(&timeout_sys, timeout32))
2806 datagrams = -EFAULT;
2807
2808 return datagrams;
2809}
2810
2811SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2812 unsigned int, vlen, unsigned int, flags,
2813 struct __kernel_timespec __user *, timeout)
2814{
2815 if (flags & MSG_CMSG_COMPAT)
2816 return -EINVAL;
2817
2818 return __sys_recvmmsg(fd, mmsg, vlen, flags, timeout, NULL);
2819}
2820
2821#ifdef CONFIG_COMPAT_32BIT_TIME
2822SYSCALL_DEFINE5(recvmmsg_time32, int, fd, struct mmsghdr __user *, mmsg,
2823 unsigned int, vlen, unsigned int, flags,
2824 struct old_timespec32 __user *, timeout)
2825{
2826 if (flags & MSG_CMSG_COMPAT)
2827 return -EINVAL;
2828
2829 return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL, timeout);
2830}
2831#endif
2832
2833#ifdef __ARCH_WANT_SYS_SOCKETCALL
2834
2835#define AL(x) ((x) * sizeof(unsigned long))
2836static const unsigned char nargs[21] = {
2837 AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2838 AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2839 AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2840 AL(4), AL(5), AL(4)
2841};
2842
2843#undef AL
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2854{
2855 unsigned long a[AUDITSC_ARGS];
2856 unsigned long a0, a1;
2857 int err;
2858 unsigned int len;
2859
2860 if (call < 1 || call > SYS_SENDMMSG)
2861 return -EINVAL;
2862 call = array_index_nospec(call, SYS_SENDMMSG + 1);
2863
2864 len = nargs[call];
2865 if (len > sizeof(a))
2866 return -EINVAL;
2867
2868
2869 if (copy_from_user(a, args, len))
2870 return -EFAULT;
2871
2872 err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2873 if (err)
2874 return err;
2875
2876 a0 = a[0];
2877 a1 = a[1];
2878
2879 switch (call) {
2880 case SYS_SOCKET:
2881 err = __sys_socket(a0, a1, a[2]);
2882 break;
2883 case SYS_BIND:
2884 err = __sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2885 break;
2886 case SYS_CONNECT:
2887 err = __sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2888 break;
2889 case SYS_LISTEN:
2890 err = __sys_listen(a0, a1);
2891 break;
2892 case SYS_ACCEPT:
2893 err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2894 (int __user *)a[2], 0);
2895 break;
2896 case SYS_GETSOCKNAME:
2897 err =
2898 __sys_getsockname(a0, (struct sockaddr __user *)a1,
2899 (int __user *)a[2]);
2900 break;
2901 case SYS_GETPEERNAME:
2902 err =
2903 __sys_getpeername(a0, (struct sockaddr __user *)a1,
2904 (int __user *)a[2]);
2905 break;
2906 case SYS_SOCKETPAIR:
2907 err = __sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2908 break;
2909 case SYS_SEND:
2910 err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2911 NULL, 0);
2912 break;
2913 case SYS_SENDTO:
2914 err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2915 (struct sockaddr __user *)a[4], a[5]);
2916 break;
2917 case SYS_RECV:
2918 err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2919 NULL, NULL);
2920 break;
2921 case SYS_RECVFROM:
2922 err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2923 (struct sockaddr __user *)a[4],
2924 (int __user *)a[5]);
2925 break;
2926 case SYS_SHUTDOWN:
2927 err = __sys_shutdown(a0, a1);
2928 break;
2929 case SYS_SETSOCKOPT:
2930 err = __sys_setsockopt(a0, a1, a[2], (char __user *)a[3],
2931 a[4]);
2932 break;
2933 case SYS_GETSOCKOPT:
2934 err =
2935 __sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2936 (int __user *)a[4]);
2937 break;
2938 case SYS_SENDMSG:
2939 err = __sys_sendmsg(a0, (struct user_msghdr __user *)a1,
2940 a[2], true);
2941 break;
2942 case SYS_SENDMMSG:
2943 err = __sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2],
2944 a[3], true);
2945 break;
2946 case SYS_RECVMSG:
2947 err = __sys_recvmsg(a0, (struct user_msghdr __user *)a1,
2948 a[2], true);
2949 break;
2950 case SYS_RECVMMSG:
2951 if (IS_ENABLED(CONFIG_64BIT))
2952 err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2953 a[2], a[3],
2954 (struct __kernel_timespec __user *)a[4],
2955 NULL);
2956 else
2957 err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2958 a[2], a[3], NULL,
2959 (struct old_timespec32 __user *)a[4]);
2960 break;
2961 case SYS_ACCEPT4:
2962 err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2963 (int __user *)a[2], a[3]);
2964 break;
2965 default:
2966 err = -EINVAL;
2967 break;
2968 }
2969 return err;
2970}
2971
2972#endif
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983int sock_register(const struct net_proto_family *ops)
2984{
2985 int err;
2986
2987 if (ops->family >= NPROTO) {
2988 pr_crit("protocol %d >= NPROTO(%d)\n", ops->family, NPROTO);
2989 return -ENOBUFS;
2990 }
2991
2992 spin_lock(&net_family_lock);
2993 if (rcu_dereference_protected(net_families[ops->family],
2994 lockdep_is_held(&net_family_lock)))
2995 err = -EEXIST;
2996 else {
2997 rcu_assign_pointer(net_families[ops->family], ops);
2998 err = 0;
2999 }
3000 spin_unlock(&net_family_lock);
3001
3002 pr_info("NET: Registered protocol family %d\n", ops->family);
3003 return err;
3004}
3005EXPORT_SYMBOL(sock_register);
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020void sock_unregister(int family)
3021{
3022 BUG_ON(family < 0 || family >= NPROTO);
3023
3024 spin_lock(&net_family_lock);
3025 RCU_INIT_POINTER(net_families[family], NULL);
3026 spin_unlock(&net_family_lock);
3027
3028 synchronize_rcu();
3029
3030 pr_info("NET: Unregistered protocol family %d\n", family);
3031}
3032EXPORT_SYMBOL(sock_unregister);
3033
3034bool sock_is_registered(int family)
3035{
3036 return family < NPROTO && rcu_access_pointer(net_families[family]);
3037}
3038
3039static int __init sock_init(void)
3040{
3041 int err;
3042
3043
3044
3045 err = net_sysctl_init();
3046 if (err)
3047 goto out;
3048
3049
3050
3051
3052 skb_init();
3053
3054
3055
3056
3057
3058 init_inodecache();
3059
3060 err = register_filesystem(&sock_fs_type);
3061 if (err)
3062 goto out;
3063 sock_mnt = kern_mount(&sock_fs_type);
3064 if (IS_ERR(sock_mnt)) {
3065 err = PTR_ERR(sock_mnt);
3066 goto out_mount;
3067 }
3068
3069
3070
3071
3072#ifdef CONFIG_NETFILTER
3073 err = netfilter_init();
3074 if (err)
3075 goto out;
3076#endif
3077
3078 ptp_classifier_init();
3079
3080out:
3081 return err;
3082
3083out_mount:
3084 unregister_filesystem(&sock_fs_type);
3085 goto out;
3086}
3087
3088core_initcall(sock_init);
3089
3090#ifdef CONFIG_PROC_FS
3091void socket_seq_show(struct seq_file *seq)
3092{
3093 seq_printf(seq, "sockets: used %d\n",
3094 sock_inuse_get(seq->private));
3095}
3096#endif
3097
3098#ifdef CONFIG_COMPAT
3099static int compat_dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
3100{
3101 struct compat_ifconf ifc32;
3102 struct ifconf ifc;
3103 int err;
3104
3105 if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
3106 return -EFAULT;
3107
3108 ifc.ifc_len = ifc32.ifc_len;
3109 ifc.ifc_req = compat_ptr(ifc32.ifcbuf);
3110
3111 rtnl_lock();
3112 err = dev_ifconf(net, &ifc, sizeof(struct compat_ifreq));
3113 rtnl_unlock();
3114 if (err)
3115 return err;
3116
3117 ifc32.ifc_len = ifc.ifc_len;
3118 if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
3119 return -EFAULT;
3120
3121 return 0;
3122}
3123
3124static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
3125{
3126 struct compat_ethtool_rxnfc __user *compat_rxnfc;
3127 bool convert_in = false, convert_out = false;
3128 size_t buf_size = 0;
3129 struct ethtool_rxnfc __user *rxnfc = NULL;
3130 struct ifreq ifr;
3131 u32 rule_cnt = 0, actual_rule_cnt;
3132 u32 ethcmd;
3133 u32 data;
3134 int ret;
3135
3136 if (get_user(data, &ifr32->ifr_ifru.ifru_data))
3137 return -EFAULT;
3138
3139 compat_rxnfc = compat_ptr(data);
3140
3141 if (get_user(ethcmd, &compat_rxnfc->cmd))
3142 return -EFAULT;
3143
3144
3145
3146
3147 switch (ethcmd) {
3148 default:
3149 break;
3150 case ETHTOOL_GRXCLSRLALL:
3151
3152 if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
3153 return -EFAULT;
3154 if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
3155 return -ENOMEM;
3156 buf_size += rule_cnt * sizeof(u32);
3157 fallthrough;
3158 case ETHTOOL_GRXRINGS:
3159 case ETHTOOL_GRXCLSRLCNT:
3160 case ETHTOOL_GRXCLSRULE:
3161 case ETHTOOL_SRXCLSRLINS:
3162 convert_out = true;
3163 fallthrough;
3164 case ETHTOOL_SRXCLSRLDEL:
3165 buf_size += sizeof(struct ethtool_rxnfc);
3166 convert_in = true;
3167 rxnfc = compat_alloc_user_space(buf_size);
3168 break;
3169 }
3170
3171 if (copy_from_user(&ifr.ifr_name, &ifr32->ifr_name, IFNAMSIZ))
3172 return -EFAULT;
3173
3174 ifr.ifr_data = convert_in ? rxnfc : (void __user *)compat_rxnfc;
3175
3176 if (convert_in) {
3177
3178
3179
3180 BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
3181 sizeof(compat_rxnfc->fs.m_ext) !=
3182 offsetof(struct ethtool_rxnfc, fs.m_ext) +
3183 sizeof(rxnfc->fs.m_ext));
3184 BUILD_BUG_ON(
3185 offsetof(struct compat_ethtool_rxnfc, fs.location) -
3186 offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
3187 offsetof(struct ethtool_rxnfc, fs.location) -
3188 offsetof(struct ethtool_rxnfc, fs.ring_cookie));
3189
3190 if (copy_in_user(rxnfc, compat_rxnfc,
3191 (void __user *)(&rxnfc->fs.m_ext + 1) -
3192 (void __user *)rxnfc) ||
3193 copy_in_user(&rxnfc->fs.ring_cookie,
3194 &compat_rxnfc->fs.ring_cookie,
3195 (void __user *)(&rxnfc->fs.location + 1) -
3196 (void __user *)&rxnfc->fs.ring_cookie))
3197 return -EFAULT;
3198 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3199 if (put_user(rule_cnt, &rxnfc->rule_cnt))
3200 return -EFAULT;
3201 } else if (copy_in_user(&rxnfc->rule_cnt,
3202 &compat_rxnfc->rule_cnt,
3203 sizeof(rxnfc->rule_cnt)))
3204 return -EFAULT;
3205 }
3206
3207 ret = dev_ioctl(net, SIOCETHTOOL, &ifr, NULL);
3208 if (ret)
3209 return ret;
3210
3211 if (convert_out) {
3212 if (copy_in_user(compat_rxnfc, rxnfc,
3213 (const void __user *)(&rxnfc->fs.m_ext + 1) -
3214 (const void __user *)rxnfc) ||
3215 copy_in_user(&compat_rxnfc->fs.ring_cookie,
3216 &rxnfc->fs.ring_cookie,
3217 (const void __user *)(&rxnfc->fs.location + 1) -
3218 (const void __user *)&rxnfc->fs.ring_cookie) ||
3219 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
3220 sizeof(rxnfc->rule_cnt)))
3221 return -EFAULT;
3222
3223 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3224
3225
3226
3227
3228
3229
3230
3231
3232 if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
3233 return -EFAULT;
3234 if (actual_rule_cnt < rule_cnt)
3235 rule_cnt = actual_rule_cnt;
3236 if (copy_in_user(&compat_rxnfc->rule_locs[0],
3237 &rxnfc->rule_locs[0],
3238 rule_cnt * sizeof(u32)))
3239 return -EFAULT;
3240 }
3241 }
3242
3243 return 0;
3244}
3245
3246static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
3247{
3248 compat_uptr_t uptr32;
3249 struct ifreq ifr;
3250 void __user *saved;
3251 int err;
3252
3253 if (copy_from_user(&ifr, uifr32, sizeof(struct compat_ifreq)))
3254 return -EFAULT;
3255
3256 if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
3257 return -EFAULT;
3258
3259 saved = ifr.ifr_settings.ifs_ifsu.raw_hdlc;
3260 ifr.ifr_settings.ifs_ifsu.raw_hdlc = compat_ptr(uptr32);
3261
3262 err = dev_ioctl(net, SIOCWANDEV, &ifr, NULL);
3263 if (!err) {
3264 ifr.ifr_settings.ifs_ifsu.raw_hdlc = saved;
3265 if (copy_to_user(uifr32, &ifr, sizeof(struct compat_ifreq)))
3266 err = -EFAULT;
3267 }
3268 return err;
3269}
3270
3271
3272static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd,
3273 struct compat_ifreq __user *u_ifreq32)
3274{
3275 struct ifreq ifreq;
3276 u32 data32;
3277
3278 if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ))
3279 return -EFAULT;
3280 if (get_user(data32, &u_ifreq32->ifr_data))
3281 return -EFAULT;
3282 ifreq.ifr_data = compat_ptr(data32);
3283
3284 return dev_ioctl(net, cmd, &ifreq, NULL);
3285}
3286
3287static int compat_ifreq_ioctl(struct net *net, struct socket *sock,
3288 unsigned int cmd,
3289 struct compat_ifreq __user *uifr32)
3290{
3291 struct ifreq __user *uifr;
3292 int err;
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304 uifr = compat_alloc_user_space(sizeof(*uifr));
3305 if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
3306 return -EFAULT;
3307
3308 err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
3309
3310 if (!err) {
3311 switch (cmd) {
3312 case SIOCGIFFLAGS:
3313 case SIOCGIFMETRIC:
3314 case SIOCGIFMTU:
3315 case SIOCGIFMEM:
3316 case SIOCGIFHWADDR:
3317 case SIOCGIFINDEX:
3318 case SIOCGIFADDR:
3319 case SIOCGIFBRDADDR:
3320 case SIOCGIFDSTADDR:
3321 case SIOCGIFNETMASK:
3322 case SIOCGIFPFLAGS:
3323 case SIOCGIFTXQLEN:
3324 case SIOCGMIIPHY:
3325 case SIOCGMIIREG:
3326 case SIOCGIFNAME:
3327 if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
3328 err = -EFAULT;
3329 break;
3330 }
3331 }
3332 return err;
3333}
3334
3335static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3336 struct compat_ifreq __user *uifr32)
3337{
3338 struct ifreq ifr;
3339 struct compat_ifmap __user *uifmap32;
3340 int err;
3341
3342 uifmap32 = &uifr32->ifr_ifru.ifru_map;
3343 err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3344 err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3345 err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3346 err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3347 err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3348 err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3349 err |= get_user(ifr.ifr_map.port, &uifmap32->port);
3350 if (err)
3351 return -EFAULT;
3352
3353 err = dev_ioctl(net, cmd, &ifr, NULL);
3354
3355 if (cmd == SIOCGIFMAP && !err) {
3356 err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3357 err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3358 err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3359 err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3360 err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3361 err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3362 err |= put_user(ifr.ifr_map.port, &uifmap32->port);
3363 if (err)
3364 err = -EFAULT;
3365 }
3366 return err;
3367}
3368
3369
3370
3371
3372
3373static int old_bridge_ioctl(compat_ulong_t __user *argp)
3374{
3375 compat_ulong_t tmp;
3376
3377 if (get_user(tmp, argp))
3378 return -EFAULT;
3379 if (tmp == BRCTL_GET_VERSION)
3380 return BRCTL_VERSION + 1;
3381 return -EINVAL;
3382}
3383
3384static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3385 unsigned int cmd, unsigned long arg)
3386{
3387 void __user *argp = compat_ptr(arg);
3388 struct sock *sk = sock->sk;
3389 struct net *net = sock_net(sk);
3390
3391 if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
3392 return compat_ifr_data_ioctl(net, cmd, argp);
3393
3394 switch (cmd) {
3395 case SIOCSIFBR:
3396 case SIOCGIFBR:
3397 return old_bridge_ioctl(argp);
3398 case SIOCGIFCONF:
3399 return compat_dev_ifconf(net, argp);
3400 case SIOCETHTOOL:
3401 return ethtool_ioctl(net, argp);
3402 case SIOCWANDEV:
3403 return compat_siocwandev(net, argp);
3404 case SIOCGIFMAP:
3405 case SIOCSIFMAP:
3406 return compat_sioc_ifmap(net, cmd, argp);
3407 case SIOCGSTAMP_OLD:
3408 case SIOCGSTAMPNS_OLD:
3409 if (!sock->ops->gettstamp)
3410 return -ENOIOCTLCMD;
3411 return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP_OLD,
3412 !COMPAT_USE_64BIT_TIME);
3413
3414 case SIOCBONDSLAVEINFOQUERY:
3415 case SIOCBONDINFOQUERY:
3416 case SIOCSHWTSTAMP:
3417 case SIOCGHWTSTAMP:
3418 return compat_ifr_data_ioctl(net, cmd, argp);
3419
3420 case FIOSETOWN:
3421 case SIOCSPGRP:
3422 case FIOGETOWN:
3423 case SIOCGPGRP:
3424 case SIOCBRADDBR:
3425 case SIOCBRDELBR:
3426 case SIOCGIFVLAN:
3427 case SIOCSIFVLAN:
3428 case SIOCADDDLCI:
3429 case SIOCDELDLCI:
3430 case SIOCGSKNS:
3431 case SIOCGSTAMP_NEW:
3432 case SIOCGSTAMPNS_NEW:
3433 return sock_ioctl(file, cmd, arg);
3434
3435 case SIOCGIFFLAGS:
3436 case SIOCSIFFLAGS:
3437 case SIOCGIFMETRIC:
3438 case SIOCSIFMETRIC:
3439 case SIOCGIFMTU:
3440 case SIOCSIFMTU:
3441 case SIOCGIFMEM:
3442 case SIOCSIFMEM:
3443 case SIOCGIFHWADDR:
3444 case SIOCSIFHWADDR:
3445 case SIOCADDMULTI:
3446 case SIOCDELMULTI:
3447 case SIOCGIFINDEX:
3448 case SIOCGIFADDR:
3449 case SIOCSIFADDR:
3450 case SIOCSIFHWBROADCAST:
3451 case SIOCDIFADDR:
3452 case SIOCGIFBRDADDR:
3453 case SIOCSIFBRDADDR:
3454 case SIOCGIFDSTADDR:
3455 case SIOCSIFDSTADDR:
3456 case SIOCGIFNETMASK:
3457 case SIOCSIFNETMASK:
3458 case SIOCSIFPFLAGS:
3459 case SIOCGIFPFLAGS:
3460 case SIOCGIFTXQLEN:
3461 case SIOCSIFTXQLEN:
3462 case SIOCBRADDIF:
3463 case SIOCBRDELIF:
3464 case SIOCGIFNAME:
3465 case SIOCSIFNAME:
3466 case SIOCGMIIPHY:
3467 case SIOCGMIIREG:
3468 case SIOCSMIIREG:
3469 case SIOCBONDENSLAVE:
3470 case SIOCBONDRELEASE:
3471 case SIOCBONDSETHWADDR:
3472 case SIOCBONDCHANGEACTIVE:
3473 return compat_ifreq_ioctl(net, sock, cmd, argp);
3474
3475 case SIOCSARP:
3476 case SIOCGARP:
3477 case SIOCDARP:
3478 case SIOCOUTQ:
3479 case SIOCOUTQNSD:
3480 case SIOCATMARK:
3481 return sock_do_ioctl(net, sock, cmd, arg);
3482 }
3483
3484 return -ENOIOCTLCMD;
3485}
3486
3487static long compat_sock_ioctl(struct file *file, unsigned int cmd,
3488 unsigned long arg)
3489{
3490 struct socket *sock = file->private_data;
3491 int ret = -ENOIOCTLCMD;
3492 struct sock *sk;
3493 struct net *net;
3494
3495 sk = sock->sk;
3496 net = sock_net(sk);
3497
3498 if (sock->ops->compat_ioctl)
3499 ret = sock->ops->compat_ioctl(sock, cmd, arg);
3500
3501 if (ret == -ENOIOCTLCMD &&
3502 (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3503 ret = compat_wext_handle_ioctl(net, cmd, arg);
3504
3505 if (ret == -ENOIOCTLCMD)
3506 ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3507
3508 return ret;
3509}
3510#endif
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3522{
3523 return sock->ops->bind(sock, addr, addrlen);
3524}
3525EXPORT_SYMBOL(kernel_bind);
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535int kernel_listen(struct socket *sock, int backlog)
3536{
3537 return sock->ops->listen(sock, backlog);
3538}
3539EXPORT_SYMBOL(kernel_listen);
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3553{
3554 struct sock *sk = sock->sk;
3555 int err;
3556
3557 err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3558 newsock);
3559 if (err < 0)
3560 goto done;
3561
3562 err = sock->ops->accept(sock, *newsock, flags, true);
3563 if (err < 0) {
3564 sock_release(*newsock);
3565 *newsock = NULL;
3566 goto done;
3567 }
3568
3569 (*newsock)->ops = sock->ops;
3570 __module_get((*newsock)->ops->owner);
3571
3572done:
3573 return err;
3574}
3575EXPORT_SYMBOL(kernel_accept);
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
3591 int flags)
3592{
3593 return sock->ops->connect(sock, addr, addrlen, flags);
3594}
3595EXPORT_SYMBOL(kernel_connect);
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606int kernel_getsockname(struct socket *sock, struct sockaddr *addr)
3607{
3608 return sock->ops->getname(sock, addr, 0);
3609}
3610EXPORT_SYMBOL(kernel_getsockname);
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621int kernel_getpeername(struct socket *sock, struct sockaddr *addr)
3622{
3623 return sock->ops->getname(sock, addr, 1);
3624}
3625EXPORT_SYMBOL(kernel_getpeername);
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3639 size_t size, int flags)
3640{
3641 if (sock->ops->sendpage) {
3642
3643 WARN_ONCE(!sendpage_ok(page), "improper page for zero-copy send");
3644 return sock->ops->sendpage(sock, page, offset, size, flags);
3645 }
3646 return sock_no_sendpage(sock, page, offset, size, flags);
3647}
3648EXPORT_SYMBOL(kernel_sendpage);
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662int kernel_sendpage_locked(struct sock *sk, struct page *page, int offset,
3663 size_t size, int flags)
3664{
3665 struct socket *sock = sk->sk_socket;
3666
3667 if (sock->ops->sendpage_locked)
3668 return sock->ops->sendpage_locked(sk, page, offset, size,
3669 flags);
3670
3671 return sock_no_sendpage_locked(sk, page, offset, size, flags);
3672}
3673EXPORT_SYMBOL(kernel_sendpage_locked);
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3684{
3685 return sock->ops->shutdown(sock, how);
3686}
3687EXPORT_SYMBOL(kernel_sock_shutdown);
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699u32 kernel_sock_ip_overhead(struct sock *sk)
3700{
3701 struct inet_sock *inet;
3702 struct ip_options_rcu *opt;
3703 u32 overhead = 0;
3704#if IS_ENABLED(CONFIG_IPV6)
3705 struct ipv6_pinfo *np;
3706 struct ipv6_txoptions *optv6 = NULL;
3707#endif
3708
3709 if (!sk)
3710 return overhead;
3711
3712 switch (sk->sk_family) {
3713 case AF_INET:
3714 inet = inet_sk(sk);
3715 overhead += sizeof(struct iphdr);
3716 opt = rcu_dereference_protected(inet->inet_opt,
3717 sock_owned_by_user(sk));
3718 if (opt)
3719 overhead += opt->opt.optlen;
3720 return overhead;
3721#if IS_ENABLED(CONFIG_IPV6)
3722 case AF_INET6:
3723 np = inet6_sk(sk);
3724 overhead += sizeof(struct ipv6hdr);
3725 if (np)
3726 optv6 = rcu_dereference_protected(np->opt,
3727 sock_owned_by_user(sk));
3728 if (optv6)
3729 overhead += (optv6->opt_flen + optv6->opt_nflen);
3730 return overhead;
3731#endif
3732 default:
3733 return overhead;
3734 }
3735}
3736EXPORT_SYMBOL(kernel_sock_ip_overhead);
3737